Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts. 2023/11/14 00:00:02 ignoring optional flag "sandboxArg"="0" 2023/11/14 00:00:02 parsed 1 programs 2023/11/14 00:00:02 executed programs: 0 [ 53.082764][ T1859] loop0: detected capacity change from 0 to 1024 [ 53.093227][ T1859] ================================================================== [ 53.101310][ T1859] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x724/0x1180 [ 53.109105][ T1859] Read of size 2 at addr ffff88817531c218 by task syz-executor.0/1859 [ 53.117227][ T1859] [ 53.119537][ T1859] CPU: 1 PID: 1859 Comm: syz-executor.0 Not tainted 6.1.62-syzkaller #0 [ 53.127829][ T1859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 53.137852][ T1859] Call Trace: [ 53.141141][ T1859] [ 53.144048][ T1859] dump_stack_lvl+0xf4/0x251 [ 53.148613][ T1859] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 53.154037][ T1859] ? panic+0x3f7/0x3f7 [ 53.158070][ T1859] ? _printk+0xca/0x10a [ 53.162194][ T1859] print_report+0x15f/0x4f0 [ 53.166663][ T1859] ? hfsplus_find_exit+0xa0/0xa0 [ 53.171581][ T1859] ? hfs_find_rec_by_key+0x1d0/0x1d0 [ 53.176920][ T1859] ? hfsplus_uni2asc+0x724/0x1180 [ 53.182000][ T1859] kasan_report+0x136/0x160 [ 53.186471][ T1859] ? hfsplus_uni2asc+0x724/0x1180 [ 53.191466][ T1859] hfsplus_uni2asc+0x724/0x1180 [ 53.196284][ T1859] ? memcpy+0x3c/0x60 [ 53.200233][ T1859] hfsplus_listxattr+0x693/0xc40 [ 53.205224][ T1859] ? _raw_spin_unlock+0x40/0x40 [ 53.210058][ T1859] ? hfsplus_getxattr+0xc0/0xc0 [ 53.214877][ T1859] ? __kasan_kmalloc+0x97/0xb0 [ 53.219699][ T1859] ? __kmalloc_node+0xa9/0x1c0 [ 53.224430][ T1859] ? kvmalloc_node+0x3e/0xe0 [ 53.228988][ T1859] ? listxattr+0x39/0x1f0 [ 53.233282][ T1859] ? __x64_sys_llistxattr+0x147/0x1d0 [ 53.238625][ T1859] ? rcu_is_watching+0x1b/0x90 [ 53.243530][ T1859] ? kvmalloc_node+0x3e/0xe0 [ 53.248085][ T1859] ? user_path_at_empty+0x3b/0x50 [ 53.253077][ T1859] listxattr+0x177/0x1f0 [ 53.257286][ T1859] __x64_sys_llistxattr+0x147/0x1d0 [ 53.262453][ T1859] ? __ia32_sys_listxattr+0x1e0/0x1e0 [ 53.267789][ T1859] ? switch_fpu_return+0xc9/0x130 [ 53.272811][ T1859] do_syscall_64+0x3d/0x80 [ 53.277197][ T1859] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.283055][ T1859] RIP: 0033:0x7f70bf07c959 [ 53.287436][ T1859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.307021][ T1859] RSP: 002b:00007f70bfdce0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 53.315409][ T1859] RAX: ffffffffffffffda RBX: 00007f70bf19bf80 RCX: 00007f70bf07c959 [ 53.323362][ T1859] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000 [ 53.331300][ T1859] RBP: 00007f70bf0d8c88 R08: 0000000000000000 R09: 0000000000000000 [ 53.339357][ T1859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.347312][ T1859] R13: 0000000000000006 R14: 00007f70bf19bf80 R15: 00007ffd20ca69c8 [ 53.355258][ T1859] [ 53.358344][ T1859] [ 53.360645][ T1859] Allocated by task 1859: [ 53.364939][ T1859] kasan_set_track+0x4b/0x70 [ 53.369587][ T1859] __kasan_kmalloc+0x97/0xb0 [ 53.374143][ T1859] __kmalloc+0xa6/0x1c0 [ 53.378265][ T1859] hfsplus_find_init+0x7c/0x180 [ 53.383088][ T1859] hfsplus_listxattr+0x389/0xc40 [ 53.387989][ T1859] listxattr+0x177/0x1f0 [ 53.392202][ T1859] __x64_sys_llistxattr+0x147/0x1d0 [ 53.397369][ T1859] do_syscall_64+0x3d/0x80 [ 53.401839][ T1859] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.407698][ T1859] [ 53.409994][ T1859] The buggy address belongs to the object at ffff88817531c000 [ 53.409994][ T1859] which belongs to the cache kmalloc-1k of size 1024 [ 53.424100][ T1859] The buggy address is located 536 bytes inside of [ 53.424100][ T1859] 1024-byte region [ffff88817531c000, ffff88817531c400) [ 53.437424][ T1859] [ 53.439733][ T1859] The buggy address belongs to the physical page: [ 53.446210][ T1859] page:ffffea0005d4c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x175318 [ 53.456425][ T1859] head:ffffea0005d4c600 order:3 compound_mapcount:0 compound_pincount:0 [ 53.464814][ T1859] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 53.471376][ T1859] raw: 0100000000010200 0000000000000000 dead000000000001 ffff888100041dc0 [ 53.479930][ T1859] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 53.488484][ T1859] page dumped because: kasan: bad access detected [ 53.494860][ T1859] page_owner tracks the page as allocated [ 53.500540][ T1859] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 710, tgid 710 (udevd), ts 6973234771, free_ts 5248023426 [ 53.520902][ T1859] post_alloc_hook+0x286/0x2b0 [ 53.525635][ T1859] get_page_from_freelist+0x398c/0x3b60 [ 53.531148][ T1859] __alloc_pages+0x251/0x640 [ 53.535701][ T1859] alloc_slab_page+0x6a/0x150 [ 53.540344][ T1859] new_slab+0x70/0x250 [ 53.544379][ T1859] ___slab_alloc+0x9df/0xe70 [ 53.548933][ T1859] __kmem_cache_alloc_node+0x195/0x250 [ 53.554373][ T1859] __kmalloc_node_track_caller+0x96/0x1c0 [ 53.560056][ T1859] __alloc_skb+0x179/0x710 [ 53.564444][ T1859] netlink_sendmsg+0x5c0/0xb60 [ 53.569183][ T1859] ____sys_sendmsg+0x492/0x790 [ 53.573913][ T1859] ___sys_sendmsg+0x223/0x2a0 [ 53.578564][ T1859] __se_sys_sendmsg+0x143/0x1d0 [ 53.583553][ T1859] do_syscall_64+0x3d/0x80 [ 53.587951][ T1859] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.593990][ T1859] page last free stack trace: [ 53.598633][ T1859] free_unref_page_prepare+0xd38/0xed0 [ 53.604060][ T1859] free_unref_page+0x33/0x390 [ 53.608747][ T1859] free_contig_range+0x8d/0x130 [ 53.613562][ T1859] destroy_args+0xde/0x79f [ 53.617953][ T1859] debug_vm_pgtable+0x35f/0x51d [ 53.622778][ T1859] do_one_initcall+0x19f/0x4c0 [ 53.627506][ T1859] do_initcall_level+0x11e/0x1cd [ 53.632424][ T1859] do_initcalls+0x46/0x74 [ 53.636805][ T1859] kernel_init_freeable+0x375/0x4e9 [ 53.642054][ T1859] kernel_init+0x14/0x190 [ 53.646351][ T1859] ret_from_fork+0x1f/0x30 [ 53.650763][ T1859] [ 53.653057][ T1859] Memory state around the buggy address: [ 53.658653][ T1859] ffff88817531c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.666680][ T1859] ffff88817531c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.674761][ T1859] >ffff88817531c200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.682810][ T1859] ^ [ 53.687623][ T1859] ffff88817531c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.695649][ T1859] ffff88817531c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.703673][ T1859] ================================================================== [ 53.711967][ T1859] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.719406][ T1859] Kernel Offset: disabled [ 53.723709][ T1859] Rebooting in 86400 seconds..