Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. 1970/01/01 00:01:23 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:24 parsed 1 programs [ 87.553856][ T4455] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 93.318524][ T1747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.320574][ T1747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.323742][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 93.336028][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.337946][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.340737][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 93.697748][ T4496] chnl_net:caif_netlink_parms(): no params data found [ 93.732465][ T4496] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.734276][ T4496] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.736524][ T4496] device bridge_slave_0 entered promiscuous mode [ 93.739865][ T4496] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.741513][ T4496] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.745244][ T4496] device bridge_slave_1 entered promiscuous mode [ 93.761946][ T4496] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.766159][ T4496] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.785012][ T4496] team0: Port device team_slave_0 added [ 93.788862][ T4496] team0: Port device team_slave_1 added [ 93.803413][ T4496] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.805087][ T4496] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.811156][ T4496] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.817009][ T4496] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.818803][ T4496] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.825834][ T4496] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.885072][ T4496] device hsr_slave_0 entered promiscuous mode [ 93.933743][ T4496] device hsr_slave_1 entered promiscuous mode [ 94.765818][ T4496] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.804208][ T4496] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.817124][ T4496] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.856990][ T4496] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.965518][ T4496] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.975583][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.978180][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.983689][ T4496] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.996277][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.998932][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 95.001293][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.003009][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.006546][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.008876][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.011354][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.013193][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.017593][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 95.020371][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.030031][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 95.034820][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 95.037831][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 95.040449][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.048764][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 95.051390][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.056278][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 95.058672][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.065791][ T4496] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.068922][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.071346][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 95.074761][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.151553][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.154719][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.163342][ T4496] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.179516][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 95.183857][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.203714][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.206142][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.208891][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.211523][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.242228][ T4496] device veth0_vlan entered promiscuous mode [ 95.247921][ T4496] device veth1_vlan entered promiscuous mode [ 95.264367][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.266723][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.269042][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.273088][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.277667][ T4496] device veth0_macvtap entered promiscuous mode [ 95.281660][ T4496] device veth1_macvtap entered promiscuous mode [ 95.297211][ T4496] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.299187][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.301555][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.305396][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.308546][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.316138][ T4496] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.320292][ T4496] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.322641][ T4496] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.324740][ T4496] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.326846][ T4496] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.330151][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.333656][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 1970/01/01 00:01:36 executed programs: 0 [ 96.581495][ T4660] chnl_net:caif_netlink_parms(): no params data found [ 96.629968][ T4660] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.632469][ T4660] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.634994][ T4660] device bridge_slave_0 entered promiscuous mode [ 96.669918][ T4660] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.671699][ T4660] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.675143][ T4660] device bridge_slave_1 entered promiscuous mode [ 96.698954][ T4660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.707504][ T4660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.723313][ T4660] team0: Port device team_slave_0 added [ 96.726911][ T4660] team0: Port device team_slave_1 added [ 96.745821][ T4660] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.747546][ T4660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.753934][ T4660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.758054][ T4660] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.759724][ T4660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.766524][ T4660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.826643][ T4660] device hsr_slave_0 entered promiscuous mode [ 96.872348][ T4660] device hsr_slave_1 entered promiscuous mode [ 96.892057][ T4660] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.893908][ T4660] Cannot create hsr debugfs directory [ 96.976470][ T4660] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.502581][ T4133] Bluetooth: hci0: command 0x0409 tx timeout [ 100.119420][ T4660] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.359196][ T4660] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.401596][ T4660] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.578370][ T4660] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.582155][ T7] Bluetooth: hci0: command 0x041b tx timeout [ 100.614241][ T4660] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.664203][ T4660] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.714295][ T4660] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.842792][ T4660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.849568][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.852856][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.857322][ T4660] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.861455][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 100.864808][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.867031][ T1778] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.868811][ T1778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.871056][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 100.878117][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 100.880724][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.885326][ T1778] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.887333][ T1778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.894741][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.900013][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.908981][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 100.911707][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.915243][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 100.921628][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 100.925282][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 100.929053][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 100.931440][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.936991][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 100.939372][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.944499][ T4660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.030577][ T4660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.032682][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.034441][ T1778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.075146][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.077812][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.090373][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.093541][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.096922][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.099185][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.104535][ T4660] device veth0_vlan entered promiscuous mode [ 101.110769][ T4660] device veth1_vlan entered promiscuous mode [ 101.127470][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.129793][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.133130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.135638][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.141265][ T4660] device veth0_macvtap entered promiscuous mode [ 101.147047][ T4660] device veth1_macvtap entered promiscuous mode [ 101.156221][ T4660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.158620][ T4660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.162470][ T4660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.166115][ T4660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.168739][ T4660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.172450][ T4660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.174700][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.177209][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.179416][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.183037][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.185667][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.188138][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.192834][ T4660] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.195053][ T4660] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.197245][ T4660] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.199371][ T4660] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.245727][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.247762][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.250776][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 101.268350][ T1747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.270276][ T1747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.273625][ T1747] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 101.315863][ T4885] loop0: detected capacity change from 0 to 512 [ 101.346459][ T4885] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 101.349635][ T4885] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 101.361742][ T4885] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 101.366610][ T4885] EXT4-fs (loop0): 1 truncate cleaned up [ 101.367979][ T4885] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 101.396277][ T4885] ================================================================== [ 101.398563][ T4885] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0xe28/0x3078 [ 101.400451][ T4885] Read of size 18446744073709551540 at addr ffff0000d8fc0870 by task syz.0.16/4885 [ 101.402803][ T4885] [ 101.403419][ T4885] CPU: 0 PID: 4885 Comm: syz.0.16 Not tainted 5.15.180-syzkaller #0 [ 101.405502][ T4885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.408264][ T4885] Call trace: [ 101.409155][ T4885] dump_backtrace+0x0/0x530 [ 101.410363][ T4885] show_stack+0x2c/0x3c [ 101.411346][ T4885] dump_stack_lvl+0x108/0x170 [ 101.412284][ T4885] print_address_description+0x7c/0x3f0 [ 101.413618][ T4885] kasan_report+0x174/0x1e4 [ 101.414714][ T4885] kasan_check_range+0x274/0x2b4 [ 101.415921][ T4885] memmove+0x90/0xe8 [ 101.416890][ T4885] ext4_xattr_set_entry+0xe28/0x3078 [ 101.418289][ T4885] ext4_xattr_block_set+0x8ec/0x2dcc [ 101.419621][ T4885] ext4_xattr_set_handle+0xe44/0x12d8 [ 101.420923][ T4885] ext4_xattr_set+0x220/0x340 [ 101.422031][ T4885] ext4_xattr_trusted_set+0x4c/0x64 [ 101.423405][ T4885] __vfs_setxattr+0x388/0x3a4 [ 101.424528][ T4885] __vfs_setxattr_noperm+0x110/0x528 [ 101.425820][ T4885] __vfs_setxattr_locked+0x1ec/0x218 [ 101.427208][ T4885] vfs_setxattr+0x1a8/0x344 [ 101.428370][ T4885] setxattr+0x250/0x2b4 [ 101.429403][ T4885] path_setxattr+0x17c/0x258 [ 101.430571][ T4885] __arm64_sys_lsetxattr+0xbc/0xd8 [ 101.431874][ T4885] invoke_syscall+0x98/0x2b8 [ 101.433014][ T4885] el0_svc_common+0x138/0x258 [ 101.434137][ T4885] do_el0_svc+0x58/0x14c [ 101.435238][ T4885] el0_svc+0x7c/0x1f0 [ 101.436240][ T4885] el0t_64_sync_handler+0x84/0xe4 [ 101.437496][ T4885] el0t_64_sync+0x1a0/0x1a4 [ 101.438626][ T4885] [ 101.439203][ T4885] Allocated by task 4885: [ 101.440262][ T4885] ____kasan_kmalloc+0xbc/0xfc [ 101.441431][ T4885] __kasan_kmalloc+0x10/0x1c [ 101.442600][ T4885] __kmalloc_track_caller+0x218/0x3d8 [ 101.443965][ T4885] kmemdup+0xcc/0x144 [ 101.444927][ T4885] ext4_xattr_block_set+0x7c0/0x2dcc [ 101.446305][ T4885] ext4_xattr_set_handle+0xe44/0x12d8 [ 101.447668][ T4885] ext4_xattr_set+0x220/0x340 [ 101.448885][ T4885] ext4_xattr_trusted_set+0x4c/0x64 [ 101.450185][ T4885] __vfs_setxattr+0x388/0x3a4 [ 101.451429][ T4885] __vfs_setxattr_noperm+0x110/0x528 [ 101.452774][ T4885] __vfs_setxattr_locked+0x1ec/0x218 [ 101.454167][ T4885] vfs_setxattr+0x1a8/0x344 [ 101.455380][ T4885] setxattr+0x250/0x2b4 [ 101.456463][ T4885] path_setxattr+0x17c/0x258 [ 101.457633][ T4885] __arm64_sys_lsetxattr+0xbc/0xd8 [ 101.458946][ T4885] invoke_syscall+0x98/0x2b8 [ 101.460140][ T4885] el0_svc_common+0x138/0x258 [ 101.461336][ T4885] do_el0_svc+0x58/0x14c [ 101.462437][ T4885] el0_svc+0x7c/0x1f0 [ 101.463450][ T4885] el0t_64_sync_handler+0x84/0xe4 [ 101.464746][ T4885] el0t_64_sync+0x1a0/0x1a4 [ 101.465894][ T4885] [ 101.466489][ T4885] The buggy address belongs to the object at ffff0000d8fc0800 [ 101.466489][ T4885] which belongs to the cache kmalloc-1k of size 1024 [ 101.469982][ T4885] The buggy address is located 112 bytes inside of [ 101.469982][ T4885] 1024-byte region [ffff0000d8fc0800, ffff0000d8fc0c00) [ 101.473240][ T4885] The buggy address belongs to the page: [ 101.474580][ T4885] page:00000000728fad3b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118fc0 [ 101.477225][ T4885] head:00000000728fad3b order:3 compound_mapcount:0 compound_pincount:0 [ 101.479270][ T4885] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 101.481327][ T4885] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780 [ 101.483459][ T4885] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 101.485564][ T4885] page dumped because: kasan: bad access detected [ 101.487243][ T4885] [ 101.487754][ T4885] Memory state around the buggy address: [ 101.489179][ T4885] ffff0000d8fc0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.491066][ T4885] ffff0000d8fc0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.492964][ T4885] >ffff0000d8fc0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.495069][ T4885] ^ [ 101.496990][ T4885] ffff0000d8fc0880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.499210][ T4885] ffff0000d8fc0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.501321][ T4885] ================================================================== [ 101.503271][ T4885] Disabling lock debugging due to kernel taint 1970/01/01 00:01:41 executed programs: 3 [ 101.570922][ T4889] loop0: detected capacity change from 0 to 512 [ 101.613674][ T4889] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 101.618894][ T4889] EXT4-fs (loop0): 1 truncate cleaned up [ 101.620142][ T4889] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 101.636876][ T4660] Unable to handle kernel paging request at virtual address dfff800000000002 [ 101.639027][ T4660] Mem abort info: [ 101.639808][ T4660] ESR = 0x0000000096000006 [ 101.640882][ T4660] EC = 0x25: DABT (current EL), IL = 32 bits [ 101.642819][ T3631] ------------[ cut here ]------------ [ 101.644130][ T3631] AppArmor WARN aa_file_perm: ((!flabel)): [ 101.644409][ T3631] WARNING: CPU: 1 PID: 3631 at security/apparmor/file.c:613 aa_file_perm+0xadc/0xd8c [ 101.645546][ T1] list_add corruption. next->prev should be prev (ffff0000ccd86078), but was ffff0000e743f200. (next=ffff0000e743f1e0). [ 101.645912][ T3631] Modules linked in: [ 101.648329][ T1] ------------[ cut here ]------------ [ 101.651135][ T3631] CPU: 1 PID: 3631 Comm: syslogd Tainted: G B 5.15.180-syzkaller #0 [ 101.652121][ T1] kernel BUG at lib/list_debug.c:29! [ 101.653517][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.655723][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 101.656948][ T3631] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 101.659356][ T1] Modules linked in: [ 101.661286][ T3631] pc : aa_file_perm+0xadc/0xd8c [ 101.663251][ T1] [ 101.663259][ T1] CPU: 0 PID: 1 Comm: init Tainted: G B 5.15.180-syzkaller #0 [ 101.664154][ T3631] lr : aa_file_perm+0xadc/0xd8c [ 101.665265][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.665856][ T3631] sp : ffff800022f27820 [ 101.667935][ T1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 101.669319][ T3631] x29: ffff800022f27990 [ 101.671782][ T1] pc : __list_add_valid+0xf4/0x110 [ 101.672767][ T3631] x28: ffff7000045e4f10 [ 101.674637][ T1] lr : __list_add_valid+0xf4/0x110 [ 101.675720][ T3631] x27: 0000000000000002 [ 101.676985][ T1] sp : ffff80001bc87340 [ 101.677949][ T3631] [ 101.677954][ T3631] x26: ffff7000045e4f60 [ 101.679408][ T1] x29: ffff80001bc87340 [ 101.680383][ T3631] x25: ffff0000eb00e000 [ 101.681370][ T1] x28: 00000000ffffb282 [ 101.681903][ T3631] x24: dfff800000000000 [ 101.682842][ T1] x27: 1fffe000199b0c0f [ 101.683891][ T3631] [ 101.683896][ T3631] x23: 0000000000000000 [ 101.685033][ T1] [ 101.686028][ T3631] x22: ffff0000e6f9f150 [ 101.687027][ T1] x26: 1fffe00019f981c6 [ 101.688035][ T3631] x21: ffff0000eb00e1a8 [ 101.688579][ T1] x25: dfff800000000000 [ 101.689650][ T3631] [ 101.690184][ T1] x24: ffff0000cfcc0e38 [ 101.691257][ T3631] x20: ffff0000c038bab0 [ 101.692239][ T1] [ 101.692245][ T1] x23: dfff800000000000 [ 101.693290][ T3631] x19: 0000000000000000 [ 101.694269][ T1] x22: ffff0000e743f1e8 [ 101.694851][ T3631] x18: 0000000000000001 [ 101.695926][ T1] x21: ffff0000cfcc0e30 [ 101.696956][ T3631] [ 101.697473][ T1] [ 101.697479][ T1] x20: ffff0000ccd86078 [ 101.698576][ T3631] x17: 0000000000000000 [ 101.699658][ T1] x19: ffff0000e743f1e0 [ 101.700760][ T3631] x16: ffff800011b54788 [ 101.701804][ T1] x18: 0000000000000003 [ 101.702938][ T3631] x15: 00000000ffffffff [ 101.703455][ T1] [ 101.703460][ T1] x17: 6c69665f61612033 [ 101.704049][ T3631] [ 101.704054][ T3631] x14: ffff0000d5fc1b40 [ 101.704956][ T1] x16: ffff800011b54788 [ 101.705922][ T3631] x13: 0000000000000001 [ 101.706934][ T1] x15: 662f726f6d726170 [ 101.707998][ T3631] x12: 0000000000000001 [ 101.709071][ T1] [ 101.710054][ T3631] [ 101.710059][ T3631] x11: 0000000000000000 [ 101.710558][ T1] x14: 70612f7974697275 [ 101.711541][ T3631] x10: 0000000000000000 [ 101.712084][ T1] x13: 205d313336335420 [ 101.713181][ T3631] x9 : 1e325d815959ee00 [ 101.714243][ T1] x12: 0000000000000001 [ 101.715288][ T3631] [ 101.715294][ T3631] x8 : 1e325d815959ee00 [ 101.716305][ T1] [ 101.716310][ T1] x11: 0000000000000002 [ 101.717354][ T3631] x7 : 0000000000000001 [ 101.717960][ T1] x10: 0000000000000000 [ 101.718539][ T3631] x6 : 0000000000000001 [ 101.719492][ T1] x9 : 0fb49d23320b3d00 [ 101.720520][ T3631] [ 101.720526][ T3631] x5 : ffff800022f26f98 [ 101.721516][ T1] [ 101.722588][ T3631] x4 : ffff800014c4fec0 [ 101.723633][ T1] x8 : 0fb49d23320b3d00 [ 101.724719][ T3631] x3 : ffff8000085597fc [ 101.725268][ T1] x7 : 0000000000000000 [ 101.726329][ T3631] [ 101.726334][ T3631] x2 : 0000000000000001 [ 101.726867][ T1] x6 : ffff80000832f1ec [ 101.727981][ T3631] x1 : 0000000100000000 [ 101.728928][ T1] [ 101.728933][ T1] x5 : 0000000000000000 [ 101.729969][ T3631] x0 : 0000000000000029 [ 101.730960][ T1] x4 : 0000000000000000 [ 101.732023][ T3631] [ 101.732527][ T1] x3 : ffff80000aa14f3c [ 101.733522][ T3631] Call trace: [ 101.734114][ T1] [ 101.734120][ T1] x2 : ffff0001b4173d10 [ 101.735130][ T3631] aa_file_perm+0xadc/0xd8c [ 101.736082][ T1] x1 : 0000000100000002 [ 101.737047][ T3631] common_file_perm+0x160/0x1cc [ 101.738107][ T1] x0 : 0000000000000075 [ 101.738703][ T3631] apparmor_file_permission+0x34/0x44 [ 101.739702][ T1] [ 101.740685][ T3631] security_file_permission+0x78/0xc0 [ 101.741713][ T1] Call trace: [ 101.742226][ T3631] vfs_write+0x1f0/0xb44 [ 101.743345][ T1] __list_add_valid+0xf4/0x110 [ 101.744540][ T3631] ksys_write+0x15c/0x26c [ 101.745551][ T1] inode_io_list_move_locked+0x144/0x24c [ 101.746116][ T3631] __arm64_sys_write+0x7c/0x90 [ 101.747156][ T1] __mark_inode_dirty+0x630/0x10f4 [ 101.747897][ T3631] invoke_syscall+0x98/0x2b8 [ 101.748484][ T1] touch_atime+0x4d0/0xa4c [ 101.749504][ T3631] el0_svc_common+0x138/0x258 [ 101.750619][ T1] pick_link+0x3f0/0xb70 [ 101.751682][ T3631] do_el0_svc+0x58/0x14c [ 101.752872][ T1] step_into+0x9b8/0xc20 [ 101.753910][ T3631] el0_svc+0x7c/0x1f0 [ 101.755270][ T1] walk_component+0x214/0x4cc [ 101.755873][ T3631] el0t_64_sync_handler+0x84/0xe4 [ 101.757126][ T1] link_path_walk+0x5a0/0xc38 [ 101.757898][ T3631] el0t_64_sync+0x1a0/0x1a4 [ 101.759009][ T1] path_lookupat+0x90/0x3d0 [ 101.760214][ T3631] irq event stamp: 80474 [ 101.761245][ T1] filename_lookup+0x1c4/0x4c8 [ 101.762722][ T3631] hardirqs last enabled at (80473): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 101.763894][ T1] user_path_at_empty+0x5c/0x1a4 [ 101.765147][ T3631] hardirqs last disabled at (80474): [] __schedule+0x308/0x1e48 [ 101.766254][ T1] do_faccessat+0x2fc/0x7b4 [ 101.767488][ T3631] softirqs last enabled at (80438): [] local_bh_enable+0x10/0x34 [ 101.768630][ T1] __arm64_sys_faccessat+0x80/0x94 [ 101.769667][ T3631] softirqs last disabled at (80436): [] local_bh_disable+0x10/0x34 [ 101.770716][ T1] invoke_syscall+0x98/0x2b8 [ 101.771715][ T3631] ---[ end trace 70690f4a13812c12 ]--- [ 101.772654][ T1] el0_svc_common+0x138/0x258 [ 101.774162][ T4629] ================================================================================ [ 101.774985][ T1] do_el0_svc+0x58/0x14c [ 101.776131][ T4629] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 [ 101.777135][ T1] el0_svc+0x7c/0x1f0 [ 101.778239][ T4629] index 1483 is out of range for type 'unsigned long[8]' [ 101.779286][ T1] el0t_64_sync_handler+0x84/0xe4 [ 101.780277][ T4629] CPU: 1 PID: 4629 Comm: udevd Tainted: G B W 5.15.180-syzkaller #0 [ 101.782907][ T1] el0t_64_sync+0x1a0/0x1a4 [ 101.784120][ T4629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.786459][ T1] Code: 91130000 aa1403e1 aa1303e3 95c3684b (d4210000) [ 101.787567][ T4629] Call trace: [ 101.789899][ T1] ---[ end trace 70690f4a13812c13 ]--- [ 101.791183][ T4629] dump_backtrace+0x0/0x530 [ 101.817673][ T4629] show_stack+0x2c/0x3c [ 101.818705][ T4629] dump_stack_lvl+0x108/0x170 [ 101.819864][ T4629] dump_stack+0x1c/0x58 [ 101.820994][ T4629] __ubsan_handle_out_of_bounds+0x108/0x15c [ 101.822448][ T4629] queued_spin_lock_slowpath+0x854/0x938 [ 101.823817][ T4629] do_raw_spin_lock+0x334/0x35c [ 101.824933][ T4629] _raw_spin_lock_irqsave+0xcc/0x14c [ 101.826222][ T4629] remove_wait_queue+0x34/0x118 [ 101.827412][ T4629] ep_unregister_pollwait+0x150/0x238 [ 101.828839][ T4629] ep_free+0xec/0x238 [ 101.829850][ T4629] ep_eventpoll_release+0x4c/0x68 [ 101.831155][ T4629] __fput+0x1c4/0x800 [ 101.832078][ T4629] ____fput+0x20/0x30 [ 101.832940][ T4629] task_work_run+0x130/0x1e4 [ 101.834033][ T4629] do_notify_resume+0x262c/0x32b8 [ 101.835188][ T4629] el0_svc+0xfc/0x1f0 [ 101.836155][ T4629] el0t_64_sync_handler+0x84/0xe4 [ 101.837330][ T4629] el0t_64_sync+0x1a0/0x1a4 [ 101.838374][ T4629] ================================================================================ [ 101.840887][ T4629] Unable to handle kernel paging request at virtual address ffff800014ad7700 [ 101.843093][ T4629] Mem abort info: [ 101.843969][ T4629] ESR = 0x0000000096000047 [ 101.845069][ T4629] EC = 0x25: DABT (current EL), IL = 32 bits [ 101.846547][ T4629] SET = 0, FnV = 0 [ 101.847474][ T4629] EA = 0, S1PTW = 0 [ 101.848372][ T4629] FSC = 0x07: level 3 translation fault [ 101.849873][ T4629] Data abort info: [ 101.850715][ T4629] ISV = 0, ISS = 0x00000047 [ 101.851708][ T4629] CM = 0, WnR = 1 [ 101.852612][ T4629] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ae1a7000 [ 101.854514][ T4629] [ffff800014ad7700] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=100000023fff9003, pte=0000000000000000 [ 102.195042][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 102.196862][ T1] SMP: stopping secondary CPUs [ 103.285364][ T1] SMP: failed to stop secondary CPUs 0-1 [ 103.286967][ T1] Kernel Offset: disabled [ 103.288064][ T1] CPU features: 0x8,000081c1,21302e40 [ 103.289465][ T1] Memory Limit: none [ 103.690992][ T1] Rebooting in 86400 seconds..