Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. executing program [ 35.243179][ T4289] loop0: detected capacity change from 0 to 1024 [ 35.261930][ T4289] hfsplus: request for non-existent node 211 in B*Tree [ 35.263809][ T4289] hfsplus: request for non-existent node 211 in B*Tree [ 35.267593][ T4289] ================================================================== [ 35.269811][ T4289] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x9c/0x270 [ 35.271897][ T4289] Read of size 8 at addr ffff0000d7c7ace0 by task syz-executor346/4289 [ 35.274127][ T4289] [ 35.274767][ T4289] CPU: 0 PID: 4289 Comm: syz-executor346 Not tainted 6.1.129-syzkaller #0 [ 35.277106][ T4289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 35.279829][ T4289] Call trace: [ 35.280738][ T4289] dump_backtrace+0x1c8/0x1f4 [ 35.282050][ T4289] show_stack+0x2c/0x3c [ 35.283181][ T4289] dump_stack_lvl+0x108/0x170 [ 35.284480][ T4289] print_report+0x174/0x4c0 [ 35.285733][ T4289] kasan_report+0xd4/0x130 [ 35.286976][ T4289] __asan_report_load8_noabort+0x2c/0x38 [ 35.288529][ T4289] hfsplus_bnode_read+0x9c/0x270 [ 35.289932][ T4289] hfsplus_bnode_dump+0x2ec/0x534 [ 35.291316][ T4289] hfsplus_brec_remove+0x3d0/0x4a4 [ 35.292727][ T4289] __hfsplus_delete_attr+0x1dc/0x3e4 [ 35.294260][ T4289] hfsplus_delete_attr+0x234/0x2c8 [ 35.295599][ T4289] __hfsplus_setxattr+0x3b8/0x1d3c [ 35.296982][ T4289] hfsplus_setxattr+0xdc/0x12c [ 35.298298][ T4289] hfsplus_trusted_setxattr+0x54/0x6c [ 35.299763][ T4289] __vfs_setxattr+0x388/0x3a4 [ 35.301050][ T4289] __vfs_setxattr_noperm+0x110/0x528 [ 35.302559][ T4289] __vfs_setxattr_locked+0x1ec/0x218 [ 35.303997][ T4289] vfs_setxattr+0x1a8/0x344 [ 35.305224][ T4289] setxattr+0x230/0x294 [ 35.306397][ T4289] path_setxattr+0x17c/0x258 [ 35.307618][ T4289] __arm64_sys_setxattr+0xbc/0xd8 [ 35.309019][ T4289] invoke_syscall+0x98/0x2bc [ 35.310279][ T4289] el0_svc_common+0x138/0x258 [ 35.311556][ T4289] do_el0_svc+0x58/0x13c [ 35.312731][ T4289] el0_svc+0x58/0x168 [ 35.313895][ T4289] el0t_64_sync_handler+0x84/0xf0 [ 35.315278][ T4289] el0t_64_sync+0x18c/0x190 [ 35.316567][ T4289] [ 35.317190][ T4289] Allocated by task 4289: [ 35.318377][ T4289] kasan_set_track+0x4c/0x80 [ 35.319630][ T4289] kasan_save_alloc_info+0x24/0x30 [ 35.321010][ T4289] __kasan_kmalloc+0xac/0xc4 [ 35.322252][ T4289] __kmalloc+0xd8/0x1c4 [ 35.323399][ T4289] __hfs_bnode_create+0xe4/0x6d4 [ 35.324718][ T4289] hfsplus_bnode_find+0x1f8/0xc60 [ 35.326073][ T4289] hfsplus_brec_find+0x134/0x4a0 [ 35.327400][ T4289] hfsplus_find_attr+0x13c/0x1e0 [ 35.328750][ T4289] hfsplus_attr_exists+0x154/0x1c8 [ 35.330154][ T4289] __hfsplus_setxattr+0x384/0x1d3c [ 35.331511][ T4289] hfsplus_setxattr+0xdc/0x12c [ 35.332777][ T4289] hfsplus_trusted_setxattr+0x54/0x6c [ 35.334260][ T4289] __vfs_setxattr+0x388/0x3a4 [ 35.335535][ T4289] __vfs_setxattr_noperm+0x110/0x528 [ 35.336976][ T4289] __vfs_setxattr_locked+0x1ec/0x218 [ 35.338466][ T4289] vfs_setxattr+0x1a8/0x344 [ 35.339677][ T4289] setxattr+0x230/0x294 [ 35.340831][ T4289] path_setxattr+0x17c/0x258 [ 35.342063][ T4289] __arm64_sys_setxattr+0xbc/0xd8 [ 35.343456][ T4289] invoke_syscall+0x98/0x2bc [ 35.344611][ T4289] el0_svc_common+0x138/0x258 [ 35.345702][ T4289] do_el0_svc+0x58/0x13c [ 35.346684][ T4289] el0_svc+0x58/0x168 [ 35.347639][ T4289] el0t_64_sync_handler+0x84/0xf0 [ 35.348914][ T4289] el0t_64_sync+0x18c/0x190 [ 35.349960][ T4289] [ 35.350534][ T4289] Last potentially related work creation: [ 35.351899][ T4289] kasan_save_stack+0x40/0x70 [ 35.353067][ T4289] __kasan_record_aux_stack+0xcc/0xe8 [ 35.354384][ T4289] kasan_record_aux_stack_noalloc+0x14/0x20 [ 35.355807][ T4289] call_rcu+0xfc/0xa40 [ 35.356839][ T4289] free_fib_info+0x68/0xa8 [ 35.358010][ T4289] fib_create_info+0x14ac/0x1e64 [ 35.359374][ T4289] fib_table_insert+0x1a4/0x1574 [ 35.360705][ T4289] fib_magic+0x300/0x4b8 [ 35.361899][ T4289] fib_add_ifaddr+0x2e4/0x4ec [ 35.363209][ T4289] fib_netdev_event+0x36c/0x4b0 [ 35.364534][ T4289] raw_notifier_call_chain+0xd4/0x164 [ 35.366006][ T4289] __dev_notify_flags+0x2b4/0x540 [ 35.367360][ T4289] dev_change_flags+0xc8/0x154 [ 35.368692][ T4289] devinet_ioctl+0x880/0x182c [ 35.370015][ T4289] inet_ioctl+0x2b0/0x4dc [ 35.371162][ T4289] sock_do_ioctl+0x134/0x2dc [ 35.372384][ T4289] sock_ioctl+0x4f0/0x85c [ 35.373524][ T4289] __arm64_sys_ioctl+0x14c/0x1c8 [ 35.374876][ T4289] invoke_syscall+0x98/0x2bc [ 35.376118][ T4289] el0_svc_common+0x138/0x258 [ 35.377370][ T4289] do_el0_svc+0x58/0x13c [ 35.378490][ T4289] el0_svc+0x58/0x168 [ 35.379599][ T4289] el0t_64_sync_handler+0x84/0xf0 [ 35.381081][ T4289] el0t_64_sync+0x18c/0x190 [ 35.382318][ T4289] [ 35.382929][ T4289] The buggy address belongs to the object at ffff0000d7c7ac00 [ 35.382929][ T4289] which belongs to the cache kmalloc-256 of size 256 [ 35.386941][ T4289] The buggy address is located 224 bytes inside of [ 35.386941][ T4289] 256-byte region [ffff0000d7c7ac00, ffff0000d7c7ad00) [ 35.390623][ T4289] [ 35.391252][ T4289] The buggy address belongs to the physical page: [ 35.393042][ T4289] page:00000000006fb031 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117c7a [ 35.395853][ T4289] head:00000000006fb031 order:1 compound_mapcount:0 compound_pincount:0 [ 35.398071][ T4289] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.400251][ T4289] raw: 05ffc00000010200 fffffc000302fe80 dead000000000002 ffff0000c0002480 [ 35.402581][ T4289] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 35.404953][ T4289] page dumped because: kasan: bad access detected [ 35.406680][ T4289] [ 35.407304][ T4289] Memory state around the buggy address: [ 35.408826][ T4289] ffff0000d7c7ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.411005][ T4289] ffff0000d7c7ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.413275][ T4289] >ffff0000d7c7ac80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.415450][ T4289] ^ [ 35.417358][ T4289] ffff0000d7c7ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.419644][ T4289] ffff0000d7c7ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.421866][ T4289] ================================================================== [ 35.424354][ T4289] Disabling lock debugging due to kernel taint [ 35.426683][ T4289] Unable to handle kernel paging request at virtual address ffff74e800008807 [ 35.429019][ T4289] KASAN: maybe wild-memory-access in range [0xffffa74000044038-0xffffa7400004403f] [ 35.431431][ T4289] Mem abort info: [ 35.432359][ T4289] ESR = 0x0000000096000004 [ 35.433534][ T4289] EC = 0x25: DABT (current EL), IL = 32 bits [ 35.435437][ T4289] SET = 0, FnV = 0 [ 35.436478][ T4289] EA = 0, S1PTW = 0 [ 35.437552][ T4289] FSC = 0x04: level 0 translation fault [ 35.439025][ T4289] Data abort info: [ 35.439981][ T4289] ISV = 0, ISS = 0x00000004 [ 35.441212][ T4289] CM = 0, WnR = 0 [ 35.442179][ T4289] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ab074000 [ 35.444166][ T4289] [ffff74e800008807] pgd=0000000000000000, p4d=0000000000000000 [ 35.446653][ T4289] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 35.448531][ T4289] Modules linked in: [ 35.449489][ T4289] CPU: 1 PID: 4289 Comm: syz-executor346 Tainted: G B 6.1.129-syzkaller #0 [ 35.452162][ T4289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 35.454829][ T4289] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.457061][ T4289] pc : kasan_check_range+0x64/0x2a4 [ 35.458483][ T4289] lr : memcpy+0x48/0x90 [ 35.459674][ T4289] sp : ffff800021206df0 [ 35.460797][ T4289] x29: ffff800021206df0 x28: 0000000000000001 x27: 0000000040000000 [ 35.463014][ T4289] x26: 1ffff00002a9d86b x25: 0000000000000fff x24: 0000000000001000 [ 35.465254][ T4289] x23: 0000000000000001 x22: ffff800009084cf0 x21: ffff800021206f00 [ 35.467491][ T4289] x20: ffffa7400004403f x19: 0000000000000001 x18: 1fffe0003679cb76 [ 35.469763][ T4289] x17: ffff800015aed000 x16: ffff80001226f180 x15: 0000000000000000 [ 35.471896][ T4289] x14: 00000000000000ff x13: ffff0000d8e2d340 x12: 0000000000000001 [ 35.474119][ T4289] x11: 1ffff4e800008807 x10: 1ffff4e800008807 x9 : ffffffffffffffff [ 35.476283][ T4289] x8 : ffff74e800008807 x7 : 1fffe0003679cb77 x6 : 00000000000000ff [ 35.478641][ T4289] x5 : ffff800021206f22 x4 : ffff0000dfaf400c x3 : ffff800009084cf0 [ 35.480798][ T4289] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffa7400004403f [ 35.482966][ T4289] Call trace: [ 35.483972][ T4289] kasan_check_range+0x64/0x2a4 [ 35.485393][ T4289] memcpy+0x48/0x90 [ 35.486432][ T4289] hfsplus_bnode_read+0x134/0x270 [ 35.487783][ T4289] hfsplus_bnode_dump+0x2ec/0x534 [ 35.489119][ T4289] hfsplus_brec_remove+0x3d0/0x4a4 [ 35.490571][ T4289] __hfsplus_delete_attr+0x1dc/0x3e4 [ 35.491984][ T4289] hfsplus_delete_attr+0x234/0x2c8 [ 35.493512][ T4289] __hfsplus_setxattr+0x3b8/0x1d3c [ 35.494960][ T4289] hfsplus_setxattr+0xdc/0x12c [ 35.496248][ T4289] hfsplus_trusted_setxattr+0x54/0x6c [ 35.497714][ T4289] __vfs_setxattr+0x388/0x3a4 [ 35.498979][ T4289] __vfs_setxattr_noperm+0x110/0x528 [ 35.500428][ T4289] __vfs_setxattr_locked+0x1ec/0x218 [ 35.501955][ T4289] vfs_setxattr+0x1a8/0x344 [ 35.503286][ T4289] setxattr+0x230/0x294 [ 35.504444][ T4289] path_setxattr+0x17c/0x258 [ 35.505772][ T4289] __arm64_sys_setxattr+0xbc/0xd8 [ 35.507141][ T4289] invoke_syscall+0x98/0x2bc [ 35.508379][ T4289] el0_svc_common+0x138/0x258 [ 35.509701][ T4289] do_el0_svc+0x58/0x13c [ 35.510893][ T4289] el0_svc+0x58/0x168 [ 35.512027][ T4289] el0t_64_sync_handler+0x84/0xf0 [ 35.513393][ T4289] el0t_64_sync+0x18c/0x190 [ 35.514654][ T4289] Code: 5400014c b4000b8c aa2a03e9 8b0b0129 (3940010a) [ 35.516616][ T4289] ---[ end trace 0000000000000000 ]--- [ 35.806009][ T4289] Kernel panic - not syncing: Oops: Fatal exception [ 35.807767][ T4289] SMP: stopping secondary CPUs [ 35.809155][ T4289] Kernel Offset: disabled [ 35.810355][ T4289] CPU features: 0x080000,02070084,26017203 [ 35.811957][ T4289] Memory Limit: none [ 36.086051][ T4289] Rebooting in 86400 seconds..