Warning: Permanently added '10.128.1.139' (ED25519) to the list of known hosts.
2026/03/04 05:25:31 parsed 1 programs
syzkaller login: [   84.772193][ T5770] cgroup: Unknown subsys name 'net'
[   84.969485][ T5770] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.723619][ T5770] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.926406][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.939622][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.948214][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.958005][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.971716][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   88.979705][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.239792][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.249960][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.281578][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.289589][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.345834][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   92.430486][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.433153][   T23] cfg80211: failed to load regulatory.db
[   92.441880][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.451767][ T5848] bridge_slave_0: entered allmulticast mode
[   92.459535][ T5848] bridge_slave_0: entered promiscuous mode
[   92.470081][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.478374][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.486710][ T5848] bridge_slave_1: entered allmulticast mode
[   92.494112][ T5848] bridge_slave_1: entered promiscuous mode
[   92.527769][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.549726][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.580982][ T5848] team0: Port device team_slave_0 added
[   92.590227][ T5848] team0: Port device team_slave_1 added
[   92.615929][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.623368][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.651110][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.664380][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.671897][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.700839][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.753063][ T5848] hsr_slave_0: entered promiscuous mode
[   92.759885][ T5848] hsr_slave_1: entered promiscuous mode
[   92.934341][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.947730][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.959059][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.969613][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.075823][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.099860][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   93.125377][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.133003][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.148462][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.155736][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.359679][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.412777][ T5848] veth0_vlan: entered promiscuous mode
[   93.427310][ T5848] veth1_vlan: entered promiscuous mode
[   93.465060][ T5848] veth0_macvtap: entered promiscuous mode
[   93.474574][ T5848] veth1_macvtap: entered promiscuous mode
[   93.502552][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.518913][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.530502][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.539909][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.550118][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.560353][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.824078][ T4551] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/03/04 05:25:42 executed programs: 0
[   94.475256][ T5081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.485670][ T5081] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.496125][ T5081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.504669][ T5081] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.513688][ T5081] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   94.521128][ T5081] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   94.666956][ T5877] chnl_net:caif_netlink_parms(): no params data found
[   94.740005][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.748266][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.756737][ T5877] bridge_slave_0: entered allmulticast mode
[   94.764810][ T5877] bridge_slave_0: entered promiscuous mode
[   94.775022][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.782717][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.790446][ T5877] bridge_slave_1: entered allmulticast mode
[   94.798059][ T5877] bridge_slave_1: entered promiscuous mode
[   94.828516][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.843041][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.879027][ T5877] team0: Port device team_slave_0 added
[   94.888972][ T5877] team0: Port device team_slave_1 added
[   94.915769][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.923054][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.950068][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.963854][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.972020][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.000034][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.049710][ T5877] hsr_slave_0: entered promiscuous mode
[   95.057916][ T5877] hsr_slave_1: entered promiscuous mode
[   95.065162][ T5877] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.074151][ T5877] Cannot create hsr debugfs directory
[   96.394616][ T4551] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.592436][ T5081] Bluetooth: hci0: command tx timeout
[   98.614718][ T4551] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.677078][ T5081] Bluetooth: hci0: command tx timeout
[   98.695556][ T4551] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.628779][ T4551] hsr_slave_0: left promiscuous mode
[   99.636989][ T4551] hsr_slave_1: left promiscuous mode
[   99.644072][ T4551] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.653641][ T4551] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.663225][ T4551] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.670779][ T4551] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.680524][ T4551] bridge_slave_1: left allmulticast mode
[   99.687089][ T4551] bridge_slave_1: left promiscuous mode
[   99.694817][ T4551] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.709008][ T4551] bridge_slave_0: left allmulticast mode
[   99.716485][ T4551] bridge_slave_0: left promiscuous mode
[   99.723142][ T4551] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.766646][ T4551] veth1_macvtap: left promiscuous mode
[   99.773992][ T4551] veth0_macvtap: left promiscuous mode
[   99.779970][ T4551] veth1_vlan: left promiscuous mode
[   99.788667][ T4551] veth0_vlan: left promiscuous mode
[  100.256449][ T4551] team0 (unregistering): Port device team_slave_1 removed
[  100.296051][ T4551] team0 (unregistering): Port device team_slave_0 removed
[  100.333175][ T4551] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.373264][ T4551] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.624222][ T4551] bond0 (unregistering): Released all slaves
[  100.716202][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.725883][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.736768][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.748973][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.756448][ T5081] Bluetooth: hci0: command tx timeout
[  100.846319][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.887250][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[  100.899690][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.906902][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.922816][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.930408][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.214075][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.259289][ T5877] veth0_vlan: entered promiscuous mode
[  101.280579][ T5877] veth1_vlan: entered promiscuous mode
[  101.309033][ T5877] veth0_macvtap: entered promiscuous mode
[  101.318684][ T5877] veth1_macvtap: entered promiscuous mode
[  101.348015][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.362531][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.374680][ T5877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.384064][ T5877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.394630][ T5877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.404617][ T5877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.500150][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.512544][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.538993][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.548139][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.611882][ T5922] syz.0.17[5922]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  101.636168][ T5922] loop0: detected capacity change from 0 to 1024
[  101.655827][ T5922] =======================================================
[  101.655827][ T5922] WARNING: The mand mount option has been deprecated and
[  101.655827][ T5922]          and is ignored by this kernel. Remove the mand
[  101.655827][ T5922]          option from the mount to silence this warning.
[  101.655827][ T5922] =======================================================
[  101.740623][ T5922] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.776009][ T5922] ==================================================================
[  101.784850][ T5922] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90
[  101.793136][ T5922] Read of size 18446744073709551588 at addr ffff88802ed0c040 by task syz.0.17/5922
[  101.802644][ T5922] 
[  101.805137][ T5922] CPU: 0 PID: 5922 Comm: syz.0.17 Not tainted syzkaller #0
[  101.812596][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  101.823327][ T5922] Call Trace:
[  101.826636][ T5922]  <TASK>
[  101.829787][ T5922]  dump_stack_lvl+0x18c/0x250
[  101.834750][ T5922]  ? read_lock_is_recursive+0x20/0x20
[  101.840492][ T5922]  ? show_regs_print_info+0x20/0x20
[  101.846416][ T5922]  ? load_image+0x400/0x400
[  101.851508][ T5922]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  101.857285][ T5922]  ? __virt_addr_valid+0x18c/0x540
[  101.863023][ T5922]  ? __virt_addr_valid+0x469/0x540
[  101.868520][ T5922]  print_report+0xa8/0x210
[  101.872971][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  101.878918][ T5922]  kasan_report+0x117/0x150
[  101.883784][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  101.889514][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  101.895191][ T5922]  kasan_check_range+0x241/0x290
[  101.900492][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  101.906162][ T5922]  __asan_memmove+0x29/0x70
[  101.911042][ T5922]  ext4_xattr_set_entry+0x94b/0x1e90
[  101.916790][ T5922]  ext4_xattr_block_set+0xae8/0x32b0
[  101.922276][ T5922]  ? ext4_destroy_inode+0x200/0x200
[  101.927616][ T5922]  ? proc_nr_inodes+0x230/0x230
[  101.932757][ T5922]  ? do_raw_spin_unlock+0x121/0x230
[  101.938954][ T5922]  ? _raw_spin_unlock+0x28/0x40
[  101.944878][ T5922]  ? ext4_xattr_block_find+0x350/0x350
[  101.950696][ T5922]  ? ext4_xattr_ibody_set+0x50d/0x6a0
[  101.956166][ T5922]  ext4_xattr_set_handle+0x1280/0x14c0
[  101.962777][ T5922]  ? ext4_xattr_inode_free_quota+0x1b0/0x1b0
[  101.969474][ T5922]  ? __ext4_journal_start_sb+0x259/0x560
[  101.975305][ T5922]  ext4_xattr_set+0x252/0x340
[  101.980146][ T5922]  ? end_current_label_crit_section+0x170/0x170
[  101.986738][ T5922]  ? ext4_xattr_set_credits+0x2f0/0x2f0
[  101.992424][ T5922]  ? posix_xattr_acl+0x93/0xb0
[  101.997544][ T5922]  ? ext4_xattr_trusted_get+0x40/0x40
[  102.003120][ T5922]  __vfs_setxattr+0x431/0x470
[  102.008300][ T5922]  __vfs_setxattr_noperm+0x12d/0x5e0
[  102.013836][ T5922]  vfs_setxattr+0x16b/0x2f0
[  102.018663][ T5922]  ? xattr_permission+0x470/0x470
[  102.023897][ T5922]  ? __mnt_want_write+0x223/0x2a0
[  102.029214][ T5922]  ? path_setxattr+0x3a1/0x5d0
[  102.034793][ T5922]  path_setxattr+0x3f3/0x5d0
[  102.039733][ T5922]  ? simple_xattrs_free+0x150/0x150
[  102.045421][ T5922]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  102.051520][ T5922]  ? lock_chain_count+0x20/0x20
[  102.056379][ T5922]  __x64_sys_lsetxattr+0xb8/0xd0
[  102.061783][ T5922]  do_syscall_64+0x55/0xa0
[  102.066518][ T5922]  ? clear_bhb_loop+0x40/0x90
[  102.071846][ T5922]  ? clear_bhb_loop+0x40/0x90
[  102.076947][ T5922]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  102.083306][ T5922] RIP: 0033:0x7fcfc599c799
[  102.088383][ T5922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.111095][ T5922] RSP: 002b:00007ffdec9a1988 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  102.120109][ T5922] RAX: ffffffffffffffda RBX: 00007fcfc5c15fa0 RCX: 00007fcfc599c799
[  102.128819][ T5922] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0
[  102.138478][ T5922] RBP: 00007fcfc5a32bd9 R08: 0000000000000000 R09: 0000000000000000
[  102.146649][ T5922] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000
[  102.154801][ T5922] R13: 00007fcfc5c15fac R14: 00007fcfc5c15fa0 R15: 00007fcfc5c15fa0
[  102.162966][ T5922]  </TASK>
[  102.166076][ T5922] 
[  102.168402][ T5922] Allocated by task 5922:
[  102.172907][ T5922]  kasan_set_track+0x4e/0x70
[  102.177948][ T5922]  __kasan_kmalloc+0x8f/0xa0
[  102.182717][ T5922]  __kmalloc_node_track_caller+0xb2/0x230
[  102.188716][ T5922]  kmemdup+0x2b/0x70
[  102.192640][ T5922]  ext4_xattr_block_set+0x9ea/0x32b0
[  102.198349][ T5922]  ext4_xattr_set_handle+0x1280/0x14c0
[  102.204188][ T5922]  ext4_xattr_set+0x252/0x340
[  102.209112][ T5922]  __vfs_setxattr+0x431/0x470
[  102.214601][ T5922]  __vfs_setxattr_noperm+0x12d/0x5e0
[  102.220108][ T5922]  vfs_setxattr+0x16b/0x2f0
[  102.225599][ T5922]  path_setxattr+0x3f3/0x5d0
[  102.230285][ T5922]  __x64_sys_lsetxattr+0xb8/0xd0
[  102.235431][ T5922]  do_syscall_64+0x55/0xa0
[  102.240052][ T5922]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  102.246312][ T5922] 
[  102.248737][ T5922] The buggy address belongs to the object at ffff88802ed0c000
[  102.248737][ T5922]  which belongs to the cache kmalloc-1k of size 1024
[  102.263078][ T5922] The buggy address is located 64 bytes inside of
[  102.263078][ T5922]  1024-byte region [ffff88802ed0c000, ffff88802ed0c400)
[  102.277074][ T5922] 
[  102.279438][ T5922] The buggy address belongs to the physical page:
[  102.286294][ T5922] page:ffffea0000bb4200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ed08
[  102.296643][ T5922] head:ffffea0000bb4200 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  102.305783][ T5922] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  102.314114][ T5922] page_type: 0xffffffff()
[  102.318536][ T5922] raw: 00fff00000000840 ffff888017c41dc0 dead000000000122 0000000000000000
[  102.327297][ T5922] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  102.336352][ T5922] page dumped because: kasan: bad access detected
[  102.343062][ T5922] page_owner tracks the page as allocated
[  102.349173][ T5922] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 12, tgid 12 (kworker/u4:1), ts 101644692824, free_ts 101597951604
[  102.370720][ T5922]  post_alloc_hook+0x1c1/0x200
[  102.375690][ T5922]  get_page_from_freelist+0x1951/0x19e0
[  102.381703][ T5922]  __alloc_pages+0x1f0/0x460
[  102.386720][ T5922]  alloc_slab_page+0x5d/0x160
[  102.391618][ T5922]  new_slab+0x87/0x2d0
[  102.395850][ T5922]  ___slab_alloc+0xc5d/0x12f0
[  102.400854][ T5922]  __kmem_cache_alloc_node+0x19e/0x250
[  102.406410][ T5922]  __kmalloc+0xa4/0x230
[  102.410763][ T5922]  ___neigh_create+0x6d2/0x2440
[  102.415771][ T5922]  ip6_finish_output2+0x1581/0x1630
[  102.421246][ T5922]  ndisc_send_skb+0xc26/0x14f0
[  102.426097][ T5922]  ndisc_send_ns+0xd8/0x160
[  102.430685][ T5922]  addrconf_dad_work+0xa51/0x1530
[  102.436327][ T5922]  process_scheduled_works+0xa5d/0x15d0
[  102.441968][ T5922]  worker_thread+0xa55/0xfc0
[  102.447021][ T5922]  kthread+0x2fa/0x390
[  102.451498][ T5922] page last free stack trace:
[  102.456352][ T5922]  free_unref_page_prepare+0x7b2/0x8c0
[  102.462012][ T5922]  free_unref_page+0x32/0x2e0
[  102.466826][ T5922]  __unfreeze_partials+0x1cf/0x210
[  102.472147][ T5922]  put_cpu_partial+0x17c/0x250
[  102.477181][ T5922]  __slab_free+0x319/0x400
[  102.481832][ T5922]  qlist_free_all+0x75/0xd0
[  102.486429][ T5922]  kasan_quarantine_reduce+0x143/0x160
[  102.492017][ T5922]  __kasan_slab_alloc+0x22/0x80
[  102.496907][ T5922]  slab_post_alloc_hook+0x6e/0x4b0
[  102.502139][ T5922]  __kmem_cache_alloc_node+0x13a/0x250
[  102.508049][ T5922]  __kmalloc+0xa4/0x230
[  102.512216][ T5922]  tomoyo_realpath_from_path+0xe3/0x5d0
[  102.517805][ T5922]  tomoyo_path_perm+0x282/0x560
[  102.522883][ T5922]  security_inode_getattr+0xd3/0x120
[  102.528210][ T5922]  __x64_sys_newfstat+0x12c/0x250
[  102.533427][ T5922]  do_syscall_64+0x55/0xa0
[  102.537862][ T5922] 
[  102.540239][ T5922] Memory state around the buggy address:
[  102.545869][ T5922]  ffff88802ed0bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.554123][ T5922]  ffff88802ed0bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.562339][ T5922] >ffff88802ed0c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.570872][ T5922]                                            ^
[  102.577417][ T5922]  ffff88802ed0c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.586014][ T5922]  ffff88802ed0c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.594422][ T5922] ==================================================================
[  102.676078][ T5922] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.683626][ T5922] CPU: 1 PID: 5922 Comm: syz.0.17 Not tainted syzkaller #0
[  102.691159][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  102.701784][ T5922] Call Trace:
[  102.705258][ T5922]  <TASK>
[  102.708203][ T5922]  dump_stack_lvl+0x18c/0x250
[  102.713083][ T5922]  ? show_regs_print_info+0x20/0x20
[  102.718732][ T5922]  ? load_image+0x400/0x400
[  102.723240][ T5922]  panic+0x2dc/0x730
[  102.727225][ T5922]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  102.733833][ T5922]  ? bpf_jit_dump+0xd0/0xd0
[  102.738428][ T5922]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[  102.744431][ T5922]  ? _raw_spin_unlock+0x40/0x40
[  102.749393][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  102.754866][ T5922]  check_panic_on_warn+0x84/0xa0
[  102.760036][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  102.765633][ T5922]  end_report+0x6f/0x130
[  102.769898][ T5922]  kasan_report+0x128/0x150
[  102.774610][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  102.780209][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  102.785783][ T5922]  kasan_check_range+0x241/0x290
[  102.790851][ T5922]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  102.796703][ T5922]  __asan_memmove+0x29/0x70
[  102.801503][ T5922]  ext4_xattr_set_entry+0x94b/0x1e90
[  102.806905][ T5922]  ext4_xattr_block_set+0xae8/0x32b0
[  102.812205][ T5922]  ? ext4_destroy_inode+0x200/0x200
[  102.817492][ T5922]  ? proc_nr_inodes+0x230/0x230
[  102.822531][ T5922]  ? do_raw_spin_unlock+0x121/0x230
[  102.827740][ T5922]  ? _raw_spin_unlock+0x28/0x40
[  102.833063][ T5922]  ? ext4_xattr_block_find+0x350/0x350
[  102.839081][ T5922]  ? ext4_xattr_ibody_set+0x50d/0x6a0
[  102.844813][ T5922]  ext4_xattr_set_handle+0x1280/0x14c0
[  102.851238][ T5922]  ? ext4_xattr_inode_free_quota+0x1b0/0x1b0
[  102.857493][ T5922]  ? __ext4_journal_start_sb+0x259/0x560
[  102.863233][ T5922]  ext4_xattr_set+0x252/0x340
[  102.868272][ T5922]  ? end_current_label_crit_section+0x170/0x170
[  102.874597][ T5922]  ? ext4_xattr_set_credits+0x2f0/0x2f0
[  102.880426][ T5922]  ? posix_xattr_acl+0x93/0xb0
[  102.885553][ T5922]  ? ext4_xattr_trusted_get+0x40/0x40
[  102.891383][ T5922]  __vfs_setxattr+0x431/0x470
[  102.896180][ T5922]  __vfs_setxattr_noperm+0x12d/0x5e0
[  102.901609][ T5922]  vfs_setxattr+0x16b/0x2f0
[  102.906344][ T5922]  ? xattr_permission+0x470/0x470
[  102.911739][ T5922]  ? __mnt_want_write+0x223/0x2a0
[  102.916890][ T5922]  ? path_setxattr+0x3a1/0x5d0
[  102.921930][ T5922]  path_setxattr+0x3f3/0x5d0
[  102.926732][ T5922]  ? simple_xattrs_free+0x150/0x150
[  102.931977][ T5922]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  102.938881][ T5922]  ? lock_chain_count+0x20/0x20
[  102.944111][ T5922]  __x64_sys_lsetxattr+0xb8/0xd0
[  102.949249][ T5922]  do_syscall_64+0x55/0xa0
[  102.953682][ T5922]  ? clear_bhb_loop+0x40/0x90
[  102.958470][ T5922]  ? clear_bhb_loop+0x40/0x90
[  102.963241][ T5922]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  102.969499][ T5922] RIP: 0033:0x7fcfc599c799
[  102.974028][ T5922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.994085][ T5922] RSP: 002b:00007ffdec9a1988 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  103.002704][ T5922] RAX: ffffffffffffffda RBX: 00007fcfc5c15fa0 RCX: 00007fcfc599c799
[  103.011309][ T5922] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0
[  103.019727][ T5922] RBP: 00007fcfc5a32bd9 R08: 0000000000000000 R09: 0000000000000000
[  103.027805][ T5922] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000
[  103.035874][ T5922] R13: 00007fcfc5c15fac R14: 00007fcfc5c15fa0 R15: 00007fcfc5c15fa0
[  103.044048][ T5922]  </TASK>
[  103.047786][ T5922] Kernel Offset: disabled
[  103.052308][ T5922] Rebooting in 86400 seconds..