Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts. executing program executing program executing program executing program syzkaller login: [ 36.096843][ T4227] loop0: detected capacity change from 0 to 1024 executing program [ 36.114671][ T4229] loop2: detected capacity change from 0 to 1024 [ 36.117204][ T4231] loop3: detected capacity change from 0 to 1024 executing program executing program [ 36.151875][ T1609] ================================================================== [ 36.154130][ T1609] BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0x738/0xe58 [ 36.156153][ T1609] Write of size 1024 at addr ffff0000dd999c00 by task kworker/u4:5/1609 [ 36.158305][ T1609] [ 36.158934][ T1609] CPU: 0 PID: 1609 Comm: kworker/u4:5 Not tainted 6.1.92-syzkaller #0 [ 36.161152][ T1609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 36.163819][ T1609] Workqueue: loop0 loop_rootcg_workfn [ 36.165253][ T1609] Call trace: [ 36.166113][ T1609] dump_backtrace+0x1c8/0x1f4 [ 36.166962][ T4230] loop4: detected capacity change from 0 to 1024 [ 36.167248][ T1609] show_stack+0x2c/0x3c [ 36.170066][ T1609] dump_stack_lvl+0x108/0x170 [ 36.171369][ T1609] print_report+0x174/0x4c0 [ 36.172628][ T1609] kasan_report+0xd4/0x130 [ 36.173844][ T1609] kasan_check_range+0x264/0x2a4 [ 36.175140][ T1609] memcpy+0x60/0x90 [ 36.176176][ T1609] _copy_to_iter+0x738/0xe58 [ 36.177330][ T1609] copy_page_to_iter+0x218/0x344 [ 36.177644][ T4233] loop1: detected capacity change from 0 to 1024 [ 36.178568][ T1609] shmem_file_read_iter+0x4d0/0xa04 [ 36.178588][ T1609] do_iter_read+0x578/0x998 [ 36.178600][ T1609] vfs_iter_read+0x88/0xac [ 36.178617][ T1609] loop_process_work+0xe7c/0x24a4 [ 36.185285][ T1609] loop_rootcg_workfn+0x28/0x38 [ 36.186625][ T1609] process_one_work+0x7ac/0x1404 [ 36.187968][ T1609] worker_thread+0x8e4/0xfec [ 36.189161][ T1609] kthread+0x250/0x2d8 [ 36.190282][ T1609] ret_from_fork+0x10/0x20 [ 36.191497][ T1609] [ 36.192112][ T1609] Allocated by task 4227: [ 36.193249][ T1609] kasan_set_track+0x4c/0x80 [ 36.194496][ T1609] kasan_save_alloc_info+0x24/0x30 [ 36.195827][ T1609] __kasan_kmalloc+0xac/0xc4 [ 36.197087][ T1609] __kmalloc+0xd8/0x1c4 [ 36.198193][ T1609] hfsplus_read_wrapper+0x46c/0xfcc [ 36.199565][ T1609] hfsplus_fill_super+0x2f0/0x166c [ 36.200952][ T1609] mount_bdev+0x274/0x370 [ 36.202213][ T1609] hfsplus_mount+0x44/0x58 [ 36.203422][ T1609] legacy_get_tree+0xd4/0x16c [ 36.204624][ T1609] vfs_get_tree+0x90/0x274 [ 36.205828][ T1609] do_new_mount+0x278/0x8fc [ 36.207066][ T1609] path_mount+0x590/0xe5c [ 36.208228][ T1609] __arm64_sys_mount+0x45c/0x594 [ 36.209649][ T1609] invoke_syscall+0x98/0x2c0 [ 36.210931][ T1609] el0_svc_common+0x138/0x258 [ 36.212227][ T1609] do_el0_svc+0x64/0x218 [ 36.213351][ T1609] el0_svc+0x58/0x168 [ 36.214407][ T1609] el0t_64_sync_handler+0x84/0xf0 [ 36.215770][ T1609] el0t_64_sync+0x18c/0x190 [ 36.216949][ T1609] [ 36.217576][ T1609] The buggy address belongs to the object at ffff0000dd999c00 [ 36.217576][ T1609] which belongs to the cache kmalloc-512 of size 512 [ 36.221186][ T1609] The buggy address is located 0 bytes inside of [ 36.221186][ T1609] 512-byte region [ffff0000dd999c00, ffff0000dd999e00) [ 36.224764][ T1609] [ 36.225408][ T1609] The buggy address belongs to the physical page: [ 36.227120][ T1609] page:0000000089394480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d998 [ 36.229867][ T1609] head:0000000089394480 order:2 compound_mapcount:0 compound_pincount:0 [ 36.232031][ T1609] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 36.234278][ T1609] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 36.236665][ T1609] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 36.238927][ T1609] page dumped because: kasan: bad access detected [ 36.240753][ T1609] [ 36.241344][ T1609] Memory state around the buggy address: executing program [ 36.242829][ T1609] ffff0000dd999d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.244971][ T1609] ffff0000dd999d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.247166][ T1609] >ffff0000dd999e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.249281][ T1609] ^ [ 36.250420][ T1609] ffff0000dd999e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.252604][ T1609] ffff0000dd999f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.254734][ T1609] ================================================================== executing program [ 36.273362][ T1609] Disabling lock debugging due to kernel taint executing program executing program executing program [ 36.285223][ T4227] hfsplus: unable to set blocksize to 1024! [ 36.286831][ T4227] hfsplus: unable to find HFS+ superblock executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.526207][ T4399] loop0: detected capacity change from 0 to 1024 executing program executing program executing program executing program [ 37.596643][ T4399] hfsplus: unable to set blocksize to 1024! [ 37.597804][ T3844] ------------[ cut here ]------------ [ 37.599782][ T3844] virt_to_phys used for non-linear address: 0000000027c40efc (0x1008005005848) [ 37.601736][ T4399] hfsplus: unable to find HFS+ superblock [ 37.601954][ T3844] WARNING: CPU: 0 PID: 3844 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x84/0x9c [ 37.605978][ T3844] Modules linked in: [ 37.607098][ T3844] CPU: 0 PID: 3844 Comm: udevd Tainted: G B 6.1.92-syzkaller #0 [ 37.609562][ T3844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 37.612355][ T3844] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.614516][ T3844] pc : __virt_to_phys+0x84/0x9c [ 37.615797][ T3844] lr : __virt_to_phys+0x80/0x9c [ 37.617101][ T3844] sp : ffff8000208e7960 executing program [ 37.618167][ T3844] x29: ffff8000208e7960 x28: 0000000000000cc0 x27: 0000000000000001 [ 37.620284][ T3844] x26: 0000000000000001 x25: ffff8000208e7ab0 x24: 0000000000040000 [ 37.622534][ T3844] x23: fffffc0000000000 x22: ffff800015265000 x21: 0001008005005848 [ 37.624753][ T3844] x20: 0002008005005848 x19: 0001008005005848 x18: 0000000000000278 [ 37.627105][ T3844] x17: 3031783028206366 x16: ffff80001215fb9c x15: 303030303030203a executing program executing program [ 37.629222][ T3844] x14: 7373657264646120 x13: 205d343438335420 x12: 0000000000000001 [ 37.631416][ T3844] x11: 0000000000ff0100 x10: 0000000000000000 x9 : d1d6662dcaf10700 [ 37.633694][ T3844] x8 : ffff800015265000 x7 : 205b5d3238373939 x6 : ffff800008348fd8 [ 37.635883][ T3844] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000085874e4 [ 37.638032][ T3844] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 37.640202][ T3844] Call trace: [ 37.641130][ T3844] __virt_to_phys+0x84/0x9c [ 37.642429][ T3844] qlist_free_all+0x60/0xcc [ 37.643714][ T3844] kasan_quarantine_reduce+0x124/0x130 [ 37.645212][ T3844] __kasan_slab_alloc+0x2c/0x8c [ 37.646504][ T3844] slab_post_alloc_hook+0x74/0x458 [ 37.647928][ T3844] kmem_cache_alloc+0x230/0x37c [ 37.649302][ T3844] getname_flags+0xd0/0x48c [ 37.650539][ T3844] getname+0x28/0x38 [ 37.651594][ T3844] do_sys_openat2+0xd4/0x3d8 [ 37.652844][ T3844] __arm64_sys_openat+0x1f0/0x240 [ 37.654415][ T3844] invoke_syscall+0x98/0x2c0 [ 37.655741][ T3844] el0_svc_common+0x138/0x258 [ 37.657099][ T3844] do_el0_svc+0x64/0x218 [ 37.658258][ T3844] el0_svc+0x58/0x168 [ 37.659297][ T3844] el0t_64_sync_handler+0x84/0xf0 [ 37.660662][ T3844] el0t_64_sync+0x18c/0x190 [ 37.661949][ T3844] irq event stamp: 923040 [ 37.663073][ T3844] hardirqs last enabled at (923039): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 37.665911][ T3844] hardirqs last disabled at (923040): [] __schedule+0x2a4/0x1c98 [ 37.668393][ T3844] softirqs last enabled at (922660): [] local_bh_enable+0x10/0x34 [ 37.670986][ T3844] softirqs last disabled at (922658): [] local_bh_disable+0x10/0x34 [ 37.673600][ T3844] ---[ end trace 0000000000000000 ]--- executing program executing program executing program executing program executing program executing program [ 37.686694][ T3844] Unable to handle kernel paging request at virtual address 0000020205858148 [ 37.688871][ T3844] Mem abort info: executing program [ 37.694598][ T3844] ESR = 0x0000000096000004 [ 37.695843][ T3844] EC = 0x25: DABT (current EL), IL = 32 bits executing program [ 37.697497][ T3844] SET = 0, FnV = 0 executing program [ 37.703191][ T3844] EA = 0, S1PTW = 0 [ 37.704312][ T3844] FSC = 0x04: level 0 translation fault [ 37.705878][ T3844] Data abort info: executing program [ 37.706929][ T3844] ISV = 0, ISS = 0x00000004 [ 37.708206][ T3844] CM = 0, WnR = 0 [ 37.709286][ T3844] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000118416000 [ 37.711240][ T3844] [0000020205858148] pgd=0000000000000000, p4d=0000000000000000 [ 37.713469][ T3844] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 37.715219][ T3844] Modules linked in: [ 37.716273][ T3844] CPU: 0 PID: 3844 Comm: udevd Tainted: G B W 6.1.92-syzkaller #0 executing program [ 37.718835][ T3844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 37.721414][ T3844] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.723566][ T3844] pc : qlist_free_all+0x70/0xcc [ 37.724826][ T3844] lr : qlist_free_all+0x60/0xcc [ 37.726184][ T3844] sp : ffff8000208e7980 [ 37.727320][ T3844] x29: ffff8000208e7980 x28: 0000000000000cc0 x27: 0000000000000001 [ 37.729427][ T3844] x26: 0000000000000001 x25: ffff8000208e7ab0 x24: 0000000000040000 [ 37.731483][ T3844] x23: fffffc0000000000 x22: ffff800015265000 x21: 0001008005005848 [ 37.733705][ T3844] x20: 0000000000000000 x19: ffff8000208e79c0 x18: 0000000000000278 [ 37.735797][ T3844] x17: 3031783028206366 x16: ffff80001215fb9c x15: 303030303030203a executing program executing program [ 37.738198][ T3844] x14: 7373657264646120 x13: 205d343438335420 x12: 0000000000000001 [ 37.740356][ T3844] x11: 0000000000ff0100 x10: 0000000000000000 x9 : d1d6662dcaf10700 [ 37.742438][ T3844] x8 : 0000020205858140 x7 : 205b5d3238373939 x6 : ffff800008348fd8 [ 37.744419][ T3844] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000085874e4 [ 37.746559][ T3844] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 00018081a1605848 [ 37.748760][ T3844] Call trace: [ 37.749655][ T3844] qlist_free_all+0x70/0xcc [ 37.750895][ T3844] kasan_quarantine_reduce+0x124/0x130 [ 37.752432][ T3844] __kasan_slab_alloc+0x2c/0x8c [ 37.753694][ T3844] slab_post_alloc_hook+0x74/0x458 [ 37.755086][ T3844] kmem_cache_alloc+0x230/0x37c [ 37.756373][ T3844] getname_flags+0xd0/0x48c [ 37.757492][ T3844] getname+0x28/0x38 [ 37.758458][ T3844] do_sys_openat2+0xd4/0x3d8 [ 37.759663][ T3844] __arm64_sys_openat+0x1f0/0x240 [ 37.761038][ T3844] invoke_syscall+0x98/0x2c0 executing program executing program [ 37.762292][ T3844] el0_svc_common+0x138/0x258 [ 37.763577][ T3844] do_el0_svc+0x64/0x218 [ 37.764677][ T3844] el0_svc+0x58/0x168 [ 37.765765][ T3844] el0t_64_sync_handler+0x84/0xf0 [ 37.767069][ T3844] el0t_64_sync+0x18c/0x190 [ 37.768366][ T3844] Code: d346fc08 927acd08 cb181908 8b170108 (f9400509) [ 37.770236][ T3844] ---[ end trace 0000000000000000 ]--- [ 38.089980][ T3844] Kernel panic - not syncing: Oops: Fatal exception [ 38.091942][ T3844] SMP: stopping secondary CPUs [ 38.093260][ T3844] Kernel Offset: disabled [ 38.094437][ T3844] CPU features: 0x00000,02070084,26017203 [ 38.096031][ T3844] Memory Limit: none [ 38.403423][ T3844] Rebooting in 86400 seconds..