Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts. executing program [ 38.556319][ T6441] loop0: detected capacity change from 0 to 1024 [ 38.610454][ T6441] ================================================================== [ 38.612598][ T6441] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x150/0x538 [ 38.614645][ T6441] Read of size 8 at addr ffff0000c1d289c0 by task syz-executor168/6441 [ 38.616805][ T6441] [ 38.617404][ T6441] CPU: 1 UID: 0 PID: 6441 Comm: syz-executor168 Not tainted 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 38.617419][ T6441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 38.617426][ T6441] Call trace: [ 38.617429][ T6441] show_stack+0x2c/0x3c (C) [ 38.617450][ T6441] dump_stack_lvl+0xe4/0x150 [ 38.617464][ T6441] print_report+0x198/0x538 [ 38.617477][ T6441] kasan_report+0xd8/0x138 [ 38.617488][ T6441] __asan_report_load8_noabort+0x20/0x2c [ 38.617502][ T6441] hfsplus_bmap_alloc+0x150/0x538 [ 38.617515][ T6441] hfs_btree_inc_height+0xf8/0xa60 [ 38.617528][ T6441] hfsplus_brec_insert+0x11c/0xaa0 [ 38.617541][ T6441] __hfsplus_ext_write_extent+0x288/0x4ac [ 38.617553][ T6441] __hfsplus_ext_cache_extent+0x84/0xa84 [ 38.617566][ T6441] hfsplus_file_extend+0x39c/0x1544 [ 38.617577][ T6441] hfsplus_get_block+0x398/0x1168 [ 38.617589][ T6441] __block_write_begin_int+0x4c4/0x1610 [ 38.617604][ T6441] cont_write_begin+0x634/0x984 [ 38.617617][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.617627][ T6441] cont_write_begin+0x2b0/0x984 [ 38.617640][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.617650][ T6441] generic_perform_write+0x29c/0x868 [ 38.617662][ T6441] __generic_file_write_iter+0xfc/0x204 [ 38.617673][ T6441] generic_file_write_iter+0x108/0x4b0 [ 38.617684][ T6441] __kernel_write_iter+0x340/0x7a0 [ 38.617697][ T6441] dump_user_range+0x378/0x6c8 [ 38.617711][ T6441] elf_core_dump+0x336c/0x3c38 [ 38.617722][ T6441] do_coredump+0x1d28/0x29a0 [ 38.617735][ T6441] get_signal+0xf6c/0x1500 [ 38.617748][ T6441] do_signal+0x1a4/0x3a04 [ 38.617778][ T6441] do_notify_resume+0x74/0x1f4 [ 38.617792][ T6441] el0_da+0xbc/0x178 [ 38.617803][ T6441] el0t_64_sync_handler+0xcc/0x108 [ 38.617814][ T6441] el0t_64_sync+0x198/0x19c [ 38.617826][ T6441] [ 38.661645][ T6441] Allocated by task 6441: [ 38.662806][ T6441] kasan_save_track+0x40/0x78 [ 38.664018][ T6441] kasan_save_alloc_info+0x40/0x50 [ 38.665323][ T6441] __kasan_kmalloc+0xac/0xc4 [ 38.666550][ T6441] __kmalloc_noprof+0x32c/0x54c [ 38.667837][ T6441] __hfs_bnode_create+0xe4/0x6d4 [ 38.669144][ T6441] hfsplus_bnode_find+0x1f8/0xc04 [ 38.670453][ T6441] hfsplus_bmap_alloc+0xc8/0x538 [ 38.671798][ T6441] hfs_btree_inc_height+0xf8/0xa60 [ 38.673130][ T6441] hfsplus_brec_insert+0x11c/0xaa0 [ 38.674452][ T6441] __hfsplus_ext_write_extent+0x288/0x4ac [ 38.675869][ T6441] __hfsplus_ext_cache_extent+0x84/0xa84 [ 38.677331][ T6441] hfsplus_file_extend+0x39c/0x1544 [ 38.678624][ T6441] hfsplus_get_block+0x398/0x1168 [ 38.679923][ T6441] __block_write_begin_int+0x4c4/0x1610 [ 38.681347][ T6441] cont_write_begin+0x634/0x984 [ 38.682625][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.683869][ T6441] cont_write_begin+0x2b0/0x984 [ 38.685085][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.686346][ T6441] generic_perform_write+0x29c/0x868 [ 38.687695][ T6441] __generic_file_write_iter+0xfc/0x204 [ 38.689080][ T6441] generic_file_write_iter+0x108/0x4b0 [ 38.690424][ T6441] __kernel_write_iter+0x340/0x7a0 [ 38.691712][ T6441] dump_user_range+0x378/0x6c8 [ 38.692938][ T6441] elf_core_dump+0x336c/0x3c38 [ 38.694140][ T6441] do_coredump+0x1d28/0x29a0 [ 38.695319][ T6441] get_signal+0xf6c/0x1500 [ 38.696460][ T6441] do_signal+0x1a4/0x3a04 [ 38.697592][ T6441] do_notify_resume+0x74/0x1f4 [ 38.698890][ T6441] el0_da+0xbc/0x178 [ 38.699891][ T6441] el0t_64_sync_handler+0xcc/0x108 [ 38.701194][ T6441] el0t_64_sync+0x198/0x19c [ 38.702302][ T6441] [ 38.702920][ T6441] The buggy address belongs to the object at ffff0000c1d28900 [ 38.702920][ T6441] which belongs to the cache kmalloc-192 of size 192 [ 38.706562][ T6441] The buggy address is located 48 bytes to the right of [ 38.706562][ T6441] allocated 144-byte region [ffff0000c1d28900, ffff0000c1d28990) [ 38.710351][ T6441] [ 38.710967][ T6441] The buggy address belongs to the physical page: [ 38.712631][ T6441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d28 [ 38.714941][ T6441] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 38.716787][ T6441] page_type: f5(slab) [ 38.717784][ T6441] raw: 05ffc00000000000 ffff0000c00013c0 dead000000000100 dead000000000122 [ 38.720233][ T6441] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 38.722406][ T6441] page dumped because: kasan: bad access detected [ 38.724171][ T6441] [ 38.724768][ T6441] Memory state around the buggy address: [ 38.726279][ T6441] ffff0000c1d28880: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.728543][ T6441] ffff0000c1d28900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.731553][ T6441] >ffff0000c1d28980: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.734668][ T6441] ^ [ 38.737558][ T6441] ffff0000c1d28a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.740278][ T6441] ffff0000c1d28a80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.742352][ T6441] ================================================================== [ 38.744804][ T6441] Disabling lock debugging due to kernel taint [ 38.746514][ T6441] ------------[ cut here ]------------ [ 38.747896][ T6441] WARNING: CPU: 1 PID: 6441 at ./include/linux/mm.h:2250 kmap_local_page+0x388/0x500 [ 38.750280][ T6441] Modules linked in: [ 38.751230][ T6441] CPU: 1 UID: 0 PID: 6441 Comm: syz-executor168 Tainted: G B 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 38.754293][ T6441] Tainted: [B]=BAD_PAGE [ 38.755441][ T6441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 38.758212][ T6441] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.760202][ T6441] pc : kmap_local_page+0x388/0x500 [ 38.761573][ T6441] lr : kmap_local_page+0x148/0x500 [ 38.762949][ T6441] sp : ffff8000a4a15bf0 [ 38.763977][ T6441] x29: ffff8000a4a15bf0 x28: ffff0000dc472000 x27: 1ffff00014942b8c [ 38.766199][ T6441] x26: 1fffe0001b88e403 x25: 1fffe0001b88f5fb x24: ffff80008f4d4000 [ 38.768375][ T6441] x23: 1ffff00011e9a8a9 x22: ffff8000a4a15c80 x21: dfff800000000000 [ 38.770648][ T6441] x20: ffff0000c1d28900 x19: 049004df41001929 x18: 0000000000000008 [ 38.772809][ T6441] x17: 0000000000000000 x16: ffff80008b7275dc x15: 0000000000000001 [ 38.774914][ T6441] x14: 1ffff0001262e6f8 x13: 0000000000000000 x12: 0000000000000000 [ 38.777122][ T6441] x11: ffff70001262e6f9 x10: 0000000000ff0100 x9 : 0000000000000000 [ 38.779233][ T6441] x8 : ffff0000c5fa0000 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.781407][ T6441] x5 : ffff8000a4a152f8 x4 : ffff80008fcaf720 x3 : ffff8000802f88ec [ 38.783601][ T6441] x2 : 0000000000000001 x1 : 049004df41001929 x0 : 0400000000000000 [ 38.785762][ T6441] Call trace: [ 38.786664][ T6441] kmap_local_page+0x388/0x500 (P) [ 38.788043][ T6441] hfsplus_bmap_alloc+0x158/0x538 [ 38.789413][ T6441] hfs_btree_inc_height+0xf8/0xa60 [ 38.790900][ T6441] hfsplus_brec_insert+0x11c/0xaa0 [ 38.792270][ T6441] __hfsplus_ext_write_extent+0x288/0x4ac [ 38.794079][ T6441] __hfsplus_ext_cache_extent+0x84/0xa84 [ 38.795599][ T6441] hfsplus_file_extend+0x39c/0x1544 [ 38.797103][ T6441] hfsplus_get_block+0x398/0x1168 [ 38.798523][ T6441] __block_write_begin_int+0x4c4/0x1610 [ 38.800051][ T6441] cont_write_begin+0x634/0x984 [ 38.801466][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.802759][ T6441] cont_write_begin+0x2b0/0x984 [ 38.804084][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.805389][ T6441] generic_perform_write+0x29c/0x868 [ 38.806906][ T6441] __generic_file_write_iter+0xfc/0x204 [ 38.808398][ T6441] generic_file_write_iter+0x108/0x4b0 [ 38.809981][ T6441] __kernel_write_iter+0x340/0x7a0 [ 38.811590][ T6441] dump_user_range+0x378/0x6c8 [ 38.813220][ T6441] elf_core_dump+0x336c/0x3c38 [ 38.815000][ T6441] do_coredump+0x1d28/0x29a0 [ 38.816618][ T6441] get_signal+0xf6c/0x1500 [ 38.818833][ T6441] do_signal+0x1a4/0x3a04 [ 38.820613][ T6441] do_notify_resume+0x74/0x1f4 [ 38.821892][ T6441] el0_da+0xbc/0x178 [ 38.823090][ T6441] el0t_64_sync_handler+0xcc/0x108 [ 38.824489][ T6441] el0t_64_sync+0x198/0x19c [ 38.825771][ T6441] irq event stamp: 9593 [ 38.826863][ T6441] hardirqs last enabled at (9593): [<ffff8000803d4db4>] raw_spin_rq_unlock_irq+0x14/0x24 [ 38.829805][ T6441] hardirqs last disabled at (9592): [<ffff80008b7d0e04>] __schedule+0x2bc/0x257c [ 38.833059][ T6441] softirqs last enabled at (7186): [<ffff800080311b48>] handle_softirqs+0xb44/0xd34 [ 38.837235][ T6441] softirqs last disabled at (7173): [<ffff800080020dbc>] __do_softirq+0x14/0x20 [ 38.839972][ T6441] ---[ end trace 0000000000000000 ]--- [ 38.841479][ T6441] Unable to handle kernel paging request at virtual address fffd86fa0000cb28 [ 38.843820][ T6441] KASAN: maybe wild-memory-access in range [0xfff037d000065940-0xfff037d000065947] [ 38.846193][ T6441] Mem abort info: [ 38.847118][ T6441] ESR = 0x0000000096000004 [ 38.848240][ T6441] EC = 0x25: DABT (current EL), IL = 32 bits [ 38.849953][ T6441] SET = 0, FnV = 0 [ 38.850898][ T6441] EA = 0, S1PTW = 0 [ 38.851909][ T6441] FSC = 0x04: level 0 translation fault [ 38.853488][ T6441] Data abort info: [ 38.854425][ T6441] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 38.856001][ T6441] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 38.857505][ T6441] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 38.859193][ T6441] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001a50a6000 [ 38.861036][ T6441] [fffd86fa0000cb28] pgd=0000000000000000, p4d=0000000000000000 [ 38.862978][ T6441] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 38.864866][ T6441] Modules linked in: [ 38.865866][ T6441] CPU: 1 UID: 0 PID: 6441 Comm: syz-executor168 Tainted: G B W 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 38.868997][ T6441] Tainted: [B]=BAD_PAGE, [W]=WARN [ 38.870322][ T6441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 38.872928][ T6441] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.874903][ T6441] pc : hfsplus_bmap_alloc+0x180/0x538 [ 38.876299][ T6441] lr : hfsplus_bmap_alloc+0x16c/0x538 [ 38.877705][ T6441] sp : ffff8000a4a15c40 [ 38.878813][ T6441] x29: ffff8000a4a15cc0 x28: 0000000000000f00 x27: 1ffff00014942b8c [ 38.880871][ T6441] x26: fff037d000064a40 x25: fff037d000065940 x24: 00000000ffff90f8 [ 38.882819][ T6441] x23: ffff0000c1d289c0 x22: ffff8000a4a15c80 x21: dfff800000000000 [ 38.884808][ T6441] x20: ffff0000c1d28900 x19: 1ffe06fa0000cb28 x18: 0000000000000008 [ 38.886697][ T6441] x17: 0000000000000000 x16: ffff80008b7275dc x15: 0000000000000001 [ 38.888733][ T6441] x14: 1ffff0001262e6f8 x13: 0000000000000000 x12: 0000000000000000 [ 38.890748][ T6441] x11: ffff70001262e6f9 x10: 0000000000ff0100 x9 : 0000000000000000 [ 38.892759][ T6441] x8 : ffff0000c5fa0000 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.894871][ T6441] x5 : ffff8000a4a152f8 x4 : ffff80008fcaf720 x3 : ffff8000802f88ec [ 38.896876][ T6441] x2 : 0000000000000001 x1 : 00000000000090f8 x0 : 0000000000000000 [ 38.898811][ T6441] Call trace: [ 38.899640][ T6441] hfsplus_bmap_alloc+0x180/0x538 (P) [ 38.900958][ T6441] hfs_btree_inc_height+0xf8/0xa60 [ 38.902228][ T6441] hfsplus_brec_insert+0x11c/0xaa0 [ 38.903580][ T6441] __hfsplus_ext_write_extent+0x288/0x4ac [ 38.905068][ T6441] __hfsplus_ext_cache_extent+0x84/0xa84 [ 38.906454][ T6441] hfsplus_file_extend+0x39c/0x1544 [ 38.907694][ T6441] hfsplus_get_block+0x398/0x1168 [ 38.908987][ T6441] __block_write_begin_int+0x4c4/0x1610 [ 38.910310][ T6441] cont_write_begin+0x634/0x984 [ 38.911536][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.912740][ T6441] cont_write_begin+0x2b0/0x984 [ 38.914026][ T6441] hfsplus_write_begin+0x7c/0xc4 [ 38.915362][ T6441] generic_perform_write+0x29c/0x868 [ 38.916676][ T6441] __generic_file_write_iter+0xfc/0x204 [ 38.918051][ T6441] generic_file_write_iter+0x108/0x4b0 [ 38.919512][ T6441] __kernel_write_iter+0x340/0x7a0 [ 38.920784][ T6441] dump_user_range+0x378/0x6c8 [ 38.922023][ T6441] elf_core_dump+0x336c/0x3c38 [ 38.923221][ T6441] do_coredump+0x1d28/0x29a0 [ 38.924393][ T6441] get_signal+0xf6c/0x1500 [ 38.925584][ T6441] do_signal+0x1a4/0x3a04 [ 38.926688][ T6441] do_notify_resume+0x74/0x1f4 [ 38.927987][ T6441] el0_da+0xbc/0x178 [ 38.929002][ T6441] el0t_64_sync_handler+0xcc/0x108 [ 38.930333][ T6441] el0t_64_sync+0x198/0x19c [ 38.931478][ T6441] Code: 12002e7c 8b3c4359 d343ff33 12000b29 (38f56a68) [ 38.933354][ T6441] ---[ end trace 0000000000000000 ]--- [ 39.258868][ T6441] Kernel panic - not syncing: Oops: Fatal exception [ 39.260531][ T6441] SMP: stopping secondary CPUs [ 39.261731][ T6441] Kernel Offset: disabled [ 39.262880][ T6441] CPU features: 0x200,00002070,00800250,82017203 [ 39.264515][ T6441] Memory Limit: none [ 39.571856][ T6441] Rebooting in 86400 seconds..