Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts. executing program [ 37.920701][ T4290] loop0: detected capacity change from 0 to 1024 [ 37.939367][ T4290] ================================================================== [ 37.941104][ T4290] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read_key+0x3bc/0x658 [ 37.942959][ T4290] Write of size 4030 at addr ffff0000d85c7000 by task syz-executor556/4290 [ 37.944738][ T4290] [ 37.945235][ T4290] CPU: 1 PID: 4290 Comm: syz-executor556 Not tainted 6.1.118-syzkaller #0 [ 37.947185][ T4290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 37.949320][ T4290] Call trace: [ 37.950062][ T4290] dump_backtrace+0x1c8/0x1f4 [ 37.951007][ T4290] show_stack+0x2c/0x3c [ 37.951832][ T4290] dump_stack_lvl+0x108/0x170 [ 37.952854][ T4290] print_report+0x174/0x4c0 [ 37.953776][ T4290] kasan_report+0xd4/0x130 [ 37.954737][ T4290] kasan_check_range+0x264/0x2a4 [ 37.955845][ T4290] memcpy+0x60/0x90 [ 37.956687][ T4290] hfsplus_bnode_read_key+0x3bc/0x658 [ 37.957815][ T4290] hfsplus_brec_insert+0x520/0xaa0 [ 37.958926][ T4290] hfsplus_create_attr+0x3b0/0x568 [ 37.959999][ T4290] __hfsplus_setxattr+0x990/0x1d10 [ 37.961119][ T4290] hfsplus_setxattr+0xb4/0xec [ 37.962079][ T4290] hfsplus_security_setxattr+0x54/0x6c [ 37.963294][ T4290] __vfs_setxattr+0x388/0x3a4 [ 37.964292][ T4290] __vfs_setxattr_noperm+0x110/0x528 [ 37.965380][ T4290] __vfs_setxattr_locked+0x1ec/0x218 [ 37.966594][ T4290] vfs_setxattr+0x1a8/0x344 [ 37.967623][ T4290] setxattr+0x230/0x294 [ 37.968630][ T4290] path_setxattr+0x17c/0x258 [ 37.969605][ T4290] __arm64_sys_setxattr+0xbc/0xd8 [ 37.970674][ T4290] invoke_syscall+0x98/0x2bc [ 37.971676][ T4290] el0_svc_common+0x138/0x258 [ 37.972684][ T4290] do_el0_svc+0x58/0x13c [ 37.973574][ T4290] el0_svc+0x58/0x168 [ 37.974409][ T4290] el0t_64_sync_handler+0x84/0xf0 [ 37.975556][ T4290] el0t_64_sync+0x18c/0x190 [ 37.976539][ T4290] [ 37.977114][ T4290] Allocated by task 4290: [ 37.978060][ T4290] kasan_set_track+0x4c/0x80 [ 37.979044][ T4290] kasan_save_alloc_info+0x24/0x30 [ 37.980117][ T4290] __kasan_kmalloc+0xac/0xc4 [ 37.981102][ T4290] __kmalloc+0xd8/0x1c4 [ 37.981999][ T4290] hfsplus_find_init+0x84/0x1bc [ 37.983165][ T4290] hfsplus_create_attr+0x14c/0x568 [ 37.984154][ T4290] __hfsplus_setxattr+0x990/0x1d10 [ 37.985207][ T4290] hfsplus_setxattr+0xb4/0xec [ 37.986139][ T4290] hfsplus_security_setxattr+0x54/0x6c [ 37.987329][ T4290] __vfs_setxattr+0x388/0x3a4 [ 37.988385][ T4290] __vfs_setxattr_noperm+0x110/0x528 [ 37.989481][ T4290] __vfs_setxattr_locked+0x1ec/0x218 [ 37.990552][ T4290] vfs_setxattr+0x1a8/0x344 [ 37.991608][ T4290] setxattr+0x230/0x294 [ 37.992582][ T4290] path_setxattr+0x17c/0x258 [ 37.993667][ T4290] __arm64_sys_setxattr+0xbc/0xd8 [ 37.994726][ T4290] invoke_syscall+0x98/0x2bc [ 37.995641][ T4290] el0_svc_common+0x138/0x258 [ 37.996643][ T4290] do_el0_svc+0x58/0x13c [ 37.997605][ T4290] el0_svc+0x58/0x168 [ 37.998586][ T4290] el0t_64_sync_handler+0x84/0xf0 [ 37.999835][ T4290] el0t_64_sync+0x18c/0x190 [ 38.000734][ T4290] [ 38.001249][ T4290] The buggy address belongs to the object at ffff0000d85c7000 [ 38.001249][ T4290] which belongs to the cache kmalloc-1k of size 1024 [ 38.004271][ T4290] The buggy address is located 0 bytes inside of [ 38.004271][ T4290] 1024-byte region [ffff0000d85c7000, ffff0000d85c7400) [ 38.006968][ T4290] [ 38.007423][ T4290] The buggy address belongs to the physical page: [ 38.008765][ T4290] page:0000000043596e06 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1185c0 [ 38.011049][ T4290] head:0000000043596e06 order:3 compound_mapcount:0 compound_pincount:0 [ 38.012884][ T4290] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 38.014658][ T4290] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 38.016506][ T4290] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 38.018320][ T4290] page dumped because: kasan: bad access detected [ 38.019674][ T4290] [ 38.020166][ T4290] Memory state around the buggy address: [ 38.021338][ T4290] ffff0000d85c7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.023213][ T4290] ffff0000d85c7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.024973][ T4290] >ffff0000d85c7200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.026648][ T4290] ^ [ 38.027705][ T4290] ffff0000d85c7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.029385][ T4290] ffff0000d85c7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.031194][ T4290] ================================================================== [ 38.033913][ T4290] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.565857][ T4291] ------------[ cut here ]------------ [ 39.567115][ T4291] virt_to_phys used for non-linear address: 000000003f249d2f (0x380000000800) [ 39.569072][ T4291] WARNING: CPU: 1 PID: 4291 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x84/0x9c [ 39.570931][ T4291] Modules linked in: [ 39.571762][ T4291] CPU: 1 PID: 4291 Comm: udevd Tainted: G B 6.1.118-syzkaller #0 [ 39.573617][ T4291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 39.575612][ T4291] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 39.577173][ T4291] pc : __virt_to_phys+0x84/0x9c [ 39.578138][ T4291] lr : __virt_to_phys+0x80/0x9c [ 39.579174][ T4291] sp : ffff800020eb75e0 [ 39.580021][ T4291] x29: ffff800020eb75e0 x28: 0000000000000cc0 x27: 0000000000000000 executing program [ 39.581748][ T4291] x26: 0000000000000001 x25: ffff800020eb7730 x24: 0000000000040000 [ 39.583470][ T4291] x23: fffffc0000000000 x22: ffff8000153e7000 x21: 0000380000000800 [ 39.585160][ T4291] x20: 0001380000000800 x19: 0000380000000800 x18: 1fffe000367a3376 [ 39.586949][ T4291] x17: ffff8000159cd000 x16: ffff80001229482c x15: ffff0001b3d19bbc [ 39.588725][ T4291] x14: ffff0001b3d19bb8 x13: 1fffe000367a3376 x12: 0000000000000001 [ 39.590443][ T4291] x11: 1fffe0001aca9490 x10: 0000000000000000 x9 : 786b5c49e090ec00 [ 39.592200][ T4291] x8 : ffff8000153e7000 x7 : 1fffe000367a3377 x6 : ffff800008277348 [ 39.593837][ T4291] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800008265024 [ 39.595548][ T4291] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001 [ 39.597294][ T4291] Call trace: [ 39.598005][ T4291] __virt_to_phys+0x84/0x9c [ 39.598978][ T4291] qlist_free_all+0x60/0xcc [ 39.600054][ T4291] kasan_quarantine_reduce+0x124/0x130 [ 39.601203][ T4291] __kasan_slab_alloc+0x2c/0x8c [ 39.602280][ T4291] slab_post_alloc_hook+0x74/0x458 executing program [ 39.603304][ T4291] kmem_cache_alloc_node+0x258/0x3b4 [ 39.604464][ T4291] __alloc_skb+0x114/0x580 [ 39.605358][ T4291] netlink_sendmsg+0x634/0xb18 [ 39.606373][ T4291] ____sys_sendmsg+0x55c/0x848 [ 39.607377][ T4291] __sys_sendmsg+0x26c/0x33c [ 39.608377][ T4291] __arm64_sys_sendmsg+0x80/0x94 [ 39.609411][ T4291] invoke_syscall+0x98/0x2bc [ 39.610434][ T4291] el0_svc_common+0x138/0x258 [ 39.611433][ T4291] do_el0_svc+0x58/0x13c [ 39.612356][ T4291] el0_svc+0x58/0x168 [ 39.613242][ T4291] el0t_64_sync_handler+0x84/0xf0 [ 39.614307][ T4291] el0t_64_sync+0x18c/0x190 [ 39.615228][ T4291] irq event stamp: 10550 [ 39.616076][ T4291] hardirqs last enabled at (10549): [] _raw_write_unlock_irq+0x3c/0x90 [ 39.618179][ T4291] hardirqs last disabled at (10550): [] __schedule+0x2a4/0x1d44 [ 39.620213][ T4291] softirqs last enabled at (7908): [] local_bh_enable+0x10/0x34 [ 39.622182][ T4291] softirqs last disabled at (7906): [] local_bh_disable+0x10/0x34 executing program [ 39.624238][ T4291] ---[ end trace 0000000000000000 ]--- [ 39.631133][ T4291] Unable to handle kernel paging request at virtual address fffffee005578008 [ 39.632918][ T4291] KASAN: maybe wild-memory-access in range [0x0003f7002abc0040-0x0003f7002abc0047] executing program [ 39.634789][ T4291] Mem abort info: [ 39.635510][ T4291] ESR = 0x0000000096000004 [ 39.636426][ T4291] EC = 0x25: DABT (current EL), IL = 32 bits [ 39.637870][ T4291] SET = 0, FnV = 0 [ 39.638644][ T4291] EA = 0, S1PTW = 0 [ 39.639468][ T4291] FSC = 0x04: level 0 translation fault [ 39.640691][ T4291] Data abort info: [ 39.641408][ T4291] ISV = 0, ISS = 0x00000004 [ 39.642437][ T4291] CM = 0, WnR = 0 [ 39.643275][ T4291] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ab36f000 [ 39.644945][ T4291] [fffffee005578008] pgd=0000000000000000, p4d=0000000000000000 [ 39.646783][ T4291] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 39.648284][ T4291] Modules linked in: [ 39.649080][ T4291] CPU: 1 PID: 4291 Comm: udevd Tainted: G B W 6.1.118-syzkaller #0 [ 39.650929][ T4291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 39.653051][ T4291] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 39.654839][ T4291] pc : qlist_free_all+0x70/0xcc [ 39.655966][ T4291] lr : qlist_free_all+0x60/0xcc [ 39.656962][ T4291] sp : ffff800020eb7600 [ 39.657902][ T4291] x29: ffff800020eb7600 x28: 0000000000000cc0 x27: 0000000000000000 [ 39.659529][ T4291] x26: 0000000000000001 x25: ffff800020eb7730 x24: 0000000000040000 [ 39.661235][ T4291] x23: fffffc0000000000 x22: ffff8000153e7000 x21: 0000380000000800 [ 39.663009][ T4291] x20: 0000000000000000 x19: ffff800020eb7640 x18: 1fffe000367a3376 [ 39.664609][ T4291] x17: ffff8000159cd000 x16: ffff80001229482c x15: ffff0001b3d19bbc [ 39.666311][ T4291] x14: ffff0001b3d19bb8 x13: 1fffe000367a3376 x12: 0000000000000001 [ 39.668162][ T4291] x11: 1fffe0001aca9490 x10: 0000000000000000 x9 : 786b5c49e090ec00 executing program [ 39.669882][ T4291] x8 : fffffee005578000 x7 : 1fffe000367a3377 x6 : ffff800008277348 [ 39.671530][ T4291] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800008265024 [ 39.673281][ T4291] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000b80195e00800 [ 39.674906][ T4291] Call trace: [ 39.675590][ T4291] qlist_free_all+0x70/0xcc [ 39.676553][ T4291] kasan_quarantine_reduce+0x124/0x130 [ 39.677646][ T4291] __kasan_slab_alloc+0x2c/0x8c [ 39.678645][ T4291] slab_post_alloc_hook+0x74/0x458 [ 39.679731][ T4291] kmem_cache_alloc_node+0x258/0x3b4 [ 39.680854][ T4291] __alloc_skb+0x114/0x580 [ 39.681807][ T4291] netlink_sendmsg+0x634/0xb18 [ 39.682805][ T4291] ____sys_sendmsg+0x55c/0x848 [ 39.683830][ T4291] __sys_sendmsg+0x26c/0x33c [ 39.684904][ T4291] __arm64_sys_sendmsg+0x80/0x94 [ 39.685955][ T4291] invoke_syscall+0x98/0x2bc [ 39.686952][ T4291] el0_svc_common+0x138/0x258 [ 39.687873][ T4291] do_el0_svc+0x58/0x13c [ 39.688750][ T4291] el0_svc+0x58/0x168 [ 39.689580][ T4291] el0t_64_sync_handler+0x84/0xf0 executing program [ 39.690663][ T4291] el0t_64_sync+0x18c/0x190 [ 39.691672][ T4291] Code: d346fc08 927acd08 cb181908 8b170108 (f9400509) [ 39.693138][ T4291] ---[ end trace 0000000000000000 ]--- executing program executing program executing program [ 40.027395][ T4291] Kernel panic - not syncing: Oops: Fatal exception [ 40.028831][ T4291] SMP: stopping secondary CPUs [ 40.029896][ T4291] Kernel Offset: disabled [ 40.030911][ T4291] CPU features: 0x080000,02070084,26017203 [ 40.032167][ T4291] Memory Limit: none [ 40.350925][ T4291] Rebooting in 86400 seconds..