Warning: Permanently added '[localhost]:17057' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   92.689817][ T5098] loop0: detected capacity change from 0 to 1024
[   92.757212][ T5097] ==================================================================
[   92.760324][ T5097] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x57f/0x1200
[   92.763340][ T5097] Read of size 2 at addr ffff888035ec740c by task syz-executor259/5097
[   92.767026][ T5097] 
[   92.767836][ T5097] CPU: 0 UID: 0 PID: 5097 Comm: syz-executor259 Not tainted 6.12.0-rc1-syzkaller-00042-gf23aa4c0761a #0
[   92.771516][ T5097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.775437][ T5097] Call Trace:
[   92.776728][ T5097]  <TASK>
[   92.777840][ T5097]  dump_stack_lvl+0x241/0x360
[   92.779689][ T5097]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.781465][ T5097]  ? __pfx__printk+0x10/0x10
[   92.782940][ T5097]  ? _printk+0xd5/0x120
[   92.784524][ T5097]  ? __virt_addr_valid+0x183/0x530
[   92.786529][ T5097]  ? __virt_addr_valid+0x183/0x530
[   92.788522][ T5097]  print_report+0x169/0x550
[   92.790795][ T5097]  ? __virt_addr_valid+0x183/0x530
[   92.793467][ T5097]  ? __virt_addr_valid+0x183/0x530
[   92.795808][ T5097]  ? __virt_addr_valid+0x45f/0x530
[   92.798079][ T5097]  ? __phys_addr+0xba/0x170
[   92.799932][ T5097]  ? hfsplus_uni2asc+0x57f/0x1200
[   92.801868][ T5097]  kasan_report+0x143/0x180
[   92.803467][ T5097]  ? hfsplus_uni2asc+0x57f/0x1200
[   92.805451][ T5097]  hfsplus_uni2asc+0x57f/0x1200
[   92.807445][ T5097]  ? __asan_memcpy+0x40/0x70
[   92.809692][ T5097]  hfsplus_readdir+0x938/0x1320
[   92.812234][ T5097]  ? __pfx_hfsplus_readdir+0x10/0x10
[   92.814959][ T5097]  ? __mutex_lock+0x2ef/0xd70
[   92.816725][ T5097]  ? iterate_dir+0x20c/0x800
[   92.818245][ T5097]  ? __pfx_down_read_killable+0x10/0x10
[   92.820334][ T5097]  ? fdget_pos+0x24e/0x320
[   92.822093][ T5097]  ? common_file_perm+0x1a6/0x210
[   92.824099][ T5097]  iterate_dir+0x571/0x800
[   92.825838][ T5097]  __se_sys_getdents64+0x1d3/0x4a0
[   92.828086][ T5097]  ? __pfx___se_sys_getdents64+0x10/0x10
[   92.831638][ T5097]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   92.834581][ T5097]  ? __pfx_filldir64+0x10/0x10
[   92.836416][ T5097]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   92.839065][ T5097]  ? exc_page_fault+0x590/0x8c0
[   92.840567][ T5097]  ? do_syscall_64+0xb6/0x230
[   92.842356][ T5097]  do_syscall_64+0xf3/0x230
[   92.844019][ T5097]  ? clear_bhb_loop+0x35/0x90
[   92.845851][ T5097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.848845][ T5097] RIP: 0033:0x7fe7cb037e63
[   92.851133][ T5097] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 48 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
[   92.858598][ T5097] RSP: 002b:00007ffe6a3b23c8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[   92.861707][ T5097] RAX: ffffffffffffffda RBX: 0000555569887730 RCX: 00007fe7cb037e63
[   92.864519][ T5097] RDX: 0000000000008000 RSI: 0000555569887730 RDI: 0000000000000004
[   92.868050][ T5097] RBP: 0000555569887704 R08: 0000000000000000 R09: 0000000000000000
[   92.871319][ T5097] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
[   92.874202][ T5097] R13: 0000000000000010 R14: 0000555569887700 R15: 431bde82d7b634db
[   92.876728][ T5097]  </TASK>
[   92.877735][ T5097] 
[   92.878490][ T5097] Allocated by task 5097:
[   92.879865][ T5097]  kasan_save_track+0x3f/0x80
[   92.881463][ T5097]  __kasan_kmalloc+0x98/0xb0
[   92.883170][ T5097]  __kmalloc_noprof+0x1fc/0x400
[   92.885032][ T5097]  hfsplus_find_init+0x85/0x1c0
[   92.886762][ T5097]  hfsplus_readdir+0x20b/0x1320
[   92.888390][ T5097]  iterate_dir+0x571/0x800
[   92.890264][ T5097]  __se_sys_getdents64+0x1d3/0x4a0
[   92.892583][ T5097]  do_syscall_64+0xf3/0x230
[   92.894654][ T5097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.897256][ T5097] 
[   92.898159][ T5097] The buggy address belongs to the object at ffff888035ec7000
[   92.898159][ T5097]  which belongs to the cache kmalloc-2k of size 2048
[   92.902949][ T5097] The buggy address is located 0 bytes to the right of
[   92.902949][ T5097]  allocated 1036-byte region [ffff888035ec7000, ffff888035ec740c)
[   92.908475][ T5097] 
[   92.909350][ T5097] The buggy address belongs to the physical page:
[   92.912337][ T5097] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35ec0
[   92.916242][ T5097] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   92.919499][ T5097] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   92.922493][ T5097] page_type: f5(slab)
[   92.924149][ T5097] raw: 04fff00000000040 ffff88801ac42000 ffffea0000030000 dead000000000002
[   92.927910][ T5097] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000
[   92.931700][ T5097] head: 04fff00000000040 ffff88801ac42000 ffffea0000030000 dead000000000002
[   92.935005][ T5097] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000
[   92.938455][ T5097] head: 04fff00000000003 ffffea0000d7b001 ffffffffffffffff 0000000000000000
[   92.942197][ T5097] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   92.945542][ T5097] page dumped because: kasan: bad access detected
[   92.947695][ T5097] page_owner tracks the page as allocated
[   92.949848][ T5097] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 27227560512, free_ts 26957320326
[   92.957193][ T5097]  post_alloc_hook+0x1f3/0x230
[   92.959216][ T5097]  get_page_from_freelist+0x3045/0x3190
[   92.961740][ T5097]  __alloc_pages_noprof+0x256/0x6c0
[   92.963624][ T5097]  alloc_pages_mpol_noprof+0x3e8/0x680
[   92.965361][ T5097]  alloc_slab_page+0x6a/0x120
[   92.966853][ T5097]  allocate_slab+0x5a/0x2f0
[   92.968439][ T5097]  ___slab_alloc+0xcd1/0x14b0
[   92.970107][ T5097]  __slab_alloc+0x58/0xa0
[   92.971454][ T5097]  __kmalloc_node_noprof+0x286/0x440
[   92.973740][ T5097]  __kvmalloc_node_noprof+0x72/0x190
[   92.975682][ T5097]  v4l2_ctrl_new+0xfc7/0x1910
[   92.977879][ T5097]  v4l2_ctrl_new_custom+0x6fe/0xa20
[   92.980054][ T5097]  vivid_create_controls+0xe37/0x4140
[   92.982187][ T5097]  vivid_probe+0x48ba/0x7cf0
[   92.984002][ T5097]  platform_probe+0x13a/0x1c0
[   92.985932][ T5097]  really_probe+0x2b8/0xad0
[   92.987627][ T5097] page last free pid 1 tgid 1 stack trace:
[   92.989939][ T5097]  free_unref_page+0xcfb/0xf20
[   92.992228][ T5097]  __put_partials+0xeb/0x130
[   92.994564][ T5097]  put_cpu_partial+0x17c/0x250
[   92.997033][ T5097]  __slab_free+0x2ea/0x3d0
[   92.998884][ T5097]  qlist_free_all+0x9a/0x140
[   93.000725][ T5097]  kasan_quarantine_reduce+0x14f/0x170
[   93.002891][ T5097]  __kasan_slab_alloc+0x23/0x80
[   93.004793][ T5097]  __kmalloc_cache_noprof+0x132/0x2c0
[   93.006711][ T5097]  kobject_uevent_env+0x28b/0x8e0
[   93.008579][ T5097]  device_add+0x63b/0xbf0
[   93.010217][ T5097]  __video_register_device+0x3bdf/0x4a50
[   93.013642][ T5097]  vivid_create_devnodes+0x1f5f/0x2c90
[   93.016680][ T5097]  vivid_probe+0x5858/0x7cf0
[   93.018777][ T5097]  platform_probe+0x13a/0x1c0
[   93.020652][ T5097]  really_probe+0x2b8/0xad0
[   93.022432][ T5097]  __driver_probe_device+0x1a2/0x390
[   93.024578][ T5097] 
[   93.025562][ T5097] Memory state around the buggy address:
[   93.027816][ T5097]  ffff888035ec7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.030677][ T5097]  ffff888035ec7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.036147][ T5097] >ffff888035ec7400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.039582][ T5097]                       ^
[   93.041332][ T5097]  ffff888035ec7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.044263][ T5097]  ffff888035ec7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.046873][ T5097] ==================================================================
[   93.361334][ T5097] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   93.364839][ T5097] CPU: 0 UID: 0 PID: 5097 Comm: syz-executor259 Not tainted 6.12.0-rc1-syzkaller-00042-gf23aa4c0761a #0
[   93.368813][ T5097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.372573][ T5097] Call Trace:
[   93.373952][ T5097]  <TASK>
[   93.375336][ T5097]  dump_stack_lvl+0x241/0x360
[   93.377702][ T5097]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.380243][ T5097]  ? __pfx__printk+0x10/0x10
[   93.381777][ T5097]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   93.384000][ T5097]  ? vscnprintf+0x5d/0x90
[   93.385910][ T5097]  panic+0x349/0x880
[   93.387581][ T5097]  ? check_panic_on_warn+0x21/0xb0
[   93.390476][ T5097]  ? __pfx_panic+0x10/0x10
[   93.393447][ T5097]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   93.396564][ T5097]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.399044][ T5097]  check_panic_on_warn+0x86/0xb0
[   93.400989][ T5097]  ? hfsplus_uni2asc+0x57f/0x1200
[   93.402735][ T5097]  end_report+0x77/0x160
[   93.404412][ T5097]  kasan_report+0x154/0x180
[   93.406230][ T5097]  ? hfsplus_uni2asc+0x57f/0x1200
[   93.408314][ T5097]  hfsplus_uni2asc+0x57f/0x1200
[   93.410370][ T5097]  ? __asan_memcpy+0x40/0x70
[   93.412469][ T5097]  hfsplus_readdir+0x938/0x1320
[   93.414531][ T5097]  ? __pfx_hfsplus_readdir+0x10/0x10
[   93.416773][ T5097]  ? __mutex_lock+0x2ef/0xd70
[   93.418852][ T5097]  ? iterate_dir+0x20c/0x800
[   93.420729][ T5097]  ? __pfx_down_read_killable+0x10/0x10
[   93.422874][ T5097]  ? fdget_pos+0x24e/0x320
[   93.424653][ T5097]  ? common_file_perm+0x1a6/0x210
[   93.426963][ T5097]  iterate_dir+0x571/0x800
[   93.429185][ T5097]  __se_sys_getdents64+0x1d3/0x4a0
[   93.431559][ T5097]  ? __pfx___se_sys_getdents64+0x10/0x10
[   93.433754][ T5097]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   93.436059][ T5097]  ? __pfx_filldir64+0x10/0x10
[   93.437796][ T5097]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   93.440328][ T5097]  ? exc_page_fault+0x590/0x8c0
[   93.442259][ T5097]  ? do_syscall_64+0xb6/0x230
[   93.444205][ T5097]  do_syscall_64+0xf3/0x230
[   93.446024][ T5097]  ? clear_bhb_loop+0x35/0x90
[   93.448069][ T5097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.450624][ T5097] RIP: 0033:0x7fe7cb037e63
[   93.452552][ T5097] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 48 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
[   93.459800][ T5097] RSP: 002b:00007ffe6a3b23c8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[   93.463875][ T5097] RAX: ffffffffffffffda RBX: 0000555569887730 RCX: 00007fe7cb037e63
[   93.467966][ T5097] RDX: 0000000000008000 RSI: 0000555569887730 RDI: 0000000000000004
[   93.470848][ T5097] RBP: 0000555569887704 R08: 0000000000000000 R09: 0000000000000000
[   93.473887][ T5097] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
[   93.477346][ T5097] R13: 0000000000000010 R14: 0000555569887700 R15: 431bde82d7b634db
[   93.480747][ T5097]  </TASK>
[   93.482211][ T5097] Kernel Offset: disabled
[   93.484020][ T5097] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:02:13  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=ffffffff9a711e40 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000302f070
R8 =ffffffff85496a1b R9 =1ffff11003d63046 R10=dffffc0000000000 R11=ffffffff854969d0
R12=dffffc0000000000 R13=ffffffff9a40cf27 R14=0000000000000020 R15=00000000000003f8
RIP=ffffffff85496a4e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556987e380 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055556988f738 CR3=000000003bf06000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040000021 Opmask01=00000000ffffffff Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe6a3b3500 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 61616130656c6966
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e006a64615f6572 6f63735f6d6f6f2f 666c65732f636f72 702f003030303100
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0b004f41445f4057 4a46565f484a4a0a 434940560a464a57 550a001515151400
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000