Warning: Permanently added '10.128.1.56' (ED25519) to the list of known hosts. 2024/06/11 07:06:16 ignoring optional flag "sandboxArg"="0" 2024/06/11 07:06:16 parsed 1 programs 2024/06/11 07:06:18 executed programs: 0 [ 53.200738][ T1353] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.998211][ T1774] loop0: detected capacity change from 0 to 1024 [ 58.008496][ T1774] ================================================================== [ 58.016831][ T1774] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x724/0x1180 [ 58.024536][ T1774] Read of size 2 at addr ffff88810432a40c by task syz-executor.0/1774 [ 58.032675][ T1774] [ 58.034977][ T1774] CPU: 1 PID: 1774 Comm: syz-executor.0 Not tainted 6.1.92-syzkaller #0 [ 58.043278][ T1774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 58.053414][ T1774] Call Trace: [ 58.056669][ T1774] [ 58.059658][ T1774] dump_stack_lvl+0xf4/0x251 [ 58.064220][ T1774] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 58.069648][ T1774] ? panic+0x3fe/0x3fe [ 58.074028][ T1774] ? __virt_addr_valid+0x139/0x260 [ 58.079122][ T1774] ? __virt_addr_valid+0x211/0x260 [ 58.084220][ T1774] print_report+0x15f/0x4f0 [ 58.088705][ T1774] ? __virt_addr_valid+0x139/0x260 [ 58.093803][ T1774] ? __virt_addr_valid+0x211/0x260 [ 58.098892][ T1774] ? hfsplus_uni2asc+0x724/0x1180 [ 58.103883][ T1774] kasan_report+0x136/0x160 [ 58.108369][ T1774] ? hfsplus_uni2asc+0x724/0x1180 [ 58.113362][ T1774] hfsplus_uni2asc+0x724/0x1180 [ 58.118184][ T1774] ? memcpy+0x3c/0x60 [ 58.122130][ T1774] hfsplus_readdir+0x7fd/0x10d0 [ 58.126950][ T1774] ? hfsplus_rename+0x160/0x160 [ 58.131966][ T1774] ? iterate_dir+0xaa/0x4f0 [ 58.136697][ T1774] ? down_read_interruptible+0x1010/0x1010 [ 58.142472][ T1774] ? do_raw_spin_unlock+0x137/0x8a0 [ 58.147745][ T1774] ? common_file_perm+0x130/0x1e0 [ 58.152757][ T1774] ? fsnotify_perm+0x29e/0x450 [ 58.157505][ T1774] ? hfsplus_rename+0x160/0x160 [ 58.162328][ T1774] iterate_dir+0x1fa/0x4f0 [ 58.166719][ T1774] __se_sys_getdents64+0x1af/0x3e0 [ 58.171799][ T1774] ? __x64_sys_getdents64+0x80/0x80 [ 58.177150][ T1774] ? filldir+0x570/0x570 [ 58.181533][ T1774] ? switch_fpu_return+0xc9/0x130 [ 58.186527][ T1774] do_syscall_64+0x3b/0x80 [ 58.190920][ T1774] ? clear_bhb_loop+0x45/0xa0 [ 58.195711][ T1774] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.201620][ T1774] RIP: 0033:0x7f0f55e7cce9 [ 58.206069][ T1774] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.225769][ T1774] RSP: 002b:00007f0f56bf80c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 58.234240][ T1774] RAX: ffffffffffffffda RBX: 00007f0f55f9bf80 RCX: 00007f0f55e7cce9 [ 58.242192][ T1774] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003 [ 58.250169][ T1774] RBP: 00007f0f55ec947a R08: 0000000000000000 R09: 0000000000000000 [ 58.258196][ T1774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.266169][ T1774] R13: 0000000000000006 R14: 00007f0f55f9bf80 R15: 00007ffcbbb92d78 [ 58.274112][ T1774] [ 58.277302][ T1774] [ 58.279593][ T1774] Allocated by task 1774: [ 58.283881][ T1774] kasan_set_track+0x4b/0x70 [ 58.288453][ T1774] __kasan_kmalloc+0x97/0xb0 [ 58.293024][ T1774] __kmalloc+0xa6/0x1c0 [ 58.297150][ T1774] hfsplus_find_init+0x7c/0x180 [ 58.301999][ T1774] hfsplus_readdir+0x1f4/0x10d0 [ 58.306835][ T1774] iterate_dir+0x1fa/0x4f0 [ 58.311215][ T1774] __se_sys_getdents64+0x1af/0x3e0 [ 58.316312][ T1774] do_syscall_64+0x3b/0x80 [ 58.320695][ T1774] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.326556][ T1774] [ 58.328848][ T1774] The buggy address belongs to the object at ffff88810432a000 [ 58.328848][ T1774] which belongs to the cache kmalloc-2k of size 2048 [ 58.342886][ T1774] The buggy address is located 1036 bytes inside of [ 58.342886][ T1774] 2048-byte region [ffff88810432a000, ffff88810432a800) [ 58.356329][ T1774] [ 58.358640][ T1774] The buggy address belongs to the physical page: [ 58.365025][ T1774] page:ffffea000410ca00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104328 [ 58.375239][ T1774] head:ffffea000410ca00 order:3 compound_mapcount:0 compound_pincount:0 [ 58.383537][ T1774] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 58.390092][ T1774] raw: 0100000000010200 0000000000000000 dead000000000001 ffff888100042000 [ 58.398639][ T1774] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 58.407184][ T1774] page dumped because: kasan: bad access detected [ 58.413566][ T1774] page_owner tracks the page as allocated [ 58.419244][ T1774] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/u4:0), ts 3523266313, free_ts 0 [ 58.437542][ T1774] post_alloc_hook+0x286/0x2b0 [ 58.442273][ T1774] get_page_from_freelist+0x398c/0x3b60 [ 58.447788][ T1774] __alloc_pages+0x251/0x640 [ 58.452357][ T1774] alloc_slab_page+0x59/0x150 [ 58.457015][ T1774] new_slab+0x70/0x250 [ 58.461065][ T1774] ___slab_alloc+0x9df/0xe70 [ 58.465616][ T1774] __kmem_cache_alloc_node+0x195/0x250 [ 58.471037][ T1774] __kmalloc_node+0x98/0x1c0 [ 58.475594][ T1774] blk_mq_alloc_map_and_rqs+0x202/0xa10 [ 58.481123][ T1774] blk_mq_init_sched+0x2c9/0x7b0 [ 58.486048][ T1774] elevator_init_mq+0x301/0x450 [ 58.490873][ T1774] device_add_disk+0xf2/0xe40 [ 58.495534][ T1774] sd_probe+0xa5a/0x10c0 [ 58.499777][ T1774] really_probe+0x330/0xad0 [ 58.504251][ T1774] __driver_probe_device+0x138/0x340 [ 58.509536][ T1774] driver_probe_device+0x4b/0x3a0 [ 58.514543][ T1774] page_owner free stack trace missing [ 58.519884][ T1774] [ 58.522179][ T1774] Memory state around the buggy address: [ 58.527775][ T1774] ffff88810432a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.535974][ T1774] ffff88810432a380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.544050][ T1774] >ffff88810432a400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.552081][ T1774] ^ [ 58.556426][ T1774] ffff88810432a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.564458][ T1774] ffff88810432a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.572485][ T1774] ================================================================== [ 58.580792][ T1774] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.588709][ T1774] Kernel Offset: disabled [ 58.593046][ T1774] Rebooting in 86400 seconds..