Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts. 2024/11/23 20:17:50 ignoring optional flag "sandboxArg"="0" 2024/11/23 20:17:50 parsed 1 programs [ 68.646812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.854569] IPVS: ftp: loaded support on port[0] = 21 [ 68.880127] IPVS: ftp: loaded support on port[0] = 21 [ 68.919199] IPVS: ftp: loaded support on port[0] = 21 [ 68.954080] IPVS: ftp: loaded support on port[0] = 21 [ 69.915753] IPVS: ftp: loaded support on port[0] = 21 [ 69.929334] IPVS: ftp: loaded support on port[0] = 21 [ 69.955702] IPVS: ftp: loaded support on port[0] = 21 [ 69.979461] IPVS: ftp: loaded support on port[0] = 21 [ 69.999257] IPVS: ftp: loaded support on port[0] = 21 2024/11/23 20:17:53 executed programs: 0 [ 70.113463] IPVS: ftp: loaded support on port[0] = 21 [ 71.135032] ================================================================== [ 71.142436] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x9b/0xd0 [ 71.149065] Write of size 94 at addr ffff8801e11fb780 by task syz.3.15/3877 [ 71.156145] [ 71.157740] CPU: 0 PID: 3877 Comm: syz.3.15 Not tainted 4.19.0-syzkaller #0 [ 71.164801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.174120] Call Trace: [ 71.176672] dump_stack+0x10c/0x17a [ 71.180262] print_address_description.cold.6+0x9/0x244 [ 71.185593] kasan_report.cold.7+0x242/0x305 [ 71.189965] ? hfs_bnode_read+0x9b/0xd0 [ 71.193925] check_memory_region+0x13c/0x1b0 [ 71.198296] memcpy+0x37/0x50 [ 71.201363] hfs_bnode_read+0x9b/0xd0 [ 71.205127] hfs_bnode_read_key+0x111/0x1b0 [ 71.209411] ? hfs_bnode_read_u8+0x90/0x90 [ 71.213611] ? _raw_spin_unlock+0x22/0x30 [ 71.217728] ? hfs_bnode_put.part.2+0x163/0x200 [ 71.222358] hfs_brec_insert+0x687/0xbb0 [ 71.226385] ? hfs_brec_keylen+0x330/0x330 [ 71.230754] hfs_cat_move+0x2fa/0x78d [ 71.234518] ? hfs_cat_delete+0x520/0x520 [ 71.238627] ? d_splice_alias+0x40f/0xb50 [ 71.242737] ? kasan_check_write+0x14/0x20 [ 71.246933] ? __lock_acquire.isra.10+0x116/0x1870 [ 71.251824] ? lockref_get+0x3a/0x50 [ 71.255501] ? lock_downgrade+0x590/0x590 [ 71.259613] ? lock_acquire+0x177/0x310 [ 71.263549] hfs_rename+0xbb/0x1f0 [ 71.267051] vfs_rename+0xa18/0x1860 [ 71.270726] ? vfs_link+0xa00/0xa00 [ 71.274319] ? _raw_spin_unlock+0x22/0x30 [ 71.278435] ? security_path_rename+0x155/0x270 [ 71.283067] ? __lookup_hash+0xf5/0x150 [ 71.287006] do_renameat2+0x60d/0xa00 [ 71.290770] ? kern_path_create+0x30/0x30 [ 71.294882] ? kasan_check_write+0x14/0x20 [ 71.299077] ? __lock_acquire.isra.10+0x116/0x1870 [ 71.303968] ? kasan_check_write+0x14/0x20 [ 71.308183] ? __lock_acquire.isra.10+0x116/0x1870 [ 71.313076] ? __context_tracking_exit.part.2+0x4d/0x110 [ 71.318488] ? lock_downgrade+0x590/0x590 [ 71.322605] ? kvm_sched_clock_read+0x11/0x20 [ 71.327064] ? syscall_slow_exit_work+0x430/0x430 [ 71.331870] ? get_vtime_delta+0x1e/0x220 [ 71.335984] __x64_sys_renameat2+0xb9/0x150 [ 71.340269] do_syscall_64+0xd0/0x340 [ 71.344031] ? prepare_exit_to_usermode+0xec/0x130 [ 71.348925] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.354075] RIP: 0033:0x7feaf11fb819 [ 71.357760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.376629] RSP: 002b:00007feaf0c7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 71.384323] RAX: ffffffffffffffda RBX: 00007feaf13b2fa0 RCX: 00007feaf11fb819 [ 71.391556] RDX: 0000000000000004 RSI: 0000000020000380 RDI: 0000000000000004 [ 71.398792] RBP: 00007feaf126e75e R08: 0000000000000000 R09: 0000000000000000 [ 71.406026] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000000 [ 71.413257] R13: 0000000000000000 R14: 00007feaf13b2fa0 R15: 00007ffc3ad26278 [ 71.420491] [ 71.422090] Allocated by task 3877: [ 71.425688] kasan_kmalloc.part.1+0x62/0xf0 [ 71.429969] kasan_kmalloc+0xaf/0xc0 [ 71.433646] __kmalloc+0x139/0x260 [ 71.437166] hfs_find_init+0x96/0x180 [ 71.440929] hfs_cat_move+0x10e/0x78d [ 71.444709] hfs_rename+0xbb/0x1f0 [ 71.448211] vfs_rename+0xa18/0x1860 [ 71.451885] do_renameat2+0x60d/0xa00 [ 71.455648] __x64_sys_renameat2+0xb9/0x150 [ 71.459930] do_syscall_64+0xd0/0x340 [ 71.463693] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.468845] [ 71.470441] Freed by task 3204: [ 71.473691] __kasan_slab_free+0x167/0x240 [ 71.477893] kasan_slab_free+0xe/0x10 [ 71.481664] kfree+0x10c/0x280 [ 71.484824] kzfree+0x28/0x30 [ 71.487902] apparmor_file_free_security+0x69/0x90 [ 71.492800] security_file_free+0x40/0x70 [ 71.496937] __fput+0x2eb/0x740 [ 71.500192] ____fput+0x9/0x10 [ 71.503348] task_work_run+0x10e/0x180 [ 71.507200] exit_to_usermode_loop+0x170/0x1d0 [ 71.511744] do_syscall_64+0x2bf/0x340 [ 71.515610] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.520759] [ 71.522349] The buggy address belongs to the object at ffff8801e11fb780 [ 71.522349] which belongs to the cache kmalloc-96 of size 96 [ 71.534797] The buggy address is located 0 bytes inside of [ 71.534797] 96-byte region [ffff8801e11fb780, ffff8801e11fb7e0) [ 71.546426] The buggy address belongs to the page: [ 71.551322] page:ffffea0007847ec0 count:1 mapcount:0 mapping:ffff8801f6c03400 index:0x0 [ 71.559451] flags: 0x100000000000100(slab) [ 71.563651] raw: 0100000000000100 ffffea0007832e80 0000001900000019 ffff8801f6c03400 [ 71.571497] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 71.579340] page dumped because: kasan: bad access detected [ 71.585019] page allocated via order 0, migratetype Unmovable, gfp_mask 0x6012c0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY) [ 71.596029] get_page_from_freelist+0x2c01/0x4060 [ 71.600868] __alloc_pages_nodemask+0x390/0x2300 [ 71.605627] alloc_pages_current+0xfd/0x290 [ 71.609919] new_slab+0x458/0x7d0 [ 71.613343] ___slab_alloc+0x600/0x890 [ 71.617199] __slab_alloc+0x2f/0x60 [ 71.620796] kmem_cache_alloc_trace+0x1d7/0x220 [ 71.625441] apparmor_file_alloc_security+0x310/0x5e0 [ 71.630603] security_file_alloc+0x40/0x80 [ 71.634816] __alloc_file+0x7a/0x280 [ 71.638503] alloc_empty_file+0x45/0x110 [ 71.642536] path_openat+0x101/0x2910 [ 71.646651] do_filp_open+0x177/0x250 [ 71.650413] do_sys_open+0x1dc/0x350 [ 71.654094] __x64_sys_openat+0x98/0xf0 [ 71.658037] do_syscall_64+0xd0/0x340 [ 71.661800] [ 71.663394] Memory state around the buggy address: [ 71.668549] ffff8801e11fb680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 71.675874] ffff8801e11fb700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 71.683196] >ffff8801e11fb780: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 71.690518] ^ [ 71.696191] ffff8801e11fb800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 71.703514] ffff8801e11fb880: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 71.710836] ================================================================== [ 71.718185] Disabling lock debugging due to kernel taint [ 71.723762] Kernel panic - not syncing: panic_on_warn set ... [ 71.723762] [ 71.731316] Kernel Offset: disabled [ 71.734919] Rebooting in 86400 seconds..