Warning: Permanently added '10.128.1.203' (ED25519) to the list of known hosts. 2025/10/13 14:28:58 parsed 1 programs [ 71.198075][ T9] cfg80211: failed to load regulatory.db [ 72.326009][ T3460] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/10/13 14:29:05 executed programs: 0 [ 81.384316][ T4276] syz.3.16[4276]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 81.397025][ T4276] loop3: detected capacity change from 0 to 1024 [ 81.411642][ T4276] hfsplus: invalid length 256 has been corrected to 255 [ 81.421341][ T4276] ================================================================== [ 81.429422][ T4276] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x4dc/0x1270 [ 81.437225][ T4276] Read of size 2 at addr ffff8880117d5a18 by task syz.3.16/4276 [ 81.444832][ T4276] [ 81.447143][ T4276] CPU: 1 PID: 4276 Comm: syz.3.16 Not tainted syzkaller #0 [ 81.454314][ T4276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 81.464350][ T4276] Call Trace: [ 81.467603][ T4276] [ 81.470508][ T4276] dump_stack_lvl+0xe0/0x160 [ 81.475065][ T4276] ? show_regs_print_info+0x10/0x10 [ 81.480230][ T4276] ? load_image+0x550/0x550 [ 81.484701][ T4276] ? _raw_spin_lock_irqsave+0xa6/0xe0 [ 81.490040][ T4276] ? __virt_addr_valid+0x13d/0x270 [ 81.495117][ T4276] ? __virt_addr_valid+0x21e/0x270 [ 81.500189][ T4276] print_report+0xac/0x220 [ 81.504617][ T4276] ? hfsplus_uni2asc+0x4dc/0x1270 [ 81.509620][ T4276] kasan_report+0x117/0x150 [ 81.514107][ T4276] ? hfsplus_uni2asc+0x4dc/0x1270 [ 81.519113][ T4276] hfsplus_uni2asc+0x4dc/0x1270 [ 81.523932][ T4276] hfsplus_listxattr+0x51c/0x910 [ 81.528868][ T4276] ? hfsplus_getxattr+0x100/0x100 [ 81.533885][ T4276] ? kasan_set_track+0x5f/0x70 [ 81.538625][ T4276] ? do_syscall_64+0x55/0xb0 [ 81.543191][ T4276] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.549248][ T4276] ? slab_free_freelist_hook+0x130/0x1b0 [ 81.554858][ T4276] ? user_path_at_empty+0x3f/0x50 [ 81.559862][ T4276] ? kmem_cache_free+0xe7/0x250 [ 81.564705][ T4276] listxattr+0xda/0x1a0 [ 81.568843][ T4276] path_listxattr+0xc1/0x160 [ 81.573408][ T4276] ? path_getxattr+0x350/0x350 [ 81.578145][ T4276] ? switch_fpu_return+0xcf/0x140 [ 81.583144][ T4276] do_syscall_64+0x55/0xb0 [ 81.587532][ T4276] ? clear_bhb_loop+0x40/0x90 [ 81.592182][ T4276] ? clear_bhb_loop+0x40/0x90 [ 81.596823][ T4276] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.602700][ T4276] RIP: 0033:0x7fbf63d8e9a9 [ 81.607116][ T4276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.626700][ T4276] RSP: 002b:00007fbf63bff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 81.635092][ T4276] RAX: ffffffffffffffda RBX: 00007fbf63fb5fa0 RCX: 00007fbf63d8e9a9 [ 81.643048][ T4276] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 81.651024][ T4276] RBP: 00007fbf63e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 81.658971][ T4276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.666930][ T4276] R13: 0000000000000000 R14: 00007fbf63fb5fa0 R15: 00007fff991d5f78 [ 81.674887][ T4276] [ 81.677884][ T4276] [ 81.680181][ T4276] Allocated by task 4276: [ 81.684479][ T4276] kasan_set_track+0x4e/0x70 [ 81.689043][ T4276] __kasan_kmalloc+0x8f/0xa0 [ 81.693618][ T4276] __kmalloc+0xa7/0x1c0 [ 81.697769][ T4276] hfsplus_find_init+0x84/0x1a0 [ 81.702600][ T4276] hfsplus_listxattr+0x34f/0x910 [ 81.707505][ T4276] listxattr+0xda/0x1a0 [ 81.711630][ T4276] path_listxattr+0xc1/0x160 [ 81.716184][ T4276] do_syscall_64+0x55/0xb0 [ 81.720567][ T4276] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.726429][ T4276] [ 81.728728][ T4276] The buggy address belongs to the object at ffff8880117d5800 [ 81.728728][ T4276] which belongs to the cache kmalloc-1k of size 1024 [ 81.742839][ T4276] The buggy address is located 0 bytes to the right of [ 81.742839][ T4276] allocated 536-byte region [ffff8880117d5800, ffff8880117d5a18) [ 81.757296][ T4276] [ 81.759604][ T4276] The buggy address belongs to the physical page: [ 81.765981][ T4276] page:ffffea000045f400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117d0 [ 81.776094][ T4276] head:ffffea000045f400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.785004][ T4276] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 81.792951][ T4276] page_type: 0xffffffff() [ 81.797246][ T4276] raw: 00fff00000000840 ffff88800e041dc0 dead000000000100 dead000000000122 [ 81.805807][ T4276] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 81.814360][ T4276] page dumped because: kasan: bad access detected [ 81.820747][ T4276] page_owner tracks the page as allocated [ 81.826440][ T4276] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3558779171, free_ts 0 [ 81.846036][ T4276] post_alloc_hook+0x26b/0x290 [ 81.850771][ T4276] get_page_from_freelist+0x2a35/0x2b70 [ 81.856283][ T4276] __alloc_pages+0x1e3/0x430 [ 81.860839][ T4276] alloc_slab_page+0x4f/0x170 [ 81.865483][ T4276] new_slab+0x70/0x260 [ 81.869567][ T4276] ___slab_alloc+0xa3e/0xee0 [ 81.874124][ T4276] __kmem_cache_alloc_node+0x19c/0x250 [ 81.879555][ T4276] kmalloc_node_trace+0x26/0xc0 [ 81.884373][ T4276] alloc_desc+0x64/0x730 [ 81.888581][ T4276] __irq_alloc_descs+0x280/0x510 [ 81.893485][ T4276] irq_domain_alloc_irqs_locked+0x50/0xa00 [ 81.899260][ T4276] __irq_domain_alloc_irqs+0x94/0xe0 [ 81.904516][ T4276] __msi_domain_alloc_irqs+0x50c/0x10f0 [ 81.910028][ T4276] msi_domain_alloc_locked+0x3d6/0x540 [ 81.915466][ T4276] msi_domain_alloc_irqs_all_locked+0x154/0x1e0 [ 81.921671][ T4276] msix_capability_init+0x618/0xc50 [ 81.926835][ T4276] page_owner free stack trace missing [ 81.932175][ T4276] [ 81.934473][ T4276] Memory state around the buggy address: [ 81.940072][ T4276] ffff8880117d5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.948099][ T4276] ffff8880117d5980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.956127][ T4276] >ffff8880117d5a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.964156][ T4276] ^ [ 81.968974][ T4276] ffff8880117d5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.977001][ T4276] ffff8880117d5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.985047][ T4276] ================================================================== [ 81.994719][ T4276] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 82.002144][ T4276] Kernel Offset: disabled [ 82.006448][ T4276] Rebooting in 86400 seconds..