Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts. 1970/01/01 00:01:25 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:26 parsed 1 programs [ 89.464691][ T4472] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 96.885181][ T1776] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.887449][ T1776] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.890759][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 96.903859][ T1776] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.906444][ T1776] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.909526][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 97.497371][ T4527] chnl_net:caif_netlink_parms(): no params data found [ 97.535486][ T4527] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.537672][ T4527] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.540452][ T4527] device bridge_slave_0 entered promiscuous mode [ 97.545092][ T4527] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.547160][ T4527] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.549917][ T4527] device bridge_slave_1 entered promiscuous mode [ 97.567281][ T4527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.572139][ T4527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.588548][ T4527] team0: Port device team_slave_0 added [ 97.592620][ T4527] team0: Port device team_slave_1 added [ 97.607484][ T4527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.609488][ T4527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.616933][ T4527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.621614][ T4527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.623580][ T4527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.631106][ T4527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.684031][ T4527] device hsr_slave_0 entered promiscuous mode [ 97.722236][ T4527] device hsr_slave_1 entered promiscuous mode [ 98.638988][ T4527] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.672855][ T4527] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.703238][ T4527] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.734022][ T4527] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.868883][ T4527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.876230][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.878994][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.884301][ T4527] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.893695][ T1776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.896484][ T1776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.899220][ T1776] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.901275][ T1776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.904696][ T1776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.907541][ T1776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.910169][ T1776] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.912189][ T1776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.916405][ T1776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.931692][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 98.934617][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 98.937466][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 98.943756][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.946570][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 98.949575][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.958500][ T4527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 98.964326][ T4527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.969572][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 98.974028][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 98.976825][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.979738][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 98.985859][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.988567][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 99.073088][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 99.075368][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 99.082482][ T4527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.096680][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 99.102327][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.114815][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 99.117598][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.122249][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.125299][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.130209][ T4527] device veth0_vlan entered promiscuous mode [ 99.138176][ T4527] device veth1_vlan entered promiscuous mode [ 99.156760][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 99.159506][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 99.165954][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 99.169087][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.213731][ T4527] device veth0_macvtap entered promiscuous mode [ 99.219598][ T4527] device veth1_macvtap entered promiscuous mode [ 99.232872][ T4527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.235095][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 99.237864][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 99.240434][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 99.245625][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.251777][ T4527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.255353][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.258342][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.263575][ T4527] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.266035][ T4527] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.268451][ T4527] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.272338][ T4527] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:39 executed programs: 0 [ 99.917304][ T4663] chnl_net:caif_netlink_parms(): no params data found [ 99.962379][ T4663] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.964513][ T4663] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.967245][ T4663] device bridge_slave_0 entered promiscuous mode [ 99.971544][ T4663] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.973522][ T4663] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.976243][ T4663] device bridge_slave_1 entered promiscuous mode [ 99.993892][ T4663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.998750][ T4663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.016836][ T4663] team0: Port device team_slave_0 added [ 100.020258][ T4663] team0: Port device team_slave_1 added [ 100.034003][ T4663] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.035912][ T4663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.044250][ T4663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.049609][ T4663] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.052015][ T4663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.059075][ T4663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.113117][ T4663] device hsr_slave_0 entered promiscuous mode [ 100.161077][ T4663] device hsr_slave_1 entered promiscuous mode [ 100.183893][ T4663] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.186062][ T4663] Cannot create hsr debugfs directory [ 100.249902][ T4663] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.881088][ T4131] Bluetooth: hci0: command 0x0409 tx timeout [ 102.429456][ T4663] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.950868][ T4131] Bluetooth: hci0: command 0x041b tx timeout [ 104.631993][ T4663] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.698252][ T4663] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.876218][ T4663] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.924288][ T4663] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.987430][ T4663] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.053853][ T4663] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.141481][ T4663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.148827][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 105.152546][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.166662][ T4663] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.172590][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 105.175256][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 105.177570][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.179521][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.183469][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.189938][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 105.193859][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 105.196464][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.198447][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.213940][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 105.217106][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 105.220084][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 105.225102][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 105.228012][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 105.231529][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 105.234228][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 105.240077][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 105.244450][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 105.261582][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 105.264354][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 105.268924][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 105.353848][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 105.355986][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 105.363130][ T4663] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.376078][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 105.379046][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.392836][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 105.395573][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.398413][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 105.403021][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 105.415653][ T4663] device veth0_vlan entered promiscuous mode [ 105.423656][ T4663] device veth1_vlan entered promiscuous mode [ 105.444161][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 105.446915][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 105.449597][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 105.453349][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 105.456907][ T4663] device veth0_macvtap entered promiscuous mode [ 105.472795][ T4663] device veth1_macvtap entered promiscuous mode [ 105.482951][ T4663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.485893][ T4663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.489540][ T4663] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.495134][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 105.497776][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 105.500400][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 105.504065][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 105.508851][ T4663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.513564][ T4663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.517256][ T4663] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.519270][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 105.524014][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 105.540223][ T4663] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.543525][ T4663] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.545957][ T4663] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.548342][ T4663] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.586340][ T1796] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.592746][ T1796] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.597288][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 105.606541][ T1796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.608761][ T1796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.612930][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:45 executed programs: 2 [ 105.662601][ T4917] loop0: detected capacity change from 0 to 1024 [ 105.716565][ T4917] hfsplus: request for non-existent node 128 in B*Tree [ 105.719321][ T4917] hfsplus: request for non-existent node 128 in B*Tree [ 105.724645][ T4917] ================================================================== [ 105.726924][ T4917] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x84/0x21c [ 105.729193][ T4917] Read of size 8 at addr ffff0000cf3894c0 by task syz.0.16/4917 [ 105.731231][ T4917] [ 105.731885][ T4917] CPU: 0 PID: 4917 Comm: syz.0.16 Not tainted 5.15.189-syzkaller #0 [ 105.734045][ T4917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.736794][ T4917] Call trace: [ 105.737670][ T4917] dump_backtrace+0x0/0x43c [ 105.738893][ T4917] show_stack+0x2c/0x3c [ 105.740055][ T4917] __dump_stack+0x30/0x40 [ 105.741278][ T4917] dump_stack_lvl+0xf8/0x160 [ 105.742563][ T4917] print_address_description+0x78/0x30c [ 105.744215][ T4917] kasan_report+0xec/0x15c [ 105.745439][ T4917] __asan_report_load8_noabort+0x44/0x50 [ 105.746958][ T4917] hfsplus_bnode_read+0x84/0x21c [ 105.748358][ T4917] hfsplus_bnode_dump+0x26c/0x37c [ 105.749779][ T4917] hfsplus_brec_remove+0x3cc/0x4a0 [ 105.751211][ T4917] __hfsplus_delete_attr+0x198/0x350 [ 105.752709][ T4917] hfsplus_delete_all_attrs+0x204/0x33c [ 105.754209][ T4917] hfsplus_delete_cat+0x844/0xbb0 [ 105.755505][ T4917] hfsplus_unlink+0x2a0/0x664 [ 105.756748][ T4917] vfs_unlink+0x2e0/0x4f4 [ 105.757925][ T4917] do_unlinkat+0x31c/0x600 [ 105.759089][ T4917] __arm64_sys_unlinkat+0xe0/0xfc [ 105.760493][ T4917] invoke_syscall+0x98/0x2b8 [ 105.761757][ T4917] el0_svc_common+0x138/0x258 [ 105.763110][ T4917] do_el0_svc+0x58/0x14c [ 105.764282][ T4917] el0_svc+0x78/0x1e0 [ 105.765417][ T4917] el0t_64_sync_handler+0xcc/0xe4 [ 105.766812][ T4917] el0t_64_sync+0x1a0/0x1a4 [ 105.768072][ T4917] [ 105.768691][ T4917] Allocated by task 4917: [ 105.769887][ T4917] __kasan_kmalloc+0xb0/0xf0 [ 105.771165][ T4917] __kmalloc+0x298/0x44c [ 105.772327][ T4917] __hfs_bnode_create+0xe4/0x84c [ 105.773671][ T4917] hfsplus_bnode_find+0x1f8/0xbcc [ 105.775094][ T4917] hfsplus_brec_find+0x128/0x448 [ 105.776506][ T4917] hfsplus_delete_all_attrs+0x1e0/0x33c [ 105.778131][ T4917] hfsplus_delete_cat+0x844/0xbb0 [ 105.779506][ T4917] hfsplus_unlink+0x2a0/0x664 [ 105.780821][ T4917] vfs_unlink+0x2e0/0x4f4 [ 105.782043][ T4917] do_unlinkat+0x31c/0x600 [ 105.783260][ T4917] __arm64_sys_unlinkat+0xe0/0xfc [ 105.784665][ T4917] invoke_syscall+0x98/0x2b8 [ 105.785943][ T4917] el0_svc_common+0x138/0x258 [ 105.787243][ T4917] do_el0_svc+0x58/0x14c [ 105.788388][ T4917] el0_svc+0x78/0x1e0 [ 105.789473][ T4917] el0t_64_sync_handler+0xcc/0xe4 [ 105.790872][ T4917] el0t_64_sync+0x1a0/0x1a4 [ 105.792130][ T4917] [ 105.792739][ T4917] Last potentially related work creation: [ 105.794407][ T4917] kasan_save_stack+0x38/0x68 [ 105.795741][ T4917] kasan_record_aux_stack+0xcc/0x114 [ 105.797224][ T4917] call_rcu+0x114/0x8fc [ 105.798422][ T4917] fib_release_info+0x554/0x694 [ 105.799777][ T4917] fib_table_flush+0x314/0xe00 [ 105.801201][ T4917] fib_disable_ip+0xf8/0x174 [ 105.802457][ T4917] fib_netdev_event+0x2e8/0x4c8 [ 105.803860][ T4917] raw_notifier_call_chain+0xd4/0x164 [ 105.805336][ T4917] dev_close_many+0x2cc/0x440 [ 105.806677][ T4917] unregister_netdevice_many+0x3d4/0x17d0 [ 105.808188][ T4917] default_device_exit_batch+0x444/0x4a4 [ 105.809761][ T4917] cleanup_net+0x644/0xa98 [ 105.811017][ T4917] process_one_work+0x79c/0x1140 [ 105.812485][ T4917] worker_thread+0x8f4/0x101c [ 105.813838][ T4917] kthread+0x374/0x454 [ 105.814930][ T4917] ret_from_fork+0x10/0x20 [ 105.816218][ T4917] [ 105.816854][ T4917] Second to last potentially related work creation: [ 105.818672][ T4917] kasan_save_stack+0x38/0x68 [ 105.819994][ T4917] kasan_record_aux_stack+0xcc/0x114 [ 105.821479][ T4917] insert_work+0x64/0x388 [ 105.822668][ T4917] __queue_work+0xb30/0x1054 [ 105.823912][ T4917] queue_work_on+0xc4/0x17c [ 105.825182][ T4917] call_usermodehelper_exec+0x22c/0x478 [ 105.826604][ T4917] kobject_uevent_env+0x670/0x888 [ 105.828047][ T4917] kobject_uevent+0x2c/0x3c [ 105.829360][ T4917] driver_bound+0x150/0x268 [ 105.830593][ T4917] really_probe+0x6c8/0xaec [ 105.831847][ T4917] __driver_probe_device+0x180/0x314 [ 105.833349][ T4917] driver_probe_device+0x78/0x34c [ 105.834716][ T4917] __device_attach_driver+0x274/0x4c4 [ 105.836220][ T4917] bus_for_each_drv+0x150/0x1d8 [ 105.837521][ T4917] __device_attach+0x2a8/0x3d4 [ 105.838890][ T4917] device_initial_probe+0x24/0x34 [ 105.840252][ T4917] bus_probe_device+0xbc/0x1c4 [ 105.841568][ T4917] device_add+0xb04/0xf94 [ 105.842735][ T4917] usb_new_device+0x7ec/0x1164 [ 105.844107][ T4917] register_root_hub+0x224/0x538 [ 105.845493][ T4917] usb_add_hcd+0x90c/0xd5c [ 105.846714][ T4917] vhci_hcd_probe+0x13c/0x358 [ 105.848030][ T4917] platform_probe+0x13c/0x1b4 [ 105.849375][ T4917] really_probe+0x26c/0xaec [ 105.850599][ T4917] __driver_probe_device+0x180/0x314 [ 105.852085][ T4917] driver_probe_device+0x78/0x34c [ 105.853401][ T4917] __device_attach_driver+0x274/0x4c4 [ 105.854906][ T4917] bus_for_each_drv+0x150/0x1d8 [ 105.856245][ T4917] __device_attach+0x2a8/0x3d4 [ 105.857581][ T4917] device_initial_probe+0x24/0x34 [ 105.859031][ T4917] bus_probe_device+0xbc/0x1c4 [ 105.860286][ T4917] device_add+0xb04/0xf94 [ 105.861535][ T4917] platform_device_add+0x3f8/0x6ec [ 105.863005][ T4917] vhci_hcd_init+0x380/0x49c [ 105.864300][ T4917] do_one_initcall+0x228/0x8b0 [ 105.865627][ T4917] do_initcall_level+0x154/0x214 [ 105.867009][ T4917] do_initcalls+0x58/0xac [ 105.868240][ T4917] do_basic_setup+0x8c/0xa0 [ 105.869465][ T4917] kernel_init_freeable+0x404/0x5fc [ 105.870919][ T4917] kernel_init+0x24/0x1d0 [ 105.872153][ T4917] ret_from_fork+0x10/0x20 [ 105.873393][ T4917] [ 105.874034][ T4917] The buggy address belongs to the object at ffff0000cf389400 [ 105.874034][ T4917] which belongs to the cache kmalloc-256 of size 256 [ 105.878087][ T4917] The buggy address is located 192 bytes inside of [ 105.878087][ T4917] 256-byte region [ffff0000cf389400, ffff0000cf389500) [ 105.881734][ T4917] The buggy address belongs to the page: [ 105.883334][ T4917] page:000000008db4147e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f388 [ 105.886196][ T4917] head:000000008db4147e order:1 compound_mapcount:0 [ 105.888025][ T4917] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 105.890345][ T4917] raw: 05ffc00000010200 fffffc00033a1b00 0000000600000006 ffff0000c0002480 [ 105.892705][ T4917] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.895119][ T4917] page dumped because: kasan: bad access detected [ 105.896965][ T4917] [ 105.897619][ T4917] Memory state around the buggy address: [ 105.899213][ T4917] ffff0000cf389380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.901490][ T4917] ffff0000cf389400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.903746][ T4917] >ffff0000cf389480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.906016][ T4917] ^ [ 105.907740][ T4917] ffff0000cf389500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.910070][ T4917] ffff0000cf389580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.912328][ T4917] ================================================================== [ 105.914620][ T4917] Disabling lock debugging due to kernel taint [ 105.919145][ T4917] Unable to handle kernel paging request at virtual address ffff7ac0000099ff [ 105.921721][ T4917] Mem abort info: [ 105.922686][ T4917] ESR = 0x0000000096000004 [ 105.923967][ T4917] EC = 0x25: DABT (current EL), IL = 32 bits [ 105.926304][ T4917] SET = 0, FnV = 0 [ 105.927942][ T4917] EA = 0, S1PTW = 0 [ 105.929298][ T4917] FSC = 0x04: level 0 translation fault [ 105.931161][ T4917] Data abort info: [ 105.932158][ T4917] ISV = 0, ISS = 0x00000004 [ 105.933469][ T4917] CM = 0, WnR = 0 [ 105.934560][ T4917] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002113bb000 [ 105.936674][ T4917] [ffff7ac0000099ff] pgd=0000000000000000, p4d=0000000000000000 [ 105.938862][ T4917] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 105.940933][ T4917] Modules linked in: [ 105.942046][ T4917] CPU: 0 PID: 4917 Comm: syz.0.16 Tainted: G B 5.15.189-syzkaller #0 [ 105.944743][ T4917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.947617][ T4917] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.949842][ T4917] pc : kasan_check_range+0x74/0x2b0 [ 105.951336][ T4917] lr : memcpy+0x90/0xe8 [ 105.952516][ T4917] sp : ffff80001f807470 [ 105.953700][ T4917] x29: ffff80001f807470 x28: 1fffe00019e71283 x27: ffff80001f807540 [ 105.955878][ T4917] x26: 0000000040000000 x25: 1ffff0000276bbf8 x24: dfff800000000000 [ 105.958084][ T4917] x23: ffff8000167a8000 x22: ffff800008eaca8c x21: ffff80001f807560 [ 105.960315][ T4917] x20: ffffd6000004cfff x19: 0000000000000001 x18: 0000000000000000 [ 105.962555][ T4917] x17: 0000000000000000 x16: ffff800008eae884 x15: 00000000000000ff [ 105.964833][ T4917] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000000001 [ 105.967118][ T4917] x11: 1ffffac0000099ff x10: 1ffffac0000099ff x9 : ffffffffffffffff [ 105.969404][ T4917] x8 : ffff7ac0000099ff x7 : 0000000000000000 x6 : 00000000000000ff [ 105.971625][ T4917] x5 : ffff80001f807582 x4 : ffff0000e907000c x3 : ffff800008eaca8c [ 105.973841][ T4917] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffd6000004cfff [ 105.976085][ T4917] Call trace: [ 105.976949][ T4917] kasan_check_range+0x74/0x2b0 [ 105.978291][ T4917] memcpy+0x90/0xe8 [ 105.979491][ T4917] hfsplus_bnode_read+0x10c/0x21c [ 105.980921][ T4917] hfsplus_bnode_dump+0x26c/0x37c [ 105.982366][ T4917] hfsplus_brec_remove+0x3cc/0x4a0 [ 105.983800][ T4917] __hfsplus_delete_attr+0x198/0x350 [ 105.985388][ T4917] hfsplus_delete_all_attrs+0x204/0x33c [ 105.987111][ T4917] hfsplus_delete_cat+0x844/0xbb0 [ 105.988505][ T4917] hfsplus_unlink+0x2a0/0x664 [ 105.989867][ T4917] vfs_unlink+0x2e0/0x4f4 [ 105.991018][ T4917] do_unlinkat+0x31c/0x600 [ 105.992229][ T4917] __arm64_sys_unlinkat+0xe0/0xfc [ 105.993624][ T4917] invoke_syscall+0x98/0x2b8 [ 105.994936][ T4917] el0_svc_common+0x138/0x258 [ 105.996317][ T4917] do_el0_svc+0x58/0x14c [ 105.997489][ T4917] el0_svc+0x78/0x1e0 [ 105.998583][ T4917] el0t_64_sync_handler+0xcc/0xe4 [ 106.000012][ T4917] el0t_64_sync+0x1a0/0x1a4 [ 106.001285][ T4917] Code: 5400014c b4000b8c aa2a03e9 8b0b0129 (3940010a) [ 106.003251][ T4917] ---[ end trace 187d75bdd784e8cc ]--- [ 106.478344][ T4917] Kernel panic - not syncing: Oops: Fatal exception [ 106.480239][ T4917] SMP: stopping secondary CPUs [ 106.481592][ T4917] Kernel Offset: disabled [ 106.482767][ T4917] CPU features: 0x8,000081c1,21302e40 [ 106.484276][ T4917] Memory Limit: none [ 106.878742][ T4917] Rebooting in 86400 seconds..