Warning: Permanently added '10.128.10.33' (ED25519) to the list of known hosts. 2025/03/24 01:40:24 ignoring optional flag "sandboxArg"="0" 2025/03/24 01:40:24 ignoring optional flag "type"="gce" 2025/03/24 01:40:24 parsed 1 programs 2025/03/24 01:40:27 executed programs: 0 [ 56.590223][ T1357] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.712418][ T1778] loop0: detected capacity change from 0 to 1024 [ 62.722844][ T1778] ================================================================== [ 62.731009][ T1778] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x724/0x1180 [ 62.738815][ T1778] Read of size 2 at addr ffff888108ae940c by task syz-executor.0/1778 [ 62.747317][ T1778] [ 62.749744][ T1778] CPU: 0 PID: 1778 Comm: syz-executor.0 Not tainted 6.1.131-syzkaller #0 [ 62.758149][ T1778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 62.768214][ T1778] Call Trace: [ 62.771505][ T1778] [ 62.774443][ T1778] dump_stack_lvl+0xf4/0x251 [ 62.779071][ T1778] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 62.784557][ T1778] ? panic+0x3fe/0x3fe [ 62.788658][ T1778] ? __virt_addr_valid+0x139/0x270 [ 62.793794][ T1778] ? __virt_addr_valid+0x221/0x270 [ 62.798936][ T1778] print_report+0x15f/0x4f0 [ 62.803441][ T1778] ? __virt_addr_valid+0x139/0x270 [ 62.808567][ T1778] ? __virt_addr_valid+0x221/0x270 [ 62.813685][ T1778] ? hfsplus_uni2asc+0x724/0x1180 [ 62.818704][ T1778] kasan_report+0x136/0x160 [ 62.823197][ T1778] ? hfsplus_uni2asc+0x724/0x1180 [ 62.828205][ T1778] hfsplus_uni2asc+0x724/0x1180 [ 62.833059][ T1778] ? memcpy+0x3c/0x60 [ 62.837042][ T1778] hfsplus_readdir+0x7fd/0x10d0 [ 62.841916][ T1778] ? hfsplus_rename+0x160/0x160 [ 62.846811][ T1778] ? iterate_dir+0xaa/0x500 [ 62.851392][ T1778] ? down_read_interruptible+0x1010/0x1010 [ 62.857274][ T1778] ? do_raw_spin_unlock+0x137/0x8a0 [ 62.862465][ T1778] ? common_file_perm+0x130/0x1e0 [ 62.867501][ T1778] ? fsnotify_perm+0x120/0x440 [ 62.872365][ T1778] ? hfsplus_rename+0x160/0x160 [ 62.877319][ T1778] iterate_dir+0x1fa/0x500 [ 62.881831][ T1778] __se_sys_getdents64+0x1af/0x3e0 [ 62.886958][ T1778] ? __x64_sys_getdents64+0x80/0x80 [ 62.892167][ T1778] ? filldir+0x570/0x570 [ 62.896486][ T1778] ? switch_fpu_return+0xc9/0x130 [ 62.901503][ T1778] do_syscall_64+0x3b/0x80 [ 62.905910][ T1778] ? clear_bhb_loop+0x45/0xa0 [ 62.910679][ T1778] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 62.916567][ T1778] RIP: 0033:0x7fa0cc07cce9 [ 62.920979][ T1778] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.941134][ T1778] RSP: 002b:00007fa0ccd280c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 62.950262][ T1778] RAX: ffffffffffffffda RBX: 00007fa0cc19bf80 RCX: 00007fa0cc07cce9 [ 62.958404][ T1778] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003 [ 62.966539][ T1778] RBP: 00007fa0cc0c947a R08: 0000000000000000 R09: 0000000000000000 [ 62.974699][ T1778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.983027][ T1778] R13: 0000000000000006 R14: 00007fa0cc19bf80 R15: 00007ffe858c89b8 [ 62.991001][ T1778] [ 62.994103][ T1778] [ 62.996418][ T1778] Allocated by task 1778: [ 63.000734][ T1778] kasan_set_track+0x4b/0x70 [ 63.005400][ T1778] __kasan_kmalloc+0x97/0xb0 [ 63.009990][ T1778] __kmalloc+0xa6/0x1c0 [ 63.014153][ T1778] hfsplus_find_init+0x7c/0x180 [ 63.019021][ T1778] hfsplus_readdir+0x1f4/0x10d0 [ 63.023858][ T1778] iterate_dir+0x1fa/0x500 [ 63.028255][ T1778] __se_sys_getdents64+0x1af/0x3e0 [ 63.033351][ T1778] do_syscall_64+0x3b/0x80 [ 63.037778][ T1778] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 63.043657][ T1778] [ 63.046067][ T1778] Last potentially related work creation: [ 63.051776][ T1778] kasan_save_stack+0x3b/0x60 [ 63.056489][ T1778] __kasan_record_aux_stack+0xb0/0xc0 [ 63.061882][ T1778] call_rcu+0x149/0x830 [ 63.066048][ T1778] netlink_release+0xfff/0x1520 [ 63.071068][ T1778] sock_close+0xbe/0x200 [ 63.075312][ T1778] __fput+0x1d7/0x720 [ 63.079305][ T1778] task_work_run+0x206/0x280 [ 63.083932][ T1778] exit_to_user_mode_loop+0xa9/0xc0 [ 63.089141][ T1778] exit_to_user_mode_prepare+0x64/0xb0 [ 63.094606][ T1778] syscall_exit_to_user_mode+0x27/0x1b0 [ 63.100581][ T1778] do_syscall_64+0x47/0x80 [ 63.104987][ T1778] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 63.110966][ T1778] [ 63.113284][ T1778] The buggy address belongs to the object at ffff888108ae9000 [ 63.113284][ T1778] which belongs to the cache kmalloc-2k of size 2048 [ 63.127392][ T1778] The buggy address is located 1036 bytes inside of [ 63.127392][ T1778] 2048-byte region [ffff888108ae9000, ffff888108ae9800) [ 63.140837][ T1778] [ 63.143153][ T1778] The buggy address belongs to the physical page: [ 63.149562][ T1778] page:ffffea000422ba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ae8 [ 63.159815][ T1778] head:ffffea000422ba00 order:3 compound_mapcount:0 compound_pincount:0 [ 63.168227][ T1778] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 63.174816][ T1778] raw: 0100000000010200 dead000000000100 dead000000000122 ffff888100042000 [ 63.183507][ T1778] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 63.192169][ T1778] page dumped because: kasan: bad access detected [ 63.198607][ T1778] page_owner tracks the page as allocated [ 63.204326][ T1778] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3318307228, free_ts 0 [ 63.224298][ T1778] post_alloc_hook+0x286/0x2b0 [ 63.229054][ T1778] get_page_from_freelist+0x4002/0x4210 [ 63.234748][ T1778] __alloc_pages+0x251/0x640 [ 63.239420][ T1778] alloc_page_interleave+0xf/0x120 [ 63.244655][ T1778] alloc_slab_page+0x6a/0x150 [ 63.249319][ T1778] new_slab+0x70/0x250 [ 63.253385][ T1778] ___slab_alloc+0x9df/0xe70 [ 63.257981][ T1778] __kmem_cache_alloc_node+0x195/0x250 [ 63.263424][ T1778] kmalloc_trace+0x26/0xc0 [ 63.267828][ T1778] virtio_pci_probe+0x4c/0x2a0 [ 63.272602][ T1778] pci_device_probe+0x4df/0x780 [ 63.277440][ T1778] really_probe+0x330/0xad0 [ 63.281975][ T1778] __driver_probe_device+0x138/0x340 [ 63.287328][ T1778] driver_probe_device+0x4b/0x3a0 [ 63.292375][ T1778] __driver_attach+0x271/0x5d0 [ 63.297212][ T1778] bus_for_each_dev+0x151/0x1b0 [ 63.302068][ T1778] page_owner free stack trace missing [ 63.307468][ T1778] [ 63.309783][ T1778] Memory state around the buggy address: [ 63.315517][ T1778] ffff888108ae9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.323743][ T1778] ffff888108ae9380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.331789][ T1778] >ffff888108ae9400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.339871][ T1778] ^ [ 63.344210][ T1778] ffff888108ae9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.352381][ T1778] ffff888108ae9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.360616][ T1778] ================================================================== [ 63.368968][ T1778] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 63.376528][ T1778] Kernel Offset: disabled [ 63.380865][ T1778] Rebooting in 86400 seconds..