Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts.
2026/03/05 02:15:02 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[  127.538431][ T6138] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  130.660738][  T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.668609][  T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.700381][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.708298][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.828229][ T6169] chnl_net:caif_netlink_parms(): no params data found
[  131.913293][ T6169] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.920527][ T6169] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.927640][ T6169] bridge_slave_0: entered allmulticast mode
[  131.935125][ T6169] bridge_slave_0: entered promiscuous mode
[  131.943004][ T6169] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.950083][ T6169] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.958264][ T6169] bridge_slave_1: entered allmulticast mode
[  131.965799][ T6169] bridge_slave_1: entered promiscuous mode
[  131.996760][ T6169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.008491][ T6169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.041197][ T6169] team0: Port device team_slave_0 added
[  132.049015][ T6169] team0: Port device team_slave_1 added
[  132.077089][ T6169] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.084285][ T6169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  132.110522][ T6169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.122779][ T6169] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.129716][ T6169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  132.155874][ T6169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.202190][ T6169] hsr_slave_0: entered promiscuous mode
[  132.208614][ T6169] hsr_slave_1: entered promiscuous mode
[  132.254775][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  132.261429][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  132.753386][ T6169] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  132.765674][ T6169] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  132.780363][ T6169] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  132.792459][ T6169] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  132.903188][ T6169] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.928815][ T6169] 8021q: adding VLAN 0 to HW filter on device team0
[  132.944457][  T147] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.951614][  T147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.969011][  T147] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.976158][  T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.242324][ T6169] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.290229][ T6169] veth0_vlan: entered promiscuous mode
[  133.308883][ T6169] veth1_vlan: entered promiscuous mode
[  133.350164][ T6169] veth0_macvtap: entered promiscuous mode
[  133.363494][ T6169] veth1_macvtap: entered promiscuous mode
[  133.386972][ T6169] batman_adv: batadv0: Interface activated: batadv_slave_0
[  133.403802][ T6169] batman_adv: batadv0: Interface activated: batadv_slave_1
[  133.422851][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.447372][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.475745][   T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.510036][   T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.660807][  T994] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.753848][  T994] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.824595][  T994] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.939850][  T994] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.016436][ T5136] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  135.024599][ T5136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  135.037822][ T5136] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  135.046072][ T5136] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  135.066849][ T5136] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  136.106997][  T994] bridge_slave_1: left allmulticast mode
[  136.117305][  T994] bridge_slave_1: left promiscuous mode
[  136.124997][  T994] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.139466][  T994] bridge_slave_0: left allmulticast mode
[  136.171735][  T994] bridge_slave_0: left promiscuous mode
[  136.177496][  T994] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.601569][  T994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.613061][  T994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.623258][  T994] bond0 (unregistering): Released all slaves
[  136.731240][  T994] hsr_slave_0: left promiscuous mode
[  136.737357][  T994] hsr_slave_1: left promiscuous mode
[  136.745216][  T994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.752826][  T994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.762143][  T994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.769609][  T994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.783701][  T994] veth1_macvtap: left promiscuous mode
[  136.789214][  T994] veth0_macvtap: left promiscuous mode
[  136.795416][  T994] veth1_vlan: left promiscuous mode
[  136.800724][  T994] veth0_vlan: left promiscuous mode
[  137.132732][  T994] team0 (unregistering): Port device team_slave_1 removed
[  137.152620][  T994] team0 (unregistering): Port device team_slave_0 removed
2026/03/05 02:15:18 executed programs: 0
[  137.921169][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  137.931127][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  137.938548][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  137.954161][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  137.961965][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  138.870436][ T6358] chnl_net:caif_netlink_parms(): no params data found
[  139.093913][ T6358] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.101208][ T6358] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.108376][ T6358] bridge_slave_0: entered allmulticast mode
[  139.119726][ T6358] bridge_slave_0: entered promiscuous mode
[  139.134331][ T6358] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.141718][ T6358] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.148878][ T6358] bridge_slave_1: entered allmulticast mode
[  139.157011][ T6358] bridge_slave_1: entered promiscuous mode
[  139.212081][ T6358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.234316][ T6358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.278135][ T6358] team0: Port device team_slave_0 added
[  139.286764][ T6358] team0: Port device team_slave_1 added
[  139.326817][ T6358] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.333957][ T6358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  139.360253][ T6358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.373331][ T6358] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.380271][ T6358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  139.406878][ T6358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.468311][ T6358] hsr_slave_0: entered promiscuous mode
[  139.475189][ T6358] hsr_slave_1: entered promiscuous mode
[  139.945509][ T6358] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  139.956020][ T6358] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  139.965815][ T6358] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  139.976164][ T6358] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  140.010552][ T5847] Bluetooth: hci0: command tx timeout
[  140.055304][ T6358] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.074990][ T6358] 8021q: adding VLAN 0 to HW filter on device team0
[  140.088365][  T994] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.095540][  T994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.109964][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.117090][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.301244][ T6358] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.348061][ T6358] veth0_vlan: entered promiscuous mode
[  140.359068][ T6358] veth1_vlan: entered promiscuous mode
[  140.386611][ T6358] veth0_macvtap: entered promiscuous mode
[  140.398210][ T6358] veth1_macvtap: entered promiscuous mode
[  140.416076][ T6358] batman_adv: batadv0: Interface activated: batadv_slave_0
[  140.429264][ T6358] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.443972][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.454293][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.470959][   T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.479673][   T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.529588][  T994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.544083][  T994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.571649][  T994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.579566][  T994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.638309][ T6425] loop0: detected capacity change from 0 to 1024
[  140.647257][ T6425] EXT4-fs: Ignoring removed orlov option
[  140.662167][ T6425] EXT4-fs: Ignoring removed nomblk_io_submit option
[  140.693967][ T6425] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8043c118, mo2=0002]
[  140.715605][ T6425] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.771133][ T6425] loop0: detected capacity change from 1024 to 64
[  140.788874][ T6425] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #12: block 7: comm syz.0.17: bad entry in directory: directory entry overrun - offset=0, inode=268435456, rec_len=1280, size=56 fake=0
[  140.812135][ T6425] EXT4-fs error (device loop0): xattr_find_entry:337: inode #12: comm syz.0.17: corrupted xattr entries
[  140.834639][ T6358] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 16: comm syz-executor: path /0/file1: bad entry in directory: inode out of bounds - offset=0, inode=201326592, rec_len=256, size=1024 fake=0
[  140.875896][ T6358] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.897746][ T6426] kmmpd-loop0: attempt to access beyond end of device
[  140.897746][ T6426] loop0: rw=8402945, sector=128, nr_sectors = 2 limit=64
[  140.913480][ T6426] Buffer I/O error on dev loop0, logical block 64, lost sync page write
[  142.333494][   T37] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.361938][ T5136] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  142.369415][ T5136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  142.378243][ T5136] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  142.386721][ T5136] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  142.394715][ T5136] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  142.596565][ T6430] chnl_net:caif_netlink_parms(): no params data found
[  142.716796][ T6430] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.724251][ T6430] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.732863][ T6430] bridge_slave_0: entered allmulticast mode
[  142.741227][ T6430] bridge_slave_0: entered promiscuous mode
[  142.750899][ T6430] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.758063][ T6430] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.765628][ T6430] bridge_slave_1: entered allmulticast mode
[  142.773830][ T6430] bridge_slave_1: entered promiscuous mode
[  142.814429][ T6430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.827155][ T6430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.864838][ T6430] team0: Port device team_slave_0 added
[  142.873088][ T6430] team0: Port device team_slave_1 added
[  142.903490][ T6430] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.910457][ T6430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  142.936696][ T6430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.948917][ T6430] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.956040][ T6430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  142.981970][ T6430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.031117][ T6430] hsr_slave_0: entered promiscuous mode
[  143.037850][ T6430] hsr_slave_1: entered promiscuous mode
[  143.044196][ T6430] debugfs: 'hsr0' already exists in 'hsr'
[  143.049908][ T6430] Cannot create hsr debugfs directory
[  143.211071][ T6430] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  143.221591][ T6430] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  143.232466][ T6430] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  143.243097][ T6430] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  143.320264][ T6430] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.341572][ T6430] 8021q: adding VLAN 0 to HW filter on device team0
[  143.354849][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.361959][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.376599][  T147] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.383738][  T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.581757][ T6430] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.626199][ T6430] veth0_vlan: entered promiscuous mode
[  143.637209][ T6430] veth1_vlan: entered promiscuous mode
[  143.666947][ T6430] veth0_macvtap: entered promiscuous mode
[  143.676277][ T6430] veth1_macvtap: entered promiscuous mode
[  143.697915][ T6430] batman_adv: batadv0: Interface activated: batadv_slave_0
[  143.711871][ T6430] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.725572][   T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.735736][   T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.751378][   T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.760198][   T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.816493][  T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.832696][  T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/03/05 02:15:24 executed programs: 5
[  143.859472][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.867335][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.934575][ T6449] loop1: detected capacity change from 0 to 1024
[  143.944549][ T6449] EXT4-fs: Ignoring removed orlov option
[  143.950212][ T6449] EXT4-fs: Ignoring removed nomblk_io_submit option
[  143.982148][ T6449] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8043c118, mo2=0002]
[  143.993655][ T6449] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.071333][ T6449] loop1: detected capacity change from 1024 to 64
[  144.079666][ T6452] EXT4-fs error (device loop1): ext4_find_dest_de:2050: inode #12: block 7: comm syz.1.20: bad entry in directory: directory entry overrun - offset=0, inode=268435456, rec_len=1280, size=56 fake=0
[  144.102913][ T6449] ==================================================================
[  144.110968][ T6449] BUG: KASAN: use-after-free in xattr_find_entry+0x1a5/0x280
[  144.118346][ T6449] Read of size 4 at addr ffff88805ee0d004 by task syz.1.20/6449
[  144.125964][ T6449] 
[  144.128269][ T6449] CPU: 1 UID: 49663 PID: 6449 Comm: syz.1.20 Not tainted syzkaller #0 PREEMPT(full) 
[  144.128289][ T6449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  144.128300][ T6449] Call Trace:
[  144.128307][ T6449]  <TASK>
[  144.128315][ T6449]  dump_stack_lvl+0xe8/0x150
[  144.128343][ T6449]  print_report+0xba/0x230
[  144.128364][ T6449]  ? xattr_find_entry+0x1a5/0x280
[  144.128385][ T6449]  kasan_report+0x117/0x150
[  144.128413][ T6449]  ? xattr_find_entry+0x1a5/0x280
[  144.128437][ T6449]  xattr_find_entry+0x1a5/0x280
[  144.128463][ T6449]  ext4_xattr_ibody_get+0x232/0x4c0
[  144.128488][ T6449]  ? __pfx_ext4_xattr_ibody_get+0x10/0x10
[  144.128509][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.128534][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.128555][ T6449]  ? down_read+0x272/0x2e0
[  144.128574][ T6449]  ? ext4_xattr_get+0xe3/0x6a0
[  144.128596][ T6449]  ext4_xattr_get+0x123/0x6a0
[  144.128616][ T6449]  ? get_cached_acl+0xe4/0x550
[  144.128643][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.128668][ T6449]  ext4_get_acl+0x84/0x930
[  144.128693][ T6449]  ? __pfx_ext4_get_acl+0x10/0x10
[  144.128709][ T6449]  __get_acl+0x27e/0x410
[  144.128737][ T6449]  ? __pfx___get_acl+0x10/0x10
[  144.128762][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.128788][ T6449]  check_acl+0x3a/0x150
[  144.128815][ T6449]  generic_permission+0x497/0x690
[  144.128845][ T6449]  inode_permission+0x243/0x5f0
[  144.128872][ T6449]  link_path_walk+0x1149/0x18d0
[  144.128912][ T6449]  path_lookupat+0xe4/0x8c0
[  144.128946][ T6449]  filename_lookup+0x256/0x5d0
[  144.128975][ T6449]  ? __pfx_filename_lookup+0x10/0x10
[  144.129013][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.129034][ T6449]  ? strncpy_from_user+0x150/0x2b0
[  144.129057][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.129078][ T6449]  ? do_getname+0x151/0x250
[  144.129103][ T6449]  user_path_at+0x40/0x160
[  144.129121][ T6449]  __se_sys_mount+0x2dc/0x420
[  144.129151][ T6449]  ? __pfx___se_sys_mount+0x10/0x10
[  144.129180][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.129201][ T6449]  ? __x64_sys_mount+0x20/0xc0
[  144.129231][ T6449]  do_syscall_64+0x14d/0xf80
[  144.129248][ T6449]  ? trace_irq_disable+0x3b/0x150
[  144.129276][ T6449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.129296][ T6449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.129314][ T6449] RIP: 0033:0x7fc84bf9c629
[  144.129330][ T6449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  144.129344][ T6449] RSP: 002b:00007fc84ce5a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  144.129362][ T6449] RAX: ffffffffffffffda RBX: 00007fc84c215fa0 RCX: 00007fc84bf9c629
[  144.129375][ T6449] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000
[  144.129387][ T6449] RBP: 00007fc84c032b39 R08: 0000000000000000 R09: 0000000000000000
[  144.129398][ T6449] R10: 0000000002094080 R11: 0000000000000246 R12: 0000000000000000
[  144.129409][ T6449] R13: 00007fc84c216038 R14: 00007fc84c215fa0 R15: 00007ffce5982ab8
[  144.129430][ T6449]  </TASK>
[  144.129436][ T6449] 
[  144.431049][ T6449] The buggy address belongs to the physical page:
[  144.437459][ T6449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7ff16583b pfn:0x5ee0d
[  144.446891][ T6449] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  144.453987][ T6449] raw: 00fff00000000000 ffffea000188d188 ffffea00017b8248 0000000000000000
[  144.462563][ T6449] raw: 00000007ff16583b 0000000000000000 00000000ffffffff 0000000000000000
[  144.471121][ T6449] page dumped because: kasan: bad access detected
[  144.477507][ T6449] page_owner tracks the page as freed
[  144.482848][ T6449] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 6434, tgid 6434 (modprobe), ts 142554552793, free_ts 142583271307
[  144.501338][ T6449]  post_alloc_hook+0x231/0x280
[  144.506086][ T6449]  get_page_from_freelist+0x24dc/0x2580
[  144.511634][ T6449]  __alloc_frozen_pages_noprof+0x18d/0x380
[  144.517438][ T6449]  alloc_pages_mpol+0x232/0x4a0
[  144.522366][ T6449]  vma_alloc_folio_noprof+0xea/0x210
[  144.527637][ T6449]  do_pte_missing+0x1656/0x3750
[  144.532563][ T6449]  handle_mm_fault+0x1bec/0x3310
[  144.537490][ T6449]  do_user_addr_fault+0xa73/0x1340
[  144.542589][ T6449]  exc_page_fault+0x6a/0xc0
[  144.547073][ T6449]  asm_exc_page_fault+0x26/0x30
[  144.551905][ T6449] page last free pid 6434 tgid 6434 stack trace:
[  144.558207][ T6449]  free_unref_folios+0xed5/0x16d0
[  144.563214][ T6449]  folios_put_refs+0x789/0x8d0
[  144.567966][ T6449]  free_pages_and_swap_cache+0x2e7/0x5b0
[  144.573590][ T6449]  tlb_flush_mmu+0x6d3/0xa30
[  144.578167][ T6449]  tlb_finish_mmu+0xf9/0x230
[  144.582743][ T6449]  exit_mmap+0x498/0xa10
[  144.586973][ T6449]  __mmput+0x118/0x430
[  144.591034][ T6449]  exit_mm+0x168/0x220
[  144.595083][ T6449]  do_exit+0x6a2/0x23c0
[  144.599220][ T6449]  do_group_exit+0x21b/0x2d0
[  144.603792][ T6449]  __x64_sys_exit_group+0x3f/0x40
[  144.608800][ T6449]  x64_sys_call+0x221a/0x2240
[  144.613472][ T6449]  do_syscall_64+0x14d/0xf80
[  144.618047][ T6449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.623923][ T6449] 
[  144.626274][ T6449] Memory state around the buggy address:
[  144.631885][ T6449]  ffff88805ee0cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.639932][ T6449]  ffff88805ee0cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.647972][ T6449] >ffff88805ee0d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  144.656008][ T6449]                    ^
[  144.660058][ T6449]  ffff88805ee0d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  144.668099][ T6449]  ffff88805ee0d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  144.676137][ T6449] ==================================================================
[  144.687393][ T5136] Bluetooth: hci0: command tx timeout
[  144.693443][ T6449] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  144.700638][ T6449] CPU: 1 UID: 49663 PID: 6449 Comm: syz.1.20 Not tainted syzkaller #0 PREEMPT(full) 
[  144.710093][ T6449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  144.720127][ T6449] Call Trace:
[  144.723387][ T6449]  <TASK>
[  144.726300][ T6449]  vpanic+0x56c/0xa60
[  144.730277][ T6449]  ? __pfx_vpanic+0x10/0x10
[  144.734771][ T6449]  ? __pfx___schedule+0x10/0x10
[  144.739629][ T6449]  panic+0xc5/0xd0
[  144.743343][ T6449]  ? __pfx_panic+0x10/0x10
[  144.747752][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.753370][ T6449]  ? preempt_schedule_common+0x82/0xd0
[  144.758830][ T6449]  ? xattr_find_entry+0x1a5/0x280
[  144.763851][ T6449]  check_panic_on_warn+0x89/0xb0
[  144.768773][ T6449]  ? xattr_find_entry+0x1a5/0x280
[  144.773785][ T6449]  end_report+0x73/0x180
[  144.778029][ T6449]  ? xattr_find_entry+0x1a5/0x280
[  144.783035][ T6449]  kasan_report+0x128/0x150
[  144.787529][ T6449]  ? xattr_find_entry+0x1a5/0x280
[  144.792540][ T6449]  xattr_find_entry+0x1a5/0x280
[  144.797378][ T6449]  ext4_xattr_ibody_get+0x232/0x4c0
[  144.802567][ T6449]  ? __pfx_ext4_xattr_ibody_get+0x10/0x10
[  144.808278][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.813908][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.819534][ T6449]  ? down_read+0x272/0x2e0
[  144.823940][ T6449]  ? ext4_xattr_get+0xe3/0x6a0
[  144.828703][ T6449]  ext4_xattr_get+0x123/0x6a0
[  144.833372][ T6449]  ? get_cached_acl+0xe4/0x550
[  144.838135][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.843761][ T6449]  ext4_get_acl+0x84/0x930
[  144.848177][ T6449]  ? __pfx_ext4_get_acl+0x10/0x10
[  144.853195][ T6449]  __get_acl+0x27e/0x410
[  144.857439][ T6449]  ? __pfx___get_acl+0x10/0x10
[  144.862202][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.867830][ T6449]  check_acl+0x3a/0x150
[  144.871986][ T6449]  generic_permission+0x497/0x690
[  144.877012][ T6449]  inode_permission+0x243/0x5f0
[  144.881865][ T6449]  link_path_walk+0x1149/0x18d0
[  144.886728][ T6449]  path_lookupat+0xe4/0x8c0
[  144.891236][ T6449]  filename_lookup+0x256/0x5d0
[  144.896002][ T6449]  ? __pfx_filename_lookup+0x10/0x10
[  144.901298][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.906921][ T6449]  ? strncpy_from_user+0x150/0x2b0
[  144.912028][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.917650][ T6449]  ? do_getname+0x151/0x250
[  144.922150][ T6449]  user_path_at+0x40/0x160
[  144.926559][ T6449]  __se_sys_mount+0x2dc/0x420
[  144.931236][ T6449]  ? __pfx___se_sys_mount+0x10/0x10
[  144.936432][ T6449]  ? srso_alias_return_thunk+0x5/0xfbef5
[  144.942055][ T6449]  ? __x64_sys_mount+0x20/0xc0
[  144.946819][ T6449]  do_syscall_64+0x14d/0xf80
[  144.951399][ T6449]  ? trace_irq_disable+0x3b/0x150
[  144.956424][ T6449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.962479][ T6449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.968360][ T6449] RIP: 0033:0x7fc84bf9c629
[  144.972761][ T6449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  144.992352][ T6449] RSP: 002b:00007fc84ce5a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  145.000759][ T6449] RAX: ffffffffffffffda RBX: 00007fc84c215fa0 RCX: 00007fc84bf9c629
[  145.008718][ T6449] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000
[  145.016673][ T6449] RBP: 00007fc84c032b39 R08: 0000000000000000 R09: 0000000000000000
[  145.024628][ T6449] R10: 0000000002094080 R11: 0000000000000246 R12: 0000000000000000
[  145.032582][ T6449] R13: 00007fc84c216038 R14: 00007fc84c215fa0 R15: 00007ffce5982ab8
[  145.040549][ T6449]  </TASK>
[  145.043769][ T6449] Kernel Offset: disabled
[  145.048072][ T6449] Rebooting in 86400 seconds..