Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts. 2024/09/06 09:47:49 ignoring optional flag "sandboxArg"="0" 2024/09/06 09:47:49 parsed 1 programs 2024/09/06 09:47:51 executed programs: 0 [ 61.387146][ T1352] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.523194][ T1773] loop0: detected capacity change from 0 to 1024 [ 63.533938][ T1773] hfsplus: request for non-existent node 768 in B*Tree [ 63.540958][ T1773] hfsplus: request for non-existent node 768 in B*Tree [ 63.548434][ T1773] ================================================================== [ 63.556669][ T1773] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x159/0x160 [ 63.564540][ T1773] Read of size 8 at addr ffff888106ff47c0 by task syz-executor.0/1773 [ 63.572946][ T1773] [ 63.575404][ T1773] CPU: 1 PID: 1773 Comm: syz-executor.0 Not tainted 5.15.166-syzkaller #0 [ 63.584082][ T1773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 63.594137][ T1773] Call Trace: [ 63.597411][ T1773] [ 63.600447][ T1773] dump_stack_lvl+0x41/0x5e [ 63.605044][ T1773] print_address_description.constprop.0.cold+0x6c/0x309 [ 63.612172][ T1773] ? hfsplus_bnode_read+0x159/0x160 [ 63.617743][ T1773] ? hfsplus_bnode_read+0x159/0x160 [ 63.623157][ T1773] kasan_report.cold+0x83/0xdf [ 63.628062][ T1773] ? hfsplus_bnode_read+0x159/0x160 [ 63.633247][ T1773] hfsplus_bnode_read+0x159/0x160 [ 63.638402][ T1773] hfsplus_bnode_dump+0x1f6/0x310 [ 63.643410][ T1773] ? hfsplus_bnode_move+0x700/0x700 [ 63.648584][ T1773] ? hfsplus_bnode_write+0x170/0x170 [ 63.653846][ T1773] ? __mark_inode_dirty+0x6a3/0x8f0 [ 63.659213][ T1773] hfsplus_brec_remove+0x322/0x430 [ 63.664315][ T1773] __hfsplus_delete_attr+0x1f1/0x340 [ 63.669577][ T1773] ? hfsplus_find_exit+0xc0/0xc0 [ 63.674945][ T1773] ? hfsplus_part_find+0xc00/0xc00 [ 63.680214][ T1773] hfsplus_delete_all_attrs+0x12d/0x330 [ 63.686313][ T1773] ? hfsplus_delete_attr+0x260/0x260 [ 63.692154][ T1773] ? __mark_inode_dirty+0x6a3/0x8f0 [ 63.697518][ T1773] hfsplus_delete_cat+0x74e/0xdd0 [ 63.702726][ T1773] ? hfsplus_create_cat+0x10a0/0x10a0 [ 63.708079][ T1773] ? mutex_trylock+0x280/0x280 [ 63.713046][ T1773] ? is_dynamic_key+0x150/0x150 [ 63.717909][ T1773] hfsplus_unlink+0x196/0x770 [ 63.723166][ T1773] ? hfsplus_symlink+0x260/0x260 [ 63.728081][ T1773] ? lock_acquire+0x11a/0x230 [ 63.732752][ T1773] ? vfs_rename+0x64b/0x1140 [ 63.737317][ T1773] ? down_write_nested+0xc6/0x140 [ 63.742628][ T1773] hfsplus_rename+0x12c/0x190 [ 63.747454][ T1773] vfs_rename+0xa8b/0x1140 [ 63.751850][ T1773] ? vfs_unlink+0x800/0x800 [ 63.756443][ T1773] ? tomoyo_sb_pivotroot+0x10/0x10 [ 63.761540][ T1773] ? security_path_rename+0xeb/0x270 [ 63.767001][ T1773] do_renameat2+0x87b/0xa20 [ 63.771677][ T1773] ? __ia32_sys_link+0x90/0x90 [ 63.776440][ T1773] ? __virt_addr_valid+0xf1/0x270 [ 63.781629][ T1773] ? __check_object_size+0x98/0x230 [ 63.786979][ T1773] ? getname_flags.part.0+0x89/0x440 [ 63.792805][ T1773] __x64_sys_rename+0x78/0x90 [ 63.797659][ T1773] do_syscall_64+0x33/0x80 [ 63.802503][ T1773] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.808375][ T1773] RIP: 0033:0x7f75db704da9 [ 63.812889][ T1773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 63.832934][ T1773] RSP: 002b:00007f75db2860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 63.841418][ T1773] RAX: ffffffffffffffda RBX: 00007f75db832f80 RCX: 00007f75db704da9 [ 63.849797][ T1773] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000080 [ 63.857842][ T1773] RBP: 00007f75db75147a R08: 0000000000000000 R09: 0000000000000000 [ 63.866239][ T1773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.874771][ T1773] R13: 0000000000000006 R14: 00007f75db832f80 R15: 00007ffcc9b53058 [ 63.883300][ T1773] [ 63.886445][ T1773] [ 63.888831][ T1773] Allocated by task 1773: [ 63.893141][ T1773] kasan_save_stack+0x1b/0x40 [ 63.897884][ T1773] __kasan_kmalloc+0x7c/0x90 [ 63.902544][ T1773] __hfs_bnode_create+0xec/0x9b0 [ 63.907649][ T1773] hfsplus_bnode_find+0x23d/0xa00 [ 63.913284][ T1773] hfsplus_brec_find+0x252/0x450 [ 63.918514][ T1773] hfsplus_delete_all_attrs+0x255/0x330 [ 63.924231][ T1773] hfsplus_delete_cat+0x74e/0xdd0 [ 63.929260][ T1773] hfsplus_unlink+0x196/0x770 [ 63.933935][ T1773] hfsplus_rename+0x12c/0x190 [ 63.938578][ T1773] vfs_rename+0xa8b/0x1140 [ 63.943170][ T1773] do_renameat2+0x87b/0xa20 [ 63.947679][ T1773] __x64_sys_rename+0x78/0x90 [ 63.952521][ T1773] do_syscall_64+0x33/0x80 [ 63.957037][ T1773] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.962994][ T1773] [ 63.965380][ T1773] The buggy address belongs to the object at ffff888106ff4700 [ 63.965380][ T1773] which belongs to the cache kmalloc-192 of size 192 [ 63.979743][ T1773] The buggy address is located 0 bytes to the right of [ 63.979743][ T1773] 192-byte region [ffff888106ff4700, ffff888106ff47c0) [ 63.993755][ T1773] The buggy address belongs to the page: [ 63.999687][ T1773] page:ffffea00041bfd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106ff4100 pfn:0x106ff4 [ 64.011426][ T1773] flags: 0x100000000000200(slab|node=0|zone=2) [ 64.017570][ T1773] raw: 0100000000000200 ffffea000400bf00 0000000a0000000a ffff888100041a00 [ 64.026419][ T1773] raw: ffff888106ff4100 000000008010000b 00000001ffffffff 0000000000000000 [ 64.035241][ T1773] page dumped because: kasan: bad access detected [ 64.041734][ T1773] page_owner tracks the page as allocated [ 64.047525][ T1773] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1786040599, free_ts 0 [ 64.062688][ T1773] get_page_from_freelist+0x13ed/0x3430 [ 64.068302][ T1773] __alloc_pages+0x1b2/0x420 [ 64.073149][ T1773] alloc_page_interleave+0xf/0x160 [ 64.078326][ T1773] allocate_slab+0x2eb/0x430 [ 64.082939][ T1773] ___slab_alloc+0xb1c/0xf80 [ 64.087696][ T1773] __kmalloc_track_caller+0x2dc/0x2f0 [ 64.093131][ T1773] krealloc+0x7e/0xd0 [ 64.097177][ T1773] add_sysfs_param+0xaf/0x8d0 [ 64.101830][ T1773] param_sysfs_init+0x220/0x2b6 [ 64.107097][ T1773] do_one_initcall+0xb4/0x2e0 [ 64.112140][ T1773] kernel_init_freeable+0x519/0x571 [ 64.118128][ T1773] kernel_init+0x14/0x120 [ 64.122538][ T1773] ret_from_fork+0x1f/0x30 [ 64.127051][ T1773] page_owner free stack trace missing [ 64.132565][ T1773] [ 64.134866][ T1773] Memory state around the buggy address: [ 64.140592][ T1773] ffff888106ff4680: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 64.148642][ T1773] ffff888106ff4700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.157027][ T1773] >ffff888106ff4780: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.165328][ T1773] ^ [ 64.171731][ T1773] ffff888106ff4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.179859][ T1773] ffff888106ff4880: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.187988][ T1773] ================================================================== [ 64.196232][ T1773] Disabling lock debugging due to kernel taint [ 64.202679][ T1773] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 64.210253][ T1773] Kernel Offset: disabled [ 64.214950][ T1773] Rebooting in 86400 seconds..