Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts.
1970/01/01 00:01:05 parsed 1 programs
[   66.584306][ T4437] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   68.284872][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.286116][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.289528][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.299125][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.300440][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.302621][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.423075][ T4579] chnl_net:caif_netlink_parms(): no params data found
[   68.439814][ T4579] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.441051][ T4579] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.442985][ T4579] device bridge_slave_0 entered promiscuous mode
[   68.444894][ T4579] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.446025][ T4579] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.447601][ T4579] device bridge_slave_1 entered promiscuous mode
[   68.455262][ T4579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.457739][ T4579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.466718][ T4579] team0: Port device team_slave_0 added
[   68.468486][ T4579] team0: Port device team_slave_1 added
[   68.475356][ T4579] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.476508][ T4579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.480723][ T4579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.483220][ T4579] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.484374][ T4579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.488483][ T4579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.542899][ T4579] device hsr_slave_0 entered promiscuous mode
[   68.582378][ T4579] device hsr_slave_1 entered promiscuous mode
[   69.195441][ T4579] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.233595][ T4579] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.283085][ T4579] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.323492][ T4579] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.404851][ T4579] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.414848][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.416447][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.423227][ T4579] 8021q: adding VLAN 0 to HW filter on device team0
[   69.433130][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.434784][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.436418][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.437599][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.439146][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.448146][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.449974][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.451463][ T1262] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.452731][ T1262] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.467606][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.469341][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.470993][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.473571][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.475251][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.477017][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.479556][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.481777][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.483986][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.485501][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.487014][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.489774][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.531657][ T4579] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.534811][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.536109][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   69.557888][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   69.559486][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   69.568475][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   69.570086][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   69.571591][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   69.581188][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   69.592202][ T4579] device veth0_vlan entered promiscuous mode
[   69.595626][ T4579] device veth1_vlan entered promiscuous mode
[   69.605394][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   69.606999][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   69.608398][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   69.609941][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   69.613200][ T4579] device veth0_macvtap entered promiscuous mode
[   69.615599][ T4579] device veth1_macvtap entered promiscuous mode
[   69.621438][ T4579] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.633660][    T7] cfg80211: failed to load regulatory.db
[   69.633946][ T2063] ieee802154 phy0 wpan0: encryption failed: -22
[   69.635837][ T2063] ieee802154 phy1 wpan1: encryption failed: -22
[   69.636437][ T4579] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.638064][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   69.639584][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   69.641045][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   69.642830][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   69.644450][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   69.654547][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   69.659985][ T4579] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.661477][ T4579] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.663358][ T4579] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.664750][ T4579] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:10 executed programs: 0
[   70.425692][ T4785] chnl_net:caif_netlink_parms(): no params data found
[   70.445520][ T4785] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.446720][ T4785] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.448244][ T4785] device bridge_slave_0 entered promiscuous mode
[   70.450216][ T4785] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.451491][ T4785] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.453184][ T4785] device bridge_slave_1 entered promiscuous mode
[   70.461406][ T4785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.464209][ T4785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.471560][ T4785] team0: Port device team_slave_0 added
[   70.473714][ T4785] team0: Port device team_slave_1 added
[   70.481569][ T4785] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.482909][ T4785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.487265][ T4785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.489605][ T4785] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.490671][ T4785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.494867][ T4785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.553194][ T4785] device hsr_slave_0 entered promiscuous mode
[   70.603346][ T4785] device hsr_slave_1 entered promiscuous mode
[   70.622367][ T4785] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.623727][ T4785] Cannot create hsr debugfs directory
[   70.665053][ T4785] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.421926][    T7] Bluetooth: hci0: command 0x0409 tx timeout
[   73.475292][ T4785] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.512008][ T4177] Bluetooth: hci0: command 0x041b tx timeout
[   75.717186][ T4785] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.785760][ T4785] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.926892][ T4785] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.973380][ T4785] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   76.012878][ T4785] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   76.062898][ T4785] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   76.134780][ T4785] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.138726][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   76.140199][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.143041][ T4785] 8021q: adding VLAN 0 to HW filter on device team0
[   76.145600][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   76.147268][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   76.148689][ T1262] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.149801][ T1262] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.151137][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   76.154843][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   76.156542][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   76.157962][ T1262] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.159064][ T1262] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.161509][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   76.164680][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   76.167417][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   76.169218][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   76.170816][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   76.174097][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   76.175757][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   76.178295][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   76.179810][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.183220][ T4785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.185188][ T4785] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   76.186860][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   76.188448][  T325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.224986][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   76.226330][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   76.229295][ T4785] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.243935][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   76.245634][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   76.251496][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   76.253995][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   76.255647][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   76.257101][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   76.259334][ T4785] device veth0_vlan entered promiscuous mode
[   76.262840][ T4785] device veth1_vlan entered promiscuous mode
[   76.269258][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   76.270776][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   76.272564][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   76.274189][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   76.276716][ T4785] device veth0_macvtap entered promiscuous mode
[   76.281477][ T4785] device veth1_macvtap entered promiscuous mode
[   76.287386][ T4785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.289290][ T4785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.291468][ T4785] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.293460][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   76.294968][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   76.296475][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   76.298094][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   76.300585][ T4785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.302512][ T4785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.304573][ T4785] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.305886][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   76.307454][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   76.309950][ T4785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.311366][ T4785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.313074][ T4785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.314529][ T4785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.331753][ T1262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.333741][ T1262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.346722][ T1262] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   76.348945][ T1262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.350140][ T1262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.351494][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:16 executed programs: 2
[   76.369928][ T4971] loop0: detected capacity change from 0 to 512
[   76.395467][ T4971] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   76.397546][ T4971] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   76.402191][ T4971] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   76.404640][ T4971] EXT4-fs (loop0): 1 truncate cleaned up
[   76.405696][ T4971] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback.
[   76.414633][ T4971] ==================================================================
[   76.415988][ T4971] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1edc/0x2e50
[   76.417360][ T4971] Read of size 18446744073709551540 at addr ffff0000ceef8870 by task syz.0.16/4971
[   76.418901][ T4971] 
[   76.419325][ T4971] CPU: 0 PID: 4971 Comm: syz.0.16 Not tainted syzkaller #0
[   76.420522][ T4971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   76.422249][ T4971] Call trace:
[   76.422835][ T4971]  dump_backtrace+0x0/0x458
[   76.423588][ T4971]  show_stack+0x2c/0x3c
[   76.424285][ T4971]  __dump_stack+0x30/0x40
[   76.425004][ T4971]  dump_stack_lvl+0xf4/0x15c
[   76.425738][ T4971]  print_address_description+0x78/0x30c
[   76.426675][ T4971]  kasan_report+0xec/0x158
[   76.427391][ T4971]  kasan_check_range+0x268/0x2a0
[   76.428167][ T4971]  memmove+0x90/0xe8
[   76.428773][ T4971]  ext4_xattr_set_entry+0x1edc/0x2e50
[   76.429640][ T4971]  ext4_xattr_block_set+0x524/0x267c
[   76.430494][ T4971]  ext4_xattr_set_handle+0xa44/0x10fc
[   76.431415][ T4971]  ext4_xattr_set+0x1f4/0x2c0
[   76.432217][ T4971]  ext4_xattr_trusted_set+0x4c/0x64
[   76.433091][ T4971]  __vfs_setxattr+0x384/0x3a0
[   76.433875][ T4971]  __vfs_setxattr_noperm+0x120/0x564
[   76.434749][ T4971]  __vfs_setxattr_locked+0x1ec/0x218
[   76.435665][ T4971]  vfs_setxattr+0x158/0x2ac
[   76.436426][ T4971]  setxattr+0x278/0x2f8
[   76.437135][ T4971]  path_setxattr+0x130/0x260
[   76.437810][ T4971]  __arm64_sys_lsetxattr+0xbc/0xd8
[   76.438715][ T4971]  invoke_syscall+0x98/0x2b0
[   76.439428][ T4971]  el0_svc_common+0x138/0x258
[   76.440200][ T4971]  do_el0_svc+0x58/0x13c
[   76.440892][ T4971]  el0_svc+0x78/0x1d0
[   76.441592][ T4971]  el0t_64_sync_handler+0xcc/0xe4
[   76.442428][ T4971]  el0t_64_sync+0x1a0/0x1a4
[   76.443133][ T4971] 
[   76.443516][ T4971] Allocated by task 4971:
[   76.444285][ T4971]  __kasan_kmalloc+0xb0/0xf0
[   76.445074][ T4971]  __kmalloc_track_caller+0x20c/0x358
[   76.445987][ T4971]  kmemdup+0xcc/0x144
[   76.446664][ T4971]  ext4_xattr_block_set+0x470/0x267c
[   76.447515][ T4971]  ext4_xattr_set_handle+0xa44/0x10fc
[   76.448381][ T4971]  ext4_xattr_set+0x1f4/0x2c0
[   76.449159][ T4971]  ext4_xattr_trusted_set+0x4c/0x64
[   76.450032][ T4971]  __vfs_setxattr+0x384/0x3a0
[   76.450777][ T4971]  __vfs_setxattr_noperm+0x120/0x564
[   76.451677][ T4971]  __vfs_setxattr_locked+0x1ec/0x218
[   76.452538][ T4971]  vfs_setxattr+0x158/0x2ac
[   76.453280][ T4971]  setxattr+0x278/0x2f8
[   76.453966][ T4971]  path_setxattr+0x130/0x260
[   76.454769][ T4971]  __arm64_sys_lsetxattr+0xbc/0xd8
[   76.455632][ T4971]  invoke_syscall+0x98/0x2b0
[   76.456415][ T4971]  el0_svc_common+0x138/0x258
[   76.457186][ T4971]  do_el0_svc+0x58/0x13c
[   76.457975][ T4971]  el0_svc+0x78/0x1d0
[   76.458682][ T4971]  el0t_64_sync_handler+0xcc/0xe4
[   76.459534][ T4971]  el0t_64_sync+0x1a0/0x1a4
[   76.460255][ T4971] 
[   76.460642][ T4971] The buggy address belongs to the object at ffff0000ceef8800
[   76.460642][ T4971]  which belongs to the cache kmalloc-1k of size 1024
[   76.462977][ T4971] The buggy address is located 112 bytes inside of
[   76.462977][ T4971]  1024-byte region [ffff0000ceef8800, ffff0000ceef8c00)
[   76.465291][ T4971] The buggy address belongs to the page:
[   76.466190][ T4971] page:000000001958a23f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10eef8
[   76.467849][ T4971] head:000000001958a23f order:3 compound_mapcount:0 compound_pincount:0
[   76.469111][ T4971] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   76.470396][ T4971] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780
[   76.471719][ T4971] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   76.473115][ T4971] page dumped because: kasan: bad access detected
[   76.474190][ T4971] 
[   76.474569][ T4971] Memory state around the buggy address:
[   76.475512][ T4971]  ffff0000ceef8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.476859][ T4971]  ffff0000ceef8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.478171][ T4971] >ffff0000ceef8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.479543][ T4971]                                                              ^
[   76.480845][ T4971]  ffff0000ceef8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.482181][ T4971]  ffff0000ceef8900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.483416][ T4971] ==================================================================
[   76.484671][ T4971] Disabling lock debugging due to kernel taint
[   76.529805][ T4975] loop0: detected capacity change from 0 to 512
[   76.581906][ T4082] Bluetooth: hci0: command 0x040f tx timeout
[   76.592277][ T4975] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   76.597830][ T4975] EXT4-fs (loop0): 1 truncate cleaned up
[   76.598751][ T4975] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback.
[   76.608402][ T4785] BUG: Bad rss-counter state mm:000000001584ad02 type:MM_FILEPAGES val:4
[   76.609897][ T4785] Unable to handle kernel paging request at virtual address ffff65cec58deffe
[   76.611382][ T4785] Mem abort info:
[   76.611876][    C1] Unable to handle kernel paging request at virtual address dfff80023af3c7dd
[   76.612005][    C0] Unable to handle kernel paging request at virtual address dfff800020000000
[   76.613439][    C1] Mem abort info:
[   76.613443][    C1]   ESR = 0x0000000096000005
[   76.614763][    C0] Mem abort info:
[   76.615279][    C1]   EC = 0x25: DABT (current EL), IL = 32 bits
[   76.616023][    C0]   ESR = 0x0000000096000007
[   76.616569][    C1]   SET = 0, FnV = 0
[   76.617472][    C0]   EC = 0x25: DABT (current EL), IL = 32 bits
[   76.618118][    C1]   EA = 0, S1PTW = 0
[   76.618708][    C0]   SET = 0, FnV = 0
[   76.619733][    C1]   FSC = 0x05: level 1 translation fault
[   76.620294][    C0]   EA = 0, S1PTW = 0
[   76.620898][    C1] Data abort info:
[   76.621840][    C0]   FSC = 0x07: level 3 translation fault
[   76.622431][    C1]   ISV = 0, ISS = 0x00000005
[   76.622985][    C0] Data abort info:
[   76.623881][    C1]   CM = 0, WnR = 0
[   76.624571][    C0]   ISV = 0, ISS = 0x00000007
[   76.625150][    C1] [dfff80023af3c7dd] address between user and kernel address ranges
[   76.625709][    C0]   CM = 0, WnR = 0
[   76.626380][    C1] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[   76.627546][    C0] [dfff800020000000] address between user and kernel address ranges
[   76.628115][    C1] Modules linked in:
[   76.630864][    C1] CPU: 1 PID: 4975 Comm: syz.0.17 Tainted: G    B             syzkaller #0
[   76.632267][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   76.633927][    C1] pstate: 024000c5 (nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[   76.635202][    C1] pc : rb_insert_color+0xac/0x500
[   76.636006][    C1] lr : timerqueue_add+0x1c8/0x1fc
[   76.636751][    C1] sp : ffff800008017ba0
[   76.637386][    C1] x29: ffff800008017bb0 x28: 1ffff00003792ee4 x27: dfff800000000000
[   76.638578][    C1] x26: ffff0001a0fa6710 x25: 0000000000000000 x24: 0000000000000008
[   76.639965][    C1] x23: 00000011d79e3eee x22: ffff80001bc97720 x21: 00000011d79e3ee6
[   76.641267][    C1] x20: ffff0001a0fa7020 x19: ffff0001a0fa7020 x18: 0000000000010001
[   76.642641][    C1] x17: 0000000000010001 x16: ffff80001125f0fc x15: 00004c4b40000000
[   76.643933][    C1] x14: 0000000000000002 x13: 1fffe000341f4e05 x12: 0000000000ff0100
[   76.645212][    C1] x11: 0000000000010001 x10: 0000000000010001 x9 : ffff80000a957974
[   76.646485][    C1] x8 : 000000023af3c7dd x7 : 0000000000000000 x6 : ffff8000083884cc
[   76.647664][    C1] x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000000
[   76.648995][    C1] x2 : 0000000000000008 x1 : ffff0001a0fa6710 x0 : ffff0001a0fa7020
[   76.650264][    C1] Call trace:
[   76.650781][    C1]  rb_insert_color+0xac/0x500
[   76.651537][    C1]  timerqueue_add+0x1c8/0x1fc
[   76.652281][    C1]  enqueue_hrtimer+0x1a4/0x418
[   76.653070][    C1]  __hrtimer_run_queues+0x514/0xb44
[   76.653933][    C1]  hrtimer_interrupt+0x2bc/0xb5c
[   76.654680][    C1]  arch_timer_handler_virt+0x74/0x88
[   76.655532][    C1]  handle_percpu_devid_irq+0x29c/0x764
[   76.656433][    C1]  handle_domain_irq+0x144/0x1fc
[   76.657288][    C1]  gic_handle_irq+0x78/0x1b8
[   76.658074][    C1]  call_on_irq_stack+0x30/0x48
[   76.658853][    C1]  do_interrupt_handler+0x6c/0x88
[   76.659674][    C1]  el1_interrupt+0x30/0x58
[   76.660404][    C1]  el1h_64_irq_handler+0x18/0x24
[   76.661251][    C1]  el1h_64_irq+0x78/0x7c
[   76.661963][    C1]  __memcpy+0x148/0x240
[   76.662683][    C1]  ext4_xattr_set_entry+0x1edc/0x2e50
[   76.663582][    C1]  ext4_xattr_block_set+0x524/0x267c
[   76.664439][    C1]  ext4_xattr_set_handle+0xa44/0x10fc
[   76.665259][    C1]  ext4_xattr_set+0x1f4/0x2c0
[   76.666036][    C1]  ext4_xattr_trusted_set+0x4c/0x64
[   76.666893][    C1]  __vfs_setxattr+0x384/0x3a0
[   76.667648][    C1]  __vfs_setxattr_noperm+0x120/0x564
[   76.668511][    C1]  __vfs_setxattr_locked+0x1ec/0x218
[   76.669450][    C1]  vfs_setxattr+0x158/0x2ac
[   76.670237][    C1]  setxattr+0x278/0x2f8
[   76.670888][    C1]  path_setxattr+0x130/0x260
[   76.671666][    C1]  __arm64_sys_lsetxattr+0xbc/0xd8
[   76.672478][    C1]  invoke_syscall+0x98/0x2b0
[   76.673249][    C1]  el0_svc_common+0x138/0x258
[   76.673996][    C1]  do_el0_svc+0x58/0x13c
[   76.674716][    C1]  el0_svc+0x78/0x1d0
[   76.675451][    C1]  el0t_64_sync_handler+0xcc/0xe4
[   76.676278][    C1]  el0t_64_sync+0x1a0/0x1a4
[   76.677060][    C1] Code: f94002d5 370021f5 910022b7 d343fee8 (387b6908) 
[   76.678121][    C1] ---[ end trace 9ce90150a1dd1f2e ]---
[   76.869061][    C1] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[   76.870215][    C1] SMP: stopping secondary CPUs
[   77.939553][    C1] SMP: failed to stop secondary CPUs 0-1
[   77.940454][    C1] Kernel Offset: disabled
[   77.941121][    C1] CPU features: 0x8,000003c1,7d33ffd9
[   77.941924][    C1] Memory Limit: none
[   78.130250][    C1] Rebooting in 86400 seconds..