[   55.537157][ T5457] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.547294][ T5457] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: [   56.341498][ T5546] sshd (5546) used greatest stack depth: 20496 bytes left
OK

syzkaller
Warning: Permanently added '10.128.1.224' (ED25519) to the list of known hosts.
2025/11/07 10:48:24 parsed 1 programs
syzkaller login: [   89.478019][ T5800] cgroup: Unknown subsys name 'net'
[   89.641587][ T5800] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.398484][ T5800] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.234508][ T1830] cfg80211: failed to load regulatory.db
[   93.211196][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.219380][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.250817][ T2925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.258997][ T2925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.391250][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.400906][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.409149][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.420215][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.428469][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   95.439783][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.221496][ T5878] chnl_net:caif_netlink_parms(): no params data found
[   97.329974][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.338221][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.345763][ T5878] bridge_slave_0: entered allmulticast mode
[   97.354551][ T5878] bridge_slave_0: entered promiscuous mode
[   97.364405][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.371637][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.378901][ T5878] bridge_slave_1: entered allmulticast mode
[   97.386551][ T5878] bridge_slave_1: entered promiscuous mode
[   97.427028][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.441206][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.491180][ T5878] team0: Port device team_slave_0 added
[   97.500246][ T5878] team0: Port device team_slave_1 added
[   97.542281][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.549270][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.575433][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.589072][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.596367][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.622444][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.679423][ T5878] hsr_slave_0: entered promiscuous mode
[   97.686213][ T5878] hsr_slave_1: entered promiscuous mode
[   97.870598][ T5878] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.883369][ T5878] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.895778][ T5878] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.907455][ T5878] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.951324][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.958731][ T5878] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.967093][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.974297][ T5878] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.063195][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.085536][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.094171][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.119007][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[   98.152734][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.160042][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.169993][ T2925] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.177259][ T2925] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.396146][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.442866][ T5878] veth0_vlan: entered promiscuous mode
[   98.461199][ T5878] veth1_vlan: entered promiscuous mode
[   98.493039][ T5878] veth0_macvtap: entered promiscuous mode
[   98.503517][ T5878] veth1_macvtap: entered promiscuous mode
[   98.526419][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.541328][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.559670][ T5878] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.568864][ T5878] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.578041][ T5878] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.587986][ T5878] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.786815][   T34] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/07 10:48:37 executed programs: 0
[   99.128129][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.137201][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.145798][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.156671][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.164711][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   99.172607][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.346193][ T5906] chnl_net:caif_netlink_parms(): no params data found
[   99.425878][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.434576][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.441756][ T5906] bridge_slave_0: entered allmulticast mode
[   99.449297][ T5906] bridge_slave_0: entered promiscuous mode
[   99.457936][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.465368][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.472806][ T5906] bridge_slave_1: entered allmulticast mode
[   99.479825][ T5906] bridge_slave_1: entered promiscuous mode
[   99.517912][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.530360][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.570507][ T5906] team0: Port device team_slave_0 added
[   99.582873][ T5906] team0: Port device team_slave_1 added
[   99.616779][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.624052][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.650851][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.664479][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.671475][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.697779][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.750377][ T5906] hsr_slave_0: entered promiscuous mode
[   99.757583][ T5906] hsr_slave_1: entered promiscuous mode
[   99.765060][ T5906] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.774141][ T5906] Cannot create hsr debugfs directory
[  101.192961][   T51] Bluetooth: hci0: command tx timeout
[  101.437418][   T34] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.272106][   T51] Bluetooth: hci0: command tx timeout
[  103.733261][   T34] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.797538][   T34] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.686669][ T5906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.698390][ T5906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.723564][   T34] hsr_slave_0: left promiscuous mode
[  104.730309][   T34] hsr_slave_1: left promiscuous mode
[  104.737319][   T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.746309][   T34] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.757724][   T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.766716][   T34] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.776258][   T34] bridge_slave_1: left allmulticast mode
[  104.783604][   T34] bridge_slave_1: left promiscuous mode
[  104.790310][   T34] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.806981][   T34] bridge_slave_0: left allmulticast mode
[  104.813331][   T34] bridge_slave_0: left promiscuous mode
[  104.819285][   T34] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.850005][   T34] veth1_macvtap: left promiscuous mode
[  104.856977][   T34] veth0_macvtap: left promiscuous mode
[  104.863152][   T34] veth1_vlan: left promiscuous mode
[  104.868771][   T34] veth0_vlan: left promiscuous mode
[  105.291213][   T34] team0 (unregistering): Port device team_slave_1 removed
[  105.325831][   T34] team0 (unregistering): Port device team_slave_0 removed
[  105.358070][   T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  105.362659][   T51] Bluetooth: hci0: command tx timeout
[  105.400541][   T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  105.717416][   T34] bond0 (unregistering): Released all slaves
[  105.813734][ T5906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.824480][ T5906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.925308][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.963508][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[  105.976448][ T3446] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.983681][ T3446] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.006010][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.013234][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.247807][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.296494][ T5906] veth0_vlan: entered promiscuous mode
[  106.308696][ T5906] veth1_vlan: entered promiscuous mode
[  106.343535][ T5906] veth0_macvtap: entered promiscuous mode
[  106.353766][ T5906] veth1_macvtap: entered promiscuous mode
[  106.379828][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.396727][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.414998][ T5906] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.424218][ T5906] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.433314][ T5906] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.444616][ T5906] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.509532][ T2925] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.521085][ T2925] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.553440][ T3446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.561341][ T3446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.614610][ T5953] syz.0.17[5953]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  106.641643][ T5953] loop0: detected capacity change from 0 to 1024
[  106.681233][ T5953] hfsplus: invalid length 256 has been corrected to 255
[  106.689672][ T5953] ==================================================================
[  106.697789][ T5953] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x5bd/0x1240
[  106.705616][ T5953] Read of size 2 at addr ffff88807d335a18 by task syz.0.17/5953
[  106.713275][ T5953] 
[  106.715619][ T5953] CPU: 0 PID: 5953 Comm: syz.0.17 Not tainted syzkaller #0
[  106.722822][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  106.732908][ T5953] Call Trace:
[  106.736191][ T5953]  <TASK>
[  106.739129][ T5953]  dump_stack_lvl+0x16c/0x230
[  106.743834][ T5953]  ? __lock_acquire+0x7c80/0x7c80
[  106.748886][ T5953]  ? show_regs_print_info+0x20/0x20
[  106.754101][ T5953]  ? load_image+0x3b0/0x3b0
[  106.758622][ T5953]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  106.764004][ T5953]  ? __virt_addr_valid+0x18c/0x540
[  106.769144][ T5953]  ? __virt_addr_valid+0x469/0x540
[  106.774267][ T5953]  print_report+0xac/0x220
[  106.778694][ T5953]  ? hfsplus_uni2asc+0x5bd/0x1240
[  106.783751][ T5953]  kasan_report+0x117/0x150
[  106.788349][ T5953]  ? hfsplus_uni2asc+0x5bd/0x1240
[  106.793385][ T5953]  hfsplus_uni2asc+0x5bd/0x1240
[  106.798247][ T5953]  hfsplus_listxattr+0x58f/0xb80
[  106.803209][ T5953]  ? hfsplus_getxattr+0x160/0x160
[  106.808440][ T5953]  ? kasan_save_free_info+0x2e/0x50
[  106.813670][ T5953]  ? slab_free_freelist_hook+0x130/0x1b0
[  106.819346][ T5953]  ? user_path_at_empty+0x4c/0x60
[  106.824565][ T5953]  ? kmem_cache_free+0xf8/0x280
[  106.829434][ T5953]  ? bpf_lsm_inode_listxattr+0x9/0x10
[  106.834822][ T5953]  ? hfsplus_getxattr+0x160/0x160
[  106.839861][ T5953]  listxattr+0x107/0x280
[  106.844137][ T5953]  path_listxattr+0xdd/0x1b0
[  106.848766][ T5953]  ? path_getxattr+0x400/0x400
[  106.853543][ T5953]  ? lockdep_hardirqs_on+0x98/0x150
[  106.858752][ T5953]  do_syscall_64+0x55/0xb0
[  106.863196][ T5953]  ? clear_bhb_loop+0x40/0x90
[  106.867896][ T5953]  ? clear_bhb_loop+0x40/0x90
[  106.872684][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  106.878613][ T5953] RIP: 0033:0x7f552db8f6c9
[  106.883063][ T5953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.902707][ T5953] RSP: 002b:00007ffda77917d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  106.911145][ T5953] RAX: ffffffffffffffda RBX: 00007f552dde5fa0 RCX: 00007f552db8f6c9
[  106.919159][ T5953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080
[  106.927331][ T5953] RBP: 00007f552dc11f91 R08: 0000000000000000 R09: 0000000000000000
[  106.935316][ T5953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.943302][ T5953] R13: 00007f552dde5fa0 R14: 00007f552dde5fa0 R15: 0000000000000003
[  106.951300][ T5953]  </TASK>
[  106.954337][ T5953] 
[  106.956695][ T5953] Allocated by task 5953:
[  106.961036][ T5953]  kasan_set_track+0x4e/0x70
[  106.965645][ T5953]  __kasan_kmalloc+0x8f/0xa0
[  106.970241][ T5953]  __kmalloc+0xb4/0x240
[  106.974403][ T5953]  hfsplus_find_init+0x89/0x1d0
[  106.979259][ T5953]  hfsplus_listxattr+0x390/0xb80
[  106.984206][ T5953]  listxattr+0x107/0x280
[  106.988455][ T5953]  path_listxattr+0xdd/0x1b0
[  106.993051][ T5953]  do_syscall_64+0x55/0xb0
[  106.997480][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.003373][ T5953] 
[  107.005694][ T5953] The buggy address belongs to the object at ffff88807d335800
[  107.005694][ T5953]  which belongs to the cache kmalloc-1k of size 1024
[  107.019756][ T5953] The buggy address is located 0 bytes to the right of
[  107.019756][ T5953]  allocated 536-byte region [ffff88807d335800, ffff88807d335a18)
[  107.034257][ T5953] 
[  107.036582][ T5953] The buggy address belongs to the physical page:
[  107.043019][ T5953] page:ffffea0001f4cc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d330
[  107.053185][ T5953] head:ffffea0001f4cc00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  107.062130][ T5953] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  107.070135][ T5953] page_type: 0xffffffff()
[  107.074472][ T5953] raw: 00fff00000000840 ffff888017841dc0 ffffea0000b02e00 0000000000000002
[  107.083071][ T5953] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  107.091660][ T5953] page dumped because: kasan: bad access detected
[  107.098083][ T5953] page_owner tracks the page as allocated
[  107.103801][ T5953] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5739, tgid 5739 (dhcpcd-run-hook), ts 69936591479, free_ts 69889106010
[  107.125431][ T5953]  post_alloc_hook+0x1cd/0x210
[  107.130206][ T5953]  get_page_from_freelist+0x195c/0x19f0
[  107.135778][ T5953]  __alloc_pages+0x1e3/0x460
[  107.140386][ T5953]  alloc_slab_page+0x5d/0x170
[  107.145072][ T5953]  new_slab+0x87/0x2e0
[  107.149147][ T5953]  ___slab_alloc+0xc6d/0x1300
[  107.153852][ T5953]  __kmem_cache_alloc_node+0x1a2/0x260
[  107.159324][ T5953]  __kmalloc+0xa4/0x240
[  107.163486][ T5953]  load_elf_phdrs+0x136/0x230
[  107.168191][ T5953]  load_elf_binary+0x956/0x2700
[  107.173047][ T5953]  bprm_execve+0xaeb/0x16f0
[  107.177574][ T5953]  do_execveat_common+0x51b/0x6c0
[  107.183065][ T5953]  __x64_sys_execve+0x92/0xa0
[  107.187852][ T5953]  do_syscall_64+0x55/0xb0
[  107.192286][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.198202][ T5953] page last free stack trace:
[  107.202894][ T5953]  free_unref_page_prepare+0x7ce/0x8e0
[  107.208394][ T5953]  free_unref_page+0x32/0x2e0
[  107.213086][ T5953]  __unfreeze_partials+0x1cf/0x210
[  107.218211][ T5953]  put_cpu_partial+0x17c/0x250
[  107.222991][ T5953]  __slab_free+0x31d/0x410
[  107.227439][ T5953]  qlist_free_all+0x75/0xe0
[  107.231974][ T5953]  kasan_quarantine_reduce+0x143/0x160
[  107.237481][ T5953]  __kasan_slab_alloc+0x22/0x80
[  107.242349][ T5953]  slab_post_alloc_hook+0x6e/0x4d0
[  107.247493][ T5953]  kmem_cache_alloc+0x11e/0x2e0
[  107.252356][ T5953]  getname_flags+0xbb/0x500
[  107.256864][ T5953]  do_sys_openat2+0xcb/0x1c0
[  107.261465][ T5953]  __x64_sys_openat+0x139/0x160
[  107.266322][ T5953]  do_syscall_64+0x55/0xb0
[  107.270743][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.276647][ T5953] 
[  107.278967][ T5953] Memory state around the buggy address:
[  107.284597][ T5953]  ffff88807d335900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.292659][ T5953]  ffff88807d335980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.300715][ T5953] >ffff88807d335a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  107.308796][ T5953]                             ^
[  107.313645][ T5953]  ffff88807d335a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  107.321706][ T5953]  ffff88807d335b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  107.329767][ T5953] ==================================================================
[  107.344190][ T5953] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  107.351538][ T5953] CPU: 0 PID: 5953 Comm: syz.0.17 Not tainted syzkaller #0
[  107.358766][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.368843][ T5953] Call Trace:
[  107.372137][ T5953]  <TASK>
[  107.375088][ T5953]  dump_stack_lvl+0x16c/0x230
[  107.379806][ T5953]  ? show_regs_print_info+0x20/0x20
[  107.385031][ T5953]  ? load_image+0x3b0/0x3b0
[  107.389653][ T5953]  panic+0x2c0/0x710
[  107.393561][ T5953]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.399823][ T5953]  ? bpf_jit_dump+0xd0/0xd0
[  107.404338][ T5953]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  107.410242][ T5953]  ? _raw_spin_unlock+0x40/0x40
[  107.415101][ T5953]  ? hfsplus_uni2asc+0x5bd/0x1240
[  107.420136][ T5953]  check_panic_on_warn+0x84/0xa0
[  107.425094][ T5953]  ? hfsplus_uni2asc+0x5bd/0x1240
[  107.430132][ T5953]  end_report+0x6f/0x140
[  107.434385][ T5953]  kasan_report+0x128/0x150
[  107.439078][ T5953]  ? hfsplus_uni2asc+0x5bd/0x1240
[  107.444313][ T5953]  hfsplus_uni2asc+0x5bd/0x1240
[  107.449227][ T5953]  hfsplus_listxattr+0x58f/0xb80
[  107.454200][ T5953]  ? hfsplus_getxattr+0x160/0x160
[  107.459242][ T5953]  ? kasan_save_free_info+0x2e/0x50
[  107.464477][ T5953]  ? slab_free_freelist_hook+0x130/0x1b0
[  107.470141][ T5953]  ? user_path_at_empty+0x4c/0x60
[  107.475187][ T5953]  ? kmem_cache_free+0xf8/0x280
[  107.480071][ T5953]  ? bpf_lsm_inode_listxattr+0x9/0x10
[  107.485454][ T5953]  ? hfsplus_getxattr+0x160/0x160
[  107.490532][ T5953]  listxattr+0x107/0x280
[  107.494865][ T5953]  path_listxattr+0xdd/0x1b0
[  107.499745][ T5953]  ? path_getxattr+0x400/0x400
[  107.504618][ T5953]  ? lockdep_hardirqs_on+0x98/0x150
[  107.509824][ T5953]  do_syscall_64+0x55/0xb0
[  107.514343][ T5953]  ? clear_bhb_loop+0x40/0x90
[  107.519115][ T5953]  ? clear_bhb_loop+0x40/0x90
[  107.523806][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.529725][ T5953] RIP: 0033:0x7f552db8f6c9
[  107.534158][ T5953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.553875][ T5953] RSP: 002b:00007ffda77917d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  107.562307][ T5953] RAX: ffffffffffffffda RBX: 00007f552dde5fa0 RCX: 00007f552db8f6c9
[  107.570312][ T5953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080
[  107.578554][ T5953] RBP: 00007f552dc11f91 R08: 0000000000000000 R09: 0000000000000000
[  107.586542][ T5953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.594560][ T5953] R13: 00007f552dde5fa0 R14: 00007f552dde5fa0 R15: 0000000000000003
[  107.602575][ T5953]  </TASK>
[  107.605899][ T5953] Kernel Offset: disabled
[  107.610226][ T5953] Rebooting in 86400 seconds..