forked to background, child pid 749 [ 9.694169][ T750] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 29.085627][ T912] cgroup: Unknown subsys name 'net' [ 29.204247][ T912] cgroup: Unknown subsys name 'rlimit' [ 31.008611][ T912] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. 2024/03/12 04:12:25 ignoring optional flag "sandboxArg"="0" 2024/03/12 04:12:25 parsed 1 programs 2024/03/12 04:12:27 executed programs: 0 [ 58.163783][ T1437] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.353320][ T1862] loop0: detected capacity change from 0 to 1024 [ 63.365666][ T1862] ================================================================== [ 63.374033][ T1862] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x724/0x1180 [ 63.382042][ T1862] Read of size 2 at addr ffff88810f26540c by task syz-executor.0/1862 [ 63.390282][ T1862] [ 63.392606][ T1862] CPU: 1 PID: 1862 Comm: syz-executor.0 Not tainted 6.1.81-syzkaller #0 [ 63.401355][ T1862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 63.411584][ T1862] Call Trace: [ 63.414868][ T1862] [ 63.417790][ T1862] dump_stack_lvl+0xf4/0x251 [ 63.422826][ T1862] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 63.428482][ T1862] ? panic+0x3f7/0x3f7 [ 63.432768][ T1862] ? __virt_addr_valid+0x139/0x260 [ 63.437999][ T1862] ? __virt_addr_valid+0x211/0x260 [ 63.443299][ T1862] print_report+0x15f/0x4f0 [ 63.448007][ T1862] ? __virt_addr_valid+0x139/0x260 [ 63.453151][ T1862] ? __virt_addr_valid+0x211/0x260 [ 63.458290][ T1862] ? hfsplus_uni2asc+0x724/0x1180 [ 63.463570][ T1862] kasan_report+0x136/0x160 [ 63.468142][ T1862] ? hfsplus_uni2asc+0x724/0x1180 [ 63.473138][ T1862] hfsplus_uni2asc+0x724/0x1180 [ 63.478165][ T1862] ? memcpy+0x3c/0x60 [ 63.482317][ T1862] hfsplus_readdir+0x7fd/0x10d0 [ 63.488145][ T1862] ? hfsplus_rename+0x160/0x160 [ 63.493068][ T1862] ? iterate_dir+0xaa/0x4f0 [ 63.497721][ T1862] ? down_read_interruptible+0x1010/0x1010 [ 63.503681][ T1862] ? do_raw_spin_unlock+0x137/0x8a0 [ 63.508916][ T1862] ? common_file_perm+0x130/0x1e0 [ 63.514163][ T1862] ? fsnotify_perm+0x29e/0x450 [ 63.519167][ T1862] ? hfsplus_rename+0x160/0x160 [ 63.523999][ T1862] iterate_dir+0x1fa/0x4f0 [ 63.528569][ T1862] __se_sys_getdents64+0x1af/0x3e0 [ 63.533757][ T1862] ? __x64_sys_getdents64+0x80/0x80 [ 63.538960][ T1862] ? filldir+0x570/0x570 [ 63.543362][ T1862] ? switch_fpu_return+0xc9/0x130 [ 63.548473][ T1862] do_syscall_64+0x3d/0x80 [ 63.553129][ T1862] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.559000][ T1862] RIP: 0033:0x7ffb57a7cce9 [ 63.563479][ T1862] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 63.585696][ T1862] RSP: 002b:00007ffb588bb0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 63.594784][ T1862] RAX: ffffffffffffffda RBX: 00007ffb57b9bf80 RCX: 00007ffb57a7cce9 [ 63.603527][ T1862] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003 [ 63.612343][ T1862] RBP: 00007ffb57ac947a R08: 0000000000000000 R09: 0000000000000000 [ 63.620294][ T1862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.628416][ T1862] R13: 0000000000000006 R14: 00007ffb57b9bf80 R15: 00007fffa359a038 [ 63.636896][ T1862] [ 63.640076][ T1862] [ 63.642537][ T1862] Allocated by task 1862: [ 63.647119][ T1862] kasan_set_track+0x4b/0x70 [ 63.651779][ T1862] __kasan_kmalloc+0x97/0xb0 [ 63.656429][ T1862] __kmalloc+0xa6/0x1c0 [ 63.660558][ T1862] hfsplus_find_init+0x7c/0x180 [ 63.665393][ T1862] hfsplus_readdir+0x1f4/0x10d0 [ 63.670245][ T1862] iterate_dir+0x1fa/0x4f0 [ 63.674723][ T1862] __se_sys_getdents64+0x1af/0x3e0 [ 63.680071][ T1862] do_syscall_64+0x3d/0x80 [ 63.684460][ T1862] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.690328][ T1862] [ 63.692717][ T1862] Last potentially related work creation: [ 63.698489][ T1862] kasan_save_stack+0x3b/0x60 [ 63.703139][ T1862] __kasan_record_aux_stack+0xb0/0xc0 [ 63.708483][ T1862] call_rcu+0x149/0x830 [ 63.712611][ T1862] netlink_release+0xf48/0x1460 [ 63.717525][ T1862] sock_close+0xbe/0x200 [ 63.721744][ T1862] __fput+0x32e/0x710 [ 63.725696][ T1862] task_work_run+0x206/0x280 [ 63.730264][ T1862] exit_to_user_mode_loop+0xa9/0xc0 [ 63.735432][ T1862] exit_to_user_mode_prepare+0x64/0xb0 [ 63.740863][ T1862] syscall_exit_to_user_mode+0x27/0x1b0 [ 63.746379][ T1862] do_syscall_64+0x49/0x80 [ 63.750766][ T1862] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.756641][ T1862] [ 63.758940][ T1862] The buggy address belongs to the object at ffff88810f265000 [ 63.758940][ T1862] which belongs to the cache kmalloc-2k of size 2048 [ 63.772962][ T1862] The buggy address is located 1036 bytes inside of [ 63.772962][ T1862] 2048-byte region [ffff88810f265000, ffff88810f265800) [ 63.786740][ T1862] [ 63.789048][ T1862] The buggy address belongs to the physical page: [ 63.795629][ T1862] page:ffffea00043c9800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f260 [ 63.806042][ T1862] head:ffffea00043c9800 order:3 compound_mapcount:0 compound_pincount:0 [ 63.814460][ T1862] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 63.821549][ T1862] raw: 0100000000010200 dead000000000100 dead000000000122 ffff888100042000 [ 63.830191][ T1862] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 63.838743][ T1862] page dumped because: kasan: bad access detected [ 63.846021][ T1862] page_owner tracks the page as allocated [ 63.851709][ T1862] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2404245167, free_ts 0 [ 63.871751][ T1862] post_alloc_hook+0x286/0x2b0 [ 63.876504][ T1862] get_page_from_freelist+0x398c/0x3b60 [ 63.882025][ T1862] __alloc_pages+0x251/0x640 [ 63.886583][ T1862] alloc_page_interleave+0xf/0x120 [ 63.891688][ T1862] alloc_slab_page+0x6a/0x150 [ 63.896355][ T1862] new_slab+0x70/0x250 [ 63.900508][ T1862] ___slab_alloc+0x9df/0xe70 [ 63.905160][ T1862] __kmem_cache_alloc_node+0x195/0x250 [ 63.910678][ T1862] kmalloc_trace+0x26/0xc0 [ 63.915108][ T1862] acpi_add_single_object+0xe0/0x1a90 [ 63.920454][ T1862] acpi_bus_check_add+0x2fb/0x7c0 [ 63.925448][ T1862] acpi_ns_walk_namespace+0x182/0x350 [ 63.930967][ T1862] acpi_walk_namespace+0x8a/0xc0 [ 63.935881][ T1862] acpi_bus_scan+0xbd/0x1b0 [ 63.940731][ T1862] acpi_scan_init+0x21e/0x62b [ 63.945398][ T1862] acpi_init+0x119/0x1ed [ 63.949624][ T1862] page_owner free stack trace missing [ 63.955063][ T1862] [ 63.957466][ T1862] Memory state around the buggy address: [ 63.963245][ T1862] ffff88810f265300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.971462][ T1862] ffff88810f265380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.979755][ T1862] >ffff88810f265400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.987970][ T1862] ^ [ 63.992271][ T1862] ffff88810f265480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.000572][ T1862] ffff88810f265500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.008986][ T1862] ================================================================== [ 64.017433][ T1862] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 64.025477][ T1862] Kernel Offset: disabled [ 64.029846][ T1862] Rebooting in 86400 seconds..