Warning: Permanently added '10.128.0.226' (ED25519) to the list of known hosts. 1970/01/01 00:01:01 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:01 ignoring optional flag "type"="gce" 1970/01/01 00:01:01 parsed 1 programs [ 61.571181][ T6732] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:01:01 executed programs: 0 [ 61.603560][ T6092] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.604653][ T6092] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.606292][ T6092] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.606991][ T6092] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.607411][ T6092] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.699811][ T6739] chnl_net:caif_netlink_parms(): no params data found [ 61.746890][ T6739] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.749244][ T6739] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.751692][ T6739] bridge_slave_0: entered allmulticast mode [ 61.756750][ T6739] bridge_slave_0: entered promiscuous mode [ 61.759952][ T6739] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.762345][ T6739] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.765939][ T6739] bridge_slave_1: entered allmulticast mode [ 61.768614][ T6739] bridge_slave_1: entered promiscuous mode [ 61.786283][ T6739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.791917][ T6739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.811473][ T6739] team0: Port device team_slave_0 added [ 61.814857][ T6739] team0: Port device team_slave_1 added [ 61.831013][ T6739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.833096][ T6739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.841323][ T6739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.847013][ T6739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.849078][ T6739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.855758][ T6739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.874777][ T6739] hsr_slave_0: entered promiscuous mode [ 61.875243][ T6739] hsr_slave_1: entered promiscuous mode [ 62.770100][ T6739] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.774134][ T6739] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.778775][ T6739] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.782846][ T6739] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.831572][ T6739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.842101][ T6739] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.850421][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.850499][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.859218][ T623] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.859290][ T623] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.971435][ T6739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.994170][ T6739] veth0_vlan: entered promiscuous mode [ 62.999412][ T6739] veth1_vlan: entered promiscuous mode [ 63.018383][ T6739] veth0_macvtap: entered promiscuous mode [ 63.020137][ T6739] veth1_macvtap: entered promiscuous mode [ 63.027925][ T6739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.031827][ T6739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.037048][ T6739] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.037087][ T6739] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.037116][ T6739] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.037145][ T6739] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.081032][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.081091][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.099891][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.099949][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.170746][ T6859] loop0: detected capacity change from 0 to 1024 [ 63.212327][ T6859] hfsplus: request for non-existent node 65030 in B*Tree [ 63.212421][ T6859] hfsplus: request for non-existent node 65030 in B*Tree [ 63.226859][ T6859] ================================================================== [ 63.226886][ T6859] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x98/0x1a8 [ 63.226908][ T6859] Read of size ** replaying previous printk message ** [ 63.226908][ T6859] Read of size 8 at addr ffff0000c54f9dc0 by task syz-executor.0/6859 [ 63.226924][ T6859] [ 63.226934][ T6859] CPU: 1 UID: 0 PID: 6859 Comm: syz-executor.0 Not tainted 6.16.0-rc6-syzkaller-gaaef6f251176 #0 PREEMPT [ 63.226947][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.226954][ T6859] Call trace: [ 63.226957][ T6859] show_stack+0x2c/0x3c (C) [ 63.226970][ T6859] __dump_stack+0x30/0x40 [ 63.226984][ T6859] dump_stack_lvl+0xd8/0x12c [ 63.226997][ T6859] print_address_description+0xa8/0x220 [ 63.227010][ T6859] print_report+0x68/0x84 [ 63.227026][ T6859] kasan_report+0xb0/0x110 [ 63.227037][ T6859] __asan_report_load8_noabort+0x20/0x2c [ 63.227048][ T6859] hfsplus_bnode_read+0x98/0x1a8 [ 63.227059][ T6859] hfsplus_bnode_dump+0x274/0x384 [ 63.227070][ T6859] hfsplus_brec_remove+0x3cc/0x4a0 [ 63.227082][ T6859] __hfsplus_delete_attr+0x198/0x33c [ 63.227094][ T6859] hfsplus_delete_all_attrs+0x228/0x390 [ 63.227106][ T6859] hfsplus_delete_cat+0x82c/0xbb0 [ 63.227116][ T6859] hfsplus_unlink+0x2a8/0x63c [ 63.227127][ T6859] hfsplus_rename+0xd0/0x1b0 [ 63.227137][ T6859] vfs_rename+0x8e8/0xc80 [ 63.227152][ T6859] do_renameat2+0x74c/0xa40 [ 63.227163][ T6859] __arm64_sys_renameat2+0xd8/0xf4 [ 63.227173][ T6859] invoke_syscall+0x98/0x2b8 [ 63.227185][ T6859] el0_svc_common+0x130/0x23c [ 63.227195][ T6859] do_el0_svc+0x48/0x58 [ 63.227204][ T6859] el0_svc+0x58/0x180 [ 63.227218][ T6859] el0t_64_sync_handler+0x84/0x12c [ 63.227228][ T6859] el0t_64_sync+0x198/0x19c [ 63.227241][ T6859] [ 63.227370][ T6859] Allocated by task 6859: [ 63.227382][ T6859] kasan_save_track+0x40/0x78 [ 63.227401][ T6859] kasan_save_alloc_info+0x44/0x54 [ 63.227416][ T6859] __kasan_kmalloc+0x9c/0xb4 [ 63.227432][ T6859] __kmalloc_noprof+0x2fc/0x4c8 [ 63.227446][ T6859] __hfs_bnode_create+0xe0/0x6f4 [ 63.227466][ T6859] hfsplus_bnode_find+0x1f0/0xb5c [ 63.227481][ T6859] hfsplus_brec_find+0x128/0x448 [ 63.227500][ T6859] hfsplus_find_attr+0x164/0x234 [ 63.227515][ T6859] __hfsplus_getxattr+0x2a0/0x6c4 [ 63.227530][ T6859] hfsplus_getxattr+0x100/0x168 [ 63.227546][ T6859] hfsplus_security_getxattr+0x48/0x5c [ 63.227562][ T6859] __vfs_getxattr+0x394/0x3c0 [ 63.227578][ T6859] smk_fetch+0xc4/0x150 [ 63.227596][ T6859] smack_d_instantiate+0x53c/0x7a4 [ 63.227612][ T6859] security_d_instantiate+0x100/0x204 [ 63.227629][ T6859] d_splice_alias+0x70/0x31c [ 63.227646][ T6859] hfsplus_lookup+0x6b4/0x728 [ 63.227660][ T6859] lookup_one_qstr_excl_raw+0x10c/0x25c [ 63.227678][ T6859] do_renameat2+0x3a4/0xa40 [ 63.227692][ T6859] __arm64_sys_renameat2+0xd8/0xf4 [ 63.227707][ T6859] invoke_syscall+0x98/0x2b8 [ 63.227732][ T6859] el0_svc_common+0x130/0x23c [ 63.227746][ T6859] do_el0_svc+0x48/0x58 [ 63.227759][ T6859] el0_svc+0x58/0x180 [ 63.227772][ T6859] el0t_64_sync_handler+0x84/0x12c [ 63.227786][ T6859] el0t_64_sync+0x198/0x19c [ 63.227800][ T6859] [ 63.227809][ T6859] The buggy address belongs to the object at ffff0000c54f9d00 [ 63.227809][ T6859] which belongs to the cache kmalloc-192 of size 192 [ 63.227823][ T6859] The buggy address is located 40 bytes to the right of [ 63.227823][ T6859] allocated 152-byte region [ffff0000c54f9d00, ffff0000c54f9d98) [ 63.227844][ T6859] [ 63.227853][ T6859] The buggy address belongs to the physical page: [ 63.227863][ T6859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054f9 [ 63.227879][ T6859] ksm flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 63.227895][ T6859] page_type: f5(slab) [ 63.227911][ T6859] raw: 05ffc00000000000 ffff0000c00013c0 fffffdffc317e500 dead000000000003 [ 63.227926][ T6859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 63.227937][ T6859] page dumped because: kasan: bad access detected [ 63.227947][ T6859] [ 63.227955][ T6859] Memory state around the buggy address: [ 63.227967][ T6859] ffff0000c54f9c80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.227980][ T6859] ffff0000c54f9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.227993][ T6859] >ffff0000c54f9d80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.228004][ T6859] ^ [ 63.228015][ T6859] ffff0000c54f9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.228028][ T6859] ffff0000c54f9e80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 63.228039][ T6859] ================================================================== [ 63.233523][ T6859] Disabling lock debugging due to kernel taint [ 63.233709][ T6859] ------------[ cut here ]------------ [ 63.233719][ T6859] WARNING: CPU: 1 PID: 6859 at ./include/linux/mm.h:2206 kmap_local_page+0x370/0x4ec [ 63.357735][ T6859] Modules linked in: [ 63.358819][ T6859] CPU: 1 UID: 0 PID: 6859 Comm: syz-executor.0 Tainted: G B 6.16.0-rc6-syzkaller-gaaef6f251176 #0 PREEMPT [ 63.362311][ T6859] Tainted: [B]=BAD_PAGE [ 63.363474][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.366305][ T6859] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.368421][ T6859] pc : kmap_local_page+0x370/0x4ec [ 63.369894][ T6859] lr : kmap_local_page+0x148/0x4ec [ 63.371351][ T6859] sp : ffff8000a0f27230 [ 63.372463][ T6859] x29: ffff8000a0f27230 x28: 0000000000000232 x27: 0000000000007232 [ 63.374732][ T6859] x26: ffff80008ef79000 x25: 1ffff00011def2a0 x24: dfff800000000000 [ 63.376978][ T6859] x23: 014805ca41001acb x22: 0000000000200000 x21: 0000000000000000 [ 63.379129][ T6859] x20: 0000000a402e5208 x19: 000520172904006b x18: 0000000000000000 [ 63.381412][ T6859] x17: 0000000000000000 x16: ffff80008af005d0 x15: 0000000000000001 [ 63.383689][ T6859] x14: 1ffff000125db6f4 x13: 0000000000000000 x12: 0000000000000000 [ 63.385950][ T6859] x11: ffff7000125db6f5 x10: 0000000000ff0100 x9 : 0000000000000000 [ 63.388174][ T6859] x8 : ffff0000d974bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 63.390450][ T6859] x5 : ffff8000a0f26af8 x4 : ffff80008f776bc0 x3 : ffff8000803b7030 [ 63.392648][ T6859] x2 : 0000000000000001 x1 : 0000000000200000 x0 : 0000000a402e5208 [ 63.394931][ T6859] Call trace: [ 63.395888][ T6859] kmap_local_page+0x370/0x4ec (P) [ 63.397294][ T6859] hfsplus_bnode_read+0xa4/0x1a8 [ 63.398647][ T6859] hfsplus_bnode_dump+0x274/0x384 [ 63.400033][ T6859] hfsplus_brec_remove+0x3cc/0x4a0 [ 63.401490][ T6859] __hfsplus_delete_attr+0x198/0x33c [ 63.402967][ T6859] hfsplus_delete_all_attrs+0x228/0x390 [ 63.404527][ T6859] hfsplus_delete_cat+0x82c/0xbb0 [ 63.406005][ T6859] hfsplus_unlink+0x2a8/0x63c [ 63.407405][ T6859] hfsplus_rename+0xd0/0x1b0 [ 63.408699][ T6859] vfs_rename+0x8e8/0xc80 [ 63.409895][ T6859] do_renameat2+0x74c/0xa40 [ 63.411129][ T6859] __arm64_sys_renameat2+0xd8/0xf4 [ 63.412548][ T6859] invoke_syscall+0x98/0x2b8 [ 63.413862][ T6859] el0_svc_common+0x130/0x23c [ 63.415153][ T6859] do_el0_svc+0x48/0x58 [ 63.416311][ T6859] el0_svc+0x58/0x180 [ 63.417444][ T6859] el0t_64_sync_handler+0x84/0x12c [ 63.418899][ T6859] el0t_64_sync+0x198/0x19c [ 63.420163][ T6859] irq event stamp: 4877 [ 63.421433][ T6859] hardirqs last enabled at (4877): [] finish_lock_switch+0xb0/0x1c0 [ 63.424176][ T6859] hardirqs last disabled at (4876): [] __schedule+0x320/0x2a28 [ 63.426662][ T6859] softirqs last enabled at (4862): [] handle_softirqs+0xaf8/0xc88 [ 63.429334][ T6859] softirqs last disabled at (4683): [] __do_softirq+0x14/0x20 [ 63.432002][ T6859] ---[ end trace 0000000000000000 ]--- [ 63.440194][ T6859] Unable to handle kernel paging request at virtual address fff072900006b4f2 [ 63.440253][ T6859] KASAN: maybe wild-memory-access in range [0xff8794800035a790-0xff8794800035a797] [ 63.440278][ T6859] Mem abort info: [ 63.440295][ T6859] ESR = 0x0000000096000004 [ 63.440319][ T6859] EC = 0x25: DABT (current EL), IL = 32 bits [ 63.440341][ T6859] SET = 0, FnV = 0 [ 63.440360][ T6859] EA = 0, S1PTW = 0 [ 63.440378][ T6859] FSC = 0x04: level 0 translation fault [ 63.440398][ T6859] Data abort info: [ 63.440415][ T6859] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 63.440435][ T6859] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 63.440456][ T6859] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 63.440477][ T6859] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000207157000 [ 63.440500][ T6859] [fff072900006b4f2] pgd=180000023ffff403, p4d=0000000000000000 [ 63.440547][ T6859] Internal error: Oops: 0000000096000004 [#1] SMP [ 63.465702][ T6859] Modules linked in: [ 63.466848][ T6859] CPU: 1 UID: 0 PID: 6859 Comm: syz-executor.0 Tainted: G B W 6.16.0-rc6-syzkaller-gaaef6f251176 #0 PREEMPT [ 63.470497][ T6859] Tainted: [B]=BAD_PAGE, [W]=WARN [ 63.471894][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.474758][ T6859] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.476995][ T6859] pc : __pi_memcpy_generic+0x70/0x22c [ 63.478493][ T6859] lr : __asan_memcpy+0x68/0x84 [ 63.479847][ T6859] sp : ffff8000a0f27250 [ 63.480974][ T6859] x29: ffff8000a0f27250 x28: 0000000000000232 x27: 0000000000007232 [ 63.483191][ T6859] x26: 0000000000000002 x25: dfff800000000000 x24: 0000000000000234 [ 63.485430][ T6859] x23: fff072900006b2c0 x22: ffff8000812aa99c x21: ffff8000a0f27320 [ 63.487686][ T6859] x20: fff072900006b4f2 x19: 0000000000000002 x18: 0000000000000000 [ 63.489927][ T6859] x17: 0000000000000000 x16: ffff80008af005d0 x15: ffff7000141e4e64 [ 63.492235][ T6859] x14: 0000000000000001 x13: 0000000000000002 x12: ffffffffffffffff [ 63.494489][ T6859] x11: ffff7000141e4e64 x10: dfff800000000000 x9 : 0000000000000002 [ 63.496786][ T6859] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000001 [ 63.499202][ T6859] x5 : ffff8000a0f27322 x4 : fff072900006b4f4 x3 : ffff8000812aa99c [ 63.501463][ T6859] x2 : 0000000000000002 x1 : fff072900006b4f2 x0 : ffff8000a0f27320 [ 63.503785][ T6859] Call trace: [ 63.504726][ T6859] __pi_memcpy_generic+0x70/0x22c (P) [ 63.506266][ T6859] hfsplus_bnode_read+0xd0/0x1a8 [ 63.507666][ T6859] hfsplus_bnode_dump+0x274/0x384 [ 63.509067][ T6859] hfsplus_brec_remove+0x3cc/0x4a0 [ 63.510520][ T6859] __hfsplus_delete_attr+0x198/0x33c [ 63.512031][ T6859] hfsplus_delete_all_attrs+0x228/0x390 [ 63.513559][ T6859] hfsplus_delete_cat+0x82c/0xbb0 [ 63.515011][ T6859] hfsplus_unlink+0x2a8/0x63c [ 63.516443][ T6859] hfsplus_rename+0xd0/0x1b0 [ 63.517822][ T6859] vfs_rename+0x8e8/0xc80 [ 63.519043][ T6859] do_renameat2+0x74c/0xa40 [ 63.520335][ T6859] __arm64_sys_renameat2+0xd8/0xf4 [ 63.521828][ T6859] invoke_syscall+0x98/0x2b8 [ 63.523111][ T6859] el0_svc_common+0x130/0x23c [ 63.524436][ T6859] do_el0_svc+0x48/0x58 [ 63.525675][ T6859] el0_svc+0x58/0x180 [ 63.526800][ T6859] el0t_64_sync_handler+0x84/0x12c [ 63.528284][ T6859] el0t_64_sync+0x198/0x19c [ 63.529520][ T6859] Code: b81fc0a8 d65f03c0 b4000102 d341fc4e (39400026) [ 63.531516][ T6859] ---[ end trace 0000000000000000 ]--- [ 63.842657][ T6859] Kernel panic - not syncing: Oops: Fatal exception [ 63.844549][ T6859] SMP: stopping secondary CPUs [ 63.845881][ T6859] Kernel Offset: disabled [ 63.847095][ T6859] CPU features: 0x10000,00040e00,040008a1,04017203 [ 63.848905][ T6859] Memory Limit: none [ 64.131352][ T6859] Rebooting in 86400 seconds..