./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2090814956
<...>
Warning: Permanently added '10.128.0.197' (ED25519) to the list of known hosts.
execve("./syz-executor2090814956", ["./syz-executor2090814956"], 0x7ffe64883360 /* 10 vars */) = 0
brk(NULL) = 0x55556a106000
brk(0x55556a106d00) = 0x55556a106d00
arch_prctl(ARCH_SET_FS, 0x55556a106380) = 0
set_tid_address(0x55556a106650) = 5089
set_robust_list(0x55556a106660, 24) = 0
rseq(0x55556a106ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2090814956", 4096) = 28
getrandom("\x8f\x05\x76\x6c\xff\x2f\xd0\x0f", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55556a106d00
brk(0x55556a127d00) = 0x55556a127d00
brk(0x55556a128000) = 0x55556a128000
mprotect(0x7f119fde2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached
, child_tidptr=0x55556a106650) = 5090
[pid 5090] set_robust_list(0x55556a106660, 24) = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1197800000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5090] munmap(0x7f1197800000, 138412032) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] close(4) = 0
[pid 5090] mkdir("./file1", 0777) = 0
[ 110.408451][ T5090] loop0: detected capacity change from 0 to 1024
[ 110.434242][ T5090] =======================================================
[ 110.434242][ T5090] WARNING: The mand mount option has been deprecated and
[ 110.434242][ T5090] and is ignored by this kernel. Remove the mand
[pid 5090] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK, "") = 0
[pid 5090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file1") = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5090] openat(AT_FDCWD, ".", O_RDONLY) = 4
[ 110.434242][ T5090] option from the mount to silence this warning.
[ 110.434242][ T5090] =======================================================
[ 110.490369][ T5090] ==================================================================
[ 110.498452][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 110.506134][ T5090] Read of size 2 at addr ffff88801d31a40c by task syz-executor209/5090
[ 110.514382][ T5090]
[ 110.516703][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 110.527127][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 110.537188][ T5090] Call Trace:
[ 110.540470][ T5090]
[ 110.543404][ T5090] dump_stack_lvl+0x116/0x1f0
[ 110.548122][ T5090] print_report+0xc3/0x620
[ 110.552560][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.558219][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.563874][ T5090] ? __phys_addr+0xc6/0x150
[ 110.568396][ T5090] kasan_report+0xd9/0x110
[ 110.572843][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 110.577804][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 110.582771][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 110.587570][ T5090] hfsplus_readdir+0x87b/0x1000
[ 110.592454][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 110.597766][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 110.602982][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.608632][ T5090] ? lockdep_unlock+0x11a/0x290
[ 110.613549][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.619203][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.624856][ T5090] ? down_read_killable+0xcc/0x380
[ 110.629997][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 110.635612][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.641262][ T5090] ? apparmor_file_permission+0x251/0x410
[ 110.647022][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.652682][ T5090] iterate_dir+0x295/0x9e0
[ 110.657137][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 110.662366][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 110.668118][ T5090] ? __pfx_filldir64+0x10/0x10
[ 110.672909][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.678559][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 110.683816][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.689476][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 110.694697][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 110.700349][ T5090] ? ptrace_notify+0xf1/0x130
[ 110.705058][ T5090] do_syscall_64+0xcf/0x260
[ 110.709583][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.715517][ T5090] RIP: 0033:0x7f119fd6ed19
[ 110.719936][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 110.739559][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 110.747996][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 110.755999][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 110.763989][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 110.771978][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 110.779957][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 110.787950][ T5090]
[ 110.790967][ T5090]
[ 110.793288][ T5090] Allocated by task 5090:
[ 110.797620][ T5090] kasan_save_stack+0x33/0x60
[ 110.802316][ T5090] kasan_save_track+0x14/0x30
[ 110.807006][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 110.811611][ T5090] __kmalloc+0x1f9/0x440
[ 110.815874][ T5090] hfsplus_find_init+0x95/0x200
[ 110.820739][ T5090] hfsplus_readdir+0x266/0x1000
[ 110.825622][ T5090] iterate_dir+0x295/0x9e0
[ 110.830087][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 110.835319][ T5090] do_syscall_64+0xcf/0x260
[ 110.839842][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.845777][ T5090]
[ 110.848116][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 110.848116][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 110.862198][ T5090] The buggy address is located 0 bytes to the right of
[ 110.862198][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 110.876782][ T5090]
[ 110.879101][ T5090] The buggy address belongs to the physical page:
[ 110.885508][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 110.894277][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 110.901831][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 110.909822][ T5090] page_type: 0xffffffff()
[ 110.914164][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 110.922758][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 110.931356][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 110.940038][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 110.948719][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 110.957402][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 110.966071][ T5090] page dumped because: kasan: bad access detected
[ 110.972482][ T5090] page_owner tracks the page as allocated
[ 110.978192][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 110.998966][ T5090] post_alloc_hook+0x2d4/0x350
[ 111.003788][ T5090] get_page_from_freelist+0xa28/0x3780
[ 111.009262][ T5090] __alloc_pages+0x22b/0x2460
[ 111.013956][ T5090] new_slab+0xcc/0x3a0
[ 111.018043][ T5090] ___slab_alloc+0x66d/0x1790
[ 111.022738][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 111.028148][ T5090] __kmalloc+0x3b4/0x440
[ 111.032409][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 111.037018][ T5090] sk_alloc+0x36/0xb90
[ 111.041124][ T5090] __netlink_create+0x63/0x300
[ 111.045917][ T5090] netlink_create+0x3dc/0x670
[ 111.050615][ T5090] __sock_create+0x331/0x800
[ 111.055225][ T5090] __sys_socket+0x14f/0x260
[ 111.059751][ T5090] __x64_sys_socket+0x72/0xb0
[ 111.064473][ T5090] do_syscall_64+0xcf/0x260
[ 111.069026][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.075056][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 111.081389][ T5090] free_unref_page_prepare+0x527/0xb10
[ 111.086906][ T5090] free_unref_page+0x33/0x3c0
[ 111.091623][ T5090] __put_partials+0x14c/0x170
[ 111.096338][ T5090] qlist_free_all+0x4e/0x140
[ 111.100967][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 111.106445][ T5090] __kasan_slab_alloc+0x69/0x90
[ 111.111326][ T5090] kmem_cache_alloc+0x136/0x320
[ 111.116201][ T5090] getname_flags.part.0+0x50/0x4f0
[ 111.121349][ T5090] getname+0x8f/0xe0
[ 111.125264][ T5090] do_sys_openat2+0x104/0x1e0
[ 111.129963][ T5090] __x64_sys_openat+0x175/0x210
[ 111.134849][ T5090] do_syscall_64+0xcf/0x260
[ 111.139370][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.145289][ T5090]
[ 111.147612][ T5090] Memory state around the buggy address:
[ 111.153246][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.161324][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.169393][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.177461][ T5090] ^
[ 111.181811][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.189899][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.197981][ T5090] ==================================================================
[ 111.206581][ T5090] Disabling lock debugging due to kernel taint
[ 111.212766][ T5090] ==================================================================
[ 111.220844][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 111.228514][ T5090] Read of size 2 at addr ffff88801d31a40e by task syz-executor209/5090
[ 111.236767][ T5090]
[ 111.239096][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 111.251004][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 111.261070][ T5090] Call Trace:
[ 111.264363][ T5090]
[ 111.267305][ T5090] dump_stack_lvl+0x116/0x1f0
[ 111.272025][ T5090] print_report+0xc3/0x620
[ 111.276476][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.282139][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.287800][ T5090] ? __phys_addr+0xc6/0x150
[ 111.292343][ T5090] kasan_report+0xd9/0x110
[ 111.296796][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 111.301772][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 111.306746][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 111.311548][ T5090] hfsplus_readdir+0x87b/0x1000
[ 111.316449][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 111.321776][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 111.327009][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.332671][ T5090] ? lockdep_unlock+0x11a/0x290
[ 111.337607][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.343273][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.348937][ T5090] ? down_read_killable+0xcc/0x380
[ 111.354073][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 111.359643][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.365304][ T5090] ? apparmor_file_permission+0x251/0x410
[ 111.371053][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.376717][ T5090] iterate_dir+0x295/0x9e0
[ 111.381183][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 111.386428][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 111.392196][ T5090] ? __pfx_filldir64+0x10/0x10
[ 111.396999][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.402680][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 111.407920][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.413580][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 111.418823][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 111.424484][ T5090] ? ptrace_notify+0xf1/0x130
[ 111.429206][ T5090] do_syscall_64+0xcf/0x260
[ 111.433739][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.439686][ T5090] RIP: 0033:0x7f119fd6ed19
[ 111.444120][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 111.463749][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 111.472181][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 111.480167][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 111.488154][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 111.496142][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 111.504130][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 111.512127][ T5090]
[ 111.515154][ T5090]
[ 111.517482][ T5090] Allocated by task 5090:
[ 111.521826][ T5090] kasan_save_stack+0x33/0x60
[ 111.526541][ T5090] kasan_save_track+0x14/0x30
[ 111.531246][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 111.535864][ T5090] __kmalloc+0x1f9/0x440
[ 111.540136][ T5090] hfsplus_find_init+0x95/0x200
[ 111.545008][ T5090] hfsplus_readdir+0x266/0x1000
[ 111.549898][ T5090] iterate_dir+0x295/0x9e0
[ 111.554373][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 111.559617][ T5090] do_syscall_64+0xcf/0x260
[ 111.564141][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.570080][ T5090]
[ 111.572407][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 111.572407][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 111.586475][ T5090] The buggy address is located 2 bytes to the right of
[ 111.586475][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 111.601069][ T5090]
[ 111.603402][ T5090] The buggy address belongs to the physical page:
[ 111.609815][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 111.618594][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 111.626147][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 111.634143][ T5090] page_type: 0xffffffff()
[ 111.638486][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 111.647089][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 111.655699][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 111.664391][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 111.673083][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 111.681775][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 111.690458][ T5090] page dumped because: kasan: bad access detected
[ 111.696876][ T5090] page_owner tracks the page as allocated
[ 111.702594][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 111.723487][ T5090] post_alloc_hook+0x2d4/0x350
[ 111.728302][ T5090] get_page_from_freelist+0xa28/0x3780
[ 111.733785][ T5090] __alloc_pages+0x22b/0x2460
[ 111.738487][ T5090] new_slab+0xcc/0x3a0
[ 111.742577][ T5090] ___slab_alloc+0x66d/0x1790
[ 111.747302][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 111.752703][ T5090] __kmalloc+0x3b4/0x440
[ 111.756980][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 111.761602][ T5090] sk_alloc+0x36/0xb90
[ 111.765712][ T5090] __netlink_create+0x63/0x300
[ 111.770514][ T5090] netlink_create+0x3dc/0x670
[ 111.775225][ T5090] __sock_create+0x331/0x800
[ 111.779855][ T5090] __sys_socket+0x14f/0x260
[ 111.784393][ T5090] __x64_sys_socket+0x72/0xb0
[ 111.789105][ T5090] do_syscall_64+0xcf/0x260
[ 111.793626][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.799560][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 111.805892][ T5090] free_unref_page_prepare+0x527/0xb10
[ 111.811388][ T5090] free_unref_page+0x33/0x3c0
[ 111.816103][ T5090] __put_partials+0x14c/0x170
[ 111.820807][ T5090] qlist_free_all+0x4e/0x140
[ 111.825428][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 111.830913][ T5090] __kasan_slab_alloc+0x69/0x90
[ 111.835794][ T5090] kmem_cache_alloc+0x136/0x320
[ 111.840684][ T5090] getname_flags.part.0+0x50/0x4f0
[ 111.845834][ T5090] getname+0x8f/0xe0
[ 111.849776][ T5090] do_sys_openat2+0x104/0x1e0
[ 111.854491][ T5090] __x64_sys_openat+0x175/0x210
[ 111.859375][ T5090] do_syscall_64+0xcf/0x260
[ 111.863898][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.869837][ T5090]
[ 111.872162][ T5090] Memory state around the buggy address:
[ 111.877801][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.885881][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.893955][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.902024][ T5090] ^
[ 111.906357][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.914429][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.922497][ T5090] ==================================================================
[ 111.931259][ T5090] ==================================================================
[ 111.939354][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 111.947033][ T5090] Read of size 2 at addr ffff88801d31a410 by task syz-executor209/5090
[ 111.955302][ T5090]
[ 111.957643][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 111.969656][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 111.979737][ T5090] Call Trace:
[ 111.983029][ T5090]
[ 111.985975][ T5090] dump_stack_lvl+0x116/0x1f0
[ 111.990699][ T5090] print_report+0xc3/0x620
[ 111.995152][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.000815][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.006477][ T5090] ? __phys_addr+0xc6/0x150
[ 112.011011][ T5090] kasan_report+0xd9/0x110
[ 112.015462][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 112.020429][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 112.025399][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 112.030199][ T5090] hfsplus_readdir+0x87b/0x1000
[ 112.035097][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 112.040421][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 112.045653][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.051314][ T5090] ? lockdep_unlock+0x11a/0x290
[ 112.056279][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.061940][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.067606][ T5090] ? down_read_killable+0xcc/0x380
[ 112.072742][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 112.078310][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.083972][ T5090] ? apparmor_file_permission+0x251/0x410
[ 112.089722][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.095386][ T5090] iterate_dir+0x295/0x9e0
[ 112.099861][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 112.105111][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 112.110877][ T5090] ? __pfx_filldir64+0x10/0x10
[ 112.115693][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.121355][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 112.126593][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.132250][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 112.137484][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.143144][ T5090] ? ptrace_notify+0xf1/0x130
[ 112.147872][ T5090] do_syscall_64+0xcf/0x260
[ 112.152400][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.158340][ T5090] RIP: 0033:0x7f119fd6ed19
[ 112.162771][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.182402][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 112.190844][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 112.198843][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 112.206839][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 112.214834][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 112.222827][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 112.230833][ T5090]
[ 112.233863][ T5090]
[ 112.236189][ T5090] Allocated by task 5090:
[ 112.240523][ T5090] kasan_save_stack+0x33/0x60
[ 112.245233][ T5090] kasan_save_track+0x14/0x30
[ 112.249934][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 112.254550][ T5090] __kmalloc+0x1f9/0x440
[ 112.258830][ T5090] hfsplus_find_init+0x95/0x200
[ 112.263706][ T5090] hfsplus_readdir+0x266/0x1000
[ 112.268594][ T5090] iterate_dir+0x295/0x9e0
[ 112.273083][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 112.278319][ T5090] do_syscall_64+0xcf/0x260
[ 112.282848][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.288784][ T5090]
[ 112.291116][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 112.291116][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 112.305187][ T5090] The buggy address is located 4 bytes to the right of
[ 112.305187][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 112.319784][ T5090]
[ 112.322117][ T5090] The buggy address belongs to the physical page:
[ 112.328534][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 112.337312][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 112.344870][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 112.352863][ T5090] page_type: 0xffffffff()
[ 112.357209][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 112.365815][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 112.374425][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 112.383117][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 112.391808][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 112.400502][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 112.409180][ T5090] page dumped because: kasan: bad access detected
[ 112.415595][ T5090] page_owner tracks the page as allocated
[ 112.421311][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 112.442102][ T5090] post_alloc_hook+0x2d4/0x350
[ 112.446912][ T5090] get_page_from_freelist+0xa28/0x3780
[ 112.452394][ T5090] __alloc_pages+0x22b/0x2460
[ 112.457091][ T5090] new_slab+0xcc/0x3a0
[ 112.461181][ T5090] ___slab_alloc+0x66d/0x1790
[ 112.465889][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 112.471292][ T5090] __kmalloc+0x3b4/0x440
[ 112.475561][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 112.480184][ T5090] sk_alloc+0x36/0xb90
[ 112.484293][ T5090] __netlink_create+0x63/0x300
[ 112.489092][ T5090] netlink_create+0x3dc/0x670
[ 112.493804][ T5090] __sock_create+0x331/0x800
[ 112.498433][ T5090] __sys_socket+0x14f/0x260
[ 112.502968][ T5090] __x64_sys_socket+0x72/0xb0
[ 112.507681][ T5090] do_syscall_64+0xcf/0x260
[ 112.512230][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.518166][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 112.524499][ T5090] free_unref_page_prepare+0x527/0xb10
[ 112.530023][ T5090] free_unref_page+0x33/0x3c0
[ 112.534746][ T5090] __put_partials+0x14c/0x170
[ 112.539451][ T5090] qlist_free_all+0x4e/0x140
[ 112.544066][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 112.549553][ T5090] __kasan_slab_alloc+0x69/0x90
[ 112.554431][ T5090] kmem_cache_alloc+0x136/0x320
[ 112.559310][ T5090] getname_flags.part.0+0x50/0x4f0
[ 112.564460][ T5090] getname+0x8f/0xe0
[ 112.568375][ T5090] do_sys_openat2+0x104/0x1e0
[ 112.573082][ T5090] __x64_sys_openat+0x175/0x210
[ 112.577965][ T5090] do_syscall_64+0xcf/0x260
[ 112.582488][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.588429][ T5090]
[ 112.590756][ T5090] Memory state around the buggy address:
[ 112.596393][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 112.604468][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 112.612543][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.620611][ T5090] ^
[ 112.625205][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.633278][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.641345][ T5090] ==================================================================
[ 112.657300][ T5090] ==================================================================
[ 112.665390][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 112.673062][ T5090] Read of size 2 at addr ffff88801d31a412 by task syz-executor209/5090
[ 112.681320][ T5090]
[ 112.683654][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 112.695588][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 112.705655][ T5090] Call Trace:
[ 112.708948][ T5090]
[ 112.711890][ T5090] dump_stack_lvl+0x116/0x1f0
[ 112.716618][ T5090] print_report+0xc3/0x620
[ 112.721087][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.726758][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.732540][ T5090] ? __phys_addr+0xc6/0x150
[ 112.737112][ T5090] kasan_report+0xd9/0x110
[ 112.741598][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 112.746580][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 112.751561][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 112.756402][ T5090] hfsplus_readdir+0x87b/0x1000
[ 112.761312][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 112.766641][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 112.771873][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.777537][ T5090] ? lockdep_unlock+0x11a/0x290
[ 112.782467][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.788129][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.793800][ T5090] ? down_read_killable+0xcc/0x380
[ 112.798938][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 112.804510][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.810175][ T5090] ? apparmor_file_permission+0x251/0x410
[ 112.815928][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.821593][ T5090] iterate_dir+0x295/0x9e0
[ 112.826058][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 112.831303][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 112.837066][ T5090] ? __pfx_filldir64+0x10/0x10
[ 112.841901][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.847563][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 112.852810][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.858473][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 112.863709][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 112.869371][ T5090] ? ptrace_notify+0xf1/0x130
[ 112.874092][ T5090] do_syscall_64+0xcf/0x260
[ 112.878621][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.884561][ T5090] RIP: 0033:0x7f119fd6ed19
[ 112.888990][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.908623][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 112.917062][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 112.925051][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 112.933038][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 112.941023][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 112.949010][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 112.957014][ T5090]
[ 112.960041][ T5090]
[ 112.962368][ T5090] Allocated by task 5090:
[ 112.966712][ T5090] kasan_save_stack+0x33/0x60
[ 112.971428][ T5090] kasan_save_track+0x14/0x30
[ 112.976135][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 112.980755][ T5090] __kmalloc+0x1f9/0x440
[ 112.985120][ T5090] hfsplus_find_init+0x95/0x200
[ 112.990024][ T5090] hfsplus_readdir+0x266/0x1000
[ 112.994913][ T5090] iterate_dir+0x295/0x9e0
[ 112.999366][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 113.004621][ T5090] do_syscall_64+0xcf/0x260
[ 113.009148][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.015086][ T5090]
[ 113.017412][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 113.017412][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 113.031511][ T5090] The buggy address is located 6 bytes to the right of
[ 113.031511][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 113.046113][ T5090]
[ 113.048443][ T5090] The buggy address belongs to the physical page:
[ 113.054854][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 113.063630][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 113.071185][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 113.079181][ T5090] page_type: 0xffffffff()
[ 113.083530][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 113.092132][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 113.100738][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 113.109439][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 113.118162][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 113.126878][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 113.135565][ T5090] page dumped because: kasan: bad access detected
[ 113.141984][ T5090] page_owner tracks the page as allocated
[ 113.147707][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 113.168503][ T5090] post_alloc_hook+0x2d4/0x350
[ 113.173326][ T5090] get_page_from_freelist+0xa28/0x3780
[ 113.178812][ T5090] __alloc_pages+0x22b/0x2460
[ 113.183517][ T5090] new_slab+0xcc/0x3a0
[ 113.187612][ T5090] ___slab_alloc+0x66d/0x1790
[ 113.192323][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 113.197728][ T5090] __kmalloc+0x3b4/0x440
[ 113.202003][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 113.206629][ T5090] sk_alloc+0x36/0xb90
[ 113.210740][ T5090] __netlink_create+0x63/0x300
[ 113.215540][ T5090] netlink_create+0x3dc/0x670
[ 113.220252][ T5090] __sock_create+0x331/0x800
[ 113.224883][ T5090] __sys_socket+0x14f/0x260
[ 113.229421][ T5090] __x64_sys_socket+0x72/0xb0
[ 113.234132][ T5090] do_syscall_64+0xcf/0x260
[ 113.238654][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.244601][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 113.250935][ T5090] free_unref_page_prepare+0x527/0xb10
[ 113.256433][ T5090] free_unref_page+0x33/0x3c0
[ 113.261155][ T5090] __put_partials+0x14c/0x170
[ 113.265859][ T5090] qlist_free_all+0x4e/0x140
[ 113.270479][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 113.275970][ T5090] __kasan_slab_alloc+0x69/0x90
[ 113.280853][ T5090] kmem_cache_alloc+0x136/0x320
[ 113.285739][ T5090] getname_flags.part.0+0x50/0x4f0
[ 113.290888][ T5090] getname+0x8f/0xe0
[ 113.294803][ T5090] do_sys_openat2+0x104/0x1e0
[ 113.299516][ T5090] __x64_sys_openat+0x175/0x210
[ 113.304403][ T5090] do_syscall_64+0xcf/0x260
[ 113.308927][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.314866][ T5090]
[ 113.317194][ T5090] Memory state around the buggy address:
[ 113.322830][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 113.330908][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 113.338982][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 113.347052][ T5090] ^
[ 113.351649][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 113.359724][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 113.367817][ T5090] ==================================================================
[ 113.377147][ T5090] ==================================================================
[ 113.385235][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 113.392927][ T5090] Read of size 2 at addr ffff88801d31a414 by task syz-executor209/5090
[ 113.401196][ T5090]
[ 113.403528][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 113.415440][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 113.425507][ T5090] Call Trace:
[ 113.428798][ T5090]
[ 113.431744][ T5090] dump_stack_lvl+0x116/0x1f0
[ 113.436465][ T5090] print_report+0xc3/0x620
[ 113.440923][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.446590][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.452253][ T5090] ? __phys_addr+0xc6/0x150
[ 113.456798][ T5090] kasan_report+0xd9/0x110
[ 113.461253][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 113.466224][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 113.471196][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 113.475996][ T5090] hfsplus_readdir+0x87b/0x1000
[ 113.480897][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 113.486226][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 113.491454][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.497118][ T5090] ? lockdep_unlock+0x11a/0x290
[ 113.502046][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.507710][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.513374][ T5090] ? down_read_killable+0xcc/0x380
[ 113.518512][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 113.524081][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.529741][ T5090] ? apparmor_file_permission+0x251/0x410
[ 113.535489][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.541153][ T5090] iterate_dir+0x295/0x9e0
[ 113.545625][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 113.550874][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 113.556639][ T5090] ? __pfx_filldir64+0x10/0x10
[ 113.561444][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.567106][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 113.572347][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.578007][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 113.583239][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 113.588901][ T5090] ? ptrace_notify+0xf1/0x130
[ 113.593624][ T5090] do_syscall_64+0xcf/0x260
[ 113.598155][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.604103][ T5090] RIP: 0033:0x7f119fd6ed19
[ 113.608538][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 113.628168][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 113.636603][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 113.644590][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 113.652574][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 113.660564][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 113.668553][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 113.676552][ T5090]
[ 113.679580][ T5090]
[ 113.681907][ T5090] Allocated by task 5090:
[ 113.686242][ T5090] kasan_save_stack+0x33/0x60
[ 113.690952][ T5090] kasan_save_track+0x14/0x30
[ 113.695653][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 113.700269][ T5090] __kmalloc+0x1f9/0x440
[ 113.704545][ T5090] hfsplus_find_init+0x95/0x200
[ 113.709419][ T5090] hfsplus_readdir+0x266/0x1000
[ 113.714309][ T5090] iterate_dir+0x295/0x9e0
[ 113.718763][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 113.724003][ T5090] do_syscall_64+0xcf/0x260
[ 113.728524][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.734465][ T5090]
[ 113.736795][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 113.736795][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 113.750862][ T5090] The buggy address is located 8 bytes to the right of
[ 113.750862][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 113.765458][ T5090]
[ 113.767788][ T5090] The buggy address belongs to the physical page:
[ 113.774202][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 113.782977][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 113.790533][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 113.798530][ T5090] page_type: 0xffffffff()
[ 113.802877][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 113.811484][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 113.820091][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 113.828782][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 113.837475][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 113.846165][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 113.854842][ T5090] page dumped because: kasan: bad access detected
[ 113.861257][ T5090] page_owner tracks the page as allocated
[ 113.866976][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 113.887764][ T5090] post_alloc_hook+0x2d4/0x350
[ 113.892574][ T5090] get_page_from_freelist+0xa28/0x3780
[ 113.898054][ T5090] __alloc_pages+0x22b/0x2460
[ 113.902750][ T5090] new_slab+0xcc/0x3a0
[ 113.906842][ T5090] ___slab_alloc+0x66d/0x1790
[ 113.911549][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 113.916954][ T5090] __kmalloc+0x3b4/0x440
[ 113.921228][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 113.925853][ T5090] sk_alloc+0x36/0xb90
[ 113.929966][ T5090] __netlink_create+0x63/0x300
[ 113.934764][ T5090] netlink_create+0x3dc/0x670
[ 113.939478][ T5090] __sock_create+0x331/0x800
[ 113.944104][ T5090] __sys_socket+0x14f/0x260
[ 113.948642][ T5090] __x64_sys_socket+0x72/0xb0
[ 113.953354][ T5090] do_syscall_64+0xcf/0x260
[ 113.957874][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.963808][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 113.970140][ T5090] free_unref_page_prepare+0x527/0xb10
[ 113.975641][ T5090] free_unref_page+0x33/0x3c0
[ 113.980359][ T5090] __put_partials+0x14c/0x170
[ 113.985062][ T5090] qlist_free_all+0x4e/0x140
[ 113.989681][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 113.995165][ T5090] __kasan_slab_alloc+0x69/0x90
[ 114.000045][ T5090] kmem_cache_alloc+0x136/0x320
[ 114.004924][ T5090] getname_flags.part.0+0x50/0x4f0
[ 114.010069][ T5090] getname+0x8f/0xe0
[ 114.013985][ T5090] do_sys_openat2+0x104/0x1e0
[ 114.018697][ T5090] __x64_sys_openat+0x175/0x210
[ 114.023582][ T5090] do_syscall_64+0xcf/0x260
[ 114.028105][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.034043][ T5090]
[ 114.036374][ T5090] Memory state around the buggy address:
[ 114.042010][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 114.050086][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 114.058160][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 114.066231][ T5090] ^
[ 114.070832][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 114.078933][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 114.087006][ T5090] ==================================================================
[ 114.095962][ T5090] ==================================================================
[ 114.104049][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 114.111735][ T5090] Read of size 2 at addr ffff88801d31a416 by task syz-executor209/5090
[ 114.120005][ T5090]
[ 114.122355][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 114.134281][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 114.144368][ T5090] Call Trace:
[ 114.147651][ T5090]
[ 114.150582][ T5090] dump_stack_lvl+0x116/0x1f0
[ 114.155292][ T5090] print_report+0xc3/0x620
[ 114.159733][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.167118][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.172767][ T5090] ? __phys_addr+0xc6/0x150
[ 114.177287][ T5090] kasan_report+0xd9/0x110
[ 114.181728][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 114.186708][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 114.191675][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 114.196468][ T5090] hfsplus_readdir+0x87b/0x1000
[ 114.201367][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 114.206689][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 114.211922][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.217584][ T5090] ? lockdep_unlock+0x11a/0x290
[ 114.222513][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.228175][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.233837][ T5090] ? down_read_killable+0xcc/0x380
[ 114.238972][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 114.244542][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.250202][ T5090] ? apparmor_file_permission+0x251/0x410
[ 114.255954][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.261622][ T5090] iterate_dir+0x295/0x9e0
[ 114.266094][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 114.271346][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 114.277113][ T5090] ? __pfx_filldir64+0x10/0x10
[ 114.281922][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.287586][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 114.292831][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.298497][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 114.303730][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.309391][ T5090] ? ptrace_notify+0xf1/0x130
[ 114.314115][ T5090] do_syscall_64+0xcf/0x260
[ 114.318647][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.324587][ T5090] RIP: 0033:0x7f119fd6ed19
[ 114.329016][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 114.348648][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 114.357085][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 114.365072][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 114.373062][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 114.381050][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 114.389035][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 114.397049][ T5090]
[ 114.400075][ T5090]
[ 114.402405][ T5090] Allocated by task 5090:
[ 114.406742][ T5090] kasan_save_stack+0x33/0x60
[ 114.411457][ T5090] kasan_save_track+0x14/0x30
[ 114.416160][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 114.420776][ T5090] __kmalloc+0x1f9/0x440
[ 114.425053][ T5090] hfsplus_find_init+0x95/0x200
[ 114.429929][ T5090] hfsplus_readdir+0x266/0x1000
[ 114.434822][ T5090] iterate_dir+0x295/0x9e0
[ 114.439278][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 114.444519][ T5090] do_syscall_64+0xcf/0x260
[ 114.449048][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.454986][ T5090]
[ 114.457314][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 114.457314][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 114.471379][ T5090] The buggy address is located 10 bytes to the right of
[ 114.471379][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 114.486063][ T5090]
[ 114.488390][ T5090] The buggy address belongs to the physical page:
[ 114.494821][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 114.503597][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 114.511155][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 114.519148][ T5090] page_type: 0xffffffff()
[ 114.523496][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 114.532099][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 114.540705][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 114.549394][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 114.558087][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 114.566776][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 114.575457][ T5090] page dumped because: kasan: bad access detected
[ 114.581878][ T5090] page_owner tracks the page as allocated
[ 114.587594][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 114.608382][ T5090] post_alloc_hook+0x2d4/0x350
[ 114.613197][ T5090] get_page_from_freelist+0xa28/0x3780
[ 114.618682][ T5090] __alloc_pages+0x22b/0x2460
[ 114.623378][ T5090] new_slab+0xcc/0x3a0
[ 114.627469][ T5090] ___slab_alloc+0x66d/0x1790
[ 114.632173][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 114.637573][ T5090] __kmalloc+0x3b4/0x440
[ 114.641842][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 114.646463][ T5090] sk_alloc+0x36/0xb90
[ 114.650570][ T5090] __netlink_create+0x63/0x300
[ 114.655364][ T5090] netlink_create+0x3dc/0x670
[ 114.660073][ T5090] __sock_create+0x331/0x800
[ 114.664695][ T5090] __sys_socket+0x14f/0x260
[ 114.669237][ T5090] __x64_sys_socket+0x72/0xb0
[ 114.673947][ T5090] do_syscall_64+0xcf/0x260
[ 114.678467][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.684404][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 114.690735][ T5090] free_unref_page_prepare+0x527/0xb10
[ 114.696235][ T5090] free_unref_page+0x33/0x3c0
[ 114.700949][ T5090] __put_partials+0x14c/0x170
[ 114.705654][ T5090] qlist_free_all+0x4e/0x140
[ 114.710272][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 114.715770][ T5090] __kasan_slab_alloc+0x69/0x90
[ 114.720668][ T5090] kmem_cache_alloc+0x136/0x320
[ 114.725550][ T5090] getname_flags.part.0+0x50/0x4f0
[ 114.730699][ T5090] getname+0x8f/0xe0
[ 114.734615][ T5090] do_sys_openat2+0x104/0x1e0
[ 114.739328][ T5090] __x64_sys_openat+0x175/0x210
[ 114.744212][ T5090] do_syscall_64+0xcf/0x260
[ 114.748733][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.754676][ T5090]
[ 114.757001][ T5090] Memory state around the buggy address:
[ 114.762634][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 114.770731][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 114.778935][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 114.787008][ T5090] ^
[ 114.791604][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 114.799680][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 114.807758][ T5090] ==================================================================
[ 114.816565][ T5090] ==================================================================
[ 114.824647][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 114.832331][ T5090] Read of size 2 at addr ffff88801d31a418 by task syz-executor209/5090
[ 114.840598][ T5090]
[ 114.842933][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 114.854849][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 114.864916][ T5090] Call Trace:
[ 114.868203][ T5090]
[ 114.871147][ T5090] dump_stack_lvl+0x116/0x1f0
[ 114.875870][ T5090] print_report+0xc3/0x620
[ 114.880323][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.885985][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.891646][ T5090] ? __phys_addr+0xc6/0x150
[ 114.896180][ T5090] kasan_report+0xd9/0x110
[ 114.900635][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 114.905603][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 114.910575][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 114.915378][ T5090] hfsplus_readdir+0x87b/0x1000
[ 114.920281][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 114.925605][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 114.930838][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.936508][ T5090] ? lockdep_unlock+0x11a/0x290
[ 114.941438][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.947100][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.952762][ T5090] ? down_read_killable+0xcc/0x380
[ 114.957900][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 114.963474][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.969220][ T5090] ? apparmor_file_permission+0x251/0x410
[ 114.974967][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 114.980631][ T5090] iterate_dir+0x295/0x9e0
[ 114.985096][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 114.990342][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 114.996106][ T5090] ? __pfx_filldir64+0x10/0x10
[ 115.000912][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.006576][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 115.011818][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.017482][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 115.022716][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.028376][ T5090] ? ptrace_notify+0xf1/0x130
[ 115.033094][ T5090] do_syscall_64+0xcf/0x260
[ 115.037626][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.043575][ T5090] RIP: 0033:0x7f119fd6ed19
[ 115.048004][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 115.067635][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 115.076075][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 115.084061][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 115.092047][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 115.100365][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 115.108356][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 115.116357][ T5090]
[ 115.119383][ T5090]
[ 115.121709][ T5090] Allocated by task 5090:
[ 115.126045][ T5090] kasan_save_stack+0x33/0x60
[ 115.130754][ T5090] kasan_save_track+0x14/0x30
[ 115.135456][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 115.140070][ T5090] __kmalloc+0x1f9/0x440
[ 115.144343][ T5090] hfsplus_find_init+0x95/0x200
[ 115.149217][ T5090] hfsplus_readdir+0x266/0x1000
[ 115.154103][ T5090] iterate_dir+0x295/0x9e0
[ 115.158559][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 115.163798][ T5090] do_syscall_64+0xcf/0x260
[ 115.168358][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.174293][ T5090]
[ 115.176622][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 115.176622][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 115.190692][ T5090] The buggy address is located 12 bytes to the right of
[ 115.190692][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 115.205378][ T5090]
[ 115.207707][ T5090] The buggy address belongs to the physical page:
[ 115.214120][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 115.222936][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 115.230512][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 115.238509][ T5090] page_type: 0xffffffff()
[ 115.242857][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 115.251460][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 115.260069][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 115.268763][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 115.277457][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 115.286152][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 115.294836][ T5090] page dumped because: kasan: bad access detected
[ 115.301251][ T5090] page_owner tracks the page as allocated
[ 115.306968][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 115.327759][ T5090] post_alloc_hook+0x2d4/0x350
[ 115.332574][ T5090] get_page_from_freelist+0xa28/0x3780
[ 115.338058][ T5090] __alloc_pages+0x22b/0x2460
[ 115.342756][ T5090] new_slab+0xcc/0x3a0
[ 115.346852][ T5090] ___slab_alloc+0x66d/0x1790
[ 115.351596][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 115.357001][ T5090] __kmalloc+0x3b4/0x440
[ 115.361275][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 115.365898][ T5090] sk_alloc+0x36/0xb90
[ 115.370011][ T5090] __netlink_create+0x63/0x300
[ 115.374816][ T5090] netlink_create+0x3dc/0x670
[ 115.379532][ T5090] __sock_create+0x331/0x800
[ 115.384156][ T5090] __sys_socket+0x14f/0x260
[ 115.388699][ T5090] __x64_sys_socket+0x72/0xb0
[ 115.393413][ T5090] do_syscall_64+0xcf/0x260
[ 115.397935][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.403881][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 115.410214][ T5090] free_unref_page_prepare+0x527/0xb10
[ 115.415719][ T5090] free_unref_page+0x33/0x3c0
[ 115.420440][ T5090] __put_partials+0x14c/0x170
[ 115.425146][ T5090] qlist_free_all+0x4e/0x140
[ 115.429761][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 115.435256][ T5090] __kasan_slab_alloc+0x69/0x90
[ 115.440138][ T5090] kmem_cache_alloc+0x136/0x320
[ 115.445020][ T5090] getname_flags.part.0+0x50/0x4f0
[ 115.450169][ T5090] getname+0x8f/0xe0
[ 115.454087][ T5090] do_sys_openat2+0x104/0x1e0
[ 115.458799][ T5090] __x64_sys_openat+0x175/0x210
[ 115.463691][ T5090] do_syscall_64+0xcf/0x260
[ 115.468216][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.474153][ T5090]
[ 115.476482][ T5090] Memory state around the buggy address:
[ 115.482114][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 115.490188][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 115.498262][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 115.506332][ T5090] ^
[ 115.511447][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 115.519525][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 115.527593][ T5090] ==================================================================
[ 115.540756][ T5090] ==================================================================
[ 115.548847][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 115.556525][ T5090] Read of size 2 at addr ffff88801d31a41a by task syz-executor209/5090
[ 115.564792][ T5090]
[ 115.567127][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 115.579038][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 115.589106][ T5090] Call Trace:
[ 115.592396][ T5090]
[ 115.595336][ T5090] dump_stack_lvl+0x116/0x1f0
[ 115.600056][ T5090] print_report+0xc3/0x620
[ 115.604514][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.610179][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.615845][ T5090] ? __phys_addr+0xc6/0x150
[ 115.620383][ T5090] kasan_report+0xd9/0x110
[ 115.624841][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 115.629819][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 115.634793][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 115.639600][ T5090] hfsplus_readdir+0x87b/0x1000
[ 115.644501][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 115.649831][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 115.655059][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.660720][ T5090] ? lockdep_unlock+0x11a/0x290
[ 115.665655][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.671316][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.676979][ T5090] ? down_read_killable+0xcc/0x380
[ 115.682116][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 115.687689][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.693351][ T5090] ? apparmor_file_permission+0x251/0x410
[ 115.699101][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.704769][ T5090] iterate_dir+0x295/0x9e0
[ 115.709246][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 115.714495][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 115.720265][ T5090] ? __pfx_filldir64+0x10/0x10
[ 115.725071][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.730734][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 115.735978][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.741647][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 115.746888][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 115.752551][ T5090] ? ptrace_notify+0xf1/0x130
[ 115.757275][ T5090] do_syscall_64+0xcf/0x260
[ 115.761816][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.767764][ T5090] RIP: 0033:0x7f119fd6ed19
[ 115.772195][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 115.791827][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 115.800264][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 115.808257][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 115.816245][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 115.824234][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 115.832221][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 115.840221][ T5090]
[ 115.843248][ T5090]
[ 115.845573][ T5090] Allocated by task 5090:
[ 115.849904][ T5090] kasan_save_stack+0x33/0x60
[ 115.854610][ T5090] kasan_save_track+0x14/0x30
[ 115.859317][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 115.863937][ T5090] __kmalloc+0x1f9/0x440
[ 115.868214][ T5090] hfsplus_find_init+0x95/0x200
[ 115.873089][ T5090] hfsplus_readdir+0x266/0x1000
[ 115.877982][ T5090] iterate_dir+0x295/0x9e0
[ 115.882467][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 115.887711][ T5090] do_syscall_64+0xcf/0x260
[ 115.892234][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.898171][ T5090]
[ 115.900498][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 115.900498][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 115.914565][ T5090] The buggy address is located 14 bytes to the right of
[ 115.914565][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 115.929249][ T5090]
[ 115.931577][ T5090] The buggy address belongs to the physical page:
[ 115.937993][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 115.946771][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 115.954332][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 115.962326][ T5090] page_type: 0xffffffff()
[ 115.966677][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 115.975283][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 115.983892][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 115.992607][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 116.001303][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 116.009994][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 116.018677][ T5090] page dumped because: kasan: bad access detected
[ 116.025092][ T5090] page_owner tracks the page as allocated
[ 116.030808][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 116.051596][ T5090] post_alloc_hook+0x2d4/0x350
[ 116.056409][ T5090] get_page_from_freelist+0xa28/0x3780
[ 116.061886][ T5090] __alloc_pages+0x22b/0x2460
[ 116.066585][ T5090] new_slab+0xcc/0x3a0
[ 116.070679][ T5090] ___slab_alloc+0x66d/0x1790
[ 116.075382][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 116.080780][ T5090] __kmalloc+0x3b4/0x440
[ 116.085048][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 116.089668][ T5090] sk_alloc+0x36/0xb90
[ 116.093773][ T5090] __netlink_create+0x63/0x300
[ 116.098567][ T5090] netlink_create+0x3dc/0x670
[ 116.103293][ T5090] __sock_create+0x331/0x800
[ 116.107918][ T5090] __sys_socket+0x14f/0x260
[ 116.112450][ T5090] __x64_sys_socket+0x72/0xb0
[ 116.117161][ T5090] do_syscall_64+0xcf/0x260
[ 116.121686][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.127622][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 116.133955][ T5090] free_unref_page_prepare+0x527/0xb10
[ 116.139448][ T5090] free_unref_page+0x33/0x3c0
[ 116.144161][ T5090] __put_partials+0x14c/0x170
[ 116.148876][ T5090] qlist_free_all+0x4e/0x140
[ 116.153490][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 116.158974][ T5090] __kasan_slab_alloc+0x69/0x90
[ 116.163866][ T5090] kmem_cache_alloc+0x136/0x320
[ 116.168743][ T5090] getname_flags.part.0+0x50/0x4f0
[ 116.173890][ T5090] getname+0x8f/0xe0
[ 116.177814][ T5090] do_sys_openat2+0x104/0x1e0
[ 116.182526][ T5090] __x64_sys_openat+0x175/0x210
[ 116.187410][ T5090] do_syscall_64+0xcf/0x260
[ 116.191931][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.197867][ T5090]
[ 116.200195][ T5090] Memory state around the buggy address:
[ 116.205829][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 116.213903][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 116.221976][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[pid 5090] getdents64(4,
[pid 5089] kill(-5090, SIGKILL) = 0
[pid 5089] kill(5090, SIGKILL) = 0
[ 116.230043][ T5090] ^
[ 116.234898][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 116.242969][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 116.251066][ T5090] ==================================================================
[ 116.260207][ T5090] ==================================================================
[ 116.268319][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 116.276006][ T5090] Read of size 2 at addr ffff88801d31a41c by task syz-executor209/5090
[ 116.284275][ T5090]
[ 116.286610][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 116.298522][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 116.308598][ T5090] Call Trace:
[ 116.311889][ T5090]
[ 116.314838][ T5090] dump_stack_lvl+0x116/0x1f0
[ 116.319569][ T5090] print_report+0xc3/0x620
[ 116.324030][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.329692][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.335353][ T5090] ? __phys_addr+0xc6/0x150
[ 116.339885][ T5090] kasan_report+0xd9/0x110
[ 116.344340][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 116.349311][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 116.354285][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 116.359086][ T5090] hfsplus_readdir+0x87b/0x1000
[ 116.363990][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 116.369319][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 116.374553][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.380214][ T5090] ? lockdep_unlock+0x11a/0x290
[ 116.385141][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.390801][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.396464][ T5090] ? down_read_killable+0xcc/0x380
[ 116.401597][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 116.407167][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.412829][ T5090] ? apparmor_file_permission+0x251/0x410
[ 116.418581][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.424248][ T5090] iterate_dir+0x295/0x9e0
[ 116.428714][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 116.433965][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 116.439731][ T5090] ? __pfx_filldir64+0x10/0x10
[ 116.444541][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.450204][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 116.455444][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.461102][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 116.466333][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 116.471994][ T5090] ? ptrace_notify+0xf1/0x130
[ 116.476714][ T5090] do_syscall_64+0xcf/0x260
[ 116.481246][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.487185][ T5090] RIP: 0033:0x7f119fd6ed19
[ 116.491614][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 116.511267][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 116.519711][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 116.527730][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 116.535730][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 116.543741][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 116.551729][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 116.559733][ T5090]
[ 116.562761][ T5090]
[ 116.565087][ T5090] Allocated by task 5090:
[ 116.569421][ T5090] kasan_save_stack+0x33/0x60
[ 116.574133][ T5090] kasan_save_track+0x14/0x30
[ 116.578835][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 116.583453][ T5090] __kmalloc+0x1f9/0x440
[ 116.587728][ T5090] hfsplus_find_init+0x95/0x200
[ 116.592602][ T5090] hfsplus_readdir+0x266/0x1000
[ 116.597508][ T5090] iterate_dir+0x295/0x9e0
[ 116.601980][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 116.607219][ T5090] do_syscall_64+0xcf/0x260
[ 116.611744][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.617706][ T5090]
[ 116.620032][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 116.620032][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 116.634102][ T5090] The buggy address is located 16 bytes to the right of
[ 116.634102][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 116.648797][ T5090]
[ 116.651122][ T5090] The buggy address belongs to the physical page:
[ 116.657537][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 116.666315][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 116.673868][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 116.681863][ T5090] page_type: 0xffffffff()
[ 116.686208][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 116.694815][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 116.703424][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 116.712113][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 116.720807][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 116.729496][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 116.738172][ T5090] page dumped because: kasan: bad access detected
[ 116.744587][ T5090] page_owner tracks the page as allocated
[ 116.750304][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 116.771093][ T5090] post_alloc_hook+0x2d4/0x350
[ 116.775897][ T5090] get_page_from_freelist+0xa28/0x3780
[ 116.781378][ T5090] __alloc_pages+0x22b/0x2460
[ 116.786074][ T5090] new_slab+0xcc/0x3a0
[ 116.790165][ T5090] ___slab_alloc+0x66d/0x1790
[ 116.794868][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 116.800273][ T5090] __kmalloc+0x3b4/0x440
[ 116.804543][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 116.809164][ T5090] sk_alloc+0x36/0xb90
[ 116.813270][ T5090] __netlink_create+0x63/0x300
[ 116.818065][ T5090] netlink_create+0x3dc/0x670
[ 116.822779][ T5090] __sock_create+0x331/0x800
[ 116.827402][ T5090] __sys_socket+0x14f/0x260
[ 116.831939][ T5090] __x64_sys_socket+0x72/0xb0
[ 116.836652][ T5090] do_syscall_64+0xcf/0x260
[ 116.841173][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.847108][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 116.853443][ T5090] free_unref_page_prepare+0x527/0xb10
[ 116.858941][ T5090] free_unref_page+0x33/0x3c0
[ 116.863657][ T5090] __put_partials+0x14c/0x170
[ 116.868360][ T5090] qlist_free_all+0x4e/0x140
[ 116.872976][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 116.878460][ T5090] __kasan_slab_alloc+0x69/0x90
[ 116.883339][ T5090] kmem_cache_alloc+0x136/0x320
[ 116.888220][ T5090] getname_flags.part.0+0x50/0x4f0
[ 116.893367][ T5090] getname+0x8f/0xe0
[ 116.897283][ T5090] do_sys_openat2+0x104/0x1e0
[ 116.901992][ T5090] __x64_sys_openat+0x175/0x210
[ 116.906879][ T5090] do_syscall_64+0xcf/0x260
[ 116.911401][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.917337][ T5090]
[ 116.919666][ T5090] Memory state around the buggy address:
[ 116.925300][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 116.933378][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 116.941455][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 116.949522][ T5090] ^
[ 116.954383][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 116.962457][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 116.970524][ T5090] ==================================================================
[ 116.980067][ T5090] ==================================================================
[ 116.988155][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 116.995826][ T5090] Read of size 2 at addr ffff88801d31a41e by task syz-executor209/5090
[ 117.004088][ T5090]
[ 117.006409][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 117.018304][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 117.028362][ T5090] Call Trace:
[ 117.031648][ T5090]
[ 117.034587][ T5090] dump_stack_lvl+0x116/0x1f0
[ 117.039303][ T5090] print_report+0xc3/0x620
[ 117.043757][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.049416][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.055093][ T5090] ? __phys_addr+0xc6/0x150
[ 117.059622][ T5090] kasan_report+0xd9/0x110
[ 117.064072][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 117.069034][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 117.073994][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 117.078791][ T5090] hfsplus_readdir+0x87b/0x1000
[ 117.083693][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 117.089017][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 117.094241][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.099901][ T5090] ? lockdep_unlock+0x11a/0x290
[ 117.104829][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.110485][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.116144][ T5090] ? down_read_killable+0xcc/0x380
[ 117.121289][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 117.126848][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.132507][ T5090] ? apparmor_file_permission+0x251/0x410
[ 117.138251][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.143915][ T5090] iterate_dir+0x295/0x9e0
[ 117.148379][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 117.153622][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 117.159389][ T5090] ? __pfx_filldir64+0x10/0x10
[ 117.164194][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.169848][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 117.175075][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.180750][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 117.185970][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.191627][ T5090] ? ptrace_notify+0xf1/0x130
[ 117.196364][ T5090] do_syscall_64+0xcf/0x260
[ 117.200896][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.206834][ T5090] RIP: 0033:0x7f119fd6ed19
[ 117.211261][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 117.230887][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 117.239320][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 117.247302][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 117.255283][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 117.263271][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 117.271251][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 117.279241][ T5090]
[ 117.282267][ T5090]
[ 117.284621][ T5090] Allocated by task 5090:
[ 117.288967][ T5090] kasan_save_stack+0x33/0x60
[ 117.293673][ T5090] kasan_save_track+0x14/0x30
[ 117.298376][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 117.302988][ T5090] __kmalloc+0x1f9/0x440
[ 117.307255][ T5090] hfsplus_find_init+0x95/0x200
[ 117.312112][ T5090] hfsplus_readdir+0x266/0x1000
[ 117.316983][ T5090] iterate_dir+0x295/0x9e0
[ 117.321419][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 117.326643][ T5090] do_syscall_64+0xcf/0x260
[ 117.331163][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.337086][ T5090]
[ 117.339407][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 117.339407][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 117.353465][ T5090] The buggy address is located 18 bytes to the right of
[ 117.353465][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 117.368147][ T5090]
[ 117.370468][ T5090] The buggy address belongs to the physical page:
[ 117.376877][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 117.385642][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 117.393196][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 117.401185][ T5090] page_type: 0xffffffff()
[ 117.405525][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 117.414121][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 117.422718][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 117.431403][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 117.440086][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 117.448764][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 117.457433][ T5090] page dumped because: kasan: bad access detected
[ 117.463838][ T5090] page_owner tracks the page as allocated
[ 117.469545][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 117.490319][ T5090] post_alloc_hook+0x2d4/0x350
[ 117.495127][ T5090] get_page_from_freelist+0xa28/0x3780
[ 117.500606][ T5090] __alloc_pages+0x22b/0x2460
[ 117.505302][ T5090] new_slab+0xcc/0x3a0
[ 117.509389][ T5090] ___slab_alloc+0x66d/0x1790
[ 117.514080][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 117.519474][ T5090] __kmalloc+0x3b4/0x440
[ 117.523733][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 117.528353][ T5090] sk_alloc+0x36/0xb90
[ 117.532456][ T5090] __netlink_create+0x63/0x300
[ 117.537252][ T5090] netlink_create+0x3dc/0x670
[ 117.541961][ T5090] __sock_create+0x331/0x800
[ 117.546581][ T5090] __sys_socket+0x14f/0x260
[ 117.551115][ T5090] __x64_sys_socket+0x72/0xb0
[ 117.555816][ T5090] do_syscall_64+0xcf/0x260
[ 117.560330][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.566249][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 117.572571][ T5090] free_unref_page_prepare+0x527/0xb10
[ 117.578161][ T5090] free_unref_page+0x33/0x3c0
[ 117.582865][ T5090] __put_partials+0x14c/0x170
[ 117.587562][ T5090] qlist_free_all+0x4e/0x140
[ 117.592173][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 117.597656][ T5090] __kasan_slab_alloc+0x69/0x90
[ 117.602529][ T5090] kmem_cache_alloc+0x136/0x320
[ 117.607395][ T5090] getname_flags.part.0+0x50/0x4f0
[ 117.612524][ T5090] getname+0x8f/0xe0
[ 117.616424][ T5090] do_sys_openat2+0x104/0x1e0
[ 117.621121][ T5090] __x64_sys_openat+0x175/0x210
[ 117.626007][ T5090] do_syscall_64+0xcf/0x260
[ 117.630526][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.636462][ T5090]
[ 117.638787][ T5090] Memory state around the buggy address:
[ 117.644424][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 117.652494][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 117.660569][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.668628][ T5090] ^
[ 117.673476][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.681545][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.689603][ T5090] ==================================================================
[ 117.700250][ T5090] ==================================================================
[ 117.708338][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 117.716013][ T5090] Read of size 2 at addr ffff88801d31a420 by task syz-executor209/5090
[ 117.724292][ T5090]
[ 117.726630][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 117.738547][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 117.748643][ T5090] Call Trace:
[ 117.751931][ T5090]
[ 117.754882][ T5090] dump_stack_lvl+0x116/0x1f0
[ 117.759595][ T5090] print_report+0xc3/0x620
[ 117.764035][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.769695][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.775362][ T5090] ? __phys_addr+0xc6/0x150
[ 117.779894][ T5090] kasan_report+0xd9/0x110
[ 117.784361][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 117.789320][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 117.794285][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 117.799109][ T5090] hfsplus_readdir+0x87b/0x1000
[ 117.804043][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 117.809357][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 117.814574][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.820232][ T5090] ? lockdep_unlock+0x11a/0x290
[ 117.825156][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.830807][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.836461][ T5090] ? down_read_killable+0xcc/0x380
[ 117.841585][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 117.847159][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.852819][ T5090] ? apparmor_file_permission+0x251/0x410
[ 117.858559][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.864218][ T5090] iterate_dir+0x295/0x9e0
[ 117.868683][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 117.873919][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 117.879689][ T5090] ? __pfx_filldir64+0x10/0x10
[ 117.884488][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.890149][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 117.895380][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.901039][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 117.906257][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 117.911913][ T5090] ? ptrace_notify+0xf1/0x130
[ 117.916637][ T5090] do_syscall_64+0xcf/0x260
[ 117.921164][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.927109][ T5090] RIP: 0033:0x7f119fd6ed19
[ 117.931535][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 117.951165][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 117.959611][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 117.967609][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 117.975588][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 117.983570][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 117.991546][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 117.999534][ T5090]
[ 118.002552][ T5090]
[ 118.004873][ T5090] Allocated by task 5090:
[ 118.009205][ T5090] kasan_save_stack+0x33/0x60
[ 118.013915][ T5090] kasan_save_track+0x14/0x30
[ 118.018618][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 118.023239][ T5090] __kmalloc+0x1f9/0x440
[ 118.027526][ T5090] hfsplus_find_init+0x95/0x200
[ 118.032419][ T5090] hfsplus_readdir+0x266/0x1000
[ 118.037299][ T5090] iterate_dir+0x295/0x9e0
[ 118.041754][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 118.046984][ T5090] do_syscall_64+0xcf/0x260
[ 118.051496][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.057421][ T5090]
[ 118.059746][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 118.059746][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 118.073805][ T5090] The buggy address is located 20 bytes to the right of
[ 118.073805][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 118.088493][ T5090]
[ 118.090814][ T5090] The buggy address belongs to the physical page:
[ 118.097223][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 118.105992][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 118.113548][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 118.121561][ T5090] page_type: 0xffffffff()
[ 118.125905][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 118.134511][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 118.143111][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 118.151792][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 118.160480][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 118.169167][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 118.177848][ T5090] page dumped because: kasan: bad access detected
[ 118.184260][ T5090] page_owner tracks the page as allocated
[ 118.189976][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 118.210748][ T5090] post_alloc_hook+0x2d4/0x350
[ 118.215548][ T5090] get_page_from_freelist+0xa28/0x3780
[ 118.221028][ T5090] __alloc_pages+0x22b/0x2460
[ 118.225720][ T5090] new_slab+0xcc/0x3a0
[ 118.229832][ T5090] ___slab_alloc+0x66d/0x1790
[ 118.234534][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 118.239923][ T5090] __kmalloc+0x3b4/0x440
[ 118.244181][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 118.248790][ T5090] sk_alloc+0x36/0xb90
[ 118.252913][ T5090] __netlink_create+0x63/0x300
[ 118.257701][ T5090] netlink_create+0x3dc/0x670
[ 118.262401][ T5090] __sock_create+0x331/0x800
[ 118.267012][ T5090] __sys_socket+0x14f/0x260
[ 118.271541][ T5090] __x64_sys_socket+0x72/0xb0
[ 118.276253][ T5090] do_syscall_64+0xcf/0x260
[ 118.280774][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.286714][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 118.293040][ T5090] free_unref_page_prepare+0x527/0xb10
[ 118.298530][ T5090] free_unref_page+0x33/0x3c0
[ 118.303264][ T5090] __put_partials+0x14c/0x170
[ 118.307968][ T5090] qlist_free_all+0x4e/0x140
[ 118.312947][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 118.318426][ T5090] __kasan_slab_alloc+0x69/0x90
[ 118.323304][ T5090] kmem_cache_alloc+0x136/0x320
[ 118.328171][ T5090] getname_flags.part.0+0x50/0x4f0
[ 118.333303][ T5090] getname+0x8f/0xe0
[ 118.337208][ T5090] do_sys_openat2+0x104/0x1e0
[ 118.341905][ T5090] __x64_sys_openat+0x175/0x210
[ 118.346778][ T5090] do_syscall_64+0xcf/0x260
[ 118.351290][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.357211][ T5090]
[ 118.359529][ T5090] Memory state around the buggy address:
[ 118.365159][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 118.373244][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 118.381321][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 118.389389][ T5090] ^
[ 118.394514][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 118.403027][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 118.411103][ T5090] ==================================================================
[ 118.419502][ T5090] ==================================================================
[ 118.427593][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 118.435254][ T5090] Read of size 2 at addr ffff88801d31a422 by task syz-executor209/5090
[ 118.443504][ T5090]
[ 118.445833][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 118.457743][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 118.467809][ T5090] Call Trace:
[ 118.471120][ T5090]
[ 118.474072][ T5090] dump_stack_lvl+0x116/0x1f0
[ 118.478798][ T5090] print_report+0xc3/0x620
[ 118.483255][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.488916][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.494577][ T5090] ? __phys_addr+0xc6/0x150
[ 118.499112][ T5090] kasan_report+0xd9/0x110
[ 118.503568][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 118.508538][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 118.513506][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 118.518308][ T5090] hfsplus_readdir+0x87b/0x1000
[ 118.523212][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 118.528541][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 118.533771][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.539436][ T5090] ? lockdep_unlock+0x11a/0x290
[ 118.544364][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.550029][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.555691][ T5090] ? down_read_killable+0xcc/0x380
[ 118.560830][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 118.566402][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.572061][ T5090] ? apparmor_file_permission+0x251/0x410
[ 118.577815][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.583481][ T5090] iterate_dir+0x295/0x9e0
[ 118.587946][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 118.593189][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 118.598958][ T5090] ? __pfx_filldir64+0x10/0x10
[ 118.603769][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.609436][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 118.614673][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.620334][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 118.625568][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 118.631227][ T5090] ? ptrace_notify+0xf1/0x130
[ 118.635953][ T5090] do_syscall_64+0xcf/0x260
[ 118.640506][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.646458][ T5090] RIP: 0033:0x7f119fd6ed19
[ 118.650890][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 118.670518][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 118.678953][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 118.686942][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 118.694926][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 118.702911][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 118.710898][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 118.718896][ T5090]
[ 118.721922][ T5090]
[ 118.724265][ T5090] Allocated by task 5090:
[ 118.728596][ T5090] kasan_save_stack+0x33/0x60
[ 118.733300][ T5090] kasan_save_track+0x14/0x30
[ 118.738004][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 118.742619][ T5090] __kmalloc+0x1f9/0x440
[ 118.746998][ T5090] hfsplus_find_init+0x95/0x200
[ 118.751868][ T5090] hfsplus_readdir+0x266/0x1000
[ 118.756762][ T5090] iterate_dir+0x295/0x9e0
[ 118.761215][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 118.766450][ T5090] do_syscall_64+0xcf/0x260
[ 118.770979][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.776918][ T5090]
[ 118.779244][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 118.779244][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 118.793309][ T5090] The buggy address is located 22 bytes to the right of
[ 118.793309][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 118.808019][ T5090]
[ 118.810355][ T5090] The buggy address belongs to the physical page:
[ 118.816774][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 118.825561][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 118.833117][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 118.841115][ T5090] page_type: 0xffffffff()
[ 118.845465][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 118.854071][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 118.862695][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 118.871387][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 118.880099][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 118.888796][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 118.897477][ T5090] page dumped because: kasan: bad access detected
[ 118.903898][ T5090] page_owner tracks the page as allocated
[ 118.909612][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 118.930399][ T5090] post_alloc_hook+0x2d4/0x350
[ 118.935237][ T5090] get_page_from_freelist+0xa28/0x3780
[ 118.940721][ T5090] __alloc_pages+0x22b/0x2460
[ 118.945417][ T5090] new_slab+0xcc/0x3a0
[ 118.949512][ T5090] ___slab_alloc+0x66d/0x1790
[ 118.954215][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 118.959614][ T5090] __kmalloc+0x3b4/0x440
[ 118.963883][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 118.968505][ T5090] sk_alloc+0x36/0xb90
[ 118.972611][ T5090] __netlink_create+0x63/0x300
[ 118.977409][ T5090] netlink_create+0x3dc/0x670
[ 118.982126][ T5090] __sock_create+0x331/0x800
[ 118.986751][ T5090] __sys_socket+0x14f/0x260
[ 118.991295][ T5090] __x64_sys_socket+0x72/0xb0
[ 118.996007][ T5090] do_syscall_64+0xcf/0x260
[ 119.000534][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.006471][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 119.012804][ T5090] free_unref_page_prepare+0x527/0xb10
[ 119.018309][ T5090] free_unref_page+0x33/0x3c0
[ 119.023045][ T5090] __put_partials+0x14c/0x170
[ 119.027754][ T5090] qlist_free_all+0x4e/0x140
[ 119.032373][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 119.037867][ T5090] __kasan_slab_alloc+0x69/0x90
[ 119.042747][ T5090] kmem_cache_alloc+0x136/0x320
[ 119.047629][ T5090] getname_flags.part.0+0x50/0x4f0
[ 119.052778][ T5090] getname+0x8f/0xe0
[ 119.056698][ T5090] do_sys_openat2+0x104/0x1e0
[ 119.061409][ T5090] __x64_sys_openat+0x175/0x210
[ 119.066294][ T5090] do_syscall_64+0xcf/0x260
[ 119.070823][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.076766][ T5090]
[ 119.079092][ T5090] Memory state around the buggy address:
[ 119.084729][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 119.092806][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 119.100886][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.108955][ T5090] ^
[ 119.114070][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.122143][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.130213][ T5090] ==================================================================
[ 119.139743][ T5090] ==================================================================
[ 119.147847][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 119.155516][ T5090] Read of size 2 at addr ffff88801d31a424 by task syz-executor209/5090
[ 119.163775][ T5090]
[ 119.166111][ T5090] CPU: 1 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 119.178025][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 119.188099][ T5090] Call Trace:
[ 119.191388][ T5090]
[ 119.194332][ T5090] dump_stack_lvl+0x116/0x1f0
[ 119.199053][ T5090] print_report+0xc3/0x620
[ 119.203506][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.209169][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.214833][ T5090] ? __phys_addr+0xc6/0x150
[ 119.219372][ T5090] kasan_report+0xd9/0x110
[ 119.223831][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 119.228804][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 119.233781][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 119.238585][ T5090] hfsplus_readdir+0x87b/0x1000
[ 119.243490][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 119.248820][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 119.254054][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.259718][ T5090] ? lockdep_unlock+0x11a/0x290
[ 119.264647][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.270316][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.275978][ T5090] ? down_read_killable+0xcc/0x380
[ 119.281114][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 119.286687][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.292347][ T5090] ? apparmor_file_permission+0x251/0x410
[ 119.298100][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.303768][ T5090] iterate_dir+0x295/0x9e0
[ 119.308235][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 119.313487][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 119.319257][ T5090] ? __pfx_filldir64+0x10/0x10
[ 119.324070][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.329732][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 119.334978][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.340639][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 119.345877][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.351541][ T5090] ? ptrace_notify+0xf1/0x130
[ 119.356264][ T5090] do_syscall_64+0xcf/0x260
[ 119.360801][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.366750][ T5090] RIP: 0033:0x7f119fd6ed19
[ 119.371187][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 119.390836][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 119.399279][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 119.407273][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 119.415265][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 119.423261][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 119.431253][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 119.439257][ T5090]
[ 119.442287][ T5090]
[ 119.444618][ T5090] Allocated by task 5090:
[ 119.448954][ T5090] kasan_save_stack+0x33/0x60
[ 119.453664][ T5090] kasan_save_track+0x14/0x30
[ 119.458373][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 119.462994][ T5090] __kmalloc+0x1f9/0x440
[ 119.467269][ T5090] hfsplus_find_init+0x95/0x200
[ 119.472178][ T5090] hfsplus_readdir+0x266/0x1000
[ 119.477072][ T5090] iterate_dir+0x295/0x9e0
[ 119.481525][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 119.486787][ T5090] do_syscall_64+0xcf/0x260
[ 119.491319][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.497254][ T5090]
[ 119.499583][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 119.499583][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 119.513654][ T5090] The buggy address is located 24 bytes to the right of
[ 119.513654][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 119.528344][ T5090]
[ 119.530674][ T5090] The buggy address belongs to the physical page:
[ 119.537090][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 119.545874][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 119.553434][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 119.561430][ T5090] page_type: 0xffffffff()
[ 119.565780][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 119.574388][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 119.582994][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 119.591689][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 119.600381][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 119.609083][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 119.617765][ T5090] page dumped because: kasan: bad access detected
[ 119.624185][ T5090] page_owner tracks the page as allocated
[ 119.629902][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 119.650697][ T5090] post_alloc_hook+0x2d4/0x350
[ 119.655531][ T5090] get_page_from_freelist+0xa28/0x3780
[ 119.661025][ T5090] __alloc_pages+0x22b/0x2460
[ 119.665724][ T5090] new_slab+0xcc/0x3a0
[ 119.669818][ T5090] ___slab_alloc+0x66d/0x1790
[ 119.674522][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 119.679926][ T5090] __kmalloc+0x3b4/0x440
[ 119.684202][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 119.688909][ T5090] sk_alloc+0x36/0xb90
[ 119.693014][ T5090] __netlink_create+0x63/0x300
[ 119.697815][ T5090] netlink_create+0x3dc/0x670
[ 119.702531][ T5090] __sock_create+0x331/0x800
[ 119.707175][ T5090] __sys_socket+0x14f/0x260
[ 119.711718][ T5090] __x64_sys_socket+0x72/0xb0
[ 119.716434][ T5090] do_syscall_64+0xcf/0x260
[ 119.720962][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.726902][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 119.733239][ T5090] free_unref_page_prepare+0x527/0xb10
[ 119.738748][ T5090] free_unref_page+0x33/0x3c0
[ 119.743470][ T5090] __put_partials+0x14c/0x170
[ 119.748173][ T5090] qlist_free_all+0x4e/0x140
[ 119.752791][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 119.758278][ T5090] __kasan_slab_alloc+0x69/0x90
[ 119.763160][ T5090] kmem_cache_alloc+0x136/0x320
[ 119.768062][ T5090] getname_flags.part.0+0x50/0x4f0
[ 119.773219][ T5090] getname+0x8f/0xe0
[ 119.777139][ T5090] do_sys_openat2+0x104/0x1e0
[ 119.781854][ T5090] __x64_sys_openat+0x175/0x210
[ 119.786745][ T5090] do_syscall_64+0xcf/0x260
[ 119.791270][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.797214][ T5090]
[ 119.799543][ T5090] Memory state around the buggy address:
[ 119.805186][ T5090] ffff88801d31a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 119.813264][ T5090] ffff88801d31a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 119.821342][ T5090] >ffff88801d31a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.829410][ T5090] ^
[ 119.834526][ T5090] ffff88801d31a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.842600][ T5090] ffff88801d31a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.850680][ T5090] ==================================================================
[ 119.859142][ T5090] ==================================================================
[ 119.867226][ T5090] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 119.874884][ T5090] Read of size 2 at addr ffff88801d31a426 by task syz-executor209/5090
[ 119.883134][ T5090]
[ 119.885469][ T5090] CPU: 0 PID: 5090 Comm: syz-executor209 Tainted: G B 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 119.897382][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 119.907450][ T5090] Call Trace:
[ 119.910738][ T5090]
[ 119.913681][ T5090] dump_stack_lvl+0x116/0x1f0
[ 119.918406][ T5090] print_report+0xc3/0x620
[ 119.922855][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.928548][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.934210][ T5090] ? __phys_addr+0xc6/0x150
[ 119.938743][ T5090] kasan_report+0xd9/0x110
[ 119.943197][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 119.948168][ T5090] ? hfsplus_uni2asc+0x910/0xa20
[ 119.953138][ T5090] hfsplus_uni2asc+0x910/0xa20
[ 119.957941][ T5090] hfsplus_readdir+0x87b/0x1000
[ 119.962843][ T5090] ? __pfx_hfsplus_readdir+0x10/0x10
[ 119.968167][ T5090] ? _find_first_zero_bit+0x94/0xb0
[ 119.973397][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.979055][ T5090] ? lockdep_unlock+0x11a/0x290
[ 119.983981][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.989641][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 119.995304][ T5090] ? down_read_killable+0xcc/0x380
[ 120.000449][ T5090] ? __pfx_down_read_killable+0x10/0x10
[ 120.006017][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 120.011676][ T5090] ? apparmor_file_permission+0x251/0x410
[ 120.017430][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 120.023093][ T5090] iterate_dir+0x295/0x9e0
[ 120.027554][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 120.032798][ T5090] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 120.038563][ T5090] ? __pfx_filldir64+0x10/0x10
[ 120.043369][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 120.049029][ T5090] ? lockdep_hardirqs_on+0x7c/0x110
[ 120.054267][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 120.059927][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 120.065157][ T5090] ? srso_alias_return_thunk+0x5/0xfbef5
[ 120.070819][ T5090] ? ptrace_notify+0xf1/0x130
[ 120.075540][ T5090] do_syscall_64+0xcf/0x260
[ 120.080068][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.086013][ T5090] RIP: 0033:0x7f119fd6ed19
[ 120.090444][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 120.110074][ T5090] RSP: 002b:00007ffcf59f0758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 120.118512][ T5090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f119fd6ed19
[ 120.126501][ T5090] RDX: 00000000000000a5 RSI: 00000000200002c0 RDI: 0000000000000004
[ 120.134507][ T5090] RBP: 00007f119fde25f0 R08: 000055556a1074c0 R09: 000055556a1074c0
[ 120.142492][ T5090] R10: 0000000000000632 R11: 0000000000000246 R12: 00007ffcf59f0780
[ 120.150479][ T5090] R13: 00007ffcf59f09a8 R14: 431bde82d7b634db R15: 00007f119fdb703b
[ 120.158478][ T5090]
[ 120.161505][ T5090]
[ 120.163831][ T5090] Allocated by task 5090:
[ 120.168162][ T5090] kasan_save_stack+0x33/0x60
[ 120.172953][ T5090] kasan_save_track+0x14/0x30
[ 120.177655][ T5090] __kasan_kmalloc+0xaa/0xb0
[ 120.182279][ T5090] __kmalloc+0x1f9/0x440
[ 120.186550][ T5090] hfsplus_find_init+0x95/0x200
[ 120.191422][ T5090] hfsplus_readdir+0x266/0x1000
[ 120.196307][ T5090] iterate_dir+0x295/0x9e0
[ 120.200764][ T5090] __x64_sys_getdents64+0x14f/0x2e0
[ 120.206000][ T5090] do_syscall_64+0xcf/0x260
[ 120.210519][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.216459][ T5090]
[ 120.218786][ T5090] The buggy address belongs to the object at ffff88801d31a000
[ 120.218786][ T5090] which belongs to the cache kmalloc-2k of size 2048
[ 120.232851][ T5090] The buggy address is located 26 bytes to the right of
[ 120.232851][ T5090] allocated 1036-byte region [ffff88801d31a000, ffff88801d31a40c)
[ 120.247538][ T5090]
[ 120.249867][ T5090] The buggy address belongs to the physical page:
[ 120.256279][ T5090] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d318
[ 120.265055][ T5090] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 120.272606][ T5090] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[ 120.280596][ T5090] page_type: 0xffffffff()
[ 120.284944][ T5090] raw: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 120.293547][ T5090] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 120.302152][ T5090] head: 00fff80000000840 ffff888015042000 dead000000000122 0000000000000000
[ 120.310848][ T5090] head: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 120.319538][ T5090] head: 00fff80000000003 ffffea000074c601 dead000000000122 00000000ffffffff
[ 120.328229][ T5090] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 120.336906][ T5090] page dumped because: kasan: bad access detected
[ 120.343324][ T5090] page_owner tracks the page as allocated
[ 120.349038][ T5090] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4534, tgid 1976515163 (udevd), ts 4534, free_ts 104030928511
[ 120.369821][ T5090] post_alloc_hook+0x2d4/0x350
[ 120.374626][ T5090] get_page_from_freelist+0xa28/0x3780
[ 120.380111][ T5090] __alloc_pages+0x22b/0x2460
[ 120.384808][ T5090] new_slab+0xcc/0x3a0
[ 120.388901][ T5090] ___slab_alloc+0x66d/0x1790
[ 120.393603][ T5090] __slab_alloc.constprop.0+0x56/0xb0
[ 120.399002][ T5090] __kmalloc+0x3b4/0x440
[ 120.403271][ T5090] sk_prot_alloc+0x1a8/0x2a0
[ 120.407890][ T5090] sk_alloc+0x36/0xb90
[ 120.411997][ T5090] __netlink_create+0x63/0x300
[ 120.416812][ T5090] netlink_create+0x3dc/0x670
[ 120.421522][ T5090] __sock_create+0x331/0x800
[ 120.426143][ T5090] __sys_socket+0x14f/0x260
[ 120.430689][ T5090] __x64_sys_socket+0x72/0xb0
[ 120.435401][ T5090] do_syscall_64+0xcf/0x260
[ 120.439920][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.445854][ T5090] page last free pid 5079 tgid 5079 stack trace:
[ 120.452711][ T5090] free_unref_page_prepare+0x527/0xb10
[ 120.458206][ T5090] free_unref_page+0x33/0x3c0
[ 120.462919][ T5090] __put_partials+0x14c/0x170
[ 120.467621][ T5090] qlist_free_all+0x4e/0x140
[ 120.472239][ T5090] kasan_quarantine_reduce+0x192/0x1e0
[ 120.477724][ T5090] __kasan_slab_alloc+0x69/0x90
[ 120.482603][ T5090] kmem_cache_alloc+0x136/0x320
[ 120.487498][ T5090] getname_flags.part.0+0x50/0x4f0
[ 120.492644][ T5090] getname+0x8f/0xe0
[ 120.496561][ T5090] do_sys_openat2+0x104/0x1e0