Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts. 2024/02/25 00:08:37 ignoring optional flag "sandboxArg"="0" 2024/02/25 00:08:37 parsed 1 programs 2024/02/25 00:08:39 executed programs: 0 [ 51.852221][ T1432] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.061355][ T1858] loop0: detected capacity change from 0 to 1024 [ 54.074497][ T1858] hfsplus: request for non-existent node 32768 in B*Tree [ 54.081746][ T1858] hfsplus: request for non-existent node 32768 in B*Tree [ 54.089950][ T1858] ================================================================== [ 54.098092][ T1858] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x159/0x160 [ 54.106220][ T1858] Read of size 8 at addr ffff8881073ab3c0 by task syz-executor.0/1858 [ 54.114696][ T1858] [ 54.116995][ T1858] CPU: 0 PID: 1858 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller #0 [ 54.125474][ T1858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 54.135597][ T1858] Call Trace: [ 54.138862][ T1858] [ 54.141861][ T1858] dump_stack_lvl+0x41/0x5e [ 54.146336][ T1858] print_address_description.constprop.0.cold+0x6c/0x309 [ 54.153326][ T1858] ? hfsplus_bnode_read+0x159/0x160 [ 54.158493][ T1858] ? hfsplus_bnode_read+0x159/0x160 [ 54.163656][ T1858] kasan_report.cold+0x83/0xdf [ 54.168392][ T1858] ? hfsplus_bnode_read+0x159/0x160 [ 54.173563][ T1858] hfsplus_bnode_read+0x159/0x160 [ 54.178556][ T1858] hfsplus_bnode_dump+0x1f6/0x310 [ 54.183633][ T1858] ? hfsplus_bnode_move+0x700/0x700 [ 54.188892][ T1858] ? hfsplus_bnode_write+0x170/0x170 [ 54.194230][ T1858] ? __mark_inode_dirty+0x6a3/0x8f0 [ 54.199399][ T1858] hfsplus_brec_remove+0x322/0x430 [ 54.204572][ T1858] __hfsplus_delete_attr+0x1f1/0x340 [ 54.209822][ T1858] ? hfsplus_find_exit+0xc0/0xc0 [ 54.214820][ T1858] ? hfsplus_part_find+0xc00/0xc00 [ 54.219907][ T1858] hfsplus_delete_all_attrs+0x12d/0x330 [ 54.225455][ T1858] ? hfsplus_delete_attr+0x260/0x260 [ 54.230741][ T1858] ? rwlock_bug.part.0+0x90/0x90 [ 54.235845][ T1858] ? do_raw_spin_unlock+0x171/0x230 [ 54.241078][ T1858] ? __mark_inode_dirty+0x751/0x8f0 [ 54.246450][ T1858] hfsplus_delete_cat+0x74e/0xdd0 [ 54.251451][ T1858] ? hfsplus_create_cat+0x10a0/0x10a0 [ 54.256884][ T1858] ? mutex_trylock+0x280/0x280 [ 54.261629][ T1858] ? __lock_acquire.constprop.0+0x478/0xb30 [ 54.267741][ T1858] hfsplus_unlink+0x196/0x770 [ 54.272523][ T1858] ? hfsplus_symlink+0x260/0x260 [ 54.277431][ T1858] ? down_write+0xc8/0x130 [ 54.282341][ T1858] ? down_write_killable_nested+0x160/0x160 [ 54.288293][ T1858] vfs_unlink+0x291/0x800 [ 54.292696][ T1858] do_unlinkat+0x30f/0x550 [ 54.297080][ T1858] ? __ia32_sys_rmdir+0xe0/0xe0 [ 54.301922][ T1858] ? getname_flags.part.0+0x89/0x440 [ 54.307180][ T1858] __x64_sys_unlink+0xa0/0xe0 [ 54.311830][ T1858] do_syscall_64+0x35/0x80 [ 54.316325][ T1858] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.322323][ T1858] RIP: 0033:0x7f54ed2a0b29 [ 54.326719][ T1858] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.346479][ T1858] RSP: 002b:00007f54ece230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 54.355126][ T1858] RAX: ffffffffffffffda RBX: 00007f54ed3bff80 RCX: 00007f54ed2a0b29 [ 54.363089][ T1858] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 54.371127][ T1858] RBP: 00007f54ed2ec47a R08: 0000000000000000 R09: 0000000000000000 [ 54.379417][ T1858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.387399][ T1858] R13: 0000000000000006 R14: 00007f54ed3bff80 R15: 00007ffd59ed8078 [ 54.395350][ T1858] [ 54.398445][ T1858] [ 54.400750][ T1858] Allocated by task 1858: [ 54.405048][ T1858] kasan_save_stack+0x1b/0x40 [ 54.409764][ T1858] __kasan_kmalloc+0x7c/0x90 [ 54.414329][ T1858] __hfs_bnode_create+0xec/0x9b0 [ 54.419241][ T1858] hfsplus_bnode_find+0x23d/0xa00 [ 54.424243][ T1858] hfsplus_brec_find+0x252/0x450 [ 54.429234][ T1858] hfsplus_delete_all_attrs+0x255/0x330 [ 54.434832][ T1858] hfsplus_delete_cat+0x74e/0xdd0 [ 54.439828][ T1858] hfsplus_unlink+0x196/0x770 [ 54.444480][ T1858] vfs_unlink+0x291/0x800 [ 54.448790][ T1858] do_unlinkat+0x30f/0x550 [ 54.453537][ T1858] __x64_sys_unlink+0xa0/0xe0 [ 54.458208][ T1858] do_syscall_64+0x35/0x80 [ 54.462720][ T1858] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.468929][ T1858] [ 54.471403][ T1858] Last potentially related work creation: [ 54.477461][ T1858] kasan_save_stack+0x1b/0x40 [ 54.482152][ T1858] kasan_record_aux_stack+0xc5/0xf0 [ 54.487330][ T1858] insert_work+0x45/0x380 [ 54.491719][ T1858] __queue_work+0x520/0xbd0 [ 54.496201][ T1858] queue_work_on+0x52/0x70 [ 54.500583][ T1858] call_usermodehelper_exec+0x2d4/0x430 [ 54.506190][ T1858] __request_module+0x33b/0x660 [ 54.511065][ T1858] __sock_create+0x2ea/0x4a0 [ 54.516351][ T1858] __sys_socket+0xd6/0x1a0 [ 54.520837][ T1858] __x64_sys_socket+0x6a/0xb0 [ 54.525745][ T1858] do_syscall_64+0x35/0x80 [ 54.530322][ T1858] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.536220][ T1858] [ 54.538607][ T1858] The buggy address belongs to the object at ffff8881073ab300 [ 54.538607][ T1858] which belongs to the cache kmalloc-192 of size 192 [ 54.552844][ T1858] The buggy address is located 0 bytes to the right of [ 54.552844][ T1858] 192-byte region [ffff8881073ab300, ffff8881073ab3c0) [ 54.566636][ T1858] The buggy address belongs to the page: [ 54.572516][ T1858] page:ffffea00041ceac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1073ab [ 54.582992][ T1858] flags: 0x100000000000200(slab|node=0|zone=2) [ 54.589300][ T1858] raw: 0100000000000200 ffffea00041cec00 0000000600000006 ffff888100041a00 [ 54.597940][ T1858] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 54.606592][ T1858] page dumped because: kasan: bad access detected [ 54.613057][ T1858] page_owner tracks the page as allocated [ 54.618754][ T1858] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1617697694, free_ts 0 [ 54.633763][ T1858] get_page_from_freelist+0x13ed/0x3430 [ 54.639291][ T1858] __alloc_pages+0x1b2/0x420 [ 54.643846][ T1858] alloc_page_interleave+0xf/0x160 [ 54.649106][ T1858] allocate_slab+0x2eb/0x430 [ 54.653673][ T1858] ___slab_alloc+0xb1c/0xf80 [ 54.658664][ T1858] kmem_cache_alloc_trace+0x2db/0x310 [ 54.664004][ T1858] call_usermodehelper_setup+0x74/0x2f0 [ 54.669603][ T1858] kobject_uevent_env+0xa72/0x10d0 [ 54.674679][ T1858] param_sysfs_init+0x25d/0x2b6 [ 54.679499][ T1858] do_one_initcall+0xb4/0x2e0 [ 54.684228][ T1858] kernel_init_freeable+0x519/0x571 [ 54.689394][ T1858] kernel_init+0x14/0x120 [ 54.693953][ T1858] ret_from_fork+0x1f/0x30 [ 54.698897][ T1858] page_owner free stack trace missing [ 54.704251][ T1858] [ 54.706557][ T1858] Memory state around the buggy address: [ 54.712176][ T1858] ffff8881073ab280: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.720394][ T1858] ffff8881073ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.728516][ T1858] >ffff8881073ab380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.736647][ T1858] ^ [ 54.742778][ T1858] ffff8881073ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.750981][ T1858] ffff8881073ab480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.759006][ T1858] ================================================================== [ 54.767232][ T1858] Disabling lock debugging due to kernel taint [ 54.773572][ T1858] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.780947][ T1858] Kernel Offset: disabled [ 54.785275][ T1858] Rebooting in 86400 seconds..