Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. 1970/01/01 00:01:30 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:31 parsed 1 programs [ 94.477816][ T6990] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 105.956611][ T7042] chnl_net:caif_netlink_parms(): no params data found [ 106.005916][ T7042] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.006021][ T7042] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.006115][ T7042] bridge_slave_0: entered allmulticast mode [ 106.006926][ T7042] bridge_slave_0: entered promiscuous mode [ 106.008270][ T7042] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.008339][ T7042] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.008427][ T7042] bridge_slave_1: entered allmulticast mode [ 106.009221][ T7042] bridge_slave_1: entered promiscuous mode [ 106.122505][ T7042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.126788][ T7042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.147224][ T7042] team0: Port device team_slave_0 added [ 106.148552][ T7042] team0: Port device team_slave_1 added [ 106.167029][ T7042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.169148][ T7042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.171590][ T7042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.172689][ T7042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.172714][ T7042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.172743][ T7042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.201754][ T7042] hsr_slave_0: entered promiscuous mode [ 106.202264][ T7042] hsr_slave_1: entered promiscuous mode [ 107.069848][ T7042] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.073641][ T7042] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.077540][ T7042] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.086301][ T7042] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.128796][ T7042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.138403][ T7042] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.142312][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.142368][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.147451][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.147520][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.254718][ T7042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.275788][ T7042] veth0_vlan: entered promiscuous mode [ 107.280737][ T7042] veth1_vlan: entered promiscuous mode [ 107.297782][ T7042] veth0_macvtap: entered promiscuous mode [ 107.302416][ T7042] veth1_macvtap: entered promiscuous mode [ 107.310087][ T7042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.327753][ T7042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.334302][ T7042] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.334375][ T7042] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.334405][ T7042] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.334434][ T7042] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.693884][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.753473][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.815112][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.915217][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.329054][ T2249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.329107][ T2249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.344239][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.344292][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.398078][ T6095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 109.407273][ T6095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 109.410636][ T6095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 109.413354][ T6095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 109.416686][ T6095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:01:49 executed programs: 0 [ 109.939171][ T6095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 109.946338][ T6095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 109.951989][ T6095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 109.955280][ T6095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 109.957908][ T6095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 110.082289][ T7332] chnl_net:caif_netlink_parms(): no params data found [ 110.133240][ T7332] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.135532][ T7332] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.137875][ T7332] bridge_slave_0: entered allmulticast mode [ 110.140731][ T7332] bridge_slave_0: entered promiscuous mode [ 110.144134][ T7332] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.146394][ T7332] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.148693][ T7332] bridge_slave_1: entered allmulticast mode [ 110.151572][ T7332] bridge_slave_1: entered promiscuous mode [ 110.170839][ T7332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.175367][ T7332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.194001][ T7332] team0: Port device team_slave_0 added [ 110.198494][ T7332] team0: Port device team_slave_1 added [ 110.214331][ T7332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.216352][ T7332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.224059][ T7332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.228324][ T7332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.230552][ T7332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.238008][ T7332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.263458][ T7332] hsr_slave_0: entered promiscuous mode [ 110.265675][ T7332] hsr_slave_1: entered promiscuous mode [ 110.267865][ T7332] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 110.270884][ T7332] Cannot create hsr debugfs directory [ 110.567303][ T12] bridge_slave_1: left allmulticast mode [ 110.567376][ T12] bridge_slave_1: left promiscuous mode [ 110.567555][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.574614][ T12] bridge_slave_0: left allmulticast mode [ 110.574677][ T12] bridge_slave_0: left promiscuous mode [ 110.574791][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.000181][ T6095] Bluetooth: hci0: command tx timeout [ 112.252614][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.302558][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.361963][ T12] bond0 (unregistering): Released all slaves [ 112.462833][ T12] hsr_slave_0: left promiscuous mode [ 112.465068][ T12] hsr_slave_1: left promiscuous mode [ 112.467212][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.469416][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.473751][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.476096][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.486907][ T12] veth1_macvtap: left promiscuous mode [ 112.488044][ T12] veth0_macvtap: left promiscuous mode [ 112.488162][ T12] veth1_vlan: left promiscuous mode [ 112.488233][ T12] veth0_vlan: left promiscuous mode [ 114.080212][ T6095] Bluetooth: hci0: command tx timeout [ 114.393584][ T12] team0 (unregistering): Port device team_slave_1 removed [ 114.581935][ T12] team0 (unregistering): Port device team_slave_0 removed [ 116.160151][ T6095] Bluetooth: hci0: command tx timeout [ 117.285053][ T7332] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 117.289309][ T7332] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 117.296017][ T7332] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 117.303124][ T7332] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.686798][ T7332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.698916][ T7332] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.704917][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.704996][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.719959][ T2143] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.720071][ T2143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.981199][ T7332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.998326][ T7332] veth0_vlan: entered promiscuous mode [ 118.001674][ T7332] veth1_vlan: entered promiscuous mode [ 118.013644][ T7332] veth0_macvtap: entered promiscuous mode [ 118.015407][ T7332] veth1_macvtap: entered promiscuous mode [ 118.021854][ T7332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.023614][ T7332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.025007][ T7332] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.025046][ T7332] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.025075][ T7332] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.025104][ T7332] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.128290][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.128346][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.143116][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.143173][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:58 executed programs: 2 [ 118.201123][ T7480] loop0: detected capacity change from 0 to 1024 [ 118.240372][ T6095] Bluetooth: hci0: command tx timeout [ 118.298604][ T7480] ** replaying previous printk message ** [ 118.298604][ T7480] ================================================================== [ 118.298649][ T7480] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x130/0x4cc [ 118.298673][ T7480] Read of size 8 at addr ffff0000c622f1c0 by task syz.0.16/7480 [ 118.298688][ T7480] [ 118.298699][ T7480] CPU: 0 UID: 0 PID: 7480 Comm: syz.0.16 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT [ 118.298711][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.298718][ T7480] Call trace: [ 118.298721][ T7480] show_stack+0x2c/0x3c (C) [ 118.298735][ T7480] __dump_stack+0x30/0x40 [ 118.298748][ T7480] dump_stack_lvl+0xd8/0x12c [ 118.298761][ T7480] print_address_description+0xa8/0x220 [ 118.298775][ T7480] print_report+0x68/0x84 [ 118.298786][ T7480] kasan_report+0xb0/0x110 [ 118.298797][ T7480] __asan_report_load8_noabort+0x20/0x2c [ 118.298808][ T7480] hfsplus_bmap_alloc+0x130/0x4cc [ 118.298819][ T7480] hfs_btree_inc_height+0xf8/0x8e0 [ 118.298831][ T7480] hfsplus_brec_insert+0x108/0xaa8 [ 118.298842][ T7480] __hfsplus_ext_write_extent+0x278/0x4cc [ 118.298853][ T7480] __hfsplus_ext_cache_extent+0x84/0xa88 [ 118.298864][ T7480] hfsplus_file_extend+0x37c/0x1388 [ 118.298874][ T7480] hfsplus_get_block+0x314/0x1154 [ 118.298885][ T7480] __block_write_begin_int+0x53c/0x15e8 [ 118.298897][ T7480] cont_write_begin+0x62c/0x968 [ 118.298907][ T7480] hfsplus_write_begin+0x7c/0xc4 [ 118.298917][ T7480] generic_perform_write+0x23c/0x79c [ 118.298929][ T7480] __generic_file_write_iter+0xfc/0x204 [ 118.298940][ T7480] generic_file_write_iter+0x104/0x470 [ 118.298951][ T7480] __kernel_write_iter+0x2b8/0x6c8 [ 118.298964][ T7480] dump_user_range+0x3e4/0x8c0 [ 118.298976][ T7480] elf_core_dump+0x2958/0x2f40 [ 118.298989][ T7480] do_coredump+0x1fc0/0x2b54 [ 118.299000][ T7480] get_signal+0xe38/0x12f8 [ 118.299012][ T7480] do_signal+0x1c0/0x4434 [ 118.299022][ T7480] do_notify_resume+0xb0/0x1f4 [ 118.299033][ T7480] el0_da+0xc4/0x164 [ 118.299045][ T7480] el0t_64_sync_handler+0x90/0x12c [ 118.299056][ T7480] el0t_64_sync+0x198/0x19c [ 118.299067][ T7480] [ 118.299213][ T7480] Allocated by task 7480: [ 118.299224][ T7480] kasan_save_track+0x40/0x78 [ 118.299241][ T7480] kasan_save_alloc_info+0x44/0x54 [ 118.299256][ T7480] __kasan_kmalloc+0x9c/0xb4 [ 118.299269][ T7480] __kmalloc_noprof+0x2fc/0x4c8 [ 118.299283][ T7480] __hfs_bnode_create+0xe0/0x6f4 [ 118.299298][ T7480] hfsplus_bnode_find+0x1f0/0xb5c [ 118.299313][ T7480] hfsplus_bmap_alloc+0xb8/0x4cc [ 118.299327][ T7480] hfs_btree_inc_height+0xf8/0x8e0 [ 118.299342][ T7480] hfsplus_brec_insert+0x108/0xaa8 [ 118.299357][ T7480] __hfsplus_ext_write_extent+0x278/0x4cc [ 118.299372][ T7480] __hfsplus_ext_cache_extent+0x84/0xa88 [ 118.299386][ T7480] hfsplus_file_extend+0x37c/0x1388 [ 118.299400][ T7480] hfsplus_get_block+0x314/0x1154 [ 118.299415][ T7480] __block_write_begin_int+0x53c/0x15e8 [ 118.299429][ T7480] cont_write_begin+0x62c/0x968 [ 118.299443][ T7480] hfsplus_write_begin+0x7c/0xc4 [ 118.299456][ T7480] generic_perform_write+0x23c/0x79c [ 118.299480][ T7480] __generic_file_write_iter+0xfc/0x204 [ 118.299495][ T7480] generic_file_write_iter+0x104/0x470 [ 118.299509][ T7480] __kernel_write_iter+0x2b8/0x6c8 [ 118.299526][ T7480] dump_user_range+0x3e4/0x8c0 [ 118.299540][ T7480] elf_core_dump+0x2958/0x2f40 [ 118.299557][ T7480] do_coredump+0x1fc0/0x2b54 [ 118.299571][ T7480] get_signal+0xe38/0x12f8 [ 118.299587][ T7480] do_signal+0x1c0/0x4434 [ 118.299600][ T7480] do_notify_resume+0xb0/0x1f4 [ 118.299616][ T7480] el0_da+0xc4/0x164 [ 118.299634][ T7480] el0t_64_sync_handler+0x90/0x12c [ 118.299649][ T7480] el0t_64_sync+0x198/0x19c [ 118.299662][ T7480] [ 118.299670][ T7480] The buggy address belongs to the object at ffff0000c622f100 [ 118.299670][ T7480] which belongs to the cache kmalloc-192 of size 192 [ 118.299685][ T7480] The buggy address is located 48 bytes to the right of [ 118.299685][ T7480] allocated 144-byte region [ffff0000c622f100, ffff0000c622f190) [ 118.299703][ T7480] [ 118.299711][ T7480] The buggy address belongs to the physical page: [ 118.299722][ T7480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622f [ 118.299737][ T7480] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 118.299753][ T7480] page_type: f5(slab) [ 118.299768][ T7480] raw: 05ffc00000000000 ffff0000c00013c0 dead000000000100 dead000000000122 [ 118.299783][ T7480] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 118.299795][ T7480] page dumped because: kasan: bad access detected [ 118.299805][ T7480] [ 118.299813][ T7480] Memory state around the buggy address: [ 118.299825][ T7480] ffff0000c622f080: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 118.299837][ T7480] ffff0000c622f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.299850][ T7480] >ffff0000c622f180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 118.299861][ T7480] ^ [ 118.299873][ T7480] ffff0000c622f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.299885][ T7480] ffff0000c622f280: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 118.299896][ T7480] ================================================================== [ 118.301278][ T7480] Disabling lock debugging due to kernel taint [ 118.301458][ T7480] ------------[ cut here ]------------ [ 118.301478][ T7480] WARNING: CPU: 0 PID: 7480 at ./include/linux/mm.h:2206 kmap_local_page+0x370/0x4ec [ 118.443113][ T7480] Modules linked in: [ 118.444200][ T7480] CPU: 0 UID: 0 PID: 7480 Comm: syz.0.16 Tainted: G B 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT [ 118.447807][ T7480] Tainted: [B]=BAD_PAGE [ 118.448949][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.451727][ T7480] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 118.453962][ T7480] pc : kmap_local_page+0x370/0x4ec [ 118.455323][ T7480] lr : kmap_local_page+0x148/0x4ec [ 118.456750][ T7480] sp : ffff80009c6a5f90 [ 118.457890][ T7480] x29: ffff80009c6a5f90 x28: 1ffff000138d4bfc x27: dfff800000000000 [ 118.460121][ T7480] x26: ffff80008ef79000 x25: 1ffff00011def38c x24: dfff800000000000 [ 118.462364][ T7480] x23: 001c05eb41001d38 x22: 0000000000200000 x21: 0000000000000000 [ 118.464676][ T7480] x20: 00000000e02f5a08 x19: 00007017ad040074 x18: 1fffe000337d1c76 [ 118.466925][ T7480] x17: 0000000000000000 x16: ffff80008ae69508 x15: 0000000000000001 [ 118.469156][ T7480] x14: 1ffff000125db6f4 x13: 0000000000000000 x12: 0000000000000000 [ 118.471382][ T7480] x11: ffff7000125db6f5 x10: 0000000000ff0100 x9 : 0000000000000000 [ 118.473650][ T7480] x8 : ffff0000d28f5b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 118.475834][ T7480] x5 : ffff80009c6a5858 x4 : ffff80008f776bc0 x3 : ffff8000803b7030 [ 118.478053][ T7480] x2 : 0000000000000001 x1 : 0000000000200000 x0 : 00000000e02f5a08 [ 118.480269][ T7480] Call trace: [ 118.481165][ T7480] kmap_local_page+0x370/0x4ec (P) [ 118.482589][ T7480] hfsplus_bmap_alloc+0x138/0x4cc [ 118.484077][ T7480] hfs_btree_inc_height+0xf8/0x8e0 [ 118.485618][ T7480] hfsplus_brec_insert+0x108/0xaa8 [ 118.487037][ T7480] __hfsplus_ext_write_extent+0x278/0x4cc [ 118.488653][ T7480] __hfsplus_ext_cache_extent+0x84/0xa88 [ 118.490211][ T7480] hfsplus_file_extend+0x37c/0x1388 [ 118.491717][ T7480] hfsplus_get_block+0x314/0x1154 [ 118.493229][ T7480] __block_write_begin_int+0x53c/0x15e8 [ 118.494856][ T7480] cont_write_begin+0x62c/0x968 [ 118.496252][ T7480] hfsplus_write_begin+0x7c/0xc4 [ 118.497720][ T7480] generic_perform_write+0x23c/0x79c [ 118.499199][ T7480] __generic_file_write_iter+0xfc/0x204 [ 118.500727][ T7480] generic_file_write_iter+0x104/0x470 [ 118.502266][ T7480] __kernel_write_iter+0x2b8/0x6c8 [ 118.503716][ T7480] dump_user_range+0x3e4/0x8c0 [ 118.505024][ T7480] elf_core_dump+0x2958/0x2f40 [ 118.506361][ T7480] do_coredump+0x1fc0/0x2b54 [ 118.507644][ T7480] get_signal+0xe38/0x12f8 [ 118.508908][ T7480] do_signal+0x1c0/0x4434 [ 118.510133][ T7480] do_notify_resume+0xb0/0x1f4 [ 118.511483][ T7480] el0_da+0xc4/0x164 [ 118.512609][ T7480] el0t_64_sync_handler+0x90/0x12c [ 118.514065][ T7480] el0t_64_sync+0x198/0x19c [ 118.515323][ T7480] irq event stamp: 13431 [ 118.516606][ T7480] hardirqs last enabled at (13431): [] finish_lock_switch+0xb0/0x1c0 [ 118.519395][ T7480] hardirqs last disabled at (13430): [] __schedule+0x320/0x2a14 [ 118.521976][ T7480] softirqs last enabled at (11494): [] handle_softirqs+0xaf8/0xc88 [ 118.524702][ T7480] softirqs last disabled at (11373): [] __do_softirq+0x14/0x20 [ 118.527226][ T7480] ---[ end trace 0000000000000000 ]--- [ 118.529842][ ** replaying previous printk message ** [ 118.529842][ T7480] Unable to handle kernel paging request at virtual address fffd8f5a0000eba0 [ 118.529887][ T7480] KASAN: maybe wild-memory-access in range [0xfff07ad000075d00-0xfff07ad000075d07] [ 118.529911][ T7480] Mem abort info: [ 118.531453][ T7480] ESR = 0x0000000096000004 [ 118.531485][ T7480] EC = 0x25: DABT (current EL), IL = 32 bits [ 118.531501][ T7480] SET = 0, FnV = 0 [ 118.531515][ T7480] EA = 0, S1PTW = 0 [ 118.531530][ T7480] FSC = 0x04: level 0 translation fault [ 118.531544][ T7480] Data abort info: [ 118.531562][ T7480] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 118.531577][ T7480] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 118.531594][ T7480] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 118.531611][ T7480] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000207157000 [ 118.531628][ T7480] [fffd8f5a0000eba0] pgd=0000000000000000, p4d=0000000000000000 [ 118.531660][ T7480] Internal error: Oops: 0000000096000004 [#1] SMP [ 118.557321][ T7480] Modules linked in: [ 118.558460][ T7480] CPU: 0 UID: 0 PID: 7480 Comm: syz.0.16 Tainted: G B W 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT [ 118.561847][ T7480] Tainted: [B]=BAD_PAGE, [W]=WARN [ 118.563270][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.566073][ T7480] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 118.568282][ T7480] pc : hfsplus_bmap_alloc+0x164/0x4cc [ 118.569837][ T7480] lr : hfsplus_bmap_alloc+0x14c/0x4cc [ 118.571318][ T7480] sp : ffff80009c6a5fe0 [ 118.572491][ T7480] x29: ffff80009c6a6040 x28: 1ffff000138d4bfc x27: dfff800000000000 [ 118.574786][ T7480] x26: fff07ad000075d00 x25: 0000000000000f00 x24: 00000000ffff90f8 [ 118.577166][ T7480] x23: fff07ad000074e00 x22: ffff0000c622f1c0 x21: 0000000000000000 [ 118.579388][ T7480] x20: ffff0000c622f100 x19: ffff0000d95d6000 x18: 1fffe000337d1c76 [ 118.581659][ T7480] x17: 0000000000000000 x16: ffff80008ae69508 x15: 0000000000000001 [ 118.583932][ T7480] x14: 1ffff000125db6f4 x13: 0000000000000000 x12: 0000000000000000 [ 118.586260][ T7480] x11: ffff7000125db6f5 x10: 0000000000ff0100 x9 : 0000000000000000 [ 118.588565][ T7480] x8 : 1ffe0f5a0000eba0 x7 : 0000000000000001 x6 : 0000000000000001 [ 118.590886][ T7480] x5 : ffff80009c6a5858 x4 : ffff80008f776bc0 x3 : ffff8000803b7030 [ 118.593124][ T7480] x2 : 0000000000000001 x1 : 00000000000090f8 x0 : 0000000000000000 [ 118.595310][ T7480] Call trace: [ 118.596209][ T7480] hfsplus_bmap_alloc+0x164/0x4cc (P) [ 118.597727][ T7480] hfs_btree_inc_height+0xf8/0x8e0 [ 118.599154][ T7480] hfsplus_brec_insert+0x108/0xaa8 [ 118.600634][ T7480] __hfsplus_ext_write_extent+0x278/0x4cc [ 118.602226][ T7480] __hfsplus_ext_cache_extent+0x84/0xa88 [ 118.603834][ T7480] hfsplus_file_extend+0x37c/0x1388 [ 118.605276][ T7480] hfsplus_get_block+0x314/0x1154 [ 118.606687][ T7480] __block_write_begin_int+0x53c/0x15e8 [ 118.608221][ T7480] cont_write_begin+0x62c/0x968 [ 118.609622][ T7480] hfsplus_write_begin+0x7c/0xc4 [ 118.611033][ T7480] generic_perform_write+0x23c/0x79c [ 118.612530][ T7480] __generic_file_write_iter+0xfc/0x204 [ 118.614072][ T7480] generic_file_write_iter+0x104/0x470 [ 118.615630][ T7480] __kernel_write_iter+0x2b8/0x6c8 [ 118.617057][ T7480] dump_user_range+0x3e4/0x8c0 [ 118.618447][ T7480] elf_core_dump+0x2958/0x2f40 [ 118.619821][ T7480] do_coredump+0x1fc0/0x2b54 [ 118.621167][ T7480] get_signal+0xe38/0x12f8 [ 118.622428][ T7480] do_signal+0x1c0/0x4434 [ 118.623665][ T7480] do_notify_resume+0xb0/0x1f4 [ 118.625027][ T7480] el0_da+0xc4/0x164 [ 118.626107][ T7480] el0t_64_sync_handler+0x90/0x12c [ 118.627559][ T7480] el0t_64_sync+0x198/0x19c [ 118.628854][ T7480] Code: 2a1903f9 8b1902fa d343ff48 12000b49 (38fb6908) [ 118.630780][ T7480] ---[ end trace 0000000000000000 ]--- [ 119.016535][ T7480] Kernel panic - not syncing: Oops: Fatal exception [ 119.018398][ T7480] SMP: stopping secondary CPUs [ 119.019800][ T7480] Kernel Offset: disabled [ 119.021020][ T7480] CPU features: 0x10000,00040e00,040008a1,04017203 [ 119.022836][ T7480] Memory Limit: none [ 119.384448][ T7480] Rebooting in 86400 seconds..