Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts. 2024/10/12 19:07:17 ignoring optional flag "sandboxArg"="0" 2024/10/12 19:07:18 parsed 1 programs [ 55.460978] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.736654] IPVS: ftp: loaded support on port[0] = 21 [ 55.766634] IPVS: ftp: loaded support on port[0] = 21 [ 55.807736] IPVS: ftp: loaded support on port[0] = 21 [ 55.829051] IPVS: ftp: loaded support on port[0] = 21 [ 55.876354] IPVS: ftp: loaded support on port[0] = 21 [ 57.676981] IPVS: ftp: loaded support on port[0] = 21 [ 57.718191] IPVS: ftp: loaded support on port[0] = 21 [ 57.744238] IPVS: ftp: loaded support on port[0] = 21 [ 57.777576] IPVS: ftp: loaded support on port[0] = 21 2024/10/12 19:07:22 executed programs: 0 [ 57.939426] IPVS: ftp: loaded support on port[0] = 21 [ 59.741098] ================================================================== [ 59.748674] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x14e/0x200 [ 59.755840] Write of size 94 at addr ffff8801f2184a80 by task syz.0.15/3837 [ 59.762916] [ 59.764523] CPU: 0 PID: 3837 Comm: syz.0.15 Not tainted 4.19.0-syzkaller #0 [ 59.771613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.780954] Call Trace: [ 59.783521] dump_stack+0x10c/0x17a [ 59.787130] print_address_description.cold.6+0x9/0x244 [ 59.792474] kasan_report.cold.7+0x242/0x305 [ 59.796869] ? hfs_bnode_read_key+0x14e/0x200 [ 59.801338] check_memory_region+0x13c/0x1b0 [ 59.805830] memcpy+0x37/0x50 [ 59.808916] hfs_bnode_read_key+0x14e/0x200 [ 59.813241] hfs_brec_insert+0x687/0xbb0 [ 59.817277] ? hfs_brec_keylen+0x330/0x330 [ 59.821495] hfs_cat_create+0x30a/0x7e0 [ 59.825453] ? hfs_cat_build_key+0x180/0x180 [ 59.829832] ? hfs_mark_mdb_dirty+0x15b/0x1b5 [ 59.834484] ? hfs_new_inode+0x495/0xd00 [ 59.838515] hfs_mkdir+0x57/0xc0 [ 59.841856] vfs_mkdir+0x37b/0x630 [ 59.845470] ? getname_flags+0xf6/0x510 [ 59.849424] do_mkdirat+0x1c2/0x220 [ 59.853022] ? get_vtime_delta+0x122/0x220 [ 59.857227] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.861345] ? vtime_user_exit+0xe9/0x190 [ 59.865462] ? vtime_user_enter+0xa7/0x100 [ 59.869667] __x64_sys_mkdir+0x57/0x80 [ 59.873547] do_syscall_64+0xd0/0x340 [ 59.877335] ? prepare_exit_to_usermode+0xec/0x130 [ 59.882235] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.887404] RIP: 0033:0x7f5ef2becff9 [ 59.891088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.909961] RSP: 002b:00007f5ef266e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.917658] RAX: ffffffffffffffda RBX: 00007f5ef2da4f80 RCX: 00007f5ef2becff9 [ 59.924914] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300 [ 59.932414] RBP: 00007f5ef2c5f296 R08: 0000000000000000 R09: 0000000000000000 [ 59.939652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.946901] R13: 0000000000000000 R14: 00007f5ef2da4f80 R15: 00007ffe0f7a9858 [ 59.954152] [ 59.955777] Allocated by task 3837: [ 59.959400] kasan_kmalloc.part.1+0x62/0xf0 [ 59.963699] kasan_kmalloc+0xaf/0xc0 [ 59.967385] __kmalloc+0x139/0x260 [ 59.970908] hfs_find_init+0x96/0x180 [ 59.974768] hfs_cat_create+0x126/0x7e0 [ 59.978717] hfs_mkdir+0x57/0xc0 [ 59.982052] vfs_mkdir+0x37b/0x630 [ 59.985561] do_mkdirat+0x1c2/0x220 [ 59.989156] __x64_sys_mkdir+0x57/0x80 [ 59.993108] do_syscall_64+0xd0/0x340 [ 59.996876] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.002209] [ 60.003810] Freed by task 2959: [ 60.007108] __kasan_slab_free+0x167/0x240 [ 60.011313] kasan_slab_free+0xe/0x10 [ 60.015094] kfree+0x10c/0x280 [ 60.018283] ext4_ext_map_blocks+0xff1/0x50d0 [ 60.022754] ext4_map_blocks+0x66b/0x1590 [ 60.026877] ext4_writepages+0x1660/0x2820 [ 60.031094] do_writepages+0xcd/0x230 [ 60.034865] __filemap_fdatawrite_range+0x230/0x2f0 [ 60.039870] file_write_and_wait_range+0x77/0xd0 [ 60.044684] ext4_sync_file+0x1cd/0xd00 [ 60.048630] vfs_fsync_range+0xf0/0x220 [ 60.052575] do_fsync+0x38/0x70 [ 60.055824] __x64_sys_fsync+0x2e/0x40 [ 60.059684] do_syscall_64+0xd0/0x340 [ 60.063464] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.068625] [ 60.070250] The buggy address belongs to the object at ffff8801f2184a80 [ 60.070250] which belongs to the cache kmalloc-96 of size 96 [ 60.082793] The buggy address is located 0 bytes inside of [ 60.082793] 96-byte region [ffff8801f2184a80, ffff8801f2184ae0) [ 60.094575] The buggy address belongs to the page: [ 60.099579] page:ffffea0007c86100 count:1 mapcount:0 mapping:ffff8801f6c03400 index:0x0 [ 60.107720] flags: 0x100000000000100(slab) [ 60.111928] raw: 0100000000000100 ffffea00077ea180 0000001100000011 ffff8801f6c03400 [ 60.119782] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 60.127756] page dumped because: kasan: bad access detected [ 60.133439] page allocated via order 0, migratetype Unmovable, gfp_mask 0x6012c0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY) [ 60.144331] get_page_from_freelist+0x2c01/0x4060 [ 60.149142] __alloc_pages_nodemask+0x390/0x2300 [ 60.153876] alloc_page_interleave+0x14/0x130 [ 60.158430] alloc_pages_current+0x1ef/0x290 [ 60.162808] new_slab+0x458/0x7d0 [ 60.166232] ___slab_alloc+0x600/0x890 [ 60.170088] __slab_alloc+0x2f/0x60 [ 60.173688] kmem_cache_alloc_trace+0x1d7/0x220 [ 60.178337] acpi_ut_evaluate_object+0xb0/0x35c [ 60.182979] acpi_ut_execute_power_methods+0xc1/0x1bc [ 60.188148] acpi_get_object_info+0x453/0xaee [ 60.192624] acpi_init_device_object+0x358/0x1410 [ 60.197448] acpi_add_single_object+0x117/0x15f0 [ 60.202182] acpi_bus_check_add+0x1aa/0x4a0 [ 60.206484] acpi_ns_walk_namespace+0x175/0x282 [ 60.211120] acpi_walk_namespace+0x99/0xc6 [ 60.215325] [ 60.216924] Memory state around the buggy address: [ 60.221824] ffff8801f2184980: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 60.229158] ffff8801f2184a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.236505] >ffff8801f2184a80: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 60.244104] ^ [ 60.249783] ffff8801f2184b00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 60.257170] ffff8801f2184b80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.264504] ================================================================== [ 60.271842] Disabling lock debugging due to kernel taint [ 60.277368] Kernel panic - not syncing: panic_on_warn set ... [ 60.277368] [ 60.284919] Kernel Offset: disabled [ 60.288629] Rebooting in 86400 seconds..