Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. 1970/01/01 00:01:28 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:29 parsed 1 programs [ 93.026681][ T6958] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 104.256607][ T4431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.258826][ T4431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.279877][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.279925][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.872596][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.875234][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.876181][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.876838][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.877252][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.641178][ T7051] chnl_net:caif_netlink_parms(): no params data found [ 106.694326][ T7051] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.694424][ T7051] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.694521][ T7051] bridge_slave_0: entered allmulticast mode [ 106.695326][ T7051] bridge_slave_0: entered promiscuous mode [ 106.696682][ T7051] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.696749][ T7051] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.696843][ T7051] bridge_slave_1: entered allmulticast mode [ 106.697638][ T7051] bridge_slave_1: entered promiscuous mode [ 106.719415][ T7051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.720844][ T7051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.735658][ T7051] team0: Port device team_slave_0 added [ 106.737244][ T7051] team0: Port device team_slave_1 added [ 106.831893][ T7051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.833890][ T7051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.839673][ T7051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.840832][ T7051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.840857][ T7051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.840885][ T7051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.871254][ T7051] hsr_slave_0: entered promiscuous mode [ 106.874961][ T7051] hsr_slave_1: entered promiscuous mode [ 107.723234][ T7051] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.729884][ T7051] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.734821][ T7051] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.739369][ T7051] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.787807][ T7051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.804091][ T7051] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.808677][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.808746][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.816159][ T4431] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.816212][ T4431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.837784][ T7051] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 107.840919][ T7051] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 107.931891][ T7051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.955054][ T7051] veth0_vlan: entered promiscuous mode [ 107.959716][ T7051] veth1_vlan: entered promiscuous mode [ 107.979518][ T7051] veth0_macvtap: entered promiscuous mode [ 107.987411][ T7051] veth1_macvtap: entered promiscuous mode [ 107.996676][ T7051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.007594][ T7051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.012939][ T7051] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.015353][ T7051] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.017881][ T7051] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.020402][ T7051] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.439659][ T14] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.535210][ T14] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.613572][ T14] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.694697][ T14] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:48 executed programs: 0 [ 108.838110][ T6057] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 108.841246][ T6057] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 108.845914][ T6057] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 108.846763][ T6057] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 108.847212][ T6057] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 108.965965][ T7188] chnl_net:caif_netlink_parms(): no params data found [ 109.036116][ T7188] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.036236][ T7188] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.036332][ T7188] bridge_slave_0: entered allmulticast mode [ 109.037169][ T7188] bridge_slave_0: entered promiscuous mode [ 109.038569][ T7188] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.038637][ T7188] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.038756][ T7188] bridge_slave_1: entered allmulticast mode [ 109.039535][ T7188] bridge_slave_1: entered promiscuous mode [ 109.068621][ T7188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.076270][ T7188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.094200][ T7188] team0: Port device team_slave_0 added [ 109.097225][ T7188] team0: Port device team_slave_1 added [ 109.118271][ T7188] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.118319][ T7188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.118363][ T7188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.132168][ T7188] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.134145][ T7188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.134210][ T7188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.165798][ T7188] hsr_slave_0: entered promiscuous mode [ 109.167902][ T7188] hsr_slave_1: entered promiscuous mode [ 109.169812][ T7188] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.171669][ T7188] Cannot create hsr debugfs directory [ 110.883008][ T55] Bluetooth: hci0: command tx timeout [ 111.434331][ T14] bridge_slave_1: left allmulticast mode [ 111.434394][ T14] bridge_slave_1: left promiscuous mode [ 111.434502][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.442873][ T14] bridge_slave_0: left allmulticast mode [ 111.442922][ T14] bridge_slave_0: left promiscuous mode [ 111.443019][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.961792][ T55] Bluetooth: hci0: command tx timeout [ 113.344015][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.383661][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.453083][ T14] bond0 (unregistering): Released all slaves [ 113.565772][ T14] hsr_slave_0: left promiscuous mode [ 113.570945][ T14] hsr_slave_1: left promiscuous mode [ 113.571437][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.571483][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.577348][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.577407][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.591126][ T14] veth1_macvtap: left promiscuous mode [ 113.594217][ T14] veth0_macvtap: left promiscuous mode [ 113.594333][ T14] veth1_vlan: left promiscuous mode [ 113.594420][ T14] veth0_vlan: left promiscuous mode [ 115.041766][ T55] Bluetooth: hci0: command tx timeout [ 115.413380][ T14] team0 (unregistering): Port device team_slave_1 removed [ 115.642789][ T14] team0 (unregistering): Port device team_slave_0 removed [ 117.121759][ T55] Bluetooth: hci0: command tx timeout [ 118.453639][ T7188] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.455675][ T7188] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.457490][ T7188] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.459178][ T7188] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 118.505692][ T7188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.545339][ T7188] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.548255][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.548340][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.552742][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.552819][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.719835][ T7188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.745506][ T7188] veth0_vlan: entered promiscuous mode [ 118.748633][ T7188] veth1_vlan: entered promiscuous mode [ 118.760478][ T7188] veth0_macvtap: entered promiscuous mode [ 118.767831][ T7188] veth1_macvtap: entered promiscuous mode [ 118.774528][ T7188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.777309][ T7188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.779223][ T7188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.779260][ T7188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.779290][ T7188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.779319][ T7188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.822974][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.823032][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.838040][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.838107][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:58 executed programs: 2 [ 118.911317][ T7453] loop0: detected capacity change from 0 to 1024 [ 118.990551][ T7453] ================================================================== [ 118.990583][ T7453] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x130/0x4cc [ 118.990607][ T7453] Read of size 8 at addr ffff0000c74119c0 by task syz.0.16/7453 [ 118.990622][ T7453] [ 118.990633][ T7453] CPU: 0 UID: 0 PID: 7453 Comm: syz.0.16 Not tainted 6.15.0-rc6-syzkaller-ga82e92598ab1 #0 PREEMPT [ 118.990646][ T7453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.990653][ T7453] Call trace: [ 118.990657][ T7453] show_stack+0x2c/0x3c (C) [ 118.990670][ T7453] __dump_stack+0x30/0x40 [ 118.990680][ T7453] dump_stack_lvl+0xd8/0x12c [ 118.990690][ T7453] print_address_description+0xa8/0x254 [ 118.990704][ T7453] print_report+0x68/0x84 [ 118.990716][ T7453] kasan_report+0xb0/0x110 [ 118.990730][ T7453] __asan_report_load8_noabort+0x20/0x2c [ 118.990741][ T7453] hfsplus_bmap_alloc+0x130/0x4cc [ 118.990753][ T7453] hfs_btree_inc_height+0xf8/0x8e0 [ 118.990765][ T7453] hfsplus_brec_insert+0x108/0xaa8 [ 118.990777][ T7453] __hfsplus_ext_write_extent+0x278/0x4cc [ 118.990789][ T7453] __hfsplus_ext_cache_extent+0x84/0xa88 [ 118.990801][ T7453] hfsplus_file_extend+0x37c/0x1388 [ 118.990812][ T7453] hfsplus_get_block+0x314/0x1154 [ 118.990823][ T7453] __block_write_begin_int+0x53c/0x15e8 [ 118.990835][ T7453] cont_write_begin+0x62c/0x968 [ 118.990847][ T7453] hfsplus_write_begin+0x7c/0xc4 [ 118.990858][ T7453] generic_perform_write+0x23c/0x79c [ 118.990870][ T7453] __generic_file_write_iter+0xfc/0x204 [ 118.990882][ T7453] generic_file_write_iter+0x104/0x470 [ 118.990893][ T7453] __kernel_write_iter+0x2b8/0x6c8 [ 118.990904][ T7453] dump_user_range+0x3e4/0x8c0 [ 118.990917][ T7453] elf_core_dump+0x2958/0x2f40 [ 118.990928][ T7453] do_coredump+0x17e8/0x22c0 [ 118.990940][ T7453] get_signal+0xe38/0x12f8 [ 118.990953][ T7453] do_signal+0x1c0/0x4438 [ 118.990963][ T7453] do_notify_resume+0xac/0x1ec [ 118.990976][ T7453] el0_da+0xc0/0x160 [ 118.990989][ T7453] el0t_64_sync_handler+0x84/0x108 [ 118.991002][ T7453] el0t_64_sync+0x198/0x19c [ 118.991013][ T7453] [ 118.991184][ T7453] Allocated by task 7453: [ 118.991196][ T7453] kasan_save_track+0x40/0x78 [ 118.991214][ T7453] kasan_save_alloc_info+0x44/0x54 [ 118.991229][ T7453] __kasan_kmalloc+0x9c/0xb4 [ 118.991246][ T7453] __kmalloc_noprof+0x2fc/0x4c8 [ 118.991261][ T7453] __hfs_bnode_create+0xe0/0x6f4 [ 118.991277][ T7453] hfsplus_bnode_find+0x1f0/0xb5c [ 118.991293][ T7453] hfsplus_bmap_alloc+0xb8/0x4cc [ 118.991309][ T7453] hfs_btree_inc_height+0xf8/0x8e0 [ 118.991325][ T7453] hfsplus_brec_insert+0x108/0xaa8 [ 118.991342][ T7453] __hfsplus_ext_write_extent+0x278/0x4cc [ 118.991358][ T7453] __hfsplus_ext_cache_extent+0x84/0xa88 [ 118.991376][ T7453] hfsplus_file_extend+0x37c/0x1388 [ 118.991392][ T7453] hfsplus_get_block+0x314/0x1154 [ 118.991407][ T7453] __block_write_begin_int+0x53c/0x15e8 [ 118.991423][ T7453] cont_write_begin+0x62c/0x968 [ 118.991438][ T7453] hfsplus_write_begin+0x7c/0xc4 [ 118.991453][ T7453] generic_perform_write+0x23c/0x79c [ 118.991469][ T7453] __generic_file_write_iter+0xfc/0x204 [ 118.991484][ T7453] generic_file_write_iter+0x104/0x470 [ 118.991500][ T7453] __kernel_write_iter+0x2b8/0x6c8 [ 118.991514][ T7453] dump_user_range+0x3e4/0x8c0 [ 118.991530][ T7453] elf_core_dump+0x2958/0x2f40 [ 118.991545][ T7453] do_coredump+0x17e8/0x22c0 [ 118.991561][ T7453] get_signal+0xe38/0x12f8 [ 118.991578][ T7453] do_signal+0x1c0/0x4438 [ 118.991592][ T7453] do_notify_resume+0xac/0x1ec [ 118.991608][ T7453] el0_da+0xc0/0x160 [ 118.991625][ T7453] el0t_64_sync_handler+0x84/0x108 [ 118.991642][ T7453] el0t_64_sync+0x198/0x19c [ 118.991657][ T7453] [ 118.991665][ T7453] The buggy address belongs to the object at ffff0000c7411900 [ 118.991665][ T7453] which belongs to the cache kmalloc-192 of size 192 [ 118.991681][ T7453] The buggy address is located 48 bytes to the right of [ 118.991681][ T7453] allocated 144-byte region [ffff0000c7411900, ffff0000c7411990) [ 118.991699][ T7453] [ 118.991708][ T7453] The buggy address belongs to the physical page: [ 118.991718][ T7453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107411 [ 118.991734][ T7453] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 118.991750][ T7453] page_type: f5(slab) [ 118.991766][ T7453] raw: 05ffc00000000000 ffff0000c00013c0 fffffdffc31e5f00 dead000000000004 [ 118.991782][ T7453] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 118.991793][ T7453] page dumped because: kasan: bad access detected [ 118.991804][ T7453] [ 118.991812][ T7453] Memory state around the buggy address: [ 118.991824][ T7453] ffff0000c7411880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 118.991838][ T7453] ffff0000c7411900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.991852][ T7453] >ffff0000c7411980: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 118.991863][ T7453] ^ [ 118.991875][ T7453] ffff0000c7411a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.991888][ T7453] ffff0000c7411a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 118.991900][ T7453] ================================================================== [ 119.001910][ T7453] Disabling lock debugging due to kernel taint [ 119.002127][ T7453] ------------[ cut here ]------------ [ 119.002140][ T7453] WARNING: CPU: 0 PID: 7453 at ./include/linux/mm.h:2345 kmap_local_page+0x370/0x4ec [ 119.127286][ T7453] Modules linked in: [ 119.128338][ T7453] CPU: 0 UID: 0 PID: 7453 Comm: syz.0.16 Tainted: G B 6.15.0-rc6-syzkaller-ga82e92598ab1 #0 PREEMPT [ 119.131569][ T7453] Tainted: [B]=BAD_PAGE [ 119.132654][ T7453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 119.135338][ T7453] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 119.137394][ T7453] pc : kmap_local_page+0x370/0x4ec [ 119.138756][ T7453] lr : kmap_local_page+0x148/0x4ec [ 119.140119][ T7453] sp : ffff80009e0e60b0 [ 119.141257][ T7453] x29: ffff80009e0e60b0 x28: 1ffff00013c1cc20 x27: dfff800000000000 [ 119.143355][ T7453] x26: ffff80008ec1d000 x25: 1ffff00011d83a2f x24: dfff800000000000 [ 119.145548][ T7453] x23: 000005e741001d1d x22: 0000000000200000 x21: 0000000000000000 [ 119.147713][ T7453] x20: 00000000002f3a08 x19: 000000179d040074 x18: 1fffe0003386aa76 [ 119.149830][ T7453] x17: 0000000000000000 x16: ffff80008adb97d4 x15: 0000000000000001 [ 119.151936][ T7453] x14: 1ffff000125536fc x13: 0000000000000000 x12: 0000000000000000 [ 119.154217][ T7453] x11: ffff7000125536fd x10: 0000000000ff0100 x9 : 0000000000000000 [ 119.156320][ T7453] x8 : ffff0000c661bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 119.158474][ T7453] x5 : ffff80009e0e5978 x4 : ffff80008f415b40 x3 : ffff8000803b70c0 [ 119.160632][ T7453] x2 : 0000000000000001 x1 : 0000000000200000 x0 : 00000000002f3a08 [ 119.162769][ T7453] Call trace: [ 119.163662][ T7453] kmap_local_page+0x370/0x4ec (P) [ 119.165023][ T7453] hfsplus_bmap_alloc+0x138/0x4cc [ 119.166423][ T7453] hfs_btree_inc_height+0xf8/0x8e0 [ 119.167818][ T7453] hfsplus_brec_insert+0x108/0xaa8 [ 119.169204][ T7453] __hfsplus_ext_write_extent+0x278/0x4cc [ 119.170730][ T7453] __hfsplus_ext_cache_extent+0x84/0xa88 [ 119.172205][ T7453] hfsplus_file_extend+0x37c/0x1388 [ 119.173549][ T7453] hfsplus_get_block+0x314/0x1154 [ 119.174860][ T7453] __block_write_begin_int+0x53c/0x15e8 [ 119.176353][ T7453] cont_write_begin+0x62c/0x968 [ 119.177739][ T7453] hfsplus_write_begin+0x7c/0xc4 [ 119.179052][ T7453] generic_perform_write+0x23c/0x79c [ 119.180535][ T7453] __generic_file_write_iter+0xfc/0x204 [ 119.182005][ T7453] generic_file_write_iter+0x104/0x470 [ 119.183497][ T7453] __kernel_write_iter+0x2b8/0x6c8 [ 119.184852][ T7453] dump_user_range+0x3e4/0x8c0 [ 119.186111][ T7453] elf_core_dump+0x2958/0x2f40 [ 119.187389][ T7453] do_coredump+0x17e8/0x22c0 [ 119.188623][ T7453] get_signal+0xe38/0x12f8 [ 119.189807][ T7453] do_signal+0x1c0/0x4438 [ 119.190927][ T7453] do_notify_resume+0xac/0x1ec [ 119.192198][ T7453] el0_da+0xc0/0x160 [ 119.193170][ T7453] el0t_64_sync_handler+0x84/0x108 [ 119.194553][ T7453] el0t_64_sync+0x198/0x19c [ 119.195793][ T7453] irq event stamp: 14007 [ 119.196928][ T7453] hardirqs last enabled at (14007): [] finish_lock_switch+0xb0/0x1c0 [ 119.199577][ T7453] hardirqs last disabled at (14006): [] __schedule+0x318/0x28d4 [ 119.202083][ T7453] softirqs last enabled at (12400): [] handle_softirqs+0xaf8/0xc88 [ 119.204604][ T7453] softirqs last disabled at (12381): [] __do_softirq+0x14/0x20 [ 119.207090][ T7453] ---[ end trace 0000000000000000 ]--- [ 119.214805][ T7453] Unable to handle kernel paging request at virtual address fffd8f3a0000eac8 [ 119.217296][ T7453] KASAN: maybe wild-memory-access in range [0xfff079d000075640-0xfff079d000075647] [ 119.219875][ T7453] Mem abort info: [ 119.220891][ T7453] ESR = 0x00000000960 ** replaying previous printk message ** [ 119.220891][ T7453] ESR = 0x0000000096000004 [ 119.221756][ T7453] EC = 0x25: DABT (current EL), IL = 32 bits [ 119.221775][ T7453] SET = 0, FnV = 0 [ 119.221790][ T7453] EA = 0, S1PTW = 0 [ 119.221804][ T7453] FSC = 0x04: level 0 translation fault [ 119.221820][ T7453] Data abort info: [ 119.221833][ T7453] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 119.221848][ T7453] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 119.221865][ T7453] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 119.221883][ T7453] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002079f8000 [ 119.221901][ T7453] [fffd8f3a0000eac8] pgd=0000000000000000, p4d=0000000000000000 [ 119.221934][ T7453] Internal error: Oops: 0000000096000004 [#1] SMP [ 119.240580][ T7453] Modules linked in: [ 119.241618][ T7453] CPU: 0 UID: 0 PID: 7453 Comm: syz.0.16 Tainted: G B W 6.15.0-rc6-syzkaller-ga82e92598ab1 #0 PREEMPT [ 119.244885][ T7453] Tainted: [B]=BAD_PAGE, [W]=WARN [ 119.246348][ T7453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 119.249029][ T7453] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 119.251075][ T7453] pc : hfsplus_bmap_alloc+0x164/0x4cc [ 119.252486][ T7453] lr : hfsplus_bmap_alloc+0x14c/0x4cc [ 119.253886][ T7453] sp : ffff80009e0e6100 [ 119.254968][ T7453] x29: ffff80009e0e6160 x28: 1ffff00013c1cc20 x27: dfff800000000000 [ 119.257089][ T7453] x26: fff079d000075640 x25: 0000000000000f00 x24: 00000000ffff90f8 [ 119.259331][ T7453] x23: fff079d000074740 x22: ffff0000c74119c0 x21: 0000000000000000 [ 119.261508][ T7453] x20: ffff0000c7411900 x19: ffff0000cd01e000 x18: 1fffe0003386aa76 [ 119.263664][ T7453] x17: 0000000000000000 x16: ffff80008adb97d4 x15: 0000000000000001 [ 119.265801][ T7453] x14: 1ffff000125536fc x13: 0000000000000000 x12: 0000000000000000 [ 119.267926][ T7453] x11: ffff7000125536fd x10: 0000000000ff0100 x9 : 0000000000000000 [ 119.270148][ T7453] x8 : 1ffe0f3a0000eac8 x7 : 0000000000000001 x6 : 0000000000000001 [ 119.272279][ T7453] x5 : ffff80009e0e5978 x4 : ffff80008f415b40 x3 : ffff8000803b70c0 [ 119.274371][ T7453] x2 : 0000000000000001 x1 : 00000000000090f8 x0 : 0000000000000000 [ 119.276500][ T7453] Call trace: [ 119.277359][ T7453] hfsplus_bmap_alloc+0x164/0x4cc (P) [ 119.278788][ T7453] hfs_btree_inc_height+0xf8/0x8e0 [ 119.280226][ T7453] hfsplus_brec_insert+0x108/0xaa8 [ 119.281599][ T7453] __hfsplus_ext_write_extent+0x278/0x4cc [ 119.283100][ T7453] __hfsplus_ext_cache_extent+0x84/0xa88 [ 119.284605][ T7453] hfsplus_file_extend+0x37c/0x1388 [ 119.286000][ T7453] hfsplus_get_block+0x314/0x1154 [ 119.287413][ T7453] __block_write_begin_int+0x53c/0x15e8 [ 119.288876][ T7453] cont_write_begin+0x62c/0x968 [ 119.290220][ T7453] hfsplus_write_begin+0x7c/0xc4 [ 119.291591][ T7453] generic_perform_write+0x23c/0x79c [ 119.292960][ T7453] __generic_file_write_iter+0xfc/0x204 [ 119.294476][ T7453] generic_file_write_iter+0x104/0x470 [ 119.295937][ T7453] __kernel_write_iter+0x2b8/0x6c8 [ 119.297331][ T7453] dump_user_range+0x3e4/0x8c0 [ 119.298598][ T7453] elf_core_dump+0x2958/0x2f40 [ 119.299922][ T7453] do_coredump+0x17e8/0x22c0 [ 119.301201][ T7453] get_signal+0xe38/0x12f8 [ 119.302408][ T7453] do_signal+0x1c0/0x4438 [ 119.303556][ T7453] do_notify_resume+0xac/0x1ec [ 119.304827][ T7453] el0_da+0xc0/0x160 [ 119.305894][ T7453] el0t_64_sync_handler+0x84/0x108 [ 119.307354][ T7453] el0t_64_sync+0x198/0x19c [ 119.308616][ T7453] Code: 2a1903f9 8b1902fa d343ff48 12000b49 (38fb6908) [ 119.310440][ T7453] ---[ end trace 0000000000000000 ]--- [ 119.680529][ T7453] Kernel panic - not syncing: Oops: Fatal exception [ 119.682359][ T7453] SMP: stopping secondary CPUs [ 119.683635][ T7453] Kernel Offset: disabled [ 119.684766][ T7453] CPU features: 0x0800,000040e0,01000250,82017203 [ 119.686451][ T7453] Memory Limit: none [ 120.052190][ T7453] Rebooting in 86400 seconds..