Warning: Permanently added '10.128.1.185' (ED25519) to the list of known hosts. executing program [ 38.374572][ T4015] loop0: detected capacity change from 0 to 1024 [ 38.470982][ T4015] ================================================================== [ 38.473160][ T4015] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x120/0x24c [ 38.475237][ T4015] Write of size 4026 at addr ffff0000cb9b2800 by task syz-executor409/4015 [ 38.477531][ T4015] [ 38.478146][ T4015] CPU: 1 PID: 4015 Comm: syz-executor409 Not tainted 5.15.167-syzkaller #0 [ 38.480396][ T4015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 38.483100][ T4015] Call trace: [ 38.483979][ T4015] dump_backtrace+0x0/0x530 [ 38.485176][ T4015] show_stack+0x2c/0x3c [ 38.486280][ T4015] dump_stack_lvl+0x108/0x170 [ 38.487523][ T4015] print_address_description+0x7c/0x3f0 executing program [ 38.489024][ T4015] kasan_report+0x174/0x1e4 [ 38.490223][ T4015] kasan_check_range+0x274/0x2b4 executing program executing program [ 38.491536][ T4015] memcpy+0xb4/0xe8 [ 38.492522][ T4015] hfsplus_bnode_read+0x120/0x24c [ 38.493858][ T4015] hfsplus_bnode_read_key+0x170/0x278 [ 38.495306][ T4015] hfsplus_brec_insert+0x520/0xaa0 executing program [ 38.496661][ T4015] hfsplus_create_attr+0x3b0/0x568 [ 38.498030][ T4015] __hfsplus_setxattr+0x9a8/0x1df0 [ 38.499394][ T4015] hfsplus_setxattr+0xb4/0xec [ 38.500633][ T4015] hfsplus_user_setxattr+0x54/0x6c [ 38.501997][ T4015] __vfs_setxattr+0x388/0x3a4 [ 38.503236][ T4015] __vfs_setxattr_noperm+0x110/0x528 executing program [ 38.504633][ T4015] __vfs_setxattr_locked+0x1ec/0x218 [ 38.506033][ T4015] vfs_setxattr+0x1a8/0x344 [ 38.507220][ T4015] setxattr+0x250/0x2b4 [ 38.508329][ T4015] path_setxattr+0x17c/0x258 [ 38.509551][ T4015] __arm64_sys_setxattr+0xbc/0xd8 [ 38.510894][ T4015] invoke_syscall+0x98/0x2b8 executing program [ 38.512099][ T4015] el0_svc_common+0x138/0x258 [ 38.513343][ T4015] do_el0_svc+0x58/0x14c executing program [ 38.514510][ T4015] el0_svc+0x7c/0x1f0 [ 38.515562][ T4015] el0t_64_sync_handler+0x84/0xe4 [ 38.516876][ T4015] el0t_64_sync+0x1a0/0x1a4 [ 38.518093][ T4015] [ 38.518688][ T4015] Allocated by task 4015: [ 38.519831][ T4015] ____kasan_kmalloc+0xbc/0xfc executing program [ 38.521126][ T4015] __kasan_kmalloc+0x10/0x1c [ 38.522346][ T4015] __kmalloc+0x29c/0x4c8 [ 38.523465][ T4015] hfsplus_find_init+0x84/0x1bc [ 38.524755][ T4015] hfsplus_create_attr+0x14c/0x568 [ 38.526125][ T4015] __hfsplus_setxattr+0x9a8/0x1df0 [ 38.527485][ T4015] hfsplus_setxattr+0xb4/0xec [ 38.528736][ T4015] hfsplus_user_setxattr+0x54/0x6c [ 38.530088][ T4015] __vfs_setxattr+0x388/0x3a4 executing program [ 38.531331][ T4015] __vfs_setxattr_noperm+0x110/0x528 [ 38.532730][ T4015] __vfs_setxattr_locked+0x1ec/0x218 [ 38.534150][ T4015] vfs_setxattr+0x1a8/0x344 [ 38.535346][ T4015] setxattr+0x250/0x2b4 [ 38.536443][ T4015] path_setxattr+0x17c/0x258 [ 38.537663][ T4015] __arm64_sys_setxattr+0xbc/0xd8 [ 38.539009][ T4015] invoke_syscall+0x98/0x2b8 executing program [ 38.540227][ T4015] el0_svc_common+0x138/0x258 [ 38.541454][ T4015] do_el0_svc+0x58/0x14c executing program [ 38.542570][ T4015] el0_svc+0x7c/0x1f0 [ 38.543626][ T4015] el0t_64_sync_handler+0x84/0xe4 [ 38.544977][ T4015] el0t_64_sync+0x1a0/0x1a4 [ 38.546178][ T4015] [ 38.546778][ T4015] The buggy address belongs to the object at ffff0000cb9b2800 [ 38.546778][ T4015] which belongs to the cache kmalloc-1k of size 1024 [ 38.550505][ T4015] The buggy address is located 0 bytes inside of [ 38.550505][ T4015] 1024-byte region [ffff0000cb9b2800, ffff0000cb9b2c00) [ 38.554059][ T4015] The buggy address belongs to the page: [ 38.555526][ T4015] page:000000000dedc095 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b9b0 [ 38.558246][ T4015] head:000000000dedc095 order:3 compound_mapcount:0 compound_pincount:0 [ 38.560447][ T4015] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) executing program [ 38.562605][ T4015] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 38.564901][ T4015] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 38.567188][ T4015] page dumped because: kasan: bad access detected [ 38.568894][ T4015] [ 38.569499][ T4015] Memory state around the buggy address: [ 38.570992][ T4015] ffff0000cb9b2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.573114][ T4015] ffff0000cb9b2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.575257][ T4015] >ffff0000cb9b2a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.577381][ T4015] ^ [ 38.578657][ T4015] ffff0000cb9b2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc executing program [ 38.580809][ T4015] ffff0000cb9b2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.583006][ T4015] ================================================================== [ 38.585152][ T4015] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.352722][ T3638] ------------[ cut here ]------------ executing program executing program executing program executing program [ 40.354232][ T3638] virt_to_phys used for non-linear address: 00000000184abf56 (0x430000000800) [ 40.356527][ T3638] WARNING: CPU: 1 PID: 3638 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x114/0x15c [ 40.358959][ T3638] Modules linked in: [ 40.359942][ T3638] CPU: 1 PID: 3638 Comm: udevd Tainted: G B 5.15.167-syzkaller #0 [ 40.362251][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 40.364812][ T3638] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 40.366899][ T3638] pc : __virt_to_phys+0x114/0x15c [ 40.368227][ T3638] lr : __virt_to_phys+0x114/0x15c [ 40.369533][ T3638] sp : ffff8000227a7370 [ 40.370609][ T3638] x29: ffff8000227a7370 x28: 0000000000000001 x27: 0000000000000000 [ 40.372728][ T3638] x26: 0000000000000001 x25: ffff8000227a76f0 x24: 0000000000040000 [ 40.374823][ T3638] x23: fffffc0000000000 x22: ffff800017103000 x21: 0000600000000000 executing program [ 40.376933][ T3638] x20: 0000430000000800 x19: 0001430000000800 x18: 0000000000000001 [ 40.379105][ T3638] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 40.381270][ T3638] x14: ffff0000d60dd1c0 x13: 0000000000000001 x12: 0000000000000001 [ 40.383410][ T3638] x11: 0000000000000000 x10: 0000000000000000 x9 : 2ac4ed5180c12500 [ 40.385526][ T3638] x8 : 2ac4ed5180c12500 x7 : 0000000000000001 x6 : 0000000000000001 [ 40.387635][ T3638] x5 : ffff8000227a6ad8 x4 : ffff800014b9fae0 x3 : ffff800008557c4c [ 40.389727][ T3638] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000004b [ 40.391853][ T3638] Call trace: [ 40.392710][ T3638] __virt_to_phys+0x114/0x15c [ 40.393919][ T3638] qlist_free_all+0x60/0xa8 [ 40.395086][ T3638] kasan_quarantine_reduce+0x124/0x130 [ 40.396507][ T3638] __kasan_slab_alloc+0x34/0xcc [ 40.397786][ T3638] slab_post_alloc_hook+0x74/0x3f4 [ 40.399132][ T3638] __kmalloc+0x208/0x4c8 [ 40.400222][ T3638] tomoyo_realpath_from_path+0xd0/0x508 [ 40.401713][ T3638] tomoyo_path_perm+0x208/0x568 [ 40.402999][ T3638] tomoyo_inode_getattr+0x28/0x38 executing program executing program [ 40.404313][ T3638] security_inode_getattr+0xd8/0x124 [ 40.405700][ T3638] vfs_statx+0x16c/0x378 [ 40.406808][ T3638] __arm64_sys_newfstatat+0x110/0x194 [ 40.408209][ T3638] invoke_syscall+0x98/0x2b8 [ 40.409411][ T3638] el0_svc_common+0x138/0x258 [ 40.410647][ T3638] do_el0_svc+0x58/0x14c [ 40.411768][ T3638] el0_svc+0x7c/0x1f0 [ 40.412814][ T3638] el0t_64_sync_handler+0x84/0xe4 executing program [ 40.414149][ T3638] el0t_64_sync+0x1a0/0x1a4 [ 40.415324][ T3638] irq event stamp: 866844 [ 40.416466][ T3638] hardirqs last enabled at (866843): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 40.419307][ T3638] hardirqs last disabled at (866844): [] __schedule+0x308/0x1e48 [ 40.421747][ T3638] softirqs last enabled at (866596): [] local_bh_enable+0x10/0x34 [ 40.424245][ T3638] softirqs last disabled at (866594): [] local_bh_disable+0x10/0x34 [ 40.426779][ T3638] ---[ end trace 3d87c9485f12ad3c ]--- [ 40.429167][ T3638] Unable to handle kernel paging request at virtual address ffffff0c05670008 [ 40.431493][ T3638] Mem abort info: [ 40.432400][ T3638] ESR = 0x0000000096000004 [ 40.433529][ T3638] EC = 0x25: DABT (current EL), IL = 32 bits [ 40.435836][ T3638] SET = 0, FnV = 0 [ 40.436860][ T3638] EA = 0, S1PTW = 0 [ 40.437873][ T3638] FSC = 0x04: level 0 translation fault [ 40.439282][ T3638] Data abort info: [ 40.440233][ T3638] ISV = 0, ISS = 0x00000004 [ 40.441469][ T3638] CM = 0, WnR = 0 [ 40.442364][ T3638] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ae2ee000 executing program [ 40.444857][ T3638] [ffffff0c05670008] pgd=0000000000000000, p4d=0000000000000000 executing program executing program [ 40.446791][ T3638] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 40.448558][ T3638] Modules linked in: [ 40.449548][ T3638] CPU: 1 PID: 3638 Comm: udevd Tainted: G B W 5.15.167-syzkaller #0 [ 40.451848][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 40.454403][ T3638] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 40.456469][ T3638] pc : qlist_free_all+0x70/0xa8 [ 40.457762][ T3638] lr : qlist_free_all+0x60/0xa8 [ 40.459044][ T3638] sp : ffff8000227a73a0 [ 40.460110][ T3638] x29: ffff8000227a73a0 x28: 0000000000000001 x27: 0000000000000000 [ 40.462227][ T3638] x26: 0000000000000001 x25: ffff8000227a76f0 x24: 0000000000040000 [ 40.464361][ T3638] x23: fffffc0000000000 x22: ffff800014495000 x21: 0000430000000800 [ 40.466443][ T3638] x20: 0000000000000000 x19: ffff8000227a73e0 x18: 0000000000000001 [ 40.468574][ T3638] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 40.470686][ T3638] x14: ffff0000d60dd1c0 x13: 0000000000000001 x12: 0000000000000001 [ 40.472767][ T3638] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000d60dd1c0 [ 40.474843][ T3638] x8 : ffffff0c05670000 x7 : 0000000000000001 x6 : 0000000000000001 [ 40.476973][ T3638] x5 : ffff8000227a6ad8 x4 : ffff800014b9fae0 x3 : ffff800008557c4c executing program [ 40.479115][ T3638] x2 : 0000000000000001 x1 : 0000600000000000 x0 : 0000c30199c00800 [ 40.481234][ T3638] Call trace: [ 40.482069][ T3638] qlist_free_all+0x70/0xa8 [ 40.483203][ T3638] kasan_quarantine_reduce+0x124/0x130 [ 40.484597][ T3638] __kasan_slab_alloc+0x34/0xcc [ 40.485814][ T3638] slab_post_alloc_hook+0x74/0x3f4 [ 40.487138][ T3638] __kmalloc+0x208/0x4c8 [ 40.488234][ T3638] tomoyo_realpath_from_path+0xd0/0x508 executing program [ 40.489724][ T3638] tomoyo_path_perm+0x208/0x568 [ 40.491000][ T3638] tomoyo_inode_getattr+0x28/0x38 [ 40.492296][ T3638] security_inode_getattr+0xd8/0x124 executing program executing program [ 40.493720][ T3638] vfs_statx+0x16c/0x378 [ 40.494837][ T3638] __arm64_sys_newfstatat+0x110/0x194 [ 40.496247][ T3638] invoke_syscall+0x98/0x2b8 [ 40.497432][ T3638] el0_svc_common+0x138/0x258 [ 40.498667][ T3638] do_el0_svc+0x58/0x14c [ 40.499788][ T3638] el0_svc+0x7c/0x1f0 [ 40.500826][ T3638] el0t_64_sync_handler+0x84/0xe4 [ 40.502164][ T3638] el0t_64_sync+0x1a0/0x1a4 [ 40.503341][ T3638] Code: d346fc08 927acd08 cb181908 8b170108 (f9400509) [ 40.505168][ T3638] ---[ end trace 3d87c9485f12ad3d ]--- executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.807322][ T3638] Kernel panic - not syncing: Oops: Fatal exception [ 40.809097][ T3638] SMP: stopping secondary CPUs [ 40.810385][ T3638] Kernel Offset: disabled [ 40.811506][ T3638] CPU features: 0x8,000081c1,21302e40 [ 40.812902][ T3638] Memory Limit: none [ 41.098334][ T3638] Rebooting in 86400 seconds..