Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. 2023/11/16 03:01:08 ignoring optional flag "sandboxArg"="0" 2023/11/16 03:01:08 parsed 1 programs 2023/11/16 03:01:10 executed programs: 0 [ 47.105681][ T1434] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.343356][ T1859] loop0: detected capacity change from 0 to 1024 [ 49.353909][ T1859] hfsplus: request for non-existent node 32768 in B*Tree [ 49.361329][ T1859] hfsplus: request for non-existent node 32768 in B*Tree [ 49.369423][ T1859] ================================================================== [ 49.377676][ T1859] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x159/0x160 [ 49.385643][ T1859] Read of size 8 at addr ffff8881045dddc0 by task syz-executor.0/1859 [ 49.393957][ T1859] [ 49.396268][ T1859] CPU: 0 PID: 1859 Comm: syz-executor.0 Not tainted 5.15.138-syzkaller #0 [ 49.404832][ T1859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 49.415394][ T1859] Call Trace: [ 49.418672][ T1859] [ 49.421577][ T1859] dump_stack_lvl+0x41/0x5e [ 49.426060][ T1859] print_address_description.constprop.0.cold+0x6c/0x309 [ 49.433183][ T1859] ? hfsplus_bnode_read+0x159/0x160 [ 49.438353][ T1859] ? hfsplus_bnode_read+0x159/0x160 [ 49.443607][ T1859] kasan_report.cold+0x83/0xdf [ 49.448432][ T1859] ? hfsplus_bnode_read+0x159/0x160 [ 49.453637][ T1859] hfsplus_bnode_read+0x159/0x160 [ 49.458938][ T1859] hfsplus_bnode_dump+0x1f6/0x310 [ 49.464164][ T1859] ? hfsplus_bnode_move+0x700/0x700 [ 49.469355][ T1859] ? hfsplus_bnode_write+0x170/0x170 [ 49.474792][ T1859] ? __mark_inode_dirty+0x6a3/0x8f0 [ 49.479977][ T1859] hfsplus_brec_remove+0x322/0x430 [ 49.485151][ T1859] __hfsplus_delete_attr+0x1f1/0x340 [ 49.490508][ T1859] ? hfsplus_find_exit+0xc0/0xc0 [ 49.495837][ T1859] ? hfsplus_part_find+0xc00/0xc00 [ 49.501000][ T1859] hfsplus_delete_all_attrs+0x12d/0x330 [ 49.506518][ T1859] ? hfsplus_delete_attr+0x260/0x260 [ 49.511899][ T1859] ? rwlock_bug.part.0+0x90/0x90 [ 49.516826][ T1859] ? do_raw_spin_unlock+0x171/0x230 [ 49.522019][ T1859] ? __mark_inode_dirty+0x751/0x8f0 [ 49.527200][ T1859] hfsplus_delete_cat+0x74e/0xdd0 [ 49.532203][ T1859] ? hfsplus_create_cat+0x10a0/0x10a0 [ 49.537644][ T1859] ? mutex_trylock+0x280/0x280 [ 49.542379][ T1859] hfsplus_unlink+0x196/0x770 [ 49.547502][ T1859] ? hfsplus_symlink+0x260/0x260 [ 49.552966][ T1859] ? down_write+0xc8/0x130 [ 49.557625][ T1859] ? down_write_killable_nested+0x160/0x160 [ 49.563866][ T1859] vfs_unlink+0x291/0x800 [ 49.568178][ T1859] do_unlinkat+0x308/0x550 [ 49.572579][ T1859] ? __ia32_sys_rmdir+0xe0/0xe0 [ 49.577412][ T1859] ? getname_flags.part.0+0x89/0x440 [ 49.582692][ T1859] __x64_sys_unlink+0xa0/0xe0 [ 49.587430][ T1859] do_syscall_64+0x35/0x80 [ 49.591845][ T1859] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.598121][ T1859] RIP: 0033:0x7f3468b6ab29 [ 49.602645][ T1859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 49.622903][ T1859] RSP: 002b:00007f34686ed0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 49.631416][ T1859] RAX: ffffffffffffffda RBX: 00007f3468c89f80 RCX: 00007f3468b6ab29 [ 49.639467][ T1859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 49.647422][ T1859] RBP: 00007f3468bb647a R08: 0000000000000000 R09: 0000000000000000 [ 49.655643][ T1859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.663616][ T1859] R13: 0000000000000006 R14: 00007f3468c89f80 R15: 00007ffc16766298 [ 49.672014][ T1859] [ 49.675121][ T1859] [ 49.677446][ T1859] Allocated by task 1859: [ 49.681756][ T1859] kasan_save_stack+0x1b/0x40 [ 49.686441][ T1859] __kasan_kmalloc+0x7c/0x90 [ 49.691003][ T1859] __hfs_bnode_create+0xec/0x9b0 [ 49.696026][ T1859] hfsplus_bnode_find+0x23d/0xa00 [ 49.701149][ T1859] hfsplus_brec_find+0x252/0x450 [ 49.706087][ T1859] hfsplus_delete_all_attrs+0x255/0x330 [ 49.711623][ T1859] hfsplus_delete_cat+0x74e/0xdd0 [ 49.716622][ T1859] hfsplus_unlink+0x196/0x770 [ 49.721272][ T1859] vfs_unlink+0x291/0x800 [ 49.728593][ T1859] do_unlinkat+0x308/0x550 [ 49.732981][ T1859] __x64_sys_unlink+0xa0/0xe0 [ 49.737738][ T1859] do_syscall_64+0x35/0x80 [ 49.742256][ T1859] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.748216][ T1859] [ 49.750604][ T1859] The buggy address belongs to the object at ffff8881045ddd00 [ 49.750604][ T1859] which belongs to the cache kmalloc-192 of size 192 [ 49.764832][ T1859] The buggy address is located 0 bytes to the right of [ 49.764832][ T1859] 192-byte region [ffff8881045ddd00, ffff8881045dddc0) [ 49.778514][ T1859] The buggy address belongs to the page: [ 49.784208][ T1859] page:ffffea0004117740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045dd [ 49.794504][ T1859] flags: 0x100000000000200(slab|node=0|zone=2) [ 49.800638][ T1859] raw: 0100000000000200 dead000000000100 dead000000000122 ffff888100041a00 [ 49.809290][ T1859] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 49.818045][ T1859] page dumped because: kasan: bad access detected [ 49.824528][ T1859] page_owner tracks the page as allocated [ 49.830334][ T1859] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2083775979, free_ts 0 [ 49.845228][ T1859] get_page_from_freelist+0x13ed/0x3430 [ 49.850889][ T1859] __alloc_pages+0x1b2/0x420 [ 49.855544][ T1859] alloc_page_interleave+0xf/0x160 [ 49.860721][ T1859] allocate_slab+0x2eb/0x430 [ 49.865550][ T1859] ___slab_alloc+0xb1c/0xf80 [ 49.870409][ T1859] kmem_cache_alloc_trace+0x2db/0x310 [ 49.875763][ T1859] kset_create_and_add+0x44/0x170 [ 49.880930][ T1859] bus_register+0x308/0xaf0 [ 49.885524][ T1859] iio_init+0xe/0x7c [ 49.889401][ T1859] do_one_initcall+0xb4/0x2e0 [ 49.894059][ T1859] kernel_init_freeable+0x519/0x571 [ 49.899665][ T1859] kernel_init+0x14/0x120 [ 49.903971][ T1859] ret_from_fork+0x1f/0x30 [ 49.908370][ T1859] page_owner free stack trace missing [ 49.914054][ T1859] [ 49.916370][ T1859] Memory state around the buggy address: [ 49.921965][ T1859] ffff8881045ddc80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.930206][ T1859] ffff8881045ddd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.938319][ T1859] >ffff8881045ddd80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.946345][ T1859] ^ [ 49.953809][ T1859] ffff8881045dde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.961945][ T1859] ffff8881045dde80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.970153][ T1859] ================================================================== [ 49.978207][ T1859] Disabling lock debugging due to kernel taint [ 49.984428][ T1859] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 49.991810][ T1859] Kernel Offset: disabled [ 49.996110][ T1859] Rebooting in 86400 seconds..