Warning: Permanently added '10.128.0.195' (ED25519) to the list of known hosts. 2024/03/09 04:49:23 ignoring optional flag "sandboxArg"="0" 2024/03/09 04:49:23 parsed 1 programs [ 41.163004][ T3053] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 2024/03/09 04:49:23 executed programs: 0 [ 41.334996][ T3062] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.337057][ T3062] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.339238][ T3062] device bridge_slave_0 entered promiscuous mode [ 41.341720][ T3062] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.343637][ T3062] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.345787][ T3062] device bridge_slave_1 entered promiscuous mode [ 41.519878][ T3062] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.521789][ T3062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.523680][ T3062] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.525493][ T3062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.815975][ T2783] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.818279][ T2783] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.820954][ T2783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.823048][ T2783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.861337][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.863663][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.865533][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.867593][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.869892][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.871731][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.878510][ T2783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.882110][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.224526][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.268599][ T3062] device veth0_vlan entered promiscuous mode [ 42.272135][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.274471][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.276655][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.280980][ T3062] device veth1_vlan entered promiscuous mode [ 42.286834][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 42.289040][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 42.291469][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.294426][ T3062] device veth0_macvtap entered promiscuous mode [ 42.310603][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 42.344731][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.347114][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.349364][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.352969][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.611420][ T3240] loop0: detected capacity change from 0 to 1024 [ 42.616348][ T3240] ================================================================== [ 42.618555][ T3240] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read_key+0x3bc/0x658 [ 42.620734][ T3240] Write of size 4026 at addr ffff0000c7f8b000 by task syz-executor.0/3240 [ 42.622958][ T3240] [ 42.623568][ T3240] CPU: 0 PID: 3240 Comm: syz-executor.0 Not tainted 6.1.81-syzkaller #0 [ 42.625828][ T3240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 42.628528][ T3240] Call trace: [ 42.629396][ T3240] dump_backtrace+0x1c8/0x1f4 [ 42.630635][ T3240] show_stack+0x2c/0x3c [ 42.631755][ T3240] dump_stack_lvl+0xc0/0x104 [ 42.632971][ T3240] print_report+0x174/0x4c0 [ 42.634194][ T3240] kasan_report+0xcc/0x124 [ 42.635488][ T3240] kasan_check_range+0x264/0x2a4 [ 42.636814][ T3240] memcpy+0x60/0x90 [ 42.637805][ T3240] hfsplus_bnode_read_key+0x3bc/0x658 [ 42.639322][ T3240] hfsplus_brec_insert+0x520/0xaa0 [ 42.640711][ T3240] hfsplus_create_attr+0x3b0/0x568 [ 42.642114][ T3240] __hfsplus_setxattr+0x8fc/0x1c68 [ 42.643520][ T3240] hfsplus_setxattr+0xb4/0xec [ 42.644787][ T3240] hfsplus_user_setxattr+0x54/0x6c [ 42.646187][ T3240] __vfs_setxattr+0x388/0x3a4 [ 42.647535][ T3240] __vfs_setxattr_noperm+0x110/0x528 [ 42.648967][ T3240] __vfs_setxattr_locked+0x1ec/0x218 [ 42.650405][ T3240] vfs_setxattr+0x1a8/0x344 [ 42.651691][ T3240] setxattr+0x230/0x294 [ 42.652778][ T3240] path_setxattr+0x17c/0x258 [ 42.654000][ T3240] __arm64_sys_setxattr+0xbc/0xd8 [ 42.655350][ T3240] invoke_syscall+0x98/0x2c0 [ 42.656591][ T3240] el0_svc_common+0x134/0x24c [ 42.657849][ T3240] do_el0_svc+0x64/0x218 [ 42.658983][ T3240] el0_svc+0x34/0x100 [ 42.660026][ T3240] el0t_64_sync_handler+0x84/0xf0 [ 42.661340][ T3240] el0t_64_sync+0x18c/0x190 [ 42.662560][ T3240] [ 42.663187][ T3240] Allocated by task 3240: [ 42.664313][ T3240] kasan_set_track+0x4c/0x80 [ 42.665583][ T3240] kasan_save_alloc_info+0x24/0x30 [ 42.666966][ T3240] __kasan_kmalloc+0xac/0xc4 [ 42.668149][ T3240] __kmalloc+0xc4/0x118 [ 42.669288][ T3240] hfsplus_find_init+0x84/0x1bc [ 42.670620][ T3240] hfsplus_create_attr+0x14c/0x568 [ 42.671934][ T3240] __hfsplus_setxattr+0x8fc/0x1c68 [ 42.673316][ T3240] hfsplus_setxattr+0xb4/0xec [ 42.674588][ T3240] hfsplus_user_setxattr+0x54/0x6c [ 42.675950][ T3240] __vfs_setxattr+0x388/0x3a4 [ 42.677198][ T3240] __vfs_setxattr_noperm+0x110/0x528 [ 42.678624][ T3240] __vfs_setxattr_locked+0x1ec/0x218 [ 42.680077][ T3240] vfs_setxattr+0x1a8/0x344 [ 42.681248][ T3240] setxattr+0x230/0x294 [ 42.682357][ T3240] path_setxattr+0x17c/0x258 [ 42.683595][ T3240] __arm64_sys_setxattr+0xbc/0xd8 [ 42.684969][ T3240] invoke_syscall+0x98/0x2c0 [ 42.686244][ T3240] el0_svc_common+0x134/0x24c [ 42.687485][ T3240] do_el0_svc+0x64/0x218 [ 42.688648][ T3240] el0_svc+0x34/0x100 [ 42.689711][ T3240] el0t_64_sync_handler+0x84/0xf0 [ 42.691053][ T3240] el0t_64_sync+0x18c/0x190 [ 42.692248][ T3240] [ 42.692852][ T3240] The buggy address belongs to the object at ffff0000c7f8b000 [ 42.692852][ T3240] which belongs to the cache kmalloc-1k of size 1024 [ 42.696636][ T3240] The buggy address is located 0 bytes inside of [ 42.696636][ T3240] 1024-byte region [ffff0000c7f8b000, ffff0000c7f8b400) [ 42.700130][ T3240] [ 42.700726][ T3240] The buggy address belongs to the physical page: [ 42.702441][ T3240] page:000000006e875cbd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107f88 [ 42.705153][ T3240] head:000000006e875cbd order:3 compound_mapcount:0 compound_pincount:0 [ 42.707415][ T3240] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 42.709603][ T3240] raw: 05ffc00000010200 fffffc0003222c00 dead000000000002 ffff0000c0002780 [ 42.711954][ T3240] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 42.714252][ T3240] page dumped because: kasan: bad access detected [ 42.716002][ T3240] [ 42.716627][ T3240] Memory state around the buggy address: [ 42.718113][ T3240] ffff0000c7f8b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.720253][ T3240] ffff0000c7f8b180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.722447][ T3240] >ffff0000c7f8b200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.724589][ T3240] ^ [ 42.725862][ T3240] ffff0000c7f8b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.728071][ T3240] ffff0000c7f8b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.730313][ T3240] ================================================================== [ 42.733027][ T3240] Disabling lock debugging due to kernel taint [ 42.747386][ T3242] loop0: detected capacity change from 0 to 1024 [ 42.764543][ T3244] loop0: detected capacity change from 0 to 1024 [ 42.807599][ T3246] loop0: detected capacity change from 0 to 1024 [ 42.824428][ T3248] loop0: detected capacity change from 0 to 1024 [ 42.829397][ T240] Unable to handle kernel paging request at virtual address dfff800000000008 [ 42.830354][ T83] list_add corruption. prev->next should be next (ffff8000119ec7a0), but was 0000020000000200. (prev=ffff0000cc77ca78). [ 42.831894][ T240] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 42.835129][ T83] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 42.837317][ T240] Mem abort info: [ 42.839331][ T83] Modules linked in: [ 42.840454][ T240] ESR = 0x0000000096000006 [ 42.841330][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 6.1.81-syzkaller #0 [ 42.842564][ T240] EC = 0x25: DABT (current EL), IL = 32 bits [ 42.845080][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 42.846743][ T240] SET = 0, FnV = 0 [ 42.849397][ T83] Workqueue: ipv6_addrconf addrconf_dad_work [ 42.850536][ T240] EA = 0, S1PTW = 0 [ 42.852025][ T83] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.853086][ T240] FSC = 0x06: level 2 translation fault [ 42.855158][ T83] pc : __list_add_valid+0x10c/0x110 [ 42.856634][ T240] Data abort info: [ 42.858010][ T83] lr : __list_add_valid+0x10c/0x110 [ 42.858960][ T240] ISV = 0, ISS = 0x00000006 [ 42.860415][ T83] sp : ffff800012fc72a0 [ 42.860422][ T83] x29: ffff800012fc72a0 x28: 1fffe00018b669d9 x27: 0000000000000000 [ 42.861725][ T240] CM = 0, WnR = 0 [ 42.862824][ T83] x26: dfff800000000000 [ 42.864934][ T240] [dfff800000000008] address between user and kernel address ranges [ 42.865978][ T83] x25: ffff0000c9a0d2b8 x24: 1ffff0000233d8f5 [ 42.870938][ T83] x23: dfff800000000000 x22: ffff8000119ec7a8 x21: ffff0000c9a0d278 [ 42.873094][ T83] x20: ffff0000cc77ca78 x19: ffff8000119ec7a0 x18: ffff80001011f930 [ 42.875304][ T83] x17: 3061376365393131 x16: 3030303866666666 x15: 28207478656e2065 [ 42.877533][ T83] x14: 6220646c756f6873 x13: 205d333854202020 x12: 0000000000000001 [ 42.879748][ T83] x11: 0000000000ff0100 x10: 0000000000000000 x9 : 96351f0ab02cfd00 [ 42.881830][ T83] x8 : 96351f0ab02cfd00 x7 : 205b5d3435333033 x6 : ffff8000082a2b44 [ 42.884020][ T83] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000973961c [ 42.886172][ T83] x2 : ffff0001b51fdba8 x1 : 0000000100000201 x0 : 0000000000000075 [ 42.888376][ T83] Call trace: [ 42.889258][ T83] __list_add_valid+0x10c/0x110 [ 42.890503][ T83] ___neigh_create+0x150c/0x1d80 [ 42.891841][ T83] __neigh_create+0x44/0x58 [ 42.893033][ T83] ip6_finish_output2+0xa44/0x1de8 [ 42.894414][ T83] ip6_finish_output+0x56c/0x88c [ 42.895774][ T83] ip6_output+0x238/0x6b4 [ 42.896952][ T83] ndisc_send_skb+0x8f8/0x116c [ 42.898248][ T83] ndisc_send_ns+0xd4/0x164 [ 42.899402][ T83] addrconf_dad_work+0x99c/0x1390 [ 42.900769][ T83] process_one_work+0x698/0xc7c [ 42.902105][ T83] worker_thread+0x860/0xea4 [ 42.903273][ T83] kthread+0x200/0x260 [ 42.904374][ T83] ret_from_fork+0x10/0x20 [ 42.905565][ T83] Code: 91178000 aa1303e1 aa1403e3 9521de63 (d4210000) [ 42.907436][ T83] ---[ end trace 0000000000000000 ]--- [ 43.139442][ T83] Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt [ 43.141599][ T83] SMP: stopping secondary CPUs [ 44.226482][ T83] SMP: failed to stop secondary CPUs 0-1 [ 44.228087][ T83] Kernel Offset: disabled [ 44.229236][ T83] CPU features: 0x00000,02070084,26017203 [ 44.230736][ T83] Memory Limit: none [ 44.448663][ T83] Rebooting in 86400 seconds..