Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. 2023/12/01 09:31:13 ignoring optional flag "sandboxArg"="0" 2023/12/01 09:31:13 parsed 1 programs 2023/12/01 09:31:15 executed programs: 0 [ 53.232590][ T1432] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.095505][ T1857] loop0: detected capacity change from 0 to 64 [ 58.105395][ T1857] hfs: unable to locate alternate MDB [ 58.110992][ T1857] hfs: continuing without an alternate MDB [ 58.119799][ T1857] ================================================================== [ 58.128059][ T1857] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x1c8/0x3d0 [ 58.136047][ T1857] Write of size 256 at addr ffff88810da7ac00 by task syz-executor.0/1857 [ 58.144442][ T1857] [ 58.146749][ T1857] CPU: 0 PID: 1857 Comm: syz-executor.0 Not tainted 6.1.64-syzkaller #0 [ 58.155062][ T1857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 58.165185][ T1857] Call Trace: [ 58.168535][ T1857] [ 58.171447][ T1857] dump_stack_lvl+0xf4/0x251 [ 58.176124][ T1857] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 58.181564][ T1857] ? panic+0x3f7/0x3f7 [ 58.186015][ T1857] ? _printk+0xca/0x10a [ 58.190252][ T1857] print_report+0x15f/0x4f0 [ 58.194839][ T1857] ? hfs_bnode_read_key+0x1c8/0x3d0 [ 58.200028][ T1857] kasan_report+0x136/0x160 [ 58.204519][ T1857] ? hfs_bnode_read_key+0x1c8/0x3d0 [ 58.209967][ T1857] kasan_check_range+0x27f/0x290 [ 58.214936][ T1857] ? hfs_bnode_read_key+0x1c8/0x3d0 [ 58.220474][ T1857] memcpy+0x3c/0x60 [ 58.224262][ T1857] hfs_bnode_read_key+0x1c8/0x3d0 [ 58.229282][ T1857] hfs_brec_insert+0x65a/0xc90 [ 58.234068][ T1857] ? do_raw_spin_unlock+0x137/0x8a0 [ 58.239367][ T1857] ? hfs_brec_keylen+0x2b0/0x2b0 [ 58.244305][ T1857] ? memset+0x1f/0x40 [ 58.248275][ T1857] ? hfs_cat_build_record+0x5b/0x7c0 [ 58.253548][ T1857] hfs_cat_create+0x52a/0x8b0 [ 58.258238][ T1857] ? hfs_cat_build_key+0x160/0x160 [ 58.263337][ T1857] ? _raw_spin_unlock+0x24/0x40 [ 58.268174][ T1857] ? hfs_new_inode+0x7b8/0x9d0 [ 58.272948][ T1857] hfs_create+0x5b/0xb0 [ 58.277174][ T1857] ? hfs_lookup+0x2a0/0x2a0 [ 58.281656][ T1857] path_openat+0xf0c/0x27d0 [ 58.286316][ T1857] ? do_filp_open+0x430/0x430 [ 58.290989][ T1857] do_filp_open+0x226/0x430 [ 58.295669][ T1857] ? vfs_tmpfile+0x410/0x410 [ 58.300271][ T1857] ? _raw_spin_unlock+0x24/0x40 [ 58.305132][ T1857] ? alloc_fd+0x3dc/0x470 [ 58.310008][ T1857] do_sys_openat2+0x10b/0x420 [ 58.314905][ T1857] ? rcu_is_watching+0x1b/0x90 [ 58.319839][ T1857] ? do_sys_open+0x1c0/0x1c0 [ 58.324416][ T1857] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 58.330484][ T1857] ? xfd_validate_state+0x12/0x50 [ 58.335497][ T1857] __x64_sys_openat+0x209/0x250 [ 58.340330][ T1857] ? __ia32_sys_open+0x230/0x230 [ 58.345249][ T1857] ? switch_fpu_return+0xc9/0x130 [ 58.350423][ T1857] do_syscall_64+0x3d/0x80 [ 58.354861][ T1857] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.360789][ T1857] RIP: 0033:0x7fa59787cb29 [ 58.365235][ T1857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.385458][ T1857] RSP: 002b:00007fa59858c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 58.394519][ T1857] RAX: ffffffffffffffda RBX: 00007fa59799bf80 RCX: 00007fa59787cb29 [ 58.402659][ T1857] RDX: 0000000000141842 RSI: 0000000020000380 RDI: ffffffffffffff9c [ 58.410711][ T1857] RBP: 00007fa5978c847a R08: 0000000000000000 R09: 0000000000000000 [ 58.418679][ T1857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.426814][ T1857] R13: 0000000000000006 R14: 00007fa59799bf80 R15: 00007ffcee3495c8 [ 58.434880][ T1857] [ 58.437975][ T1857] [ 58.440366][ T1857] Allocated by task 1857: [ 58.444687][ T1857] kasan_set_track+0x4b/0x70 [ 58.449944][ T1857] __kasan_kmalloc+0x97/0xb0 [ 58.454967][ T1857] __kmalloc+0xa6/0x1c0 [ 58.459451][ T1857] hfs_find_init+0x86/0x1b0 [ 58.464107][ T1857] hfs_cat_create+0x165/0x8b0 [ 58.468891][ T1857] hfs_create+0x5b/0xb0 [ 58.473105][ T1857] path_openat+0xf0c/0x27d0 [ 58.477584][ T1857] do_filp_open+0x226/0x430 [ 58.482161][ T1857] do_sys_openat2+0x10b/0x420 [ 58.486929][ T1857] __x64_sys_openat+0x209/0x250 [ 58.492063][ T1857] do_syscall_64+0x3d/0x80 [ 58.496929][ T1857] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.503068][ T1857] [ 58.505368][ T1857] The buggy address belongs to the object at ffff88810da7ac00 [ 58.505368][ T1857] which belongs to the cache kmalloc-96 of size 96 [ 58.519926][ T1857] The buggy address is located 0 bytes inside of [ 58.519926][ T1857] 96-byte region [ffff88810da7ac00, ffff88810da7ac60) [ 58.533280][ T1857] [ 58.535784][ T1857] The buggy address belongs to the physical page: [ 58.542478][ T1857] page:ffffea0004369e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10da7a [ 58.553079][ T1857] flags: 0x100000000000200(slab|node=0|zone=2) [ 58.559227][ T1857] raw: 0100000000000200 ffffea00040e9940 dead000000000002 ffff888100041780 [ 58.567903][ T1857] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 58.577275][ T1857] page dumped because: kasan: bad access detected [ 58.583928][ T1857] page_owner tracks the page as allocated [ 58.590186][ T1857] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 2156949935, free_ts 2132111032 [ 58.608395][ T1857] post_alloc_hook+0x286/0x2b0 [ 58.613850][ T1857] get_page_from_freelist+0x398c/0x3b60 [ 58.619557][ T1857] __alloc_pages+0x251/0x640 [ 58.624144][ T1857] alloc_page_interleave+0xf/0x120 [ 58.629254][ T1857] alloc_slab_page+0x6a/0x150 [ 58.633929][ T1857] new_slab+0x70/0x250 [ 58.638077][ T1857] ___slab_alloc+0x9df/0xe70 [ 58.643006][ T1857] __kmem_cache_alloc_node+0x195/0x250 [ 58.648468][ T1857] kmalloc_trace+0x26/0xc0 [ 58.653044][ T1857] acpi_ut_evaluate_object+0xf3/0x3e0 [ 58.658413][ T1857] acpi_ut_execute_power_methods+0x129/0x230 [ 58.664382][ T1857] acpi_get_object_info+0x573/0x1160 [ 58.669737][ T1857] acpi_init_device_object+0x5cb/0x2b50 [ 58.675359][ T1857] acpi_add_single_object+0x112/0x1a90 [ 58.681076][ T1857] acpi_bus_check_add+0x2fb/0x7c0 [ 58.686342][ T1857] acpi_ns_walk_namespace+0x182/0x350 [ 58.692014][ T1857] page last free stack trace: [ 58.696683][ T1857] free_unref_page_prepare+0xd38/0xed0 [ 58.702633][ T1857] free_unref_page+0x33/0x390 [ 58.707478][ T1857] __unfreeze_partials+0x1af/0x210 [ 58.712617][ T1857] put_cpu_partial+0x150/0x1a0 [ 58.717402][ T1857] qlist_free_all+0x76/0xe0 [ 58.721889][ T1857] kasan_quarantine_remove_cache+0x163/0x180 [ 58.727878][ T1857] kmem_cache_shrink+0x9/0x20 [ 58.732536][ T1857] acpi_os_purge_cache+0x5/0x10 [ 58.737377][ T1857] acpi_purge_cached_objects+0xaf/0xc0 [ 58.743100][ T1857] acpi_initialize_objects+0xc/0x61 [ 58.748594][ T1857] acpi_bus_init+0xb8/0x89b [ 58.753253][ T1857] acpi_init+0x7d/0x1ed [ 58.757406][ T1857] do_one_initcall+0x19f/0x4c0 [ 58.762346][ T1857] do_initcall_level+0x11e/0x1cd [ 58.767747][ T1857] do_initcalls+0x46/0x74 [ 58.772077][ T1857] kernel_init_freeable+0x375/0x4e9 [ 58.777614][ T1857] [ 58.780802][ T1857] Memory state around the buggy address: [ 58.786949][ T1857] ffff88810da7ab00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 58.795438][ T1857] ffff88810da7ab80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 58.804095][ T1857] >ffff88810da7ac00: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 58.812755][ T1857] ^ [ 58.819678][ T1857] ffff88810da7ac80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 58.827886][ T1857] ffff88810da7ad00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 58.836669][ T1857] ================================================================== [ 58.845162][ T1857] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.854053][ T1857] Kernel Offset: disabled [ 58.858644][ T1857] Rebooting in 86400 seconds..