Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts. 2024/09/10 19:49:16 ignoring optional flag "sandboxArg"="0" 2024/09/10 19:49:16 parsed 1 programs 2024/09/10 19:49:18 executed programs: 0 [ 76.572124][ T1354] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.467183][ T1774] loop0: detected capacity change from 0 to 64 [ 81.475083][ T1774] hfs: unable to locate alternate MDB [ 81.480626][ T1774] hfs: continuing without an alternate MDB [ 81.489118][ T1774] ================================================================== [ 81.497368][ T1774] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x1c8/0x3d0 [ 81.505499][ T1774] Write of size 256 at addr ffff888103727100 by task syz-executor.0/1774 [ 81.517103][ T1774] [ 81.519511][ T1774] CPU: 1 PID: 1774 Comm: syz-executor.0 Not tainted 6.1.109-syzkaller #0 [ 81.528212][ T1774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.538836][ T1774] Call Trace: [ 81.542202][ T1774] [ 81.545120][ T1774] dump_stack_lvl+0xf4/0x251 [ 81.550215][ T1774] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 81.556063][ T1774] ? panic+0x3fe/0x3fe [ 81.560284][ T1774] ? __virt_addr_valid+0x139/0x270 [ 81.565558][ T1774] ? __virt_addr_valid+0x221/0x270 [ 81.571105][ T1774] print_report+0x15f/0x4f0 [ 81.576196][ T1774] ? __virt_addr_valid+0x139/0x270 [ 81.581487][ T1774] ? __virt_addr_valid+0x221/0x270 [ 81.586683][ T1774] ? hfs_bnode_read_key+0x1c8/0x3d0 [ 81.591865][ T1774] kasan_report+0x136/0x160 [ 81.596465][ T1774] ? hfs_bnode_read_key+0x1c8/0x3d0 [ 81.601723][ T1774] kasan_check_range+0x27f/0x290 [ 81.606673][ T1774] ? hfs_bnode_read_key+0x1c8/0x3d0 [ 81.612103][ T1774] memcpy+0x3c/0x60 [ 81.615879][ T1774] hfs_bnode_read_key+0x1c8/0x3d0 [ 81.621052][ T1774] hfs_brec_insert+0x65a/0xc90 [ 81.625982][ T1774] ? do_raw_spin_unlock+0x137/0x8a0 [ 81.631522][ T1774] ? hfs_brec_keylen+0x2b0/0x2b0 [ 81.636785][ T1774] ? memset+0x1f/0x40 [ 81.640743][ T1774] ? hfs_cat_build_record+0x5b/0x7c0 [ 81.646093][ T1774] hfs_cat_create+0x52a/0x8b0 [ 81.650753][ T1774] ? hfs_cat_build_key+0x160/0x160 [ 81.655842][ T1774] ? _raw_spin_unlock+0x24/0x40 [ 81.660844][ T1774] ? hfs_new_inode+0x7f8/0xa50 [ 81.665760][ T1774] hfs_create+0x5b/0xb0 [ 81.669884][ T1774] ? hfs_lookup+0x2a0/0x2a0 [ 81.674445][ T1774] path_openat+0xf0c/0x27d0 [ 81.679271][ T1774] ? do_filp_open+0x430/0x430 [ 81.684104][ T1774] ? __virt_addr_valid+0x139/0x270 [ 81.689450][ T1774] do_filp_open+0x226/0x430 [ 81.694040][ T1774] ? vfs_tmpfile+0x410/0x410 [ 81.698699][ T1774] ? _raw_spin_unlock+0x24/0x40 [ 81.703709][ T1774] ? alloc_fd+0x3dc/0x470 [ 81.708353][ T1774] do_sys_openat2+0x10b/0x3f0 [ 81.713087][ T1774] ? rcu_is_watching+0x1b/0x90 [ 81.718020][ T1774] ? do_sys_open+0x1c0/0x1c0 [ 81.723190][ T1774] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 81.729336][ T1774] __x64_sys_openat+0x209/0x250 [ 81.734346][ T1774] ? __ia32_sys_open+0x230/0x230 [ 81.739689][ T1774] ? switch_fpu_return+0xc9/0x130 [ 81.745039][ T1774] do_syscall_64+0x3b/0x80 [ 81.749515][ T1774] ? clear_bhb_loop+0x45/0xa0 [ 81.754171][ T1774] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.760218][ T1774] RIP: 0033:0x7fc74467cb29 [ 81.764605][ T1774] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 81.784821][ T1774] RSP: 002b:00007fc74545a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 81.793403][ T1774] RAX: ffffffffffffffda RBX: 00007fc74479bf80 RCX: 00007fc74467cb29 [ 81.801439][ T1774] RDX: 0000000000141842 RSI: 0000000020000380 RDI: ffffffffffffff9c [ 81.810173][ T1774] RBP: 00007fc7446c847a R08: 0000000000000000 R09: 0000000000000000 [ 81.818551][ T1774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.826761][ T1774] R13: 0000000000000006 R14: 00007fc74479bf80 R15: 00007ffcc8895778 [ 81.834794][ T1774] [ 81.837789][ T1774] [ 81.840282][ T1774] Allocated by task 1774: [ 81.844587][ T1774] kasan_set_track+0x4b/0x70 [ 81.849250][ T1774] __kasan_kmalloc+0x97/0xb0 [ 81.853984][ T1774] __kmalloc+0xa6/0x1c0 [ 81.858108][ T1774] hfs_find_init+0x86/0x1b0 [ 81.862922][ T1774] hfs_cat_create+0x165/0x8b0 [ 81.867825][ T1774] hfs_create+0x5b/0xb0 [ 81.872137][ T1774] path_openat+0xf0c/0x27d0 [ 81.876617][ T1774] do_filp_open+0x226/0x430 [ 81.881181][ T1774] do_sys_openat2+0x10b/0x3f0 [ 81.885999][ T1774] __x64_sys_openat+0x209/0x250 [ 81.890816][ T1774] do_syscall_64+0x3b/0x80 [ 81.895208][ T1774] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.901232][ T1774] [ 81.903633][ T1774] The buggy address belongs to the object at ffff888103727100 [ 81.903633][ T1774] which belongs to the cache kmalloc-96 of size 96 [ 81.918376][ T1774] The buggy address is located 0 bytes inside of [ 81.918376][ T1774] 96-byte region [ffff888103727100, ffff888103727160) [ 81.933211][ T1774] [ 81.935860][ T1774] The buggy address belongs to the physical page: [ 81.942617][ T1774] page:ffffea00040dc9c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103727 [ 81.953428][ T1774] flags: 0x100000000000200(slab|node=0|zone=2) [ 81.959833][ T1774] raw: 0100000000000200 0000000000000000 dead000000000001 ffff888100041780 [ 81.969011][ T1774] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 81.978214][ T1774] page dumped because: kasan: bad access detected [ 81.985232][ T1774] page_owner tracks the page as allocated [ 81.991052][ T1774] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 3916100845, free_ts 0 [ 82.008501][ T1774] post_alloc_hook+0x286/0x2b0 [ 82.013511][ T1774] get_page_from_freelist+0x3994/0x3b70 [ 82.019383][ T1774] __alloc_pages+0x251/0x640 [ 82.024032][ T1774] alloc_page_interleave+0xf/0x120 [ 82.029115][ T1774] alloc_slab_page+0x6a/0x150 [ 82.033856][ T1774] new_slab+0x70/0x250 [ 82.037892][ T1774] ___slab_alloc+0x9df/0xe70 [ 82.042455][ T1774] __kmem_cache_alloc_node+0x195/0x250 [ 82.047879][ T1774] kmalloc_trace+0x26/0xc0 [ 82.052399][ T1774] blk_mq_init_allocated_queue+0x191/0x10c0 [ 82.058521][ T1774] blk_mq_init_queue+0x91/0xf0 [ 82.063425][ T1774] scsi_alloc_sdev+0x6bd/0x9f0 [ 82.068159][ T1774] scsi_probe_and_add_lun+0x1d9/0x3ee0 [ 82.073698][ T1774] __scsi_scan_target+0x194/0xa40 [ 82.078962][ T1774] scsi_scan_host_selected+0x29a/0x4f0 [ 82.084396][ T1774] scsi_scan_host+0x536/0x5c0 [ 82.089128][ T1774] page_owner free stack trace missing [ 82.094490][ T1774] [ 82.096880][ T1774] Memory state around the buggy address: [ 82.102567][ T1774] ffff888103727000: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 82.110957][ T1774] ffff888103727080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 82.119096][ T1774] >ffff888103727100: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 82.127146][ T1774] ^ [ 82.133633][ T1774] ffff888103727180: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 82.141686][ T1774] ffff888103727200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 82.149914][ T1774] ================================================================== [ 82.158536][ T1774] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 82.166074][ T1774] Kernel Offset: disabled [ 82.170674][ T1774] Rebooting in 86400 seconds..