Warning: Permanently added '10.128.0.64' (ED25519) to the list of known hosts. executing program [ 34.031722][ T4228] loop0: detected capacity change from 0 to 1024 [ 34.044862][ T4228] ================================================================== [ 34.046979][ T4228] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read_key+0x3bc/0x658 [ 34.049126][ T4228] Write of size 3970 at addr ffff0000d553f800 by task syz-executor408/4228 [ 34.051328][ T4228] [ 34.051924][ T4228] CPU: 0 PID: 4228 Comm: syz-executor408 Not tainted 6.1.92-syzkaller #0 [ 34.054098][ T4228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 34.056740][ T4228] Call trace: [ 34.057560][ T4228] dump_backtrace+0x1c8/0x1f4 [ 34.058753][ T4228] show_stack+0x2c/0x3c [ 34.059826][ T4228] dump_stack_lvl+0x108/0x170 [ 34.061025][ T4228] print_report+0x174/0x4c0 [ 34.062216][ T4228] kasan_report+0xd4/0x130 [ 34.063298][ T4228] kasan_check_range+0x264/0x2a4 [ 34.064576][ T4228] memcpy+0x60/0x90 [ 34.065540][ T4228] hfsplus_bnode_read_key+0x3bc/0x658 [ 34.066977][ T4228] hfsplus_brec_insert+0x520/0xaa0 [ 34.068331][ T4228] hfsplus_create_attr+0x3b0/0x568 [ 34.069578][ T4228] __hfsplus_setxattr+0x990/0x1d10 [ 34.070917][ T4228] hfsplus_setxattr+0xb4/0xec [ 34.072165][ T4228] hfsplus_security_setxattr+0x54/0x6c [ 34.073685][ T4228] __vfs_setxattr+0x388/0x3a4 [ 34.074893][ T4228] __vfs_setxattr_noperm+0x110/0x528 [ 34.076250][ T4228] __vfs_setxattr_locked+0x1ec/0x218 [ 34.077653][ T4228] vfs_setxattr+0x1a8/0x344 [ 34.078816][ T4228] setxattr+0x230/0x294 [ 34.079901][ T4228] path_setxattr+0x17c/0x258 [ 34.081100][ T4228] __arm64_sys_setxattr+0xbc/0xd8 [ 34.082394][ T4228] invoke_syscall+0x98/0x2c0 [ 34.083629][ T4228] el0_svc_common+0x138/0x258 [ 34.084827][ T4228] do_el0_svc+0x64/0x218 [ 34.085946][ T4228] el0_svc+0x58/0x168 [ 34.087039][ T4228] el0t_64_sync_handler+0x84/0xf0 [ 34.088368][ T4228] el0t_64_sync+0x18c/0x190 [ 34.089504][ T4228] [ 34.090111][ T4228] Allocated by task 4228: [ 34.091189][ T4228] kasan_set_track+0x4c/0x80 [ 34.092403][ T4228] kasan_save_alloc_info+0x24/0x30 [ 34.093781][ T4228] __kasan_kmalloc+0xac/0xc4 [ 34.095056][ T4228] __kmalloc+0xd8/0x1c4 [ 34.096119][ T4228] hfsplus_find_init+0x84/0x1bc [ 34.097364][ T4228] hfsplus_create_attr+0x14c/0x568 [ 34.098717][ T4228] __hfsplus_setxattr+0x990/0x1d10 [ 34.100059][ T4228] hfsplus_setxattr+0xb4/0xec [ 34.101289][ T4228] hfsplus_security_setxattr+0x54/0x6c [ 34.102711][ T4228] __vfs_setxattr+0x388/0x3a4 [ 34.103977][ T4228] __vfs_setxattr_noperm+0x110/0x528 [ 34.105369][ T4228] __vfs_setxattr_locked+0x1ec/0x218 [ 34.106749][ T4228] vfs_setxattr+0x1a8/0x344 [ 34.107862][ T4228] setxattr+0x230/0x294 [ 34.109001][ T4228] path_setxattr+0x17c/0x258 [ 34.110196][ T4228] __arm64_sys_setxattr+0xbc/0xd8 [ 34.111453][ T4228] invoke_syscall+0x98/0x2c0 [ 34.112594][ T4228] el0_svc_common+0x138/0x258 [ 34.113851][ T4228] do_el0_svc+0x64/0x218 [ 34.114935][ T4228] el0_svc+0x58/0x168 [ 34.115997][ T4228] el0t_64_sync_handler+0x84/0xf0 [ 34.117263][ T4228] el0t_64_sync+0x18c/0x190 [ 34.118386][ T4228] [ 34.118987][ T4228] The buggy address belongs to the object at ffff0000d553f800 [ 34.118987][ T4228] which belongs to the cache kmalloc-1k of size 1024 [ 34.122686][ T4228] The buggy address is located 0 bytes inside of [ 34.122686][ T4228] 1024-byte region [ffff0000d553f800, ffff0000d553fc00) [ 34.126108][ T4228] [ 34.126668][ T4228] The buggy address belongs to the physical page: [ 34.128302][ T4228] page:00000000db2fd9bc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115538 [ 34.130929][ T4228] head:00000000db2fd9bc order:3 compound_mapcount:0 compound_pincount:0 [ 34.133155][ T4228] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 34.135278][ T4228] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780 [ 34.137467][ T4228] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 34.139720][ T4228] page dumped because: kasan: bad access detected [ 34.141449][ T4228] [ 34.142114][ T4228] Memory state around the buggy address: [ 34.143622][ T4228] ffff0000d553f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.145756][ T4228] ffff0000d553f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.147769][ T4228] >ffff0000d553fa00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.149910][ T4228] ^ [ 34.151160][ T4228] ffff0000d553fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.153288][ T4228] ffff0000d553fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.155418][ T4228] ================================================================== [ 34.157784][ T4228] Disabling lock debugging due to kernel taint