Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. 2023/10/21 04:26:41 ignoring optional flag "sandboxArg"="0" 2023/10/21 04:26:41 parsed 1 programs 2023/10/21 04:26:41 executed programs: 0 [ 50.896871][ T2540] loop0: detected capacity change from 0 to 64 [ 50.907012][ T2540] hfs: unable to locate alternate MDB [ 50.912705][ T2540] hfs: continuing without an alternate MDB [ 50.921179][ T2540] ================================================================== [ 50.929360][ T2540] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x1cc/0x3d0 [ 50.937606][ T2540] Write of size 256 at addr ffff8881032d7c80 by task syz-executor.0/2540 [ 50.946011][ T2540] [ 50.948318][ T2540] CPU: 0 PID: 2540 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller #0 [ 50.956986][ T2540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 50.967015][ T2540] Call Trace: [ 50.970292][ T2540] [ 50.973197][ T2540] dump_stack_lvl+0xf8/0x260 [ 50.977773][ T2540] ? nf_tcp_handle_invalid+0x300/0x300 [ 50.983262][ T2540] ? panic+0x410/0x410 [ 50.987299][ T2540] ? _printk+0xce/0x110 [ 50.991419][ T2540] print_report+0x163/0x540 [ 50.996154][ T2540] ? hfs_bnode_read_key+0x1cc/0x3d0 [ 51.001323][ T2540] kasan_report+0x175/0x1b0 [ 51.005814][ T2540] ? hfs_bnode_read_key+0x1cc/0x3d0 [ 51.011072][ T2540] kasan_check_range+0x27e/0x290 [ 51.016170][ T2540] ? hfs_bnode_read_key+0x1cc/0x3d0 [ 51.021409][ T2540] __asan_memcpy+0x40/0x70 [ 51.025883][ T2540] hfs_bnode_read_key+0x1cc/0x3d0 [ 51.030879][ T2540] hfs_brec_insert+0x65e/0xc90 [ 51.035615][ T2540] ? do_raw_spin_unlock+0x13b/0x8b0 [ 51.040878][ T2540] ? hfs_brec_keylen+0x2c0/0x2c0 [ 51.045957][ T2540] ? __asan_memset+0x23/0x40 [ 51.050687][ T2540] ? hfs_cat_build_record+0x5b/0x7c0 [ 51.056030][ T2540] hfs_cat_create+0x52e/0x890 [ 51.060764][ T2540] ? hfs_cat_build_key+0x160/0x160 [ 51.065846][ T2540] ? _raw_spin_unlock+0x28/0x40 [ 51.070760][ T2540] ? hfs_new_inode+0x7fc/0xa20 [ 51.075668][ T2540] hfs_create+0x5f/0xb0 [ 51.079894][ T2540] ? hfs_lookup+0x2a0/0x2a0 [ 51.084537][ T2540] path_openat+0xf17/0x2c00 [ 51.089016][ T2540] ? try_to_wake_up+0x994/0x1510 [ 51.094226][ T2540] ? do_filp_open+0x440/0x440 [ 51.099224][ T2540] do_filp_open+0x22a/0x440 [ 51.103784][ T2540] ? vfs_tmpfile+0x420/0x420 [ 51.108346][ T2540] ? _raw_spin_unlock+0x28/0x40 [ 51.113256][ T2540] ? alloc_fd+0x3dc/0x470 [ 51.117552][ T2540] do_sys_openat2+0xf6/0x170 [ 51.122205][ T2540] ? do_sys_open+0x1c0/0x1c0 [ 51.126780][ T2540] ? __rseq_handle_notify_resume+0x86d/0xe60 [ 51.133021][ T2540] ? xfd_validate_state+0x16/0x50 [ 51.138052][ T2540] __x64_sys_openat+0x20d/0x260 [ 51.142910][ T2540] ? __ia32_sys_open+0x240/0x240 [ 51.147832][ T2540] ? switch_fpu_return+0xcd/0x130 [ 51.152915][ T2540] do_syscall_64+0x41/0x90 [ 51.157312][ T2540] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.163183][ T2540] RIP: 0033:0x7faa9387c959 [ 51.167916][ T2540] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 51.187928][ T2540] RSP: 002b:00007faa945340c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 51.196546][ T2540] RAX: ffffffffffffffda RBX: 00007faa9399bf80 RCX: 00007faa9387c959 [ 51.204597][ T2540] RDX: 0000000000141842 RSI: 0000000020000380 RDI: ffffffffffffff9c [ 51.212634][ T2540] RBP: 00007faa938d8c88 R08: 0000000000000000 R09: 0000000000000000 [ 51.220580][ T2540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.228698][ T2540] R13: 0000000000000006 R14: 00007faa9399bf80 R15: 00007ffdcecd6a18 [ 51.236840][ T2540] [ 51.240399][ T2540] [ 51.242796][ T2540] Allocated by task 2540: [ 51.247115][ T2540] kasan_set_track+0x4f/0x70 [ 51.251864][ T2540] __kasan_kmalloc+0x98/0xb0 [ 51.256595][ T2540] __kmalloc+0xaa/0x1d0 [ 51.260741][ T2540] hfs_find_init+0x8a/0x1c0 [ 51.265235][ T2540] hfs_cat_create+0x169/0x890 [ 51.270010][ T2540] hfs_create+0x5f/0xb0 [ 51.274166][ T2540] path_openat+0xf17/0x2c00 [ 51.278844][ T2540] do_filp_open+0x22a/0x440 [ 51.283503][ T2540] do_sys_openat2+0xf6/0x170 [ 51.288075][ T2540] __x64_sys_openat+0x20d/0x260 [ 51.292923][ T2540] do_syscall_64+0x41/0x90 [ 51.297408][ T2540] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.303275][ T2540] [ 51.305576][ T2540] The buggy address belongs to the object at ffff8881032d7c80 [ 51.305576][ T2540] which belongs to the cache kmalloc-96 of size 96 [ 51.319862][ T2540] The buggy address is located 0 bytes inside of [ 51.319862][ T2540] allocated 78-byte region [ffff8881032d7c80, ffff8881032d7cce) [ 51.333806][ T2540] [ 51.336129][ T2540] The buggy address belongs to the physical page: [ 51.342516][ T2540] page:ffffea00040cb5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1032d7 [ 51.352807][ T2540] flags: 0x100000000000800(slab|node=0|zone=2) [ 51.358929][ T2540] page_type: 0xffffffff() [ 51.363230][ T2540] raw: 0100000000000800 ffff888100041780 ffffea00043df4c0 dead000000000002 [ 51.372221][ T2540] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 51.380952][ T2540] page dumped because: kasan: bad access detected [ 51.387335][ T2540] page_owner tracks the page as allocated [ 51.393286][ T2540] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 1396, tgid 1396 (udevd), ts 7461566484, free_ts 6277091391 [ 51.410898][ T2540] post_alloc_hook+0x26e/0x290 [ 51.415661][ T2540] get_page_from_freelist+0x3baa/0x3da0 [ 51.421441][ T2540] __alloc_pages+0x255/0x650 [ 51.426085][ T2540] alloc_slab_page+0x6a/0x160 [ 51.430762][ T2540] new_slab+0x70/0x260 [ 51.434814][ T2540] ___slab_alloc+0x942/0xed0 [ 51.439547][ T2540] __kmem_cache_alloc_node+0x1a6/0x260 [ 51.445152][ T2540] __kmalloc+0x99/0x1d0 [ 51.449278][ T2540] tomoyo_encode+0xaa/0x480 [ 51.453841][ T2540] tomoyo_realpath_from_path+0x4a6/0x4e0 [ 51.459461][ T2540] tomoyo_check_open_permission+0x249/0x950 [ 51.465331][ T2540] security_file_open+0x27/0x90 [ 51.470152][ T2540] do_dentry_open+0x2e6/0x1030 [ 51.474886][ T2540] path_openat+0x2542/0x2c00 [ 51.479453][ T2540] do_filp_open+0x22a/0x440 [ 51.484626][ T2540] do_sys_openat2+0xf6/0x170 [ 51.489191][ T2540] page last free stack trace: [ 51.493927][ T2540] free_unref_page_prepare+0x7b6/0x8d0 [ 51.499444][ T2540] free_unref_page+0x37/0x3a0 [ 51.504088][ T2540] kasan_depopulate_vmalloc_pte+0x74/0x90 [ 51.509949][ T2540] __apply_to_page_range+0x76c/0x8d0 [ 51.515204][ T2540] kasan_release_vmalloc+0x9a/0xb0 [ 51.520457][ T2540] __purge_vmap_area_lazy+0x1324/0x1550 [ 51.525990][ T2540] _vm_unmap_aliases+0x6aa/0x730 [ 51.530896][ T2540] change_page_attr_set_clr+0x209/0xce0 [ 51.536497][ T2540] set_memory_nx+0xcf/0x110 [ 51.541055][ T2540] free_initmem+0x83/0xb0 [ 51.545358][ T2540] kernel_init+0x2c/0x1a0 [ 51.549661][ T2540] ret_from_fork+0x2e/0x60 [ 51.554065][ T2540] ret_from_fork_asm+0x11/0x20 [ 51.558800][ T2540] [ 51.561099][ T2540] Memory state around the buggy address: [ 51.566699][ T2540] ffff8881032d7b80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.574932][ T2540] ffff8881032d7c00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.583148][ T2540] >ffff8881032d7c80: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 51.591185][ T2540] ^ [ 51.597758][ T2540] ffff8881032d7d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.605820][ T2540] ffff8881032d7d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.613859][ T2540] ================================================================== [ 51.622266][ T2540] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.629696][ T2540] Kernel Offset: disabled [ 51.634022][ T2540] Rebooting in 86400 seconds..