Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. 1970/01/01 00:01:27 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:28 parsed 1 programs [ 91.666286][ T6916] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 102.999701][ T709] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.001734][ T709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.016667][ T709] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.018768][ T709] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.963267][ T7016] chnl_net:caif_netlink_parms(): no params data found [ 103.989952][ T7016] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.991759][ T7016] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.993638][ T7016] bridge_slave_0: entered allmulticast mode [ 103.996046][ T7016] bridge_slave_0: entered promiscuous mode [ 104.055015][ T7016] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.056848][ T7016] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.058778][ T7016] bridge_slave_1: entered allmulticast mode [ 104.060946][ T7016] bridge_slave_1: entered promiscuous mode [ 104.076348][ T7016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.080087][ T7016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.093442][ T7016] team0: Port device team_slave_0 added [ 104.099654][ T7016] team0: Port device team_slave_1 added [ 104.110112][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.112039][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.118978][ T7016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.122725][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.124987][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.131390][ T7016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.193404][ T7016] hsr_slave_0: entered promiscuous mode [ 104.196589][ T7016] hsr_slave_1: entered promiscuous mode [ 105.190075][ T7016] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.199346][ T7016] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.202669][ T7016] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.207637][ T7016] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.248352][ T7016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.258367][ T7016] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.268903][ T4455] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.270781][ T4455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.273571][ T4455] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.275563][ T4455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.373164][ T7016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.396464][ T7016] veth0_vlan: entered promiscuous mode [ 105.401001][ T7016] veth1_vlan: entered promiscuous mode [ 105.419960][ T7016] veth0_macvtap: entered promiscuous mode [ 105.423422][ T7016] veth1_macvtap: entered promiscuous mode [ 105.433304][ T7016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.439078][ T7016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.442226][ T7016] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.446428][ T7016] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.448569][ T7016] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.450653][ T7016] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.866103][ T4455] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.917124][ T4455] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.976836][ T4455] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.048593][ T4455] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.113318][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.119398][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.121915][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.125243][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.127941][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 106.129969][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:01:46 executed programs: 0 [ 106.756774][ T6013] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.759732][ T6013] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.762209][ T6013] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.766885][ T6013] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.770608][ T6013] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 106.772932][ T6013] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.860171][ T7249] chnl_net:caif_netlink_parms(): no params data found [ 106.899483][ T7249] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.901408][ T7249] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.903314][ T7249] bridge_slave_0: entered allmulticast mode [ 106.906299][ T7249] bridge_slave_0: entered promiscuous mode [ 106.909163][ T7249] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.911014][ T7249] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.912745][ T7249] bridge_slave_1: entered allmulticast mode [ 106.914943][ T7249] bridge_slave_1: entered promiscuous mode [ 106.928604][ T7249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.939516][ T7249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.962239][ T7249] team0: Port device team_slave_0 added [ 106.968126][ T7249] team0: Port device team_slave_1 added [ 106.980156][ T7249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.981920][ T7249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.991061][ T7249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.995559][ T7249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.997422][ T7249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.003583][ T7249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.026401][ T7249] hsr_slave_0: entered promiscuous mode [ 107.028476][ T7249] hsr_slave_1: entered promiscuous mode [ 107.030282][ T7249] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.032319][ T7249] Cannot create hsr debugfs directory [ 108.814271][ T54] Bluetooth: hci0: command tx timeout [ 109.194595][ T4455] bridge_slave_1: left allmulticast mode [ 109.196258][ T4455] bridge_slave_1: left promiscuous mode [ 109.197653][ T4455] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.204932][ T4455] bridge_slave_0: left allmulticast mode [ 109.206404][ T4455] bridge_slave_0: left promiscuous mode [ 109.207774][ T4455] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.904340][ T54] Bluetooth: hci0: command tx timeout [ 111.007326][ T4455] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.046075][ T4455] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.105497][ T4455] bond0 (unregistering): Released all slaves [ 111.190181][ T4455] hsr_slave_0: left promiscuous mode [ 111.194517][ T4455] hsr_slave_1: left promiscuous mode [ 111.196351][ T4455] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.198262][ T4455] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.204556][ T4455] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.206402][ T4455] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.221251][ T4455] veth1_macvtap: left promiscuous mode [ 111.222616][ T4455] veth0_macvtap: left promiscuous mode [ 111.226356][ T4455] veth1_vlan: left promiscuous mode [ 111.227803][ T4455] veth0_vlan: left promiscuous mode [ 112.974636][ T54] Bluetooth: hci0: command tx timeout [ 113.066488][ T4455] team0 (unregistering): Port device team_slave_1 removed [ 113.276687][ T4455] team0 (unregistering): Port device team_slave_0 removed [ 115.054255][ T54] Bluetooth: hci0: command tx timeout [ 116.069331][ T7249] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 116.080556][ T7249] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.114727][ T7249] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.125548][ T7249] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.175390][ T7249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.185205][ T7249] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.190708][ T709] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.192614][ T709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.288701][ T709] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.290640][ T709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.311553][ T7249] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.541367][ T7249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.562447][ T7249] veth0_vlan: entered promiscuous mode [ 116.580231][ T7249] veth1_vlan: entered promiscuous mode [ 116.597401][ T7249] veth0_macvtap: entered promiscuous mode [ 116.600917][ T7249] veth1_macvtap: entered promiscuous mode [ 116.612343][ T7249] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.620364][ T7249] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.624778][ T7249] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.627047][ T7249] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.629311][ T7249] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.631466][ T7249] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.665884][ T709] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.667973][ T709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.679802][ T4455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.681783][ T4455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:56 executed programs: 2 [ 116.767916][ T7485] loop0: detected capacity change from 0 to 1024 [ 116.852418][ T7485] ================================================================== [ 116.854597][ T7485] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x150/0x538 [ 116.856535][ T7485] Read of size 8 at addr ffff0000cec6c3c0 by task syz.0.16/7485 [ 116.858431][ T7485] [ 116.859030][ T7485] CPU: 0 UID: 0 PID: 7485 Comm: syz.0.16 Not tainted 6.14.0-rc5-syzkaller-00037-g77c95b8c7a16 #0 [ 116.859044][ T7485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 116.859052][ T7485] Call trace: [ 116.859056][ T7485] show_stack+0x2c/0x3c (C) [ 116.859075][ T7485] dump_stack_lvl+0xe4/0x150 [ 116.859097][ T7485] print_report+0x198/0x550 [ 116.859112][ T7485] kasan_report+0xd8/0x138 [ 116.859123][ T7485] __asan_report_load8_noabort+0x20/0x2c [ 116.859137][ T7485] hfsplus_bmap_alloc+0x150/0x538 [ 116.859150][ T7485] hfs_btree_inc_height+0xf8/0xa60 [ 116.859162][ T7485] hfsplus_brec_insert+0x11c/0xaa0 [ 116.859174][ T7485] __hfsplus_ext_write_extent+0x288/0x4ac [ 116.859186][ T7485] __hfsplus_ext_cache_extent+0x84/0xa84 [ 116.859197][ T7485] hfsplus_file_extend+0x39c/0x1544 [ 116.859208][ T7485] hfsplus_get_block+0x398/0x1168 [ 116.859219][ T7485] __block_write_begin_int+0x4c4/0x1610 [ 116.859233][ T7485] cont_write_begin+0x634/0x984 [ 116.859246][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 116.859257][ T7485] cont_write_begin+0x2b0/0x984 [ 116.859269][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 116.859280][ T7485] generic_perform_write+0x29c/0x868 [ 116.859292][ T7485] __generic_file_write_iter+0xfc/0x204 [ 116.859303][ T7485] generic_file_write_iter+0x108/0x4b4 [ 116.859314][ T7485] __kernel_write_iter+0x340/0x7a0 [ 116.859326][ T7485] dump_user_range+0x378/0x6c8 [ 116.859340][ T7485] elf_core_dump+0x336c/0x3c38 [ 116.859352][ T7485] do_coredump+0x1d28/0x29a0 [ 116.859365][ T7485] get_signal+0xf6c/0x1500 [ 116.859377][ T7485] do_signal+0x1a4/0x3a04 [ 116.859390][ T7485] do_notify_resume+0x74/0x1f4 [ 116.859401][ T7485] el0_da+0xbc/0x178 [ 116.859412][ T7485] el0t_64_sync_handler+0xcc/0x108 [ 116.859423][ T7485] el0t_64_sync+0x198/0x19c [ 116.859434][ T7485] [ 116.903209][ T7485] Allocated by task 7485: [ 116.904254][ T7485] kasan_save_track+0x40/0x78 [ 116.905427][ T7485] kasan_save_alloc_info+0x40/0x50 [ 116.906567][ T7485] __kasan_kmalloc+0xac/0xc4 [ 116.907705][ T7485] __kmalloc_noprof+0x32c/0x54c [ 116.908991][ T7485] __hfs_bnode_create+0xe4/0x6d4 [ 116.910305][ T7485] hfsplus_bnode_find+0x1f8/0xc04 [ 116.911491][ T7485] hfsplus_bmap_alloc+0xc8/0x538 [ 116.912770][ T7485] hfs_btree_inc_height+0xf8/0xa60 [ 116.914032][ T7485] hfsplus_brec_insert+0x11c/0xaa0 [ 116.915356][ T7485] __hfsplus_ext_write_extent+0x288/0x4ac [ 116.916782][ T7485] __hfsplus_ext_cache_extent+0x84/0xa84 [ 116.918200][ T7485] hfsplus_file_extend+0x39c/0x1544 [ 116.919559][ T7485] hfsplus_get_block+0x398/0x1168 [ 116.920779][ T7485] __block_write_begin_int+0x4c4/0x1610 [ 116.922131][ T7485] cont_write_begin+0x634/0x984 [ 116.923331][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 116.924602][ T7485] cont_write_begin+0x2b0/0x984 [ 116.925847][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 116.927108][ T7485] generic_perform_write+0x29c/0x868 [ 116.928450][ T7485] __generic_file_write_iter+0xfc/0x204 [ 116.929822][ T7485] generic_file_write_iter+0x108/0x4b4 [ 116.931233][ T7485] __kernel_write_iter+0x340/0x7a0 [ 116.932594][ T7485] dump_user_range+0x378/0x6c8 [ 116.933758][ T7485] elf_core_dump+0x336c/0x3c38 [ 116.934954][ T7485] do_coredump+0x1d28/0x29a0 [ 116.936050][ T7485] get_signal+0xf6c/0x1500 [ 116.937212][ T7485] do_signal+0x1a4/0x3a04 [ 116.938278][ T7485] do_notify_resume+0x74/0x1f4 [ 116.939529][ T7485] el0_da+0xbc/0x178 [ 116.940516][ T7485] el0t_64_sync_handler+0xcc/0x108 [ 116.941710][ T7485] el0t_64_sync+0x198/0x19c [ 116.942789][ T7485] [ 116.943431][ T7485] The buggy address belongs to the object at ffff0000cec6c300 [ 116.943431][ T7485] which belongs to the cache kmalloc-192 of size 192 [ 116.947304][ T7485] The buggy address is located 48 bytes to the right of [ 116.947304][ T7485] allocated 144-byte region [ffff0000cec6c300, ffff0000cec6c390) [ 116.950831][ T7485] [ 116.951453][ T7485] The buggy address belongs to the physical page: [ 116.953163][ T7485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ec6c [ 116.955364][ T7485] anon flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 116.957162][ T7485] page_type: f5(slab) [ 116.958172][ T7485] raw: 05ffc00000000000 ffff0000c00013c0 fffffdffc33bce00 dead000000000005 [ 116.960356][ T7485] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 116.962637][ T7485] page dumped because: kasan: bad access detected [ 116.964265][ T7485] [ 116.964843][ T7485] Memory state around the buggy address: [ 116.966296][ T7485] ffff0000cec6c280: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 116.968307][ T7485] ffff0000cec6c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 116.970247][ T7485] >ffff0000cec6c380: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 116.972216][ T7485] ^ [ 116.973837][ T7485] ffff0000cec6c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 116.975821][ T7485] ffff0000cec6c480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 116.977865][ T7485] ================================================================== [ 116.987316][ T7485] Disabling lock debugging due to kernel taint [ 116.989178][ T7485] ------------[ cut here ]------------ [ 116.990490][ T7485] WARNING: CPU: 1 PID: 7485 at ./include/linux/mm.h:2250 kmap_local_page+0x388/0x500 [ 116.992775][ T7485] Modules linked in: [ 116.993745][ T7485] CPU: 1 UID: 0 PID: 7485 Comm: syz.0.16 Tainted: G B 6.14.0-rc5-syzkaller-00037-g77c95b8c7a16 #0 [ 116.996931][ T7485] Tainted: [B]=BAD_PAGE [ 116.997836][ T7485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 117.000299][ T7485] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 117.002283][ T7485] pc : kmap_local_page+0x388/0x500 [ 117.003567][ T7485] lr : kmap_local_page+0x150/0x500 [ 117.004908][ T7485] sp : ffff80009e0d5bf0 [ 117.005951][ T7485] x29: ffff80009e0d5bf0 x28: ffff0000cdd3e000 x27: 1ffff00013c1ab8c [ 117.007996][ T7485] x26: 1fffe00019ba7c03 x25: 0003001689040074 x24: ffff80008f4d5000 [ 117.009891][ T7485] x23: 1ffff00011e9ab05 x22: 0000000000200000 x21: 00000006002d1208 [ 117.011735][ T7485] x20: 0000000000000000 x19: 00c005a241001d3d x18: 0000000000000008 [ 117.013602][ T7485] x17: 0000000000000000 x16: ffff8000832b8f3c x15: 0000000000000001 [ 117.015615][ T7485] x14: 1ffff0001262e8f8 x13: 0000000000000000 x12: 0000000000000000 [ 117.017698][ T7485] x11: ffff70001262e8f9 x10: 0000000000ff0100 x9 : 0000000000000000 [ 117.019815][ T7485] x8 : ffff0000cc070000 x7 : 0000000000000001 x6 : 0000000000000001 [ 117.021764][ T7485] x5 : ffff80009e0d52f8 x4 : ffff80008fcaf7c0 x3 : ffff8000802f88ec [ 117.023698][ T7485] x2 : 0000000000000001 x1 : 0000000000200000 x0 : 00000006002d1208 [ 117.025578][ T7485] Call trace: [ 117.026319][ T7485] kmap_local_page+0x388/0x500 (P) [ 117.027556][ T7485] hfsplus_bmap_alloc+0x158/0x538 [ 117.028850][ T7485] hfs_btree_inc_height+0xf8/0xa60 [ 117.030078][ T7485] hfsplus_brec_insert+0x11c/0xaa0 [ 117.031264][ T7485] __hfsplus_ext_write_extent+0x288/0x4ac [ 117.032595][ T7485] __hfsplus_ext_cache_extent+0x84/0xa84 [ 117.033886][ T7485] hfsplus_file_extend+0x39c/0x1544 [ 117.035169][ T7485] hfsplus_get_block+0x398/0x1168 [ 117.036225][ T7485] __block_write_begin_int+0x4c4/0x1610 [ 117.037590][ T7485] cont_write_begin+0x634/0x984 [ 117.038732][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 117.040081][ T7485] cont_write_begin+0x2b0/0x984 [ 117.041239][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 117.042757][ T7485] generic_perform_write+0x29c/0x868 [ 117.044050][ T7485] __generic_file_write_iter+0xfc/0x204 [ 117.045342][ T7485] generic_file_write_iter+0x108/0x4b4 [ 117.046656][ T7485] __kernel_write_iter+0x340/0x7a0 [ 117.047811][ T7485] dump_user_range+0x378/0x6c8 [ 117.048954][ T7485] elf_core_dump+0x336c/0x3c38 [ 117.050093][ T7485] do_coredump+0x1d28/0x29a0 [ 117.051193][ T7485] get_signal+0xf6c/0x1500 [ 117.052429][ T7485] do_signal+0x1a4/0x3a04 [ 117.053527][ T7485] do_notify_resume+0x74/0x1f4 [ 117.054685][ T7485] el0_da+0xbc/0x178 [ 117.055682][ T7485] el0t_64_sync_handler+0xcc/0x108 [ 117.056841][ T7485] el0t_64_sync+0x198/0x19c [ 117.057858][ T7485] irq event stamp: 13257 [ 117.058858][ T7485] hardirqs last enabled at (13257): [] finish_lock_switch+0xbc/0x1e4 [ 117.061196][ T7485] hardirqs last disabled at (13256): [] __schedule+0x2bc/0x257c [ 117.063412][ T7485] softirqs last enabled at (9170): [] handle_softirqs+0xb44/0xd34 [ 117.065526][ T7485] softirqs last disabled at (9151): [] __do_softirq+0x14/0x20 [ 117.067641][ T7485] ---[ end trace 0000000000000000 ]--- [ 117.072297][ T7485] Unable to handle kernel paging request at virtual address fffd8d120000ebc8 [ 117.074625][ T7485] KASAN: maybe wild-memory-access in range [0xfff0689000075e40-0xfff0689000075e47] [ 117.077030][ T7485] Mem abort info: [ 117.077840][ T7485] ESR = 0x0000000096000004 [ 117.078912][ T7485] EC = 0x25: DABT (current EL), IL = 32 bits [ 117.080382][ T7485] SET = 0, FnV = 0 [ 117.081335][ T7485] EA = 0, S1PTW = 0 [ 117.082287][ T7485] FSC = 0x04: level 0 translation fault [ 117.083591][ T7485] Data abort info: [ 117.084918][ T7485] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 117.086378][ T7485] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 117.087667][ T7485] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 117.089147][ T7485] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001a50a7000 [ 117.090784][ T7485] [fffd8d120000ebc8] pgd=0000000000000000, p4d=0000000000000000 [ 117.092613][ T7485] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 117.094179][ T7485] Modules linked in: [ 117.095100][ T7485] CPU: 1 UID: 0 PID: 7485 Comm: syz.0.16 Tainted: G B W 6.14.0-rc5-syzkaller-00037-g77c95b8c7a16 #0 [ 117.098087][ T7485] Tainted: [B]=BAD_PAGE, [W]=WARN [ 117.099187][ T7485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 117.101550][ T7485] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 117.103470][ T7485] pc : hfsplus_bmap_alloc+0x180/0x538 [ 117.104674][ T7485] lr : hfsplus_bmap_alloc+0x16c/0x538 [ 117.105955][ T7485] sp : ffff80009e0d5c40 [ 117.106896][ T7485] x29: ffff80009e0d5cc0 x28: 0000000000000f00 x27: 1ffff00013c1ab8c [ 117.108730][ T7485] x26: fff0689000074f40 x25: fff0689000075e40 x24: 00000000ffff90f8 [ 117.110699][ T7485] x23: ffff0000cec6c3c0 x22: ffff80009e0d5c80 x21: dfff800000000000 [ 117.112771][ T7485] x20: ffff0000cec6c300 x19: 1ffe0d120000ebc8 x18: 0000000000000008 [ 117.114737][ T7485] x17: 0000000000000000 x16: ffff8000832b8f3c x15: 0000000000000001 [ 117.116660][ T7485] x14: 1ffff0001262e8f8 x13: 0000000000000000 x12: 0000000000000000 [ 117.118564][ T7485] x11: ffff70001262e8f9 x10: 0000000000ff0100 x9 : 0000000000000000 [ 117.120384][ T7485] x8 : ffff0000cc070000 x7 : 0000000000000001 x6 : 0000000000000001 [ 117.122241][ T7485] x5 : ffff80009e0d52f8 x4 : ffff80008fcaf7c0 x3 : ffff8000802f88ec [ 117.124234][ T7485] x2 : 0000000000000001 x1 : 00000000000090f8 x0 : 0000000000000000 [ 117.126182][ T7485] Call trace: [ 117.127033][ T7485] hfsplus_bmap_alloc+0x180/0x538 (P) [ 117.128383][ T7485] hfs_btree_inc_height+0xf8/0xa60 [ 117.129741][ T7485] hfsplus_brec_insert+0x11c/0xaa0 [ 117.130956][ T7485] __hfsplus_ext_write_extent+0x288/0x4ac [ 117.132287][ T7485] __hfsplus_ext_cache_extent+0x84/0xa84 [ 117.133598][ T7485] hfsplus_file_extend+0x39c/0x1544 [ 117.134860][ T7485] hfsplus_get_block+0x398/0x1168 [ 117.136017][ T7485] __block_write_begin_int+0x4c4/0x1610 [ 117.137321][ T7485] cont_write_begin+0x634/0x984 [ 117.138475][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 117.139620][ T7485] cont_write_begin+0x2b0/0x984 [ 117.140714][ T7485] hfsplus_write_begin+0x7c/0xc4 [ 117.141903][ T7485] generic_perform_write+0x29c/0x868 [ 117.143171][ T7485] __generic_file_write_iter+0xfc/0x204 [ 117.144441][ T7485] generic_file_write_iter+0x108/0x4b4 [ 117.145809][ T7485] __kernel_write_iter+0x340/0x7a0 [ 117.146910][ T7485] dump_user_range+0x378/0x6c8 [ 117.148072][ T7485] elf_core_dump+0x336c/0x3c38 [ 117.149159][ T7485] do_coredump+0x1d28/0x29a0 [ 117.150289][ T7485] get_signal+0xf6c/0x1500 [ 117.151374][ T7485] do_signal+0x1a4/0x3a04 [ 117.152444][ T7485] do_notify_resume+0x74/0x1f4 [ 117.153546][ T7485] el0_da+0xbc/0x178 [ 117.154506][ T7485] el0t_64_sync_handler+0xcc/0x108 [ 117.155758][ T7485] el0t_64_sync+0x198/0x19c [ 117.156859][ T7485] Code: 12002e7c 8b3c4359 d343ff33 12000b29 (38f56a68) [ 117.158563][ T7485] ---[ end trace 0000000000000000 ]--- [ 117.555005][ T7485] Kernel panic - not syncing: Oops: Fatal exception [ 117.556629][ T7485] SMP: stopping secondary CPUs [ 117.557868][ T7485] Kernel Offset: disabled [ 117.558888][ T7485] CPU features: 0x200,00002070,00800250,82017203 [ 117.560527][ T7485] Memory Limit: none [ 117.912700][ T7485] Rebooting in 86400 seconds..