Warning: Permanently added '10.128.1.236' (ED25519) to the list of known hosts. 1970/01/01 00:01:32 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:33 parsed 1 programs [ 95.794104][ T4485] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 103.480552][ T4543] chnl_net:caif_netlink_parms(): no params data found [ 103.517665][ T4543] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.519594][ T4543] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.522661][ T4543] device bridge_slave_0 entered promiscuous mode [ 103.526331][ T4543] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.528177][ T4543] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.530701][ T4543] device bridge_slave_1 entered promiscuous mode [ 103.551877][ T4543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.556414][ T4543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.574042][ T4543] team0: Port device team_slave_0 added [ 103.577558][ T4543] team0: Port device team_slave_1 added [ 103.591581][ T4543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.593713][ T4543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.600263][ T4543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.604812][ T4543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.606594][ T4543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.613526][ T4543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.695228][ T4543] device hsr_slave_0 entered promiscuous mode [ 103.733436][ T4543] device hsr_slave_1 entered promiscuous mode [ 104.551457][ T4543] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.625347][ T4543] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.664839][ T4543] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.695279][ T4543] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.786791][ T4543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.794570][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 104.797173][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 104.801679][ T4543] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.808369][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 104.811074][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 104.815564][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.817570][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.820813][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 104.833732][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.837026][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.839974][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.841876][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.848041][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 104.851062][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 104.855978][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 104.859555][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 104.873749][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 104.876269][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 104.879399][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.883626][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 104.886336][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.888980][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 104.891658][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.895937][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 105.026520][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 105.028669][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 105.036887][ T4543] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.059228][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 105.062546][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.078526][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 105.081215][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.086035][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 105.088979][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 105.091725][ T4543] device veth0_vlan entered promiscuous mode [ 105.099307][ T4543] device veth1_vlan entered promiscuous mode [ 105.119805][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 105.124305][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 105.127034][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 105.130260][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 105.138571][ T4543] device veth0_macvtap entered promiscuous mode [ 105.145408][ T4543] device veth1_macvtap entered promiscuous mode [ 105.157571][ T4543] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.159678][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 105.164983][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 105.167530][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 105.170250][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 105.177582][ T4543] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.182634][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 105.185254][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 105.191622][ T4543] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.195676][ T4543] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.197987][ T4543] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.200316][ T4543] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.375778][ T1646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.378020][ T1646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.380968][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 105.444043][ T1646] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.446228][ T1646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.449219][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:45 executed programs: 0 [ 106.120606][ T4686] chnl_net:caif_netlink_parms(): no params data found [ 106.160787][ T4686] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.163322][ T4686] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.165851][ T4686] device bridge_slave_0 entered promiscuous mode [ 106.169567][ T4686] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.171566][ T4686] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.174319][ T4686] device bridge_slave_1 entered promiscuous mode [ 106.198154][ T4686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.202797][ T4686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.220188][ T4686] team0: Port device team_slave_0 added [ 106.223662][ T4686] team0: Port device team_slave_1 added [ 106.239059][ T4686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.240865][ T4686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.247981][ T4686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.252651][ T4686] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.254661][ T4686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.261686][ T4686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.345481][ T4686] device hsr_slave_0 entered promiscuous mode [ 106.392378][ T4686] device hsr_slave_1 entered promiscuous mode [ 106.432186][ T4686] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.434216][ T4686] Cannot create hsr debugfs directory [ 106.567442][ T4686] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.955089][ T4180] Bluetooth: hci0: command 0x0409 tx timeout [ 109.163145][ T4686] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.022111][ T4180] Bluetooth: hci0: command 0x041b tx timeout [ 110.352382][ T4686] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.705518][ T4686] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.892011][ T4686] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.933788][ T4686] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.964513][ T4686] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 111.022080][ T4686] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 111.137567][ T4686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.149875][ T4686] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.154376][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.156861][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.177852][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.180541][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.184536][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.186451][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.188946][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.194142][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.196939][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.199561][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.201493][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.209063][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 111.214897][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 111.220037][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 111.226882][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.230697][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 111.236791][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 111.239682][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.248467][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 111.251198][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 111.257364][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 111.260205][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 111.265446][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 111.347202][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 111.349334][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 111.356452][ T4686] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.384941][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 111.387622][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.398621][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 111.401247][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.404964][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.407436][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.412361][ T4686] device veth0_vlan entered promiscuous mode [ 111.420591][ T4686] device veth1_vlan entered promiscuous mode [ 111.447710][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 111.450366][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 111.455935][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 111.458752][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 111.464180][ T4686] device veth0_macvtap entered promiscuous mode [ 111.468756][ T4686] device veth1_macvtap entered promiscuous mode [ 111.479443][ T4686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.483898][ T4686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.488218][ T4686] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.490935][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 111.494532][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 111.497037][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.499827][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.513262][ T4686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.516110][ T4686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.519638][ T4686] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.521671][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.525116][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.531487][ T4686] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.534090][ T4686] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.536469][ T4686] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.538705][ T4686] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.579228][ T1646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.588011][ T1646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.596944][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 111.600940][ T1646] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.603740][ T1646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.606804][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:51 executed programs: 2 [ 111.658790][ T4933] loop0: detected capacity change from 0 to 1024 [ 111.705898][ T4933] hfsplus: request for non-existent node -1191182336 in B*Tree [ 111.708062][ T4933] hfsplus: request for non-existent node -1191182336 in B*Tree [ 111.713881][ T4933] ================================================================== [ 111.716162][ T4933] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x84/0x21c [ 111.718338][ T4933] Read of size 8 at addr ffff0000cdc006c0 by task syz.0.16/4933 [ 111.720343][ T4933] [ 111.720944][ T4933] CPU: 0 PID: 4933 Comm: syz.0.16 Not tainted 5.15.186-syzkaller #0 [ 111.723027][ T4933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.725817][ T4933] Call trace: [ 111.726758][ T4933] dump_backtrace+0x0/0x43c [ 111.728067][ T4933] show_stack+0x2c/0x3c [ 111.729262][ T4933] __dump_stack+0x30/0x40 [ 111.730492][ T4933] dump_stack_lvl+0xf8/0x160 [ 111.731860][ T4933] print_address_description+0x78/0x30c [ 111.733429][ T4933] kasan_report+0xec/0x15c [ 111.734719][ T4933] __asan_report_load8_noabort+0x44/0x50 [ 111.736299][ T4933] hfsplus_bnode_read+0x84/0x21c [ 111.737706][ T4933] hfsplus_bnode_dump+0x26c/0x37c [ 111.739112][ T4933] hfsplus_brec_remove+0x3cc/0x4a0 [ 111.740548][ T4933] __hfsplus_delete_attr+0x198/0x350 [ 111.742090][ T4933] hfsplus_delete_all_attrs+0x204/0x33c [ 111.743627][ T4933] hfsplus_delete_cat+0x844/0xbb0 [ 111.744956][ T4933] hfsplus_unlink+0x2a0/0x664 [ 111.746266][ T4933] vfs_unlink+0x2e0/0x4f4 [ 111.747453][ T4933] do_unlinkat+0x31c/0x600 [ 111.748703][ T4933] __arm64_sys_unlinkat+0xe0/0xfc [ 111.750079][ T4933] invoke_syscall+0x98/0x2b8 [ 111.751460][ T4933] el0_svc_common+0x138/0x258 [ 111.752822][ T4933] do_el0_svc+0x58/0x14c [ 111.754020][ T4933] el0_svc+0x78/0x1e0 [ 111.755186][ T4933] el0t_64_sync_handler+0xcc/0xe4 [ 111.756593][ T4933] el0t_64_sync+0x1a0/0x1a4 [ 111.757893][ T4933] [ 111.758555][ T4933] Allocated by task 4933: [ 111.759701][ T4933] __kasan_kmalloc+0xb0/0xf0 [ 111.761011][ T4933] __kmalloc+0x298/0x44c [ 111.762231][ T4933] __hfs_bnode_create+0xe4/0x84c [ 111.763601][ T4933] hfsplus_bnode_find+0x1f8/0xbcc [ 111.764990][ T4933] hfsplus_brec_find+0x128/0x448 [ 111.766351][ T4933] hfsplus_delete_all_attrs+0x1e0/0x33c [ 111.767914][ T4933] hfsplus_delete_cat+0x844/0xbb0 [ 111.769284][ T4933] hfsplus_unlink+0x2a0/0x664 [ 111.770578][ T4933] vfs_unlink+0x2e0/0x4f4 [ 111.771808][ T4933] do_unlinkat+0x31c/0x600 [ 111.773050][ T4933] __arm64_sys_unlinkat+0xe0/0xfc [ 111.774459][ T4933] invoke_syscall+0x98/0x2b8 [ 111.775776][ T4933] el0_svc_common+0x138/0x258 [ 111.777048][ T4933] do_el0_svc+0x58/0x14c [ 111.778202][ T4933] el0_svc+0x78/0x1e0 [ 111.779295][ T4933] el0t_64_sync_handler+0xcc/0xe4 [ 111.780651][ T4933] el0t_64_sync+0x1a0/0x1a4 [ 111.781877][ T4933] [ 111.782477][ T4933] Last potentially related work creation: [ 111.784055][ T4933] kasan_save_stack+0x38/0x68 [ 111.785430][ T4933] kasan_record_aux_stack+0xcc/0x114 [ 111.786886][ T4933] insert_work+0x64/0x388 [ 111.788154][ T4933] __queue_work+0xb30/0x1054 [ 111.789427][ T4933] queue_work_on+0xc4/0x17c [ 111.790684][ T4933] call_usermodehelper_exec+0x22c/0x478 [ 111.792214][ T4933] kobject_uevent_env+0x670/0x888 [ 111.793654][ T4933] kobject_uevent+0x2c/0x3c [ 111.794889][ T4933] driver_register+0x29c/0x374 [ 111.796232][ T4933] phy_driver_register+0x160/0x264 [ 111.797663][ T4933] phy_drivers_register+0x54/0xe8 [ 111.799032][ T4933] phy_module_init+0x24/0x30 [ 111.800262][ T4933] do_one_initcall+0x228/0x8b0 [ 111.801600][ T4933] do_initcall_level+0x154/0x214 [ 111.802982][ T4933] do_initcalls+0x58/0xac [ 111.804202][ T4933] do_basic_setup+0x8c/0xa0 [ 111.805449][ T4933] kernel_init_freeable+0x404/0x5fc [ 111.806895][ T4933] kernel_init+0x24/0x1d0 [ 111.808090][ T4933] ret_from_fork+0x10/0x20 [ 111.809250][ T4933] [ 111.809877][ T4933] The buggy address belongs to the object at ffff0000cdc00600 [ 111.809877][ T4933] which belongs to the cache kmalloc-256 of size 256 [ 111.813788][ T4933] The buggy address is located 192 bytes inside of [ 111.813788][ T4933] 256-byte region [ffff0000cdc00600, ffff0000cdc00700) [ 111.817366][ T4933] The buggy address belongs to the page: [ 111.818971][ T4933] page:00000000ae7aab82 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dc00 [ 111.821795][ T4933] head:00000000ae7aab82 order:1 compound_mapcount:0 [ 111.823602][ T4933] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 111.825925][ T4933] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480 [ 111.828271][ T4933] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 111.830646][ T4933] page dumped because: kasan: bad access detected [ 111.832391][ T4933] [ 111.833023][ T4933] Memory state around the buggy address: [ 111.834515][ T4933] ffff0000cdc00580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.836675][ T4933] ffff0000cdc00600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 111.838849][ T4933] >ffff0000cdc00680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.841211][ T4933] ^ [ 111.842915][ T4933] ffff0000cdc00700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.845304][ T4933] ffff0000cdc00780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.847605][ T4933] ================================================================== [ 111.849837][ T4933] Disabling lock debugging due to kernel taint [ 111.854587][ T4933] Unable to handle kernel paging request at virtual address ffff7ac800009bff [ 111.857244][ T4933] Mem abort info: [ 111.858277][ T4933] ESR = 0x0000000096000004 [ 111.859735][ T4933] EC = 0x25: DABT (current EL), IL = 32 bits [ 111.861475][ T4933] SET = 0, FnV = 0 [ 111.863332][ T4933] EA = 0, S1PTW = 0 [ 111.865199][ T4933] FSC = 0x04: level 0 translation fault [ 111.867035][ T4933] Data abort info: [ 111.868116][ T4933] ISV = 0, ISS = 0x00000004 [ 111.869366][ T4933] CM = 0, WnR = 0 [ 111.870417][ T4933] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002113cd000 [ 111.872487][ T4933] [ffff7ac800009bff] pgd=0000000000000000, p4d=0000000000000000 [ 111.874604][ T4933] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 111.876575][ T4933] Modules linked in: [ 111.877656][ T4933] CPU: 0 PID: 4933 Comm: syz.0.16 Tainted: G B 5.15.186-syzkaller #0 [ 111.880240][ T4933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.883068][ T4933] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.885233][ T4933] pc : kasan_check_range+0x74/0x2b0 [ 111.886765][ T4933] lr : memcpy+0x90/0xe8 [ 111.887903][ T4933] sp : ffff80001fb97470 [ 111.889015][ T4933] x29: ffff80001fb97470 x28: 1fffe00019b800c3 x27: ffff80001fb97540 [ 111.891380][ T4933] x26: 0000000040000000 x25: 1ffff0000276e008 x24: dfff800000000000 [ 111.893541][ T4933] x23: ffff8000167b9000 x22: ffff800008ebe0b0 x21: ffff80001fb97560 [ 111.895769][ T4933] x20: ffffd6400004dfff x19: 0000000000000001 x18: 0000000000000000 [ 111.897921][ T4933] x17: 0000000000000000 x16: ffff800008ebfea8 x15: 00000000000000ff [ 111.900155][ T4933] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000000001 [ 111.902385][ T4933] x11: 1ffffac800009bff x10: 1ffffac800009bff x9 : ffffffffffffffff [ 111.904534][ T4933] x8 : ffff7ac800009bff x7 : 0000000000000000 x6 : 00000000000000ff [ 111.906826][ T4933] x5 : ffff80001fb97582 x4 : ffff0000e648c00c x3 : ffff800008ebe0b0 [ 111.909037][ T4933] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffd6400004dfff [ 111.911382][ T4933] Call trace: [ 111.912260][ T4933] kasan_check_range+0x74/0x2b0 [ 111.913607][ T4933] memcpy+0x90/0xe8 [ 111.914655][ T4933] hfsplus_bnode_read+0x10c/0x21c [ 111.916042][ T4933] hfsplus_bnode_dump+0x26c/0x37c [ 111.917455][ T4933] hfsplus_brec_remove+0x3cc/0x4a0 [ 111.918893][ T4933] __hfsplus_delete_attr+0x198/0x350 [ 111.920391][ T4933] hfsplus_delete_all_attrs+0x204/0x33c [ 111.921982][ T4933] hfsplus_delete_cat+0x844/0xbb0 [ 111.923425][ T4933] hfsplus_unlink+0x2a0/0x664 [ 111.924704][ T4933] vfs_unlink+0x2e0/0x4f4 [ 111.925942][ T4933] do_unlinkat+0x31c/0x600 [ 111.927211][ T4933] __arm64_sys_unlinkat+0xe0/0xfc [ 111.928671][ T4933] invoke_syscall+0x98/0x2b8 [ 111.929952][ T4933] el0_svc_common+0x138/0x258 [ 111.931240][ T4933] do_el0_svc+0x58/0x14c [ 111.932430][ T4933] el0_svc+0x78/0x1e0 [ 111.933529][ T4933] el0t_64_sync_handler+0xcc/0xe4 [ 111.934939][ T4933] el0t_64_sync+0x1a0/0x1a4 [ 111.936295][ T4933] Code: 5400014c b4000b8c aa2a03e9 8b0b0129 (3940010a) [ 111.938255][ T4933] ---[ end trace 3efc8a33b740e44b ]--- [ 112.409750][ T4933] Kernel panic - not syncing: Oops: Fatal exception [ 112.411563][ T4933] SMP: stopping secondary CPUs [ 112.412830][ T4933] Kernel Offset: disabled [ 112.413948][ T4933] CPU features: 0x8,000081c1,21302e40 [ 112.415349][ T4933] Memory Limit: none [ 112.783904][ T4933] Rebooting in 86400 seconds..