[ 69.960732][ T2312] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts. 1970/01/01 00:01:12 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:12 ignoring optional flag "type"="gce" 1970/01/01 00:01:12 parsed 1 programs [ 73.392396][ T6904] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 73.787203][ T6921] chnl_net:caif_netlink_parms(): no params data found [ 73.853209][ T6921] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.853284][ T6921] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.853381][ T6921] bridge_slave_0: entered allmulticast mode [ 73.854137][ T6921] bridge_slave_0: entered promiscuous mode [ 73.855305][ T6921] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.855364][ T6921] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.855456][ T6921] bridge_slave_1: entered allmulticast mode [ 73.856213][ T6921] bridge_slave_1: entered promiscuous mode [ 73.873018][ T6921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.874462][ T6921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.891757][ T6921] team0: Port device team_slave_0 added [ 73.893465][ T6921] team0: Port device team_slave_1 added [ 73.905573][ T6921] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.905615][ T6921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.905645][ T6921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.906696][ T6921] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.906720][ T6921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.906748][ T6921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.938766][ T6921] hsr_slave_0: entered promiscuous mode [ 73.940544][ T6921] hsr_slave_1: entered promiscuous mode [ 74.878260][ T6921] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.882896][ T6921] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.887028][ T6921] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.890611][ T6921] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.944487][ T6921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.952047][ T6921] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.956790][ T181] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.956864][ T181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.962677][ T181] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.962756][ T181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.072711][ T6921] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.098640][ T6921] veth0_vlan: entered promiscuous mode [ 75.103821][ T6921] veth1_vlan: entered promiscuous mode [ 75.118716][ T6921] veth0_macvtap: entered promiscuous mode [ 75.126792][ T6921] veth1_macvtap: entered promiscuous mode [ 75.135809][ T6921] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.140739][ T6921] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.143658][ T6921] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.144161][ T6921] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.144192][ T6921] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.144221][ T6921] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.249089][ T6096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.251814][ T6096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.252217][ T6096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.252865][ T6096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.253275][ T6096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.482151][ T181] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.553035][ T181] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.656940][ T181] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.722215][ T181] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.739984][ T250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.740043][ T250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.757671][ T2206] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.757731][ T2206] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:16 executed programs: 0 [ 76.780289][ T6096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.781022][ T6096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.781543][ T6096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.782166][ T6096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.782600][ T6096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.934033][ T7132] chnl_net:caif_netlink_parms(): no params data found [ 76.980306][ T7132] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.982488][ T7132] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.984576][ T7132] bridge_slave_0: entered allmulticast mode [ 76.987096][ T7132] bridge_slave_0: entered promiscuous mode [ 76.990590][ T7132] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.992709][ T7132] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.994774][ T7132] bridge_slave_1: entered allmulticast mode [ 76.997315][ T7132] bridge_slave_1: entered promiscuous mode [ 77.022224][ T7132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.026910][ T7132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.048556][ T7132] team0: Port device team_slave_0 added [ 77.055863][ T7132] team0: Port device team_slave_1 added [ 77.074590][ T7132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.076564][ T7132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.086177][ T7132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.090557][ T7132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.092515][ T7132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.100005][ T7132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.124133][ T7132] hsr_slave_0: entered promiscuous mode [ 77.126270][ T7132] hsr_slave_1: entered promiscuous mode [ 77.128545][ T7132] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.131095][ T7132] Cannot create hsr debugfs directory [ 78.375419][ T181] bridge_slave_1: left allmulticast mode [ 78.377345][ T181] bridge_slave_1: left promiscuous mode [ 78.379062][ T181] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.401693][ T181] bridge_slave_0: left allmulticast mode [ 78.403432][ T181] bridge_slave_0: left promiscuous mode [ 78.405138][ T181] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.849406][ T52] Bluetooth: hci0: command tx timeout [ 79.882040][ T181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 79.931641][ T181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 79.970995][ T181] bond0 (unregistering): Released all slaves [ 80.092305][ T181] hsr_slave_0: left promiscuous mode [ 80.093991][ T181] hsr_slave_1: left promiscuous mode [ 80.094416][ T181] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 80.094456][ T181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 80.094974][ T181] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 80.095003][ T181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 80.118388][ T181] veth1_macvtap: left promiscuous mode [ 80.122062][ T181] veth0_macvtap: left promiscuous mode [ 80.123722][ T181] veth1_vlan: left promiscuous mode [ 80.125484][ T181] veth0_vlan: left promiscuous mode [ 80.919455][ T52] Bluetooth: hci0: command tx timeout [ 81.991996][ T181] team0 (unregistering): Port device team_slave_1 removed [ 82.180770][ T181] team0 (unregistering): Port device team_slave_0 removed [ 82.999365][ T52] Bluetooth: hci0: command tx timeout [ 84.904592][ T7132] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.908583][ T7132] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.912688][ T7132] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.916907][ T7132] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.986039][ T7132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.003277][ T7132] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.015649][ T4529] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.015732][ T4529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.016717][ T4529] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.016776][ T4529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.082216][ T52] Bluetooth: hci0: command tx timeout [ 85.372148][ T7132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.502739][ T7132] veth0_vlan: entered promiscuous mode [ 85.505645][ T7132] veth1_vlan: entered promiscuous mode [ 85.519805][ T7132] veth0_macvtap: entered promiscuous mode [ 85.524219][ T7132] veth1_macvtap: entered promiscuous mode [ 85.530057][ T7132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.531763][ T7132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.533150][ T7132] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.533196][ T7132] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.533227][ T7132] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.533256][ T7132] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.615992][ T331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.618361][ T331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.778633][ T250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.778701][ T250] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.831587][ T7339] loop0: detected capacity change from 0 to 1024 [ 85.843915][ T7339] hfsplus: request for non-existent node 128 in B*Tree [ 85.844030][ T7339] hfsplus: request for non-existent node 128 in B*Tree [ 85.846840][ T7339 ** replaying previous printk message ** [ 85.846840][ T7339] ================================================================== [ 85.846855][ T7339] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x98/0x1a8 [ 85.846877][ T7339] Read of size 8 at addr ffff0000d23ff6c0 by task syz-executor/7339 [ 85.846892][ T7339] [ 85.846902][ T7339] CPU: 1 UID: 0 PID: 7339 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-gaaef6f251176 #0 PREEMPT [ 85.846914][ T7339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 85.846921][ T7339] Call trace: [ 85.846925][ T7339] show_stack+0x2c/0x3c (C) [ 85.846937][ T7339] __dump_stack+0x30/0x40 [ 85.846950][ T7339] dump_stack_lvl+0xd8/0x12c [ 85.846963][ T7339] print_address_description+0xa8/0x220 [ 85.846976][ T7339] print_report+0x68/0x84 [ 85.846988][ T7339] kasan_report+0xb0/0x110 [ 85.846999][ T7339] __asan_report_load8_noabort+0x20/0x2c [ 85.847010][ T7339] hfsplus_bnode_read+0x98/0x1a8 [ 85.847021][ T7339] hfsplus_bnode_dump+0x274/0x384 [ 85.847032][ T7339] hfsplus_brec_remove+0x3cc/0x4a0 [ 85.847044][ T7339] __hfsplus_delete_attr+0x198/0x33c [ 85.847056][ T7339] hfsplus_delete_all_attrs+0x228/0x390 [ 85.847068][ T7339] hfsplus_delete_cat+0x82c/0xbb0 [ 85.847078][ T7339] hfsplus_unlink+0x2a8/0x63c [ 85.847089][ T7339] vfs_unlink+0x2e0/0x520 [ 85.847100][ T7339] do_unlinkat+0x2f0/0x4dc [ 85.847110][ T7339] __arm64_sys_unlinkat+0xdc/0xf8 [ 85.847120][ T7339] invoke_syscall+0x98/0x2b8 [ 85.847130][ T7339] el0_svc_common+0x130/0x23c [ 85.847139][ T7339] do_el0_svc+0x48/0x58 [ 85.847149][ T7339] el0_svc+0x58/0x180 [ 85.847160][ T7339] el0t_64_sync_handler+0x84/0x12c [ 85.847170][ T7339] el0t_64_sync+0x198/0x19c [ 85.847182][ T7339] [ 85.847298][ T7339] Allocated by task 7339: [ 85.847309][ T7339] kasan_save_track+0x40/0x78 [ 85.847327][ T7339] kasan_save_alloc_info+0x44/0x54 [ 85.847341][ T7339] __kasan_kmalloc+0x9c/0xb4 [ 85.847364][ T7339] __kmalloc_noprof+0x2fc/0x4c8 [ 85.847379][ T7339] __hfs_bnode_create+0xe0/0x6f4 [ 85.847394][ T7339] hfsplus_bnode_find+0x1f0/0xb5c [ 85.847412][ T7339] hfsplus_brec_find+0x128/0x448 [ 85.847427][ T7339] hfsplus_find_attr+0x164/0x234 [ 85.847442][ T7339] __hfsplus_getxattr+0x2a0/0x6c4 [ 85.847458][ T7339] hfsplus_getxattr+0x100/0x168 [ 85.847473][ T7339] hfsplus_security_getxattr+0x48/0x5c [ 85.847489][ T7339] __vfs_getxattr+0x394/0x3c0 [ 85.847505][ T7339] smk_fetch+0xc4/0x150 [ 85.847523][ T7339] smack_d_instantiate+0x53c/0x7a4 [ 85.847539][ T7339] security_d_instantiate+0x100/0x204 [ 85.847556][ T7339] d_splice_alias+0x70/0x31c [ 85.847572][ T7339] hfsplus_lookup+0x6b4/0x728 [ 85.847586][ T7339] lookup_one_qstr_excl_raw+0x10c/0x25c [ 85.847604][ T7339] do_unlinkat+0x1a0/0x4dc [ 85.847618][ T7339] __arm64_sys_unlinkat+0xdc/0xf8 [ 85.847632][ T7339] invoke_syscall+0x98/0x2b8 [ 85.847645][ T7339] el0_svc_common+0x130/0x23c [ 85.847659][ T7339] do_el0_svc+0x48/0x58 [ 85.847672][ T7339] el0_svc+0x58/0x180 [ 85.847685][ T7339] el0t_64_sync_handler+0x84/0x12c [ 85.847699][ T7339] el0t_64_sync+0x198/0x19c [ 85.847713][ T7339] [ 85.847721][ T7339] The buggy address belongs to the object at ffff0000d23ff600 [ 85.847721][ T7339] which belongs to the cache kmalloc-192 of size 192 [ 85.847736][ T7339] The buggy address is located 40 bytes to the right of [ 85.847736][ T7339] allocated 152-byte region [ffff0000d23ff600, ffff0000d23ff698) [ 85.847753][ T7339] [ 85.847762][ T7339] The buggy address belongs to the physical page: [ 85.847772][ T7339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1123ff [ 85.847787][ T7339] ksm flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 85.847803][ T7339] page_type: f5(slab) [ 85.847819][ T7339] raw: 05ffc00000000000 ffff0000c00013c0 fffffdffc3076e00 dead000000000003 [ 85.847833][ T7339] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 85.847845][ T7339] page dumped because: kasan: bad access detected [ 85.847855][ T7339] [ 85.847863][ T7339] Memory state around the buggy address: [ 85.847874][ T7339] ffff0000d23ff580: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.847887][ T7339] ffff0000d23ff600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.847899][ T7339] >ffff0000d23ff680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.847911][ T7339] ^ [ 85.847922][ T7339] ffff0000d23ff700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.847934][ T7339] ffff0000d23ff780: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.847946][ T7339] ================================================================== [ 85.847958][ T7339] Disabling lock debugging due to kernel taint [ 85.848133][ T7339] ------------[ cut here ]------------ [ 85.848143][ T7339] WARNING: CPU: 1 PID: 7339 at ./include/linux/mm.h:2206 kmap_local_page+0x370/0x4ec [ 85.974521][ T7339] Modules linked in: [ 85.975576][ T7339] CPU: 1 UID: 0 PID: 7339 Comm: syz-executor Tainted: G B 6.16.0-rc6-syzkaller-gaaef6f251176 #0 PREEMPT [ 85.979107][ T7339] Tainted: [B]=BAD_PAGE [ 85.980261][ T7339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 85.983165][ T7339] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 85.985435][ T7339] pc : kmap_local_page+0x370/0x4ec [ 85.986865][ T7339] lr : kmap_local_page+0x140/0x4ec [ 85.988334][ T7339] sp : ffff8000a1d67470 [ 85.989565][ T7339] x29: ffff8000a1d67470 x28: 0000000000000232 x27: 0000000000007232 [ 85.991915][ T7339] x26: ffff80008ef79000 x25: 1ffff00011def2a0 x24: dfff800000000000 [ 85.994142][ T7339] x23: 064e05dc41001cab x22: 0000000000000002 x21: 0000000000000002 [ 85.996427][ T7339] x20: ffff0000d23ff600 x19: 0019381771040072 x18: 1fffe000337d6476 [ 85.998702][ T7339] x17: 0000000000000000 x16: ffff80008af005d0 x15: 0000000000000001 [ 86.000900][ T7339] x14: 1ffff000125db6f4 x13: 0000000000000000 x12: 0000000000000000 [ 86.003174][ T7339] x11: ffff7000125db6f5 x10: 0000000000ff0100 x9 : 0000000000000000 [ 86.005475][ T7339] x8 : ffff0000d8f21e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 86.007755][ T7339] x5 : ffff8000a1d66d38 x4 : ffff80008f776bc0 x3 : ffff8000803b7030 [ 86.009961][ T7339] x2 : 0000000000000001 x1 : 0019381771040072 x0 : 0010000000000000 [ 86.012295][ T7339] Call trace: [ 86.013205][ T7339] kmap_local_page+0x370/0x4ec (P) [ 86.014669][ T7339] hfsplus_bnode_read+0xa4/0x1a8 [ 86.016060][ T7339] hfsplus_bnode_dump+0x274/0x384 [ 86.017399][ T7339] hfsplus_brec_remove+0x3cc/0x4a0 [ 86.018838][ T7339] __hfsplus_delete_attr+0x198/0x33c [ 86.020381][ T7339] hfsplus_delete_all_attrs+0x228/0x390 [ 86.021940][ T7339] hfsplus_delete_cat+0x82c/0xbb0 [ 86.023420][ T7339] hfsplus_unlink+0x2a8/0x63c [ 86.024772][ T7339] vfs_unlink+0x2e0/0x520 [ 86.026057][ T7339] do_unlinkat+0x2f0/0x4dc [ 86.027272][ T7339] __arm64_sys_unlinkat+0xdc/0xf8 [ 86.028763][ T7339] invoke_syscall+0x98/0x2b8 [ 86.030103][ T7339] el0_svc_common+0x130/0x23c [ 86.031487][ T7339] do_el0_svc+0x48/0x58 [ 86.032704][ T7339] el0_svc+0x58/0x180 [ 86.033804][ T7339] el0t_64_sync_handler+0x84/0x12c [ 86.035278][ T7339] el0t_64_sync+0x198/0x19c [ 86.036688][ T7339] irq event stamp: 3083 [ 86.037869][ T7339] hardirqs last enabled at (3083): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 86.040844][ T7339] hardirqs last disabled at (3082): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 86.043712][ T7339] softirqs last enabled at (3066): [] handle_softirqs+0xaf8/0xc88 [ 86.046451][ T7339] softirqs last disabled at (3045): [] __do_softirq+0x14/0x20 [ 86.048986][ T7339] ---[ end trace 0000000000000000 ]--- [ 86.058162][ T7339] Unable to handle kernel paging request at virtual address fff0771000072cf2 [ 86.058211][ T7339] KASAN: maybe wild-memory-access in range [0xff87b88000396790-0xff87b88000396797] [ 86.059031][ T7339] Mem abort info: [ 86.059311][ T7339] ESR = 0x0000000096000004 [ 86.059494][ T7339] EC = 0x25: DABT (current EL), IL = 32 bits [ 86.059647][ T7339] SET = 0, FnV = 0 [ 86.059786][ T7339] EA = 0, S1PTW = 0 [ 86.059922][ T7339] FSC = 0x04: level 0 translation fault [ 86.060058][ T7339] Data abort info: [ 86.060192][ T7339] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 86.060385][ T7339] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 86.060532][ T7339] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 86.061626][ T7339] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000207157000 [ 86.061778][ T7339] [fff0771000072cf2] pgd=180000023ffff403, p4d=0000000000000000 [ 86.061988][ T7339] Internal error: Oops: 0000000096000004 [#1] SMP [ 86.087175][ T7339] Modules linked in: [ 86.088285][ T7339] CPU: 1 UID: 0 PID: 7339 Comm: syz-executor Tainted: G B W 6.16.0-rc6-syzkaller-gaaef6f251176 #0 PREEMPT [ 86.091715][ T7339] Tainted: [B]=BAD_PAGE, [W]=WARN [ 86.093060][ T7339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 86.095737][ T7339] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 86.097824][ T7339] pc : __pi_memcpy_generic+0x70/0x22c [ 86.099260][ T7339] lr : __asan_memcpy+0x68/0x84 [ 86.100523][ T7339] sp : ffff8000a1d67490 [ 86.101630][ T7339] x29: ffff8000a1d67490 x28: 0000000000000232 x27: 0000000000007232 [ 86.103861][ T7339] x26: 0000000000000002 x25: dfff800000000000 x24: 0000000000000234 [ 86.106089][ T7339] x23: fff0771000072ac0 x22: ffff8000812aa99c x21: ffff8000a1d67560 [ 86.108333][ T7339] x20: fff0771000072cf2 x19: 0000000000000002 x18: 1fffe000337d6476 [ 86.110520][ T7339] x17: 0000000000000000 x16: ffff80008af005d0 x15: ffff7000143aceac [ 86.112729][ T7339] x14: 0000000000000001 x13: 0000000000000002 x12: ffffffffffffffff [ 86.114985][ T7339] x11: ffff7000143aceac x10: dfff800000000000 x9 : 0000000000000002 [ 86.117182][ T7339] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000001 [ 86.119469][ T7339] x5 : ffff8000a1d67562 x4 : fff0771000072cf4 x3 : ffff8000812aa99c [ 86.121670][ T7339] x2 : 0000000000000002 x1 : fff0771000072cf2 x0 : ffff8000a1d67560 [ 86.123863][ T7339] Call trace: [ 86.124725][ T7339] __pi_memcpy_generic+0x70/0x22c (P) [ 86.126189][ T7339] hfsplus_bnode_read+0xd0/0x1a8 [ 86.127524][ T7339] hfsplus_bnode_dump+0x274/0x384 [ 86.128938][ T7339] hfsplus_brec_remove+0x3cc/0x4a0 [ 86.130294][ T7339] __hfsplus_delete_attr+0x198/0x33c [ 86.131685][ T7339] hfsplus_delete_all_attrs+0x228/0x390 [ 86.133246][ T7339] hfsplus_delete_cat+0x82c/0xbb0 [ 86.134663][ T7339] hfsplus_unlink+0x2a8/0x63c [ 86.135929][ T7339] vfs_unlink+0x2e0/0x520 [ 86.137103][ T7339] do_unlinkat+0x2f0/0x4dc [ 86.138316][ T7339] __arm64_sys_unlinkat+0xdc/0xf8 [ 86.139796][ T7339] invoke_syscall+0x98/0x2b8 [ 86.141172][ T7339] el0_svc_common+0x130/0x23c [ 86.142486][ T7339] do_el0_svc+0x48/0x58 [ 86.143671][ T7339] el0_svc+0x58/0x180 [ 86.144758][ T7339] el0t_64_sync_handler+0x84/0x12c [ 86.146226][ T7339] el0t_64_sync+0x198/0x19c [ 86.147544][ T7339] Code: b81fc0a8 d65f03c0 b4000102 d341fc4e (39400026) [ 86.149434][ T7339] ---[ end trace 0000000000000000 ]--- [ 86.534420][ T7339] Kernel panic - not syncing: Oops: Fatal exception [ 86.536276][ T7339] SMP: stopping secondary CPUs [ 86.537629][ T7339] Kernel Offset: disabled [ 86.538819][ T7339] CPU features: 0x10000,00040e00,040008a1,04017203 [ 86.540642][ T7339] Memory Limit: none [ 86.922553][ T7339] Rebooting in 86400 seconds..