Warning: Permanently added '10.128.15.204' (ED25519) to the list of known hosts. 2023/10/14 05:22:01 ignoring optional flag "sandboxArg"="0" 2023/10/14 05:22:01 parsed 1 programs 2023/10/14 05:22:03 executed programs: 0 [ 45.977702][ T1434] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.242937][ T1859] loop0: detected capacity change from 0 to 1024 [ 48.254558][ T1859] hfsplus: request for non-existent node 32768 in B*Tree [ 48.262211][ T1859] hfsplus: request for non-existent node 32768 in B*Tree [ 48.270182][ T1859] ================================================================== [ 48.278713][ T1859] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x159/0x160 [ 48.286991][ T1859] Read of size 8 at addr ffff8881075c18c0 by task syz-executor.0/1859 [ 48.295119][ T1859] [ 48.298138][ T1859] CPU: 1 PID: 1859 Comm: syz-executor.0 Not tainted 5.15.135-syzkaller #0 [ 48.306709][ T1859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 48.318262][ T1859] Call Trace: [ 48.321843][ T1859] [ 48.324849][ T1859] dump_stack_lvl+0x41/0x5e [ 48.330047][ T1859] print_address_description.constprop.0.cold+0x6c/0x309 [ 48.337515][ T1859] ? hfsplus_bnode_read+0x159/0x160 [ 48.343145][ T1859] ? hfsplus_bnode_read+0x159/0x160 [ 48.348506][ T1859] kasan_report.cold+0x83/0xdf [ 48.353638][ T1859] ? hfsplus_bnode_read+0x159/0x160 [ 48.359508][ T1859] hfsplus_bnode_read+0x159/0x160 [ 48.365418][ T1859] hfsplus_bnode_dump+0x1f6/0x310 [ 48.372355][ T1859] ? hfsplus_bnode_move+0x700/0x700 [ 48.378404][ T1859] ? hfsplus_bnode_write+0x170/0x170 [ 48.384923][ T1859] ? __mark_inode_dirty+0x6a3/0x8f0 [ 48.392124][ T1859] hfsplus_brec_remove+0x322/0x430 [ 48.399365][ T1859] __hfsplus_delete_attr+0x1f1/0x340 [ 48.404952][ T1859] ? hfsplus_find_exit+0xc0/0xc0 [ 48.410138][ T1859] ? hfsplus_part_find+0xc00/0xc00 [ 48.415330][ T1859] hfsplus_delete_all_attrs+0x12d/0x330 [ 48.421217][ T1859] ? hfsplus_delete_attr+0x260/0x260 [ 48.426683][ T1859] ? rwlock_bug.part.0+0x90/0x90 [ 48.431969][ T1859] ? do_raw_spin_unlock+0x171/0x230 [ 48.437170][ T1859] ? __mark_inode_dirty+0x751/0x8f0 [ 48.442988][ T1859] hfsplus_delete_cat+0x74e/0xdd0 [ 48.449134][ T1859] ? hfsplus_create_cat+0x10a0/0x10a0 [ 48.455579][ T1859] ? mutex_trylock+0x280/0x280 [ 48.460434][ T1859] ? __lock_acquire.constprop.0+0x478/0xb30 [ 48.466426][ T1859] hfsplus_unlink+0x196/0x770 [ 48.471206][ T1859] ? hfsplus_symlink+0x260/0x260 [ 48.476124][ T1859] ? down_write+0xc8/0x130 [ 48.481056][ T1859] ? down_write_killable_nested+0x160/0x160 [ 48.487190][ T1859] vfs_unlink+0x291/0x800 [ 48.491534][ T1859] do_unlinkat+0x308/0x550 [ 48.496014][ T1859] ? __ia32_sys_rmdir+0xe0/0xe0 [ 48.500964][ T1859] ? getname_flags.part.0+0x89/0x440 [ 48.506258][ T1859] __x64_sys_unlink+0xa0/0xe0 [ 48.511270][ T1859] do_syscall_64+0x35/0x80 [ 48.515853][ T1859] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.521811][ T1859] RIP: 0033:0x7fd07b497b29 [ 48.526200][ T1859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.546002][ T1859] RSP: 002b:00007fd07b01a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 48.554407][ T1859] RAX: ffffffffffffffda RBX: 00007fd07b5b6f80 RCX: 00007fd07b497b29 [ 48.562538][ T1859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 48.571397][ T1859] RBP: 00007fd07b4e347a R08: 0000000000000000 R09: 0000000000000000 [ 48.579469][ T1859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.587657][ T1859] R13: 0000000000000006 R14: 00007fd07b5b6f80 R15: 00007fffc106ecc8 [ 48.596168][ T1859] [ 48.599298][ T1859] [ 48.601967][ T1859] Allocated by task 1859: [ 48.606370][ T1859] kasan_save_stack+0x1b/0x40 [ 48.611156][ T1859] __kasan_kmalloc+0x7c/0x90 [ 48.615829][ T1859] __hfs_bnode_create+0xec/0x9b0 [ 48.620957][ T1859] hfsplus_bnode_find+0x23d/0xa00 [ 48.625981][ T1859] hfsplus_brec_find+0x252/0x450 [ 48.630983][ T1859] hfsplus_delete_all_attrs+0x255/0x330 [ 48.636833][ T1859] hfsplus_delete_cat+0x74e/0xdd0 [ 48.642164][ T1859] hfsplus_unlink+0x196/0x770 [ 48.647094][ T1859] vfs_unlink+0x291/0x800 [ 48.652032][ T1859] do_unlinkat+0x308/0x550 [ 48.656440][ T1859] __x64_sys_unlink+0xa0/0xe0 [ 48.661383][ T1859] do_syscall_64+0x35/0x80 [ 48.665988][ T1859] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.672142][ T1859] [ 48.674454][ T1859] Last potentially related work creation: [ 48.680293][ T1859] kasan_save_stack+0x1b/0x40 [ 48.685175][ T1859] kasan_record_aux_stack+0xc5/0xf0 [ 48.690553][ T1859] insert_work+0x45/0x380 [ 48.694965][ T1859] __queue_work+0x520/0xbd0 [ 48.699967][ T1859] queue_work_on+0x52/0x70 [ 48.704385][ T1859] call_usermodehelper_exec+0x2d4/0x430 [ 48.709999][ T1859] __request_module+0x33b/0x660 [ 48.714838][ T1859] dev_load+0xa3/0xb0 [ 48.718978][ T1859] dev_ioctl+0x1e9/0xbf0 [ 48.723369][ T1859] sock_do_ioctl+0x15e/0x1c0 [ 48.728027][ T1859] sock_ioctl+0x227/0x4e0 [ 48.732530][ T1859] __x64_sys_ioctl+0x11f/0x190 [ 48.737380][ T1859] do_syscall_64+0x35/0x80 [ 48.741794][ T1859] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.747755][ T1859] [ 48.750093][ T1859] The buggy address belongs to the object at ffff8881075c1800 [ 48.750093][ T1859] which belongs to the cache kmalloc-192 of size 192 [ 48.764578][ T1859] The buggy address is located 0 bytes to the right of [ 48.764578][ T1859] 192-byte region [ffff8881075c1800, ffff8881075c18c0) [ 48.778706][ T1859] The buggy address belongs to the page: [ 48.785469][ T1859] page:ffffea00041d7040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1075c1 [ 48.796145][ T1859] flags: 0x100000000000200(slab|node=0|zone=2) [ 48.802394][ T1859] raw: 0100000000000200 ffffea00041d7200 0000000300000003 ffff888100041a00 [ 48.811303][ T1859] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 48.819861][ T1859] page dumped because: kasan: bad access detected [ 48.826601][ T1859] page_owner tracks the page as allocated [ 48.832617][ T1859] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1924632512, free_ts 0 [ 48.847919][ T1859] get_page_from_freelist+0x13ed/0x3430 [ 48.853455][ T1859] __alloc_pages+0x1b2/0x420 [ 48.858357][ T1859] alloc_page_interleave+0xf/0x160 [ 48.863729][ T1859] allocate_slab+0x2eb/0x430 [ 48.868451][ T1859] ___slab_alloc+0xb1c/0xf80 [ 48.873253][ T1859] kmem_cache_alloc_trace+0x2db/0x310 [ 48.878775][ T1859] call_usermodehelper_setup+0x74/0x2f0 [ 48.884750][ T1859] kobject_uevent_env+0xa72/0x10d0 [ 48.890300][ T1859] param_sysfs_init+0x25d/0x2b6 [ 48.895171][ T1859] do_one_initcall+0xb4/0x2e0 [ 48.900003][ T1859] kernel_init_freeable+0x519/0x571 [ 48.905287][ T1859] kernel_init+0x14/0x120 [ 48.909596][ T1859] ret_from_fork+0x1f/0x30 [ 48.913987][ T1859] page_owner free stack trace missing [ 48.919602][ T1859] [ 48.922051][ T1859] Memory state around the buggy address: [ 48.927772][ T1859] ffff8881075c1780: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.936007][ T1859] ffff8881075c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.944163][ T1859] >ffff8881075c1880: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.952650][ T1859] ^ [ 48.958964][ T1859] ffff8881075c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.967217][ T1859] ffff8881075c1980: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.975350][ T1859] ================================================================== [ 48.983398][ T1859] Disabling lock debugging due to kernel taint [ 48.989600][ T1859] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.998015][ T1859] Kernel Offset: disabled [ 49.002337][ T1859] Rebooting in 86400 seconds..