Warning: Permanently added '10.128.1.211' (ED25519) to the list of known hosts.
1970/01/01 00:01:26 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:01:27 parsed 1 programs
[   90.001400][ T4449] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   99.134061][ T4478] chnl_net:caif_netlink_parms(): no params data found
[   99.175185][ T4478] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.177416][ T4478] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.180548][ T4478] device bridge_slave_0 entered promiscuous mode
[   99.186499][ T4478] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.188786][ T4478] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.191455][ T4478] device bridge_slave_1 entered promiscuous mode
[   99.207471][ T4478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.212243][ T4478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.233302][ T4478] team0: Port device team_slave_0 added
[   99.236836][ T4478] team0: Port device team_slave_1 added
[   99.251433][ T4478] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.253439][ T4478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.260584][ T4478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.265213][ T4478] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.267981][ T4478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.275099][ T4478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.338937][ T4478] device hsr_slave_0 entered promiscuous mode
[   99.377201][ T4478] device hsr_slave_1 entered promiscuous mode
[  100.246267][ T4478] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.289156][ T4478] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.338742][ T4478] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.359624][ T4478] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.512591][ T4478] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.527874][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.531674][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.540083][ T4478] 8021q: adding VLAN 0 to HW filter on device team0
[  100.545038][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.548776][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.551504][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.553564][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.575342][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.578279][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.581236][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.583947][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.585940][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.589258][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  100.603086][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.606605][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.611445][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.625224][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.628821][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.631853][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.634752][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.648648][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.651482][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.654275][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.658256][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.799553][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  100.801799][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  100.811158][ T4478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.838243][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  100.842794][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  100.856594][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  100.859645][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  100.862711][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  100.865658][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  100.876035][ T4478] device veth0_vlan entered promiscuous mode
[  100.884679][ T4478] device veth1_vlan entered promiscuous mode
[  100.903499][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  100.906214][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  100.911160][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  100.914485][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  100.919900][ T4478] device veth0_macvtap entered promiscuous mode
[  100.924224][ T4478] device veth1_macvtap entered promiscuous mode
[  100.939924][ T4478] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.942088][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  100.945657][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  100.950101][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  100.953040][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  100.963192][ T4478] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.968061][ T4478] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.970564][ T4478] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.972940][ T4478] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.975418][ T4478] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.982007][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  100.985029][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.455350][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.458521][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.464348][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  101.480322][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.482745][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.486047][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:42 executed programs: 0
[  103.079493][ T4686] chnl_net:caif_netlink_parms(): no params data found
[  103.158835][ T4686] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.160981][ T4686] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.165913][ T4686] device bridge_slave_0 entered promiscuous mode
[  103.173146][ T4686] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.175251][ T4686] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.179575][ T4686] device bridge_slave_1 entered promiscuous mode
[  103.203682][ T4686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.212176][ T4686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.236211][ T4686] team0: Port device team_slave_0 added
[  103.240504][ T4686] team0: Port device team_slave_1 added
[  103.258183][ T4686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.260150][ T4686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.270558][ T4686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.275245][ T4686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.278063][ T4686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.285200][ T4686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.358973][ T4686] device hsr_slave_0 entered promiscuous mode
[  103.397286][ T4686] device hsr_slave_1 entered promiscuous mode
[  103.436887][ T4686] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.439113][ T4686] Cannot create hsr debugfs directory
[  103.551561][ T4686] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.797061][ T4033] Bluetooth: hci0: command 0x0409 tx timeout
[  106.613159][ T4686] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.654545][ T4686] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.706287][ T4686] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.877541][ T4157] Bluetooth: hci0: command 0x041b tx timeout
[  106.883274][ T4686] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.940730][ T4686] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.971608][ T4686] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.019307][ T4686] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.116719][ T4686] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.124463][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.130048][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.135012][ T4686] 8021q: adding VLAN 0 to HW filter on device team0
[  107.140165][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.143057][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.145634][  T153] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.147803][  T153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.153243][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  107.160088][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.163034][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.165695][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.167780][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.175614][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  107.185293][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  107.193157][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  107.197088][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  107.201032][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  107.206048][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  107.212494][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  107.219487][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  107.222394][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  107.228598][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  107.231400][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  107.235450][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  107.353502][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  107.355757][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.402714][ T4686] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.427102][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  107.430132][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  107.458413][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  107.461255][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  107.464177][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  107.467427][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  107.472301][ T4686] device veth0_vlan entered promiscuous mode
[  107.479389][ T4686] device veth1_vlan entered promiscuous mode
[  107.530738][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  107.533484][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  107.536136][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  107.542498][ T1618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  107.548602][ T4686] device veth0_macvtap entered promiscuous mode
[  107.558336][ T4686] device veth1_macvtap entered promiscuous mode
[  107.575726][ T4686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  107.578801][ T4686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.582755][ T4686] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.584932][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  107.592205][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  107.594950][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  107.598230][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  107.616144][ T4686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  107.622443][ T4686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.626217][ T4686] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.631060][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  107.634150][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  107.643924][ T4686] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.646365][ T4686] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.649382][ T4686] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.651816][ T4686] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.724946][  T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.727508][  T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.740272][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.752305][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.754493][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.757956][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:47 executed programs: 2
[  107.796610][ T4894] loop0: detected capacity change from 0 to 512
[  107.805733][ T4894] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  107.809847][ T4894] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  107.818882][ T4894] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  107.822967][ T4894] EXT4-fs (loop0): 1 truncate cleaned up
[  107.824728][ T4894] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  107.843237][ T4894] ==================================================================
[  107.845730][ T4894] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0xb34/0x2d98
[  107.847974][ T4894] Read of size 18446744073709551540 at addr ffff0000c89a2070 by task syz.0.16/4894
[  107.850650][ T4894] 
[  107.851339][ T4894] CPU: 1 PID: 4894 Comm: syz.0.16 Not tainted 5.15.186-syzkaller #0
[  107.853632][ T4894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  107.856288][ T4894] Call trace:
[  107.857169][ T4894]  dump_backtrace+0x0/0x43c
[  107.858389][ T4894]  show_stack+0x2c/0x3c
[  107.859488][ T4894]  __dump_stack+0x30/0x40
[  107.860725][ T4894]  dump_stack_lvl+0xf8/0x160
[  107.862079][ T4894]  print_address_description+0x78/0x30c
[  107.863736][ T4894]  kasan_report+0xec/0x15c
[  107.864926][ T4894]  kasan_check_range+0x270/0x2b0
[  107.866367][ T4894]  memmove+0x90/0xe8
[  107.867411][ T4894]  ext4_xattr_set_entry+0xb34/0x2d98
[  107.869024][ T4894]  ext4_xattr_block_set+0x528/0x26fc
[  107.870482][ T4894]  ext4_xattr_set_handle+0xa08/0x1050
[  107.872063][ T4894]  ext4_xattr_set+0x1e0/0x2b4
[  107.873337][ T4894]  ext4_xattr_trusted_set+0x4c/0x64
[  107.874756][ T4894]  __vfs_setxattr+0x388/0x3a4
[  107.876087][ T4894]  __vfs_setxattr_noperm+0x120/0x564
[  107.877647][ T4894]  __vfs_setxattr_locked+0x1ec/0x218
[  107.879158][ T4894]  vfs_setxattr+0x158/0x2ac
[  107.880433][ T4894]  setxattr+0x248/0x2ac
[  107.881609][ T4894]  path_setxattr+0x12c/0x25c
[  107.882835][ T4894]  __arm64_sys_lsetxattr+0xbc/0xd8
[  107.884327][ T4894]  invoke_syscall+0x98/0x2b8
[  107.885637][ T4894]  el0_svc_common+0x138/0x258
[  107.886983][ T4894]  do_el0_svc+0x58/0x14c
[  107.888222][ T4894]  el0_svc+0x78/0x1e0
[  107.889345][ T4894]  el0t_64_sync_handler+0xcc/0xe4
[  107.890744][ T4894]  el0t_64_sync+0x1a0/0x1a4
[  107.892091][ T4894] 
[  107.892729][ T4894] Allocated by task 4894:
[  107.893996][ T4894]  __kasan_kmalloc+0xb0/0xf0
[  107.895332][ T4894]  __kmalloc_track_caller+0x218/0x370
[  107.896846][ T4894]  kmemdup+0xcc/0x144
[  107.897969][ T4894]  ext4_xattr_block_set+0x470/0x26fc
[  107.899522][ T4894]  ext4_xattr_set_handle+0xa08/0x1050
[  107.901037][ T4894]  ext4_xattr_set+0x1e0/0x2b4
[  107.902444][ T4894]  ext4_xattr_trusted_set+0x4c/0x64
[  107.903992][ T4894]  __vfs_setxattr+0x388/0x3a4
[  107.905313][ T4894]  __vfs_setxattr_noperm+0x120/0x564
[  107.906820][ T4894]  __vfs_setxattr_locked+0x1ec/0x218
[  107.908342][ T4894]  vfs_setxattr+0x158/0x2ac
[  107.909642][ T4894]  setxattr+0x248/0x2ac
[  107.910801][ T4894]  path_setxattr+0x12c/0x25c
[  107.912103][ T4894]  __arm64_sys_lsetxattr+0xbc/0xd8
[  107.913523][ T4894]  invoke_syscall+0x98/0x2b8
[  107.914799][ T4894]  el0_svc_common+0x138/0x258
[  107.916128][ T4894]  do_el0_svc+0x58/0x14c
[  107.917386][ T4894]  el0_svc+0x78/0x1e0
[  107.918541][ T4894]  el0t_64_sync_handler+0xcc/0xe4
[  107.919972][ T4894]  el0t_64_sync+0x1a0/0x1a4
[  107.921204][ T4894] 
[  107.921813][ T4894] The buggy address belongs to the object at ffff0000c89a2000
[  107.921813][ T4894]  which belongs to the cache kmalloc-1k of size 1024
[  107.925890][ T4894] The buggy address is located 112 bytes inside of
[  107.925890][ T4894]  1024-byte region [ffff0000c89a2000, ffff0000c89a2400)
[  107.929722][ T4894] The buggy address belongs to the page:
[  107.931354][ T4894] page:000000004cde0fe3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1089a0
[  107.934214][ T4894] head:000000004cde0fe3 order:3 compound_mapcount:0 compound_pincount:0
[  107.936570][ T4894] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  107.939005][ T4894] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780
[  107.941463][ T4894] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  107.943888][ T4894] page dumped because: kasan: bad access detected
[  107.945748][ T4894] 
[  107.946440][ T4894] Memory state around the buggy address:
[  107.947974][ T4894]  ffff0000c89a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  107.950223][ T4894]  ffff0000c89a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  107.952565][ T4894] >ffff0000c89a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.954790][ T4894]                                                              ^
[  107.957007][ T4894]  ffff0000c89a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.959284][ T4894]  ffff0000c89a2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.961521][ T4894] ==================================================================
[  107.963797][ T4894] Disabling lock debugging due to kernel taint
[  108.049344][ T4898] loop0: detected capacity change from 0 to 512
[  108.080492][ T4898] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  108.087699][ T4898] EXT4-fs (loop0): 1 truncate cleaned up
[  108.089397][ T4898] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  108.110886][ T4898] Unable to handle kernel write to read-only memory at virtual address ffff0000cf672000
[  108.110919][ T4882] Unable to handle kernel paging request at virtual address 0000000ffff9dfba
[  108.113762][ T4898] Mem abort info:
[  108.116280][ T4882] Mem abort info:
[  108.116291][ T4882]   ESR = 0x0000000096000004
[  108.116304][ T4882]   EC = 0x25: DABT (current EL), IL = 32 bits
[  108.116316][ T4882]   SET = 0, FnV = 0
[  108.117370][    C0] Unable to handle kernel paging request at virtual address 002d0bee4cadad31
[  108.117382][    C0] Mem abort info:
[  108.117384][    C0]   ESR = 0x0000000096000004
[  108.117389][    C0]   EC = 0x25: DABT (current EL), IL = 32 bits
[  108.117392][    C1] Unable to handle kernel paging request at virtual address dfff800000000000
[  108.117396][    C0]   SET = 0, FnV = 0
[  108.117401][    C1] Mem abort info:
[  108.117401][    C0]   EA = 0, S1PTW = 0
[  108.117404][    C1]   ESR = 0x0000000096000006
[  108.117406][    C0]   FSC = 0x04: level 0 translation fault
[  108.117409][    C1]   EC = 0x25: DABT (current EL), IL = 32 bits
[  108.117412][    C0] Data abort info:
[  108.117415][    C0]   ISV = 0, ISS = 0x00000004
[  108.117416][    C1]   SET = 0, FnV = 0
[  108.117419][    C0]   CM = 0, WnR = 0
[  108.117421][    C1]   EA = 0, S1PTW = 0
[  108.117424][    C0] [002d0bee4cadad31] address between user and kernel address ranges
[  108.117426][    C1]   FSC = 0x06: level 2 translation fault
[  108.117432][    C1] Data abort info:
[  108.117432][    C0] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[  108.117434][    C1]   ISV = 0, ISS = 0x00000006
[  108.117438][    C1]   CM = 0, WnR = 0
[  108.117441][    C0] Modules linked in:
[  108.117443][    C1] [dfff800000000000] address between user and kernel address ranges
[  108.117445][    C0] 
[  108.117450][    C0] CPU: 0 PID: 4898 Comm: syz.0.17 Tainted: G    B             5.15.186-syzkaller #0
[  108.117462][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  108.117469][    C0] pstate: 004000c5 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  108.117482][    C0] pc : debug_object_deactivate+0xac/0x32c
[  108.117499][    C0] lr : debug_object_deactivate+0xbc/0x32c
[  108.117508][    C0] sp : ffff800008007bb0
[  108.117512][    C0] x29: ffff800008007bb0 x28: ffff800008007d00 x27: 0000000000000003
[  108.117530][    C0] x26: ffff800014160000 x25: dfff800000000000 x24: 696c5f72656d6974
[  108.117547][    C0] x23: 696c5f72656d698c x22: ffff80001b150cc0 x21: ffff800011322ce0
[  108.117564][    C0] x20: 00000000000000c0 x19: ffff80001b075630 x18: 0000000000010001
[  108.117579][    C0] x17: 0000000000010001 x16: ffff8000082d5f6c x15: 0000000000000003
[  108.117595][    C0] x14: 0000000000ff0100 x13: ffffffffffffffff x12: ffff700001000f5c
[  108.117612][    C0] x11: 1ffff00001000f5c x10: 0000000000000004 x9 : ffff80001ae17410
[  108.117628][    C0] x8 : 0d2d8bee4cadad31 x7 : 0000000000000000 x6 : ffff80000a7824a4
[  108.117644][    C0] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000a7824f0
[  108.117659][    C0] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000
[  108.117674][    C0] Call trace:
[  108.117678][    C0]  debug_object_deactivate+0xac/0x32c
[  108.117689][    C0]  detach_timer+0x40/0x3c8
[  108.117700][    C0]  __run_timers+0x414/0x6c4
[  108.117709][    C0]  run_timer_softirq+0x7c/0x114
[  108.117719][    C0]  handle_softirqs+0x344/0xbf0
[  108.117731][    C0]  __irq_exit_rcu+0x240/0x440
[  108.117741][    C0]  irq_exit+0x14/0x88
[  108.117750][    C0]  handle_domain_irq+0x14c/0x1fc
[  108.117759][    C0]  gic_handle_irq+0x78/0x1c8
[  108.117768][    C0]  call_on_irq_stack+0x24/0x30
[  108.117778][    C0]  do_interrupt_handler+0x6c/0x88
[  108.117788][    C0]  el1_interrupt+0x30/0x58
[  108.117799][    C0]  el1h_64_irq_handler+0x18/0x24
[  108.117809][    C0]  el1h_64_irq+0x78/0x7c
[  108.117817][    C0]  console_unlock+0xc90/0x133c
[  108.117828][    C0]  vprintk_emit+0x13c/0x218
[  108.117838][    C0]  vprintk_default+0x54/0x80
[  108.117848][    C0]  vprintk+0x1e8/0x284
[  108.117856][    C0]  _printk+0xd0/0x118
[  108.117865][    C0]  mem_abort_decode+0x28/0x12c
[  108.117874][    C0]  die_kernel_fault+0x48/0x78
[  108.117883][    C0]  __do_kernel_fault+0x39c/0x404
[  108.117894][    C0]  do_page_fault+0x13c/0xad4
[  108.117904][    C0]  do_mem_abort+0x6c/0x1ac
[  108.117913][    C0]  el1_abort+0x3c/0x5c
[  108.117923][    C0]  el1h_64_sync_handler+0x80/0xcc
[  108.117933][    C0]  el1h_64_sync+0x78/0x7c
[  108.117941][    C0]  __memcpy+0x150/0x250
[  108.117951][    C0]  ext4_xattr_set_entry+0xb34/0x2d98
[  108.117963][    C0]  ext4_xattr_block_set+0x528/0x26fc
[  108.117972][    C0]  ext4_xattr_set_handle+0xa08/0x1050
[  108.117983][    C0]  ext4_xattr_set+0x1e0/0x2b4
[  108.118003][    C0]  ext4_xattr_trusted_set+0x4c/0x64
[  108.118012][    C0]  __vfs_setxattr+0x388/0x3a4
[  108.118023][    C0]  __vfs_setxattr_noperm+0x120/0x564
[  108.118033][    C0]  __vfs_setxattr_locked+0x1ec/0x218
[  108.118044][    C0]  vfs_setxattr+0x158/0x2ac
[  108.118053][    C0]  setxattr+0x248/0x2ac
[  108.118063][    C0]  path_setxattr+0x12c/0x25c
[  108.118073][    C0]  __arm64_sys_lsetxattr+0xbc/0xd8
[  108.118084][    C0]  invoke_syscall+0x98/0x2b8
[  108.118095][    C0]  el0_svc_common+0x138/0x258
[  108.118105][    C0]  do_el0_svc+0x58/0x14c
[  108.118115][    C0]  el0_svc+0x78/0x1e0
[  108.118124][    C0]  el0t_64_sync_handler+0xcc/0xe4
[  108.118133][    C0]  el0t_64_sync+0x1a0/0x1a4
[  108.118148][    C0] Code: 1100077b b4000238 91006317 d343fee8 (38796908) 
[  108.118155][    C0] ---[ end trace f146f036d8dd5a08 ]---
[  108.532488][    C0] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[  108.532499][    C0] SMP: stopping secondary CPUs
[  109.618680][    C0] SMP: failed to stop secondary CPUs 0-1
[  109.618705][    C0] Kernel Offset: disabled
[  109.618708][    C0] CPU features: 0x8,000081c1,21302e40
[  109.618716][    C0] Memory Limit: none
[  110.152469][    C0] Rebooting in 86400 seconds..