Warning: Permanently added '10.128.0.23' (ED25519) to the list of known hosts. executing program [ 38.663743][ T4028] loop0: detected capacity change from 0 to 1024 [ 38.769500][ T4028] hfsplus: request for non-existent node 65030 in B*Tree [ 38.771099][ T4028] hfsplus: request for non-existent node 65030 in B*Tree [ 38.774602][ T4028] ================================================================== [ 38.776172][ T4028] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x84/0x24c [ 38.777635][ T4028] Read of size 8 at addr ffff0000c084d4c0 by task syz-executor200/4028 [ 38.779219][ T4028] [ 38.779655][ T4028] CPU: 1 PID: 4028 Comm: syz-executor200 Not tainted 5.15.168-syzkaller #0 [ 38.781300][ T4028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 38.783235][ T4028] Call trace: [ 38.783859][ T4028] dump_backtrace+0x0/0x530 [ 38.784759][ T4028] show_stack+0x2c/0x3c [ 38.785577][ T4028] dump_stack_lvl+0x108/0x170 [ 38.786481][ T4028] print_address_description+0x7c/0x3f0 [ 38.787544][ T4028] kasan_report+0x174/0x1e4 [ 38.788405][ T4028] __asan_report_load8_noabort+0x44/0x50 [ 38.789472][ T4028] hfsplus_bnode_read+0x84/0x24c [ 38.790422][ T4028] hfsplus_bnode_dump+0x2c4/0x4cc [ 38.791388][ T4028] hfsplus_brec_remove+0x3d0/0x4a4 [ 38.792364][ T4028] __hfsplus_delete_attr+0x1e0/0x3ec [ 38.793382][ T4028] hfsplus_delete_all_attrs+0x214/0x348 [ 38.794440][ T4028] hfsplus_delete_cat+0x9a4/0xd6c [ 38.795411][ T4028] hfsplus_unlink+0x2c0/0x6a0 [ 38.796309][ T4028] hfsplus_rename+0xd0/0x1b0 [ 38.797183][ T4028] vfs_rename+0xac8/0xe04 [ 38.798045][ T4028] do_renameat2+0xa00/0x10c0 [ 38.798922][ T4028] __arm64_sys_renameat2+0xe0/0xfc [ 38.799901][ T4028] invoke_syscall+0x98/0x2b8 [ 38.800793][ T4028] el0_svc_common+0x138/0x258 [ 38.801718][ T4028] do_el0_svc+0x58/0x14c [ 38.802565][ T4028] el0_svc+0x7c/0x1f0 [ 38.803344][ T4028] el0t_64_sync_handler+0x84/0xe4 [ 38.804348][ T4028] el0t_64_sync+0x1a0/0x1a4 [ 38.805223][ T4028] [ 38.805690][ T4028] Allocated by task 4028: [ 38.806542][ T4028] ____kasan_kmalloc+0xbc/0xfc [ 38.807478][ T4028] __kasan_kmalloc+0x10/0x1c [ 38.808366][ T4028] __kmalloc+0x29c/0x4c8 [ 38.809187][ T4028] __hfs_bnode_create+0xe4/0x864 [ 38.810115][ T4028] hfsplus_bnode_find+0x200/0xcb0 [ 38.811080][ T4028] hfsplus_brec_find+0x134/0x4a0 [ 38.812025][ T4028] hfsplus_delete_all_attrs+0x1ec/0x348 [ 38.813092][ T4028] hfsplus_delete_cat+0x9a4/0xd6c [ 38.814073][ T4028] hfsplus_unlink+0x2c0/0x6a0 [ 38.814980][ T4028] hfsplus_rename+0xd0/0x1b0 [ 38.815886][ T4028] vfs_rename+0xac8/0xe04 [ 38.816727][ T4028] do_renameat2+0xa00/0x10c0 [ 38.817613][ T4028] __arm64_sys_renameat2+0xe0/0xfc [ 38.818606][ T4028] invoke_syscall+0x98/0x2b8 [ 38.819508][ T4028] el0_svc_common+0x138/0x258 [ 38.820415][ T4028] do_el0_svc+0x58/0x14c [ 38.821245][ T4028] el0_svc+0x7c/0x1f0 [ 38.822015][ T4028] el0t_64_sync_handler+0x84/0xe4 [ 38.822986][ T4028] el0t_64_sync+0x1a0/0x1a4 [ 38.823882][ T4028] [ 38.824338][ T4028] The buggy address belongs to the object at ffff0000c084d400 [ 38.824338][ T4028] which belongs to the cache kmalloc-256 of size 256 [ 38.827045][ T4028] The buggy address is located 192 bytes inside of [ 38.827045][ T4028] 256-byte region [ffff0000c084d400, ffff0000c084d500) [ 38.829639][ T4028] The buggy address belongs to the page: [ 38.830740][ T4028] page:000000008952f2b4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10084c [ 38.832753][ T4028] head:000000008952f2b4 order:1 compound_mapcount:0 [ 38.834020][ T4028] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 38.835589][ T4028] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480 [ 38.837251][ T4028] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 38.838900][ T4028] page dumped because: kasan: bad access detected [ 38.840141][ T4028] [ 38.840621][ T4028] Memory state around the buggy address: [ 38.841698][ T4028] ffff0000c084d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.843254][ T4028] ffff0000c084d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.844805][ T4028] >ffff0000c084d480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.846350][ T4028] ^ [ 38.847559][ T4028] ffff0000c084d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.849125][ T4028] ffff0000c084d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.850723][ T4028] ================================================================== [ 38.852300][ T4028] Disabling lock debugging due to kernel taint [ 38.853573][ T4028] Unable to handle kernel paging request at virtual address ffff729000007fdf [ 38.855280][ T4028] Mem abort info: [ 38.855954][ T4028] ESR = 0x0000000096000004 [ 38.856802][ T4028] EC = 0x25: DABT (current EL), IL = 32 bits [ 38.857945][ T4028] SET = 0, FnV = 0 [ 38.858655][ T4028] EA = 0, S1PTW = 0 [ 38.859386][ T4028] FSC = 0x04: level 0 translation fault [ 38.860554][ T4028] Data abort info: [ 38.861241][ T4028] ISV = 0, ISS = 0x00000004 [ 38.862096][ T4028] CM = 0, WnR = 0 [ 38.862802][ T4028] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ae2df000 [ 38.864204][ T4028] [ffff729000007fdf] pgd=0000000000000000, p4d=0000000000000000 [ 38.865656][ T4028] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 38.866987][ T4028] Modules linked in: [ 38.867749][ T4028] CPU: 1 PID: 4028 Comm: syz-executor200 Tainted: G B 5.15.168-syzkaller #0 [ 38.869723][ T4028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 38.871686][ T4028] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.873218][ T4028] pc : kasan_check_range+0x74/0x2b4 [ 38.874219][ T4028] lr : memcpy+0x90/0xe8 [ 38.875006][ T4028] sp : ffff80001f187090 [ 38.875800][ T4028] x29: ffff80001f187090 x28: 00000000000000ff x27: dfff800000000000 [ 38.877458][ T4028] x26: ffff80001f1871c0 x25: 1ffff00002890d1b x24: 0000000000000001 [ 38.879004][ T4028] x23: ffff8000170f4000 x22: ffff800008fc1bc4 x21: ffff80001f1871a0 [ 38.880605][ T4028] x20: ffff94800003feff x19: 0000000000000001 x18: 0000000000000000 [ 38.882176][ T4028] x17: 0000000000000000 x16: ffff800011abb138 x15: 00000000000000ff [ 38.883750][ T4028] x14: ffff0000d5fd1b40 x13: 0000000000ff0100 x12: 0000000000000001 [ 38.885310][ T4028] x11: 1ffff29000007fdf x10: 1ffff29000007fdf x9 : ffffffffffffffff [ 38.886868][ T4028] x8 : ffff729000007fdf x7 : 0000000000000000 x6 : 00000000000000ff [ 38.888423][ T4028] x5 : ffff80001f1871c2 x4 : ffff00016186300c x3 : ffff800008fc1bc4 [ 38.889955][ T4028] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff94800003feff [ 38.891512][ T4028] Call trace: [ 38.892151][ T4028] kasan_check_range+0x74/0x2b4 [ 38.893094][ T4028] memcpy+0x90/0xe8 [ 38.893855][ T4028] hfsplus_bnode_read+0x120/0x24c [ 38.894841][ T4028] hfsplus_bnode_dump+0x2c4/0x4cc [ 38.895834][ T4028] hfsplus_brec_remove+0x3d0/0x4a4 [ 38.896846][ T4028] __hfsplus_delete_attr+0x1e0/0x3ec [ 38.897915][ T4028] hfsplus_delete_all_attrs+0x214/0x348 [ 38.899192][ T4028] hfsplus_delete_cat+0x9a4/0xd6c [ 38.900375][ T4028] hfsplus_unlink+0x2c0/0x6a0 [ 38.901473][ T4028] hfsplus_rename+0xd0/0x1b0 [ 38.902416][ T4028] vfs_rename+0xac8/0xe04 [ 38.903254][ T4028] do_renameat2+0xa00/0x10c0 [ 38.904022][ T4028] __arm64_sys_renameat2+0xe0/0xfc [ 38.904869][ T4028] invoke_syscall+0x98/0x2b8 [ 38.905628][ T4028] el0_svc_common+0x138/0x258 [ 38.906402][ T4028] do_el0_svc+0x58/0x14c [ 38.907085][ T4028] el0_svc+0x7c/0x1f0 [ 38.907744][ T4028] el0t_64_sync_handler+0x84/0xe4 [ 38.908574][ T4028] el0t_64_sync+0x1a0/0x1a4 [ 38.909693][ T4028] Code: 5400014c b4000b8c aa2a03e9 8b0b0129 (3940010a) [ 38.911133][ T4028] ---[ end trace 523f6926f5f04144 ]--- [ 39.255703][ T4028] Kernel panic - not syncing: Oops: Fatal exception [ 39.257014][ T4028] SMP: stopping secondary CPUs [ 39.257940][ T4028] Kernel Offset: disabled [ 39.258847][ T4028] CPU features: 0x8,000081c1,21302e40 [ 39.259907][ T4028] Memory Limit: none [ 39.563011][ T4028] Rebooting in 86400 seconds..