Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. executing program [ 39.061846] hfsplus: request for non-existent node 393216 in B*Tree [ 39.068504] hfsplus: request for non-existent node 393216 in B*Tree [ 39.077841] ================================================================== [ 39.085462] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x19b/0x1b0 [ 39.092660] Read of size 8 at addr ffff8880b4b837b8 by task syz-executor263/8094 [ 39.101193] [ 39.102841] CPU: 0 PID: 8094 Comm: syz-executor263 Not tainted 4.19.211-syzkaller #0 [ 39.110716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 39.120059] Call Trace: [ 39.122638] dump_stack+0x1fc/0x2ef [ 39.126251] print_address_description.cold+0x54/0x219 [ 39.131620] kasan_report_error.cold+0x8a/0x1b9 [ 39.136274] ? hfsplus_bnode_read+0x19b/0x1b0 [ 39.140751] __asan_report_load8_noabort+0x88/0x90 [ 39.146442] ? hfsplus_bnode_read+0x19b/0x1b0 [ 39.151010] hfsplus_bnode_read+0x19b/0x1b0 [ 39.155447] hfsplus_bnode_dump+0x2c2/0x3a0 [ 39.159755] ? hfsplus_bnode_move+0xa40/0xa40 [ 39.164232] ? hfsplus_bnode_write_u16+0x80/0xb0 [ 39.169057] ? msi_domain_alloc_irqs+0x430/0xd20 [ 39.173793] ? hfsplus_bnode_move+0x26/0xa40 [ 39.178183] ? __mark_inode_dirty+0x23f/0x1140 [ 39.182835] hfsplus_brec_remove+0x3d7/0x4e0 [ 39.187227] __hfsplus_delete_attr+0x217/0x370 [ 39.191787] ? hfsplus_find_exit+0xc0/0xc0 [ 39.196004] ? hfsplus_part_find+0xbd0/0xbd0 [ 39.200392] ? hfsplus_find_init+0x91/0x220 [ 39.204695] hfsplus_delete_all_attrs+0x149/0x3f0 [ 39.209521] ? hfsplus_delete_attr+0x2c0/0x2c0 [ 39.214084] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.219082] ? __mark_inode_dirty+0xcf0/0x1140 [ 39.223680] hfsplus_delete_cat+0x824/0xe30 [ 39.228014] ? hfsplus_create_cat+0x1210/0x1210 [ 39.232697] ? mark_held_locks+0xf0/0xf0 [ 39.236771] ? common_perm+0x4be/0x800 [ 39.240662] hfsplus_unlink+0x1d2/0x820 [ 39.245236] ? hfsplus_symlink+0x2e0/0x2e0 [ 39.249471] ? lock_acquire+0x170/0x3c0 [ 39.253438] ? vfs_unlink+0xca/0x4e0 [ 39.257228] vfs_unlink+0x27d/0x4e0 [ 39.261517] do_unlinkat+0x3b8/0x660 [ 39.265218] ? __ia32_sys_rmdir+0x40/0x40 [ 39.269364] ? strncpy_from_user+0x2a2/0x350 [ 39.273781] ? getname_flags+0x25b/0x590 [ 39.277847] do_syscall_64+0xf9/0x620 [ 39.281647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.286868] RIP: 0033:0x7f7b69230829 [ 39.290580] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.309643] RSP: 002b:00007ffceb28df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 39.317563] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7b69230829 [ 39.324819] RDX: 00007f7b691eeea3 RSI: 0000000000000000 RDI: 0000000020000000 [ 39.332069] RBP: 00007f7b691f00c0 R08: 00000000000005f2 R09: 0000000000000000 [ 39.339401] R10: 00007ffceb28ddf0 R11: 0000000000000246 R12: 00007f7b691f0150 [ 39.346736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 39.353990] [ 39.355685] Allocated by task 8094: [ 39.359294] __kmalloc+0x15a/0x3c0 [ 39.362815] __hfs_bnode_create+0x105/0xb60 [ 39.367123] hfsplus_bnode_find+0x2aa/0xb80 [ 39.371419] hfsplus_brec_find+0x2af/0x500 [ 39.375632] hfsplus_delete_all_attrs+0x2dd/0x3f0 [ 39.380575] hfsplus_delete_cat+0x824/0xe30 [ 39.384904] hfsplus_unlink+0x1d2/0x820 [ 39.388867] vfs_unlink+0x27d/0x4e0 [ 39.392500] do_unlinkat+0x3b8/0x660 [ 39.396224] do_syscall_64+0xf9/0x620 [ 39.400336] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.405652] [ 39.407469] Freed by task 1: [ 39.410625] kfree+0xcc/0x210 [ 39.413737] ___sys_sendmsg+0x4ba/0x8e0 [ 39.417791] __x64_sys_sendmsg+0x132/0x220 [ 39.422274] do_syscall_64+0xf9/0x620 [ 39.426100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.431502] [ 39.433218] The buggy address belongs to the object at ffff8880b4b83700 [ 39.433218] which belongs to the cache kmalloc-192 of size 192 [ 39.447838] The buggy address is located 184 bytes inside of [ 39.447838] 192-byte region [ffff8880b4b83700, ffff8880b4b837c0) [ 39.460803] The buggy address belongs to the page: [ 39.465939] page:ffffea0002d2e0c0 count:1 mapcount:0 mapping:ffff88813bff0040 index:0xffff8880b4b83600 [ 39.475472] flags: 0xfff00000000100(slab) [ 39.479857] raw: 00fff00000000100 ffffea0002925ec8 ffffea0002d1b108 ffff88813bff0040 [ 39.487737] raw: ffff8880b4b83600 ffff8880b4b83000 0000000100000006 0000000000000000 [ 39.495730] page dumped because: kasan: bad access detected [ 39.501537] [ 39.503151] Memory state around the buggy address: [ 39.508072] ffff8880b4b83680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.515726] ffff8880b4b83700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.523081] >ffff8880b4b83780: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.530737] ^ [ 39.535909] ffff8880b4b83800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.543476] ffff8880b4b83880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.550955] ================================================================== [ 39.558400] Disabling lock debugging due to kernel taint [ 39.566993] Kernel panic - not syncing: panic_on_warn set ... [ 39.566993] [ 39.574457] CPU: 1 PID: 8094 Comm: syz-executor263 Tainted: G B 4.19.211-syzkaller #0 [ 39.583728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 39.593086] Call Trace: [ 39.595681] dump_stack+0x1fc/0x2ef [ 39.599317] panic+0x26a/0x50e [ 39.602515] ? __warn_printk+0xf3/0xf3 [ 39.606396] ? preempt_schedule_common+0x45/0xc0 [ 39.611155] ? ___preempt_schedule+0x16/0x18 [ 39.615633] ? trace_hardirqs_on+0x55/0x210 [ 39.619942] kasan_end_report+0x43/0x49 [ 39.623897] kasan_report_error.cold+0xa7/0x1b9 [ 39.628544] ? hfsplus_bnode_read+0x19b/0x1b0 [ 39.633019] __asan_report_load8_noabort+0x88/0x90 [ 39.637942] ? hfsplus_bnode_read+0x19b/0x1b0 [ 39.642518] hfsplus_bnode_read+0x19b/0x1b0 [ 39.646818] hfsplus_bnode_dump+0x2c2/0x3a0 [ 39.651122] ? hfsplus_bnode_move+0xa40/0xa40 [ 39.655607] ? hfsplus_bnode_write_u16+0x80/0xb0 [ 39.660362] ? msi_domain_alloc_irqs+0x430/0xd20 [ 39.665117] ? hfsplus_bnode_move+0x26/0xa40 [ 39.669521] ? __mark_inode_dirty+0x23f/0x1140 [ 39.674093] hfsplus_brec_remove+0x3d7/0x4e0 [ 39.678504] __hfsplus_delete_attr+0x217/0x370 [ 39.683084] ? hfsplus_find_exit+0xc0/0xc0 [ 39.687360] ? hfsplus_part_find+0xbd0/0xbd0 [ 39.691778] ? hfsplus_find_init+0x91/0x220 [ 39.696100] hfsplus_delete_all_attrs+0x149/0x3f0 [ 39.701000] ? hfsplus_delete_attr+0x2c0/0x2c0 [ 39.705586] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.710894] ? __mark_inode_dirty+0xcf0/0x1140 [ 39.715561] hfsplus_delete_cat+0x824/0xe30 [ 39.719883] ? hfsplus_create_cat+0x1210/0x1210 [ 39.725969] ? mark_held_locks+0xf0/0xf0 [ 39.730297] ? common_perm+0x4be/0x800 [ 39.734167] hfsplus_unlink+0x1d2/0x820 [ 39.738311] ? hfsplus_symlink+0x2e0/0x2e0 [ 39.743890] ? lock_acquire+0x170/0x3c0 [ 39.748172] ? vfs_unlink+0xca/0x4e0 [ 39.751889] vfs_unlink+0x27d/0x4e0 [ 39.755587] do_unlinkat+0x3b8/0x660 [ 39.759405] ? __ia32_sys_rmdir+0x40/0x40 [ 39.763585] ? strncpy_from_user+0x2a2/0x350 [ 39.767982] ? getname_flags+0x25b/0x590 [ 39.772027] do_syscall_64+0xf9/0x620 [ 39.775835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.781034] RIP: 0033:0x7f7b69230829 [ 39.785602] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.806083] RSP: 002b:00007ffceb28df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 39.815003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7b69230829 [ 39.822971] RDX: 00007f7b691eeea3 RSI: 0000000000000000 RDI: 0000000020000000 [ 39.832870] RBP: 00007f7b691f00c0 R08: 00000000000005f2 R09: 0000000000000000 [ 39.841060] R10: 00007ffceb28ddf0 R11: 0000000000000246 R12: 00007f7b691f0150 [ 39.848874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 39.856420] Kernel Offset: disabled [ 39.860203] Rebooting in 86400 seconds..