Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. 1970/01/01 00:01:26 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:27 parsed 1 programs [ 90.453804][ T4467] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 97.892107][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.894307][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.897480][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 97.914874][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.917137][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.921376][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 98.762916][ T4514] chnl_net:caif_netlink_parms(): no params data found [ 98.800805][ T4514] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.802863][ T4514] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.805508][ T4514] device bridge_slave_0 entered promiscuous mode [ 98.809738][ T4514] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.811742][ T4514] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.814354][ T4514] device bridge_slave_1 entered promiscuous mode [ 98.832164][ T4514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.836977][ T4514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.854754][ T4514] team0: Port device team_slave_0 added [ 98.858472][ T4514] team0: Port device team_slave_1 added [ 98.874238][ T4514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.876111][ T4514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.883448][ T4514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.887749][ T4514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.889847][ T4514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.896765][ T4514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.981092][ T4514] device hsr_slave_0 entered promiscuous mode [ 99.028517][ T4514] device hsr_slave_1 entered promiscuous mode [ 99.925456][ T4514] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.960613][ T4514] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.992210][ T4514] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.031503][ T4514] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.112404][ T4514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.119947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.123268][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.128435][ T4514] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.133412][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 100.136344][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.139949][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.142123][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.144624][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 100.169683][ T4514] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 100.172748][ T4514] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.177421][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 100.183190][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.185681][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.187629][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.192506][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.195450][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.200565][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 100.204155][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.206947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 100.210692][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 100.213480][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 100.216245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.219766][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 100.222438][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.230128][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 100.232790][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 100.335772][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 100.337961][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 100.354866][ T4514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.368239][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 100.371274][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 100.385884][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 100.391438][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 100.394331][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 100.397011][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 100.403473][ T4514] device veth0_vlan entered promiscuous mode [ 100.412813][ T4514] device veth1_vlan entered promiscuous mode [ 100.433863][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 100.436637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 100.440206][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 100.443462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 100.449440][ T4514] device veth0_macvtap entered promiscuous mode [ 100.455482][ T4514] device veth1_macvtap entered promiscuous mode [ 100.467728][ T4514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.474435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 100.477301][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 100.480792][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 100.484550][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 100.491727][ T4514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.496122][ T4514] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.498886][ T4514] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.501403][ T4514] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.503712][ T4514] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.507476][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 100.510610][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 1970/01/01 00:01:41 executed programs: 0 [ 101.379968][ T4645] chnl_net:caif_netlink_parms(): no params data found [ 101.425862][ T4645] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.427915][ T4645] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.432921][ T4645] device bridge_slave_0 entered promiscuous mode [ 101.436974][ T4645] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.440823][ T4645] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.443612][ T4645] device bridge_slave_1 entered promiscuous mode [ 101.467290][ T4645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.474268][ T4645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.495799][ T4645] team0: Port device team_slave_0 added [ 101.501593][ T4645] team0: Port device team_slave_1 added [ 101.526590][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.528856][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.535918][ T4645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.541302][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.543171][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.550519][ T4645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.611089][ T4645] device hsr_slave_0 entered promiscuous mode [ 101.629466][ T4645] device hsr_slave_1 entered promiscuous mode [ 101.658481][ T4645] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.660609][ T4645] Cannot create hsr debugfs directory [ 101.734680][ T4645] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.298588][ T4128] Bluetooth: hci0: command 0x0409 tx timeout [ 104.524433][ T4645] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.379137][ T4125] Bluetooth: hci0: command 0x041b tx timeout [ 106.204709][ T4645] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.258197][ T4645] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.459488][ T4645] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.501373][ T4645] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.570332][ T4645] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.643388][ T4645] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.764895][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.774949][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.777442][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.782798][ T4645] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.787724][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 106.793389][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.796077][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.798106][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.800599][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 106.805896][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 106.812148][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.814854][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.816791][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.829023][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 106.832211][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 106.835195][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 106.841132][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 106.844153][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 106.864671][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 106.867776][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 106.873965][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 106.876901][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.885556][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 106.888419][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.893250][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 106.975965][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 106.978503][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 106.985259][ T4645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.001133][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 107.004050][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 107.034098][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 107.036907][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 107.040569][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 107.043195][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 107.047773][ T4645] device veth0_vlan entered promiscuous mode [ 107.074000][ T4645] device veth1_vlan entered promiscuous mode [ 107.097897][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 107.100850][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 107.103596][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 107.106414][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 107.116873][ T4645] device veth0_macvtap entered promiscuous mode [ 107.122481][ T4645] device veth1_macvtap entered promiscuous mode [ 107.147577][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.153437][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.157410][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.160399][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 107.163019][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 107.165617][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 107.168960][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 107.173782][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.176626][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.181972][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.184216][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 107.187248][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 107.193178][ T4645] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.195646][ T4645] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.199210][ T4645] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.202025][ T4645] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.263784][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.271668][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.275261][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.285461][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.287717][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.292458][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:47 executed programs: 2 [ 107.340661][ T4901] loop0: detected capacity change from 0 to 1024 [ 107.460026][ T4901] hfsplus: request for non-existent node 134217728 in B*Tree [ 107.462133][ T4901] hfsplus: request for non-existent node 134217728 in B*Tree [ 107.467073][ T4901] ================================================================== [ 107.468308][ T4169] Bluetooth: hci0: command 0x040f tx timeout [ 107.469388][ T4901] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x84/0x21c [ 107.473063][ T4901] Read of size 8 at addr ffff0000cda726e0 by task syz.0.16/4901 [ 107.475147][ T4901] [ 107.475776][ T4901] CPU: 1 PID: 4901 Comm: syz.0.16 Not tainted 5.15.186-syzkaller #0 [ 107.477899][ T4901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.480678][ T4901] Call trace: [ 107.481555][ T4901] dump_backtrace+0x0/0x43c [ 107.482729][ T4901] show_stack+0x2c/0x3c [ 107.483866][ T4901] __dump_stack+0x30/0x40 [ 107.485031][ T4901] dump_stack_lvl+0xf8/0x160 [ 107.486305][ T4901] print_address_description+0x78/0x30c [ 107.487754][ T4901] kasan_report+0xec/0x15c [ 107.488946][ T4901] __asan_report_load8_noabort+0x44/0x50 [ 107.490514][ T4901] hfsplus_bnode_read+0x84/0x21c [ 107.492008][ T4901] hfsplus_bnode_dump+0x26c/0x37c [ 107.493376][ T4901] hfsplus_brec_remove+0x3cc/0x4a0 [ 107.494812][ T4901] __hfsplus_delete_attr+0x198/0x350 [ 107.496267][ T4901] hfsplus_delete_attr+0x2ac/0x3f0 [ 107.497615][ T4901] __hfsplus_setxattr+0x2e8/0x1a9c [ 107.499030][ T4901] hfsplus_setxattr+0xb4/0xec [ 107.500310][ T4901] hfsplus_security_setxattr+0x54/0x6c [ 107.501879][ T4901] __vfs_setxattr+0x388/0x3a4 [ 107.503247][ T4901] __vfs_setxattr_noperm+0x120/0x564 [ 107.504713][ T4901] __vfs_setxattr_locked+0x1ec/0x218 [ 107.506190][ T4901] vfs_setxattr+0x158/0x2ac [ 107.507480][ T4901] setxattr+0x248/0x2ac [ 107.508672][ T4901] path_setxattr+0x12c/0x25c [ 107.509947][ T4901] __arm64_sys_setxattr+0xbc/0xd8 [ 107.511410][ T4901] invoke_syscall+0x98/0x2b8 [ 107.512798][ T4901] el0_svc_common+0x138/0x258 [ 107.514099][ T4901] do_el0_svc+0x58/0x14c [ 107.515302][ T4901] el0_svc+0x78/0x1e0 [ 107.516480][ T4901] el0t_64_sync_handler+0xcc/0xe4 [ 107.517861][ T4901] el0t_64_sync+0x1a0/0x1a4 [ 107.519108][ T4901] [ 107.519772][ T4901] Allocated by task 4901: [ 107.520973][ T4901] __kasan_kmalloc+0xb0/0xf0 [ 107.522282][ T4901] __kmalloc+0x298/0x44c [ 107.523484][ T4901] __hfs_bnode_create+0xe4/0x84c [ 107.525000][ T4901] hfsplus_bnode_find+0x1f8/0xbcc [ 107.526407][ T4901] hfsplus_brec_find+0x128/0x448 [ 107.527849][ T4901] hfsplus_find_attr+0x1e0/0x32c [ 107.529220][ T4901] hfsplus_attr_exists+0x150/0x1c4 [ 107.530672][ T4901] __hfsplus_setxattr+0x2b8/0x1a9c [ 107.532127][ T4901] hfsplus_setxattr+0xb4/0xec [ 107.533461][ T4901] hfsplus_security_setxattr+0x54/0x6c [ 107.535005][ T4901] __vfs_setxattr+0x388/0x3a4 [ 107.536347][ T4901] __vfs_setxattr_noperm+0x120/0x564 [ 107.537844][ T4901] __vfs_setxattr_locked+0x1ec/0x218 [ 107.539315][ T4901] vfs_setxattr+0x158/0x2ac [ 107.540571][ T4901] setxattr+0x248/0x2ac [ 107.541783][ T4901] path_setxattr+0x12c/0x25c [ 107.543165][ T4901] __arm64_sys_setxattr+0xbc/0xd8 [ 107.544620][ T4901] invoke_syscall+0x98/0x2b8 [ 107.545924][ T4901] el0_svc_common+0x138/0x258 [ 107.547214][ T4901] do_el0_svc+0x58/0x14c [ 107.548355][ T4901] el0_svc+0x78/0x1e0 [ 107.549477][ T4901] el0t_64_sync_handler+0xcc/0xe4 [ 107.550899][ T4901] el0t_64_sync+0x1a0/0x1a4 [ 107.552135][ T4901] [ 107.552769][ T4901] Last potentially related work creation: [ 107.554360][ T4901] kasan_save_stack+0x38/0x68 [ 107.555674][ T4901] kasan_record_aux_stack+0xcc/0x114 [ 107.557226][ T4901] insert_work+0x64/0x388 [ 107.558386][ T4901] __queue_work+0xb30/0x1054 [ 107.559720][ T4901] queue_work_on+0xc4/0x17c [ 107.560966][ T4901] netdevice_event+0x6ac/0x79c [ 107.562399][ T4901] raw_notifier_call_chain+0xd4/0x164 [ 107.563866][ T4901] unregister_netdevice_many+0xe10/0x17d0 [ 107.565520][ T4901] default_device_exit_batch+0x444/0x4a4 [ 107.567127][ T4901] cleanup_net+0x644/0xa98 [ 107.568370][ T4901] process_one_work+0x79c/0x1140 [ 107.569733][ T4901] worker_thread+0x8f4/0x101c [ 107.571008][ T4901] kthread+0x374/0x454 [ 107.572193][ T4901] ret_from_fork+0x10/0x20 [ 107.573589][ T4901] [ 107.574212][ T4901] The buggy address belongs to the object at ffff0000cda72600 [ 107.574212][ T4901] which belongs to the cache kmalloc-256 of size 256 [ 107.578214][ T4901] The buggy address is located 224 bytes inside of [ 107.578214][ T4901] 256-byte region [ffff0000cda72600, ffff0000cda72700) [ 107.581878][ T4901] The buggy address belongs to the page: [ 107.583520][ T4901] page:0000000072d73a2e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10da72 [ 107.586479][ T4901] head:0000000072d73a2e order:1 compound_mapcount:0 [ 107.588365][ T4901] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 107.590779][ T4901] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480 [ 107.593436][ T4901] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 107.595924][ T4901] page dumped because: kasan: bad access detected [ 107.597791][ T4901] [ 107.598549][ T4901] Memory state around the buggy address: [ 107.600167][ T4901] ffff0000cda72580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.602527][ T4901] ffff0000cda72600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 107.604834][ T4901] >ffff0000cda72680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.607145][ T4901] ^ [ 107.609422][ T4901] ffff0000cda72700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.611763][ T4901] ffff0000cda72780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.614044][ T4901] ================================================================== [ 107.616315][ T4901] Disabling lock debugging due to kernel taint [ 107.621774][ T4901] Unable to handle kernel paging request at virtual address ffff7ac0000099a7 [ 107.624338][ T4901] Mem abort info: [ 107.625292][ T4901] ESR = 0x0000000096000004 [ 107.626642][ T4901] EC = 0x25: DABT (current EL), IL = 32 bits [ 107.628397][ T4901] SET = 0, FnV = 0 [ 107.629601][ T4901] EA = 0, S1PTW = 0 [ 107.630753][ T4901] FSC = 0x04: level 0 translation fault [ 107.632447][ T4901] Data abort info: [ 107.633423][ T4901] ISV = 0, ISS = 0x00000004 [ 107.634650][ T4901] CM = 0, WnR = 0 [ 107.635696][ T4901] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002113cd000 [ 107.637796][ T4901] [ffff7ac0000099a7] pgd=0000000000000000, p4d=0000000000000000 [ 107.640363][ T4901] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 107.642386][ T4901] Modules linked in: [ 107.643519][ T4901] CPU: 1 PID: 4901 Comm: syz.0.16 Tainted: G B 5.15.186-syzkaller #0 [ 107.646062][ T4901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.648901][ T4901] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.650974][ T4901] pc : kasan_check_range+0x74/0x2b0 [ 107.652351][ T4901] lr : memcpy+0x90/0xe8 [ 107.653544][ T4901] sp : ffff80001f206e30 [ 107.654714][ T4901] x29: ffff80001f206e30 x28: 1fffe00019b4e4c3 x27: ffff80001f206f00 [ 107.656967][ T4901] x26: 0000000040000000 x25: 1ffff0000276e008 x24: dfff800000000000 [ 107.659204][ T4901] x23: ffff8000167b9000 x22: ffff800008ebe0b0 x21: ffff80001f206f20 [ 107.661442][ T4901] x20: ffffd6000004cd3a x19: 0000000000000002 x18: 0000000000000000 [ 107.663676][ T4901] x17: 0000000000000000 x16: ffff800008ebfea8 x15: 00000000000000ff [ 107.665847][ T4901] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000000001 [ 107.668079][ T4901] x11: 1ffffac0000099a7 x10: 1ffffac0000099a7 x9 : ffffffffffffffff [ 107.670340][ T4901] x8 : ffff7ac0000099a7 x7 : 0000000000000000 x6 : 00000000000000fd [ 107.672548][ T4901] x5 : ffff80001f206f42 x4 : ffff0000dac21690 x3 : ffff800008ebe0b0 [ 107.674693][ T4901] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffd6000004cd3a [ 107.676897][ T4901] Call trace: [ 107.677756][ T4901] kasan_check_range+0x74/0x2b0 [ 107.679027][ T4901] memcpy+0x90/0xe8 [ 107.680114][ T4901] hfsplus_bnode_read+0x10c/0x21c [ 107.681485][ T4901] hfsplus_bnode_dump+0x26c/0x37c [ 107.682863][ T4901] hfsplus_brec_remove+0x3cc/0x4a0 [ 107.684254][ T4901] __hfsplus_delete_attr+0x198/0x350 [ 107.685758][ T4901] hfsplus_delete_attr+0x2ac/0x3f0 [ 107.687182][ T4901] __hfsplus_setxattr+0x2e8/0x1a9c [ 107.688756][ T4901] hfsplus_setxattr+0xb4/0xec [ 107.690103][ T4901] hfsplus_security_setxattr+0x54/0x6c [ 107.691673][ T4901] __vfs_setxattr+0x388/0x3a4 [ 107.693016][ T4901] __vfs_setxattr_noperm+0x120/0x564 [ 107.694480][ T4901] __vfs_setxattr_locked+0x1ec/0x218 [ 107.695995][ T4901] vfs_setxattr+0x158/0x2ac [ 107.697258][ T4901] setxattr+0x248/0x2ac [ 107.698423][ T4901] path_setxattr+0x12c/0x25c [ 107.699706][ T4901] __arm64_sys_setxattr+0xbc/0xd8 [ 107.701081][ T4901] invoke_syscall+0x98/0x2b8 [ 107.702446][ T4901] el0_svc_common+0x138/0x258 [ 107.703812][ T4901] do_el0_svc+0x58/0x14c [ 107.704995][ T4901] el0_svc+0x78/0x1e0 [ 107.706074][ T4901] el0t_64_sync_handler+0xcc/0xe4 [ 107.707439][ T4901] el0t_64_sync+0x1a0/0x1a4 [ 107.708595][ T4901] Code: 5400014c b4000b8c aa2a03e9 8b0b0129 (3940010a) [ 107.710551][ T4901] ---[ end trace 08bf05d70fa43bb2 ]--- [ 108.101612][ T4901] Kernel panic - not syncing: Oops: Fatal exception [ 108.103525][ T4901] SMP: stopping secondary CPUs [ 108.104852][ T4901] Kernel Offset: disabled [ 108.105990][ T4901] CPU features: 0x8,000081c1,21302e40 [ 108.107463][ T4901] Memory Limit: none [ 108.494738][ T4901] Rebooting in 86400 seconds..