[ 76.387616][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts.
2025/10/08 12:35:14 ignoring optional flag "type"="gce"
2025/10/08 12:35:14 parsed 1 programs
[ 83.049497][ T4608] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 84.270802][ T1220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.286124][ T1220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.295706][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 84.304561][ T1220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.314125][ T1220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.323416][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 84.520211][ T4661] chnl_net:caif_netlink_parms(): no params data found
[ 84.578747][ T4661] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.587051][ T4661] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.595536][ T4661] device bridge_slave_0 entered promiscuous mode
[ 84.604255][ T4661] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.612848][ T4661] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.621349][ T4661] device bridge_slave_1 entered promiscuous mode
[ 84.649508][ T4661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.661527][ T4661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.692911][ T4661] team0: Port device team_slave_0 added
[ 84.700810][ T4661] team0: Port device team_slave_1 added
[ 84.724423][ T4661] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.732689][ T4661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.759158][ T4661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.771511][ T4661] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.778756][ T4661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.805075][ T4661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.840492][ T4661] device hsr_slave_0 entered promiscuous mode
[ 84.847365][ T4661] device hsr_slave_1 entered promiscuous mode
[ 85.523930][ T4661] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 85.534089][ T4661] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 85.547527][ T4661] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 85.558873][ T4661] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 85.685208][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0
[ 85.700373][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 85.709595][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 85.720879][ T4661] 8021q: adding VLAN 0 to HW filter on device team0
[ 85.731346][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 85.743368][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 85.752178][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.759294][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 85.828126][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 85.848466][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 85.867388][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 85.886113][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.893203][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.912417][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 85.921556][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 85.930948][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 85.943977][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 86.002738][ T4661] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 86.013624][ T4661] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 86.029213][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 86.039958][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 86.049291][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 86.058088][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 86.067173][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 86.075469][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 86.084071][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 86.092328][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 86.243479][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 86.251681][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 86.284129][ T4661] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.306116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 86.315404][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 86.334077][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 86.343420][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 86.356166][ T4661] device veth0_vlan entered promiscuous mode
[ 86.367417][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 86.375318][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 86.402416][ T4661] device veth1_vlan entered promiscuous mode
[ 86.424460][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 86.436880][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 86.448289][ T4661] device veth0_macvtap entered promiscuous mode
[ 86.459504][ T4661] device veth1_macvtap entered promiscuous mode
[ 86.487459][ T4661] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 86.494749][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 86.504146][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 86.513614][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 86.522599][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 86.534070][ T4661] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 86.543014][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 86.553281][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 86.568400][ T4661] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.579762][ T4661] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.589246][ T4661] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.598233][ T4661] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/10/08 12:35:20 executed programs: 0
[ 87.260270][ T4781] chnl_net:caif_netlink_parms(): no params data found
[ 87.378720][ T4781] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.393480][ T4781] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.411374][ T4781] device bridge_slave_0 entered promiscuous mode
[ 87.428663][ T4781] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.445852][ T4781] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.458468][ T4781] device bridge_slave_1 entered promiscuous mode
[ 87.522647][ T4781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.541186][ T4781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.599770][ T4781] team0: Port device team_slave_0 added
[ 87.622384][ T4781] team0: Port device team_slave_1 added
[ 87.650949][ T4781] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.658005][ T4781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.687391][ T4781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.707550][ T4781] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.714513][ T4781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.750231][ T4781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.812050][ T4781] device hsr_slave_0 entered promiscuous mode
[ 87.826430][ T4781] device hsr_slave_1 entered promiscuous mode
[ 87.847021][ T4781] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 87.854612][ T4781] Cannot create hsr debugfs directory
[ 88.027451][ T4781] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 89.106117][ T4840] Bluetooth: hci0: command 0x0409 tx timeout
[ 90.544243][ T4781] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 91.009771][ T4781] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 91.056956][ T4781] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 91.158589][ T4781] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 91.170298][ T4781] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 91.185148][ T4781] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 91.192290][ T7] Bluetooth: hci0: command 0x041b tx timeout
[ 91.200308][ T4781] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 91.248933][ T4781] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.261240][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 91.270562][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 91.284881][ T4781] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.294896][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 91.303858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 91.312418][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.319507][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.328879][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 91.345150][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 91.354642][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 91.363449][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.370562][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.381369][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 91.399047][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 91.410479][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 91.420184][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 91.429029][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 91.439099][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 91.449368][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 91.467680][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 91.476755][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 91.488024][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 91.496909][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 91.513667][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 91.561520][ T144] device hsr_slave_0 left promiscuous mode
[ 91.568229][ T144] device hsr_slave_1 left promiscuous mode
[ 91.574647][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 91.585423][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 91.594157][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 91.601785][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 91.609616][ T144] device bridge_slave_1 left promiscuous mode
[ 91.616409][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 91.625087][ T144] device bridge_slave_0 left promiscuous mode
[ 91.631573][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.642190][ T144] device veth1_macvtap left promiscuous mode
[ 91.648626][ T144] device veth0_macvtap left promiscuous mode
[ 91.654668][ T144] device veth1_vlan left promiscuous mode
[ 91.660566][ T144] device veth0_vlan left promiscuous mode
[ 91.773450][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 91.786430][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 91.797838][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 91.810317][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 91.861606][ T144] bond0 (unregistering): Released all slaves
[ 91.916699][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 91.924140][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 91.934937][ T4781] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.951242][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 91.960382][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 91.978723][ T4781] device veth0_vlan entered promiscuous mode
[ 91.988589][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 91.996914][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 92.005275][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 92.013439][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 92.025868][ T4781] device veth1_vlan entered promiscuous mode
[ 92.048224][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 92.057733][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 92.066514][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 92.074990][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 92.085090][ T4781] device veth0_macvtap entered promiscuous mode
[ 92.100411][ T4781] device veth1_macvtap entered promiscuous mode
[ 92.117703][ T4781] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.125013][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 92.134685][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 92.142827][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 92.152085][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 92.164586][ T4781] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.175065][ T4781] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.186296][ T4781] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.195264][ T4781] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.204102][ T4781] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.214147][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 92.223051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 92.270349][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.280070][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.289654][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 92.307780][ T161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.316582][ T161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.329783][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 92.380175][ T5056] loop0: detected capacity change from 0 to 1024
[ 92.406382][ T5056] EXT4-fs (loop0): Ignoring removed orlov option
[ 92.412766][ T5056] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 92.433314][ T5056] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
2025/10/08 12:35:25 executed programs: 1
[ 92.615318][ T5061] loop0: detected capacity change from 0 to 1024
[ 92.638059][ T5061] EXT4-fs (loop0): Ignoring removed orlov option
[ 92.655994][ T5061] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 92.699882][ T5061] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[ 92.926786][ T5065] loop0: detected capacity change from 0 to 1024
[ 92.944521][ T5065] EXT4-fs (loop0): Ignoring removed orlov option
[ 92.956766][ T5065] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[ 92.990100][ T5065] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[ 93.082641][ T4781] ==================================================================
[ 93.090920][ T4781] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.098919][ T4781] Read of size 4 at addr ffff888073ffc000 by task syz-executor/4781
[ 93.106894][ T4781]
[ 93.109224][ T4781] CPU: 1 PID: 4781 Comm: syz-executor Not tainted syzkaller #0
[ 93.116770][ T4781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 93.126920][ T4781] Call Trace:
[ 93.130201][ T4781]
[ 93.133132][ T4781] dump_stack_lvl+0x168/0x230
[ 93.137838][ T4781] ? show_regs_print_info+0x20/0x20
[ 93.143045][ T4781] ? load_image+0x3b0/0x3b0
[ 93.147547][ T4781] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 93.152921][ T4781] ? errseq_check+0x3c/0x70
[ 93.157428][ T4781] ? __ext4_journal_get_write_access+0x2f7/0x6d0
[ 93.163802][ T4781] print_address_description+0x60/0x2d0
[ 93.169357][ T4781] ? ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.174986][ T4781] kasan_report+0xdf/0x130
[ 93.179424][ T4781] ? ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.185063][ T4781] ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.190550][ T4781] ? ext4_expand_extra_isize_ea+0x19a0/0x19a0
[ 93.196646][ T4781] ext4_evict_inode+0xc47/0x1080
[ 93.201581][ T4781] ? _raw_spin_unlock+0x24/0x40
[ 93.206439][ T4781] ? ext4_inode_is_fast_symlink+0x390/0x390
[ 93.212335][ T4781] ? do_raw_spin_unlock+0x11d/0x230
[ 93.217536][ T4781] ? ext4_inode_is_fast_symlink+0x390/0x390
[ 93.223424][ T4781] evict+0x485/0x870
[ 93.227324][ T4781] ? __lock_acquire+0x7c60/0x7c60
[ 93.232354][ T4781] ? proc_nr_inodes+0x320/0x320
[ 93.237202][ T4781] ? do_raw_spin_unlock+0x11d/0x230
[ 93.242403][ T4781] ? _raw_spin_unlock+0x24/0x40
[ 93.247248][ T4781] ? iput+0x706/0x8a0
[ 93.251314][ T4781] vfs_rmdir+0x3b4/0x430
[ 93.255545][ T4781] do_rmdir+0x295/0x710
[ 93.259687][ T4781] ? __phys_addr_symbol+0x2b/0x70
[ 93.264699][ T4781] ? d_delete_notify+0x150/0x150
[ 93.269627][ T4781] ? strncpy_from_user+0x1fb/0x360
[ 93.274781][ T4781] ? getname_flags+0x1fe/0x500
[ 93.279618][ T4781] __x64_sys_unlinkat+0xc0/0xe0
[ 93.284455][ T4781] do_syscall_64+0x4c/0xa0
[ 93.288947][ T4781] ? clear_bhb_loop+0x30/0x80
[ 93.293667][ T4781] ? clear_bhb_loop+0x30/0x80
[ 93.298327][ T4781] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 93.304213][ T4781] RIP: 0033:0x7f72c70146c7
[ 93.308615][ T4781] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 93.328202][ T4781] RSP: 002b:00007ffeb4cc71c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[ 93.336596][ T4781] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f72c70146c7
[ 93.344551][ T4781] RDX: 0000000000000200 RSI: 00007ffeb4cc8370 RDI: 00000000ffffff9c
[ 93.352509][ T4781] RBP: 00007f72c7060336 R08: 0000000000000000 R09: 0000000000000000
[ 93.360471][ T4781] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffeb4cc8370
[ 93.368427][ T4781] R13: 00007f72c7060336 R14: 0000000000016ad1 R15: 0000000000000007
[ 93.376478][ T4781]
[ 93.379508][ T4781]
[ 93.381812][ T4781] Allocated by task 5029:
[ 93.386117][ T4781] __kasan_slab_alloc+0x9c/0xd0
[ 93.390951][ T4781] slab_post_alloc_hook+0x4c/0x380
[ 93.396044][ T4781] kmem_cache_alloc+0x100/0x290
[ 93.400873][ T4781] anon_vma_fork+0x1f6/0x500
[ 93.405438][ T4781] copy_mm+0x9e3/0x1380
[ 93.409572][ T4781] copy_process+0x17c6/0x3e00
[ 93.414226][ T4781] kernel_clone+0x219/0x930
[ 93.418744][ T4781] __x64_sys_clone+0x170/0x1c0
[ 93.423488][ T4781] do_syscall_64+0x4c/0xa0
[ 93.427896][ T4781] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 93.433770][ T4781]
[ 93.436072][ T4781] Freed by task 5041:
[ 93.440027][ T4781] kasan_set_track+0x4b/0x70
[ 93.444684][ T4781] kasan_set_free_info+0x1f/0x40
[ 93.449602][ T4781] ____kasan_slab_free+0xd5/0x110
[ 93.454608][ T4781] slab_free_freelist_hook+0xea/0x170
[ 93.459961][ T4781] kmem_cache_free+0x8f/0x210
[ 93.464620][ T4781] unlink_anon_vmas+0x611/0x660
[ 93.469464][ T4781] free_pgtables+0x177/0x2a0
[ 93.474041][ T4781] exit_mmap+0x39e/0x5f0
[ 93.478269][ T4781] __mmput+0x115/0x3b0
[ 93.482320][ T4781] exec_mmap+0x4d1/0x5c0
[ 93.486567][ T4781] begin_new_exec+0x7e8/0x1160
[ 93.491313][ T4781] load_elf_binary+0x98e/0x2890
[ 93.496143][ T4781] bprm_execve+0xa92/0x17d0
[ 93.500626][ T4781] do_execveat_common+0x51e/0x6d0
[ 93.505631][ T4781] __x64_sys_execve+0x8e/0xa0
[ 93.510320][ T4781] do_syscall_64+0x4c/0xa0
[ 93.514715][ T4781] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 93.520589][ T4781]
[ 93.522982][ T4781] The buggy address belongs to the object at ffff888073ffc000
[ 93.522982][ T4781] which belongs to the cache anon_vma_chain of size 80
[ 93.537185][ T4781] The buggy address is located 0 bytes inside of
[ 93.537185][ T4781] 80-byte region [ffff888073ffc000, ffff888073ffc050)
[ 93.550181][ T4781] The buggy address belongs to the page:
[ 93.555807][ T4781] page:ffffea0001cfff00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73ffc
[ 93.565964][ T4781] memcg:ffff88807d81d401
[ 93.570181][ T4781] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 93.577715][ T4781] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888140007140
[ 93.586461][ T4781] raw: 0000000000000000 0000000000240024 00000001ffffffff ffff88807d81d401
[ 93.595025][ T4781] page dumped because: kasan: bad access detected
[ 93.601426][ T4781] page_owner tracks the page as allocated
[ 93.607117][ T4781] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5029, ts 90856574165, free_ts 86151046398
[ 93.623161][ T4781] get_page_from_freelist+0x1b77/0x1c60
[ 93.628695][ T4781] __alloc_pages+0x1e1/0x470
[ 93.633267][ T4781] new_slab+0xc0/0x4b0
[ 93.637403][ T4781] ___slab_alloc+0x81e/0xdf0
[ 93.641974][ T4781] kmem_cache_alloc+0x195/0x290
[ 93.646805][ T4781] anon_vma_fork+0x1f6/0x500
[ 93.651383][ T4781] copy_mm+0x9e3/0x1380
[ 93.655518][ T4781] copy_process+0x17c6/0x3e00
[ 93.660173][ T4781] kernel_clone+0x219/0x930
[ 93.664656][ T4781] __x64_sys_clone+0x170/0x1c0
[ 93.669398][ T4781] do_syscall_64+0x4c/0xa0
[ 93.673794][ T4781] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 93.679667][ T4781] page last free stack trace:
[ 93.684317][ T4781] free_unref_page_prepare+0x637/0x6c0
[ 93.689842][ T4781] free_unref_page+0x94/0x280
[ 93.694499][ T4781] qlist_free_all+0x35/0x90
[ 93.698982][ T4781] kasan_quarantine_reduce+0x150/0x160
[ 93.704425][ T4781] __kasan_slab_alloc+0x2f/0xd0
[ 93.709254][ T4781] slab_post_alloc_hook+0x4c/0x380
[ 93.714346][ T4781] __kmalloc+0x127/0x330
[ 93.718568][ T4781] tomoyo_realpath_from_path+0x118/0x610
[ 93.724182][ T4781] tomoyo_path_perm+0x1cd/0x510
[ 93.729102][ T4781] security_inode_getattr+0xcf/0x120
[ 93.734367][ T4781] vfs_getattr+0x26/0x3a0
[ 93.738682][ T4781] __x64_sys_newfstat+0x104/0x1d0
[ 93.743695][ T4781] do_syscall_64+0x4c/0xa0
[ 93.748093][ T4781] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 93.753969][ T4781]
[ 93.756276][ T4781] Memory state around the buggy address:
[ 93.761926][ T4781] ffff888073ffbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 93.769966][ T4781] ffff888073ffbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 93.778005][ T4781] >ffff888073ffc000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb
[ 93.786042][ T4781] ^
[ 93.790088][ T4781] ffff888073ffc080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb
[ 93.798129][ T4781] ffff888073ffc100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
[ 93.806170][ T4781] ==================================================================
[ 93.814211][ T4781] Disabling lock debugging due to kernel taint
[ 93.841146][ T4218] Bluetooth: hci0: command 0x040f tx timeout
[ 93.843802][ T4781] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.854341][ T4781] CPU: 1 PID: 4781 Comm: syz-executor Tainted: G B syzkaller #0
[ 93.863260][ T4781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 93.873302][ T4781] Call Trace:
[ 93.876565][ T4781]
[ 93.879489][ T4781] dump_stack_lvl+0x168/0x230
[ 93.884160][ T4781] ? show_regs_print_info+0x20/0x20
[ 93.889343][ T4781] ? load_image+0x3b0/0x3b0
[ 93.893836][ T4781] panic+0x2c9/0x7f0
[ 93.897714][ T4781] ? bpf_jit_dump+0xd0/0xd0
[ 93.902200][ T4781] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 93.908071][ T4781] ? _raw_spin_unlock+0x40/0x40
[ 93.912901][ T4781] ? ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.918514][ T4781] check_panic_on_warn+0x80/0xa0
[ 93.923435][ T4781] ? ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.929051][ T4781] end_report+0x6d/0xf0
[ 93.933189][ T4781] kasan_report+0x102/0x130
[ 93.937672][ T4781] ? ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.943291][ T4781] ext4_xattr_delete_inode+0xba6/0xbb0
[ 93.948824][ T4781] ? ext4_expand_extra_isize_ea+0x19a0/0x19a0
[ 93.954965][ T4781] ext4_evict_inode+0xc47/0x1080
[ 93.959889][ T4781] ? _raw_spin_unlock+0x24/0x40
[ 93.964723][ T4781] ? ext4_inode_is_fast_symlink+0x390/0x390
[ 93.970607][ T4781] ? do_raw_spin_unlock+0x11d/0x230
[ 93.976046][ T4781] ? ext4_inode_is_fast_symlink+0x390/0x390
[ 93.981917][ T4781] evict+0x485/0x870
[ 93.985796][ T4781] ? __lock_acquire+0x7c60/0x7c60
[ 93.990804][ T4781] ? proc_nr_inodes+0x320/0x320
[ 93.995639][ T4781] ? do_raw_spin_unlock+0x11d/0x230
[ 94.000816][ T4781] ? _raw_spin_unlock+0x24/0x40
[ 94.005739][ T4781] ? iput+0x706/0x8a0
[ 94.009717][ T4781] vfs_rmdir+0x3b4/0x430
[ 94.013943][ T4781] do_rmdir+0x295/0x710
[ 94.018081][ T4781] ? __phys_addr_symbol+0x2b/0x70
[ 94.023099][ T4781] ? d_delete_notify+0x150/0x150
[ 94.028017][ T4781] ? strncpy_from_user+0x1fb/0x360
[ 94.033112][ T4781] ? getname_flags+0x1fe/0x500
[ 94.037859][ T4781] __x64_sys_unlinkat+0xc0/0xe0
[ 94.042692][ T4781] do_syscall_64+0x4c/0xa0
[ 94.047176][ T4781] ? clear_bhb_loop+0x30/0x80
[ 94.051832][ T4781] ? clear_bhb_loop+0x30/0x80
[ 94.056488][ T4781] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 94.062404][ T4781] RIP: 0033:0x7f72c70146c7
[ 94.066800][ T4781] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 94.086483][ T4781] RSP: 002b:00007ffeb4cc71c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[ 94.094876][ T4781] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f72c70146c7
[ 94.102827][ T4781] RDX: 0000000000000200 RSI: 00007ffeb4cc8370 RDI: 00000000ffffff9c
[ 94.110780][ T4781] RBP: 00007f72c7060336 R08: 0000000000000000 R09: 0000000000000000
[ 94.118740][ T4781] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffeb4cc8370
[ 94.126692][ T4781] R13: 00007f72c7060336 R14: 0000000000016ad1 R15: 0000000000000007
[ 94.134663][ T4781]
[ 94.137940][ T4781] Kernel Offset: disabled
[ 94.142265][ T4781] Rebooting in 86400 seconds..