Warning: Permanently added '10.128.1.9' (ED25519) to the list of known hosts. 2023/12/21 21:29:05 ignoring optional flag "sandboxArg"="0" 2023/12/21 21:29:05 parsed 1 programs 2023/12/21 21:29:05 executed programs: 0 [ 50.320376][ T2551] loop0: detected capacity change from 0 to 1024 [ 50.330729][ T2551] hfsplus: request for non-existent node 393216 in B*Tree [ 50.338114][ T2551] hfsplus: request for non-existent node 393216 in B*Tree [ 50.345664][ T2551] ================================================================== [ 50.353921][ T2551] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xa4/0x190 [ 50.361909][ T2551] Read of size 8 at addr ffff88817ce92ac0 by task syz-executor.0/2551 [ 50.370233][ T2551] [ 50.372546][ T2551] CPU: 1 PID: 2551 Comm: syz-executor.0 Not tainted 6.7.0-rc6-syzkaller #0 [ 50.381284][ T2551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 50.392814][ T2551] Call Trace: [ 50.396261][ T2551] [ 50.399182][ T2551] dump_stack_lvl+0xf8/0x260 [ 50.403778][ T2551] ? folio_memcg_lock+0x1c/0x140 [ 50.408921][ T2551] ? nf_tcp_handle_invalid+0x300/0x300 [ 50.414645][ T2551] ? panic+0x500/0x500 [ 50.418885][ T2551] ? _printk+0xce/0x110 [ 50.423264][ T2551] print_report+0x163/0x540 [ 50.427923][ T2551] ? sysvec_call_function_single+0x9c/0xb0 [ 50.433745][ T2551] ? hfsplus_bnode_read+0xa4/0x190 [ 50.438941][ T2551] kasan_report+0x142/0x170 [ 50.443460][ T2551] ? hfsplus_bnode_read+0xa4/0x190 [ 50.448584][ T2551] hfsplus_bnode_read+0xa4/0x190 [ 50.453768][ T2551] hfsplus_bnode_dump+0x349/0x690 [ 50.458964][ T2551] ? block_dirty_folio+0x111/0x1f0 [ 50.464084][ T2551] ? hfsplus_bnode_move+0x7a0/0x7a0 [ 50.469477][ T2551] ? hfsplus_bnode_write_u16+0x96/0xf0 [ 50.475276][ T2551] ? __mark_inode_dirty+0x1e6/0x740 [ 50.480851][ T2551] hfsplus_brec_remove+0x3c2/0x470 [ 50.486125][ T2551] __hfsplus_delete_attr+0x25c/0x470 [ 50.491391][ T2551] ? hfsplus_delete_attr+0x2a0/0x2a0 [ 50.496660][ T2551] hfsplus_delete_all_attrs+0x23c/0x360 [ 50.502284][ T2551] ? __hfsplus_delete_attr+0x470/0x470 [ 50.507764][ T2551] ? do_raw_spin_unlock+0x13b/0x8b0 [ 50.512971][ T2551] ? rcu_is_watching+0x1f/0x90 [ 50.517910][ T2551] ? __mark_inode_dirty+0x484/0x740 [ 50.523264][ T2551] hfsplus_delete_cat+0x965/0xda0 [ 50.528352][ T2551] ? hfsplus_mark_inode_dirty+0x30/0x30 [ 50.533885][ T2551] hfsplus_unlink+0x306/0x630 [ 50.538639][ T2551] ? hfsplus_link+0x780/0x780 [ 50.543468][ T2551] ? down_write+0x12d/0x190 [ 50.547951][ T2551] vfs_unlink+0x2be/0x4e0 [ 50.552429][ T2551] do_unlinkat+0x447/0x770 [ 50.556988][ T2551] ? fsnotify_link_count+0xd0/0xd0 [ 50.562185][ T2551] ? strncpy_from_user+0x69/0x1b0 [ 50.567446][ T2551] ? getname_flags+0x10f/0x440 [ 50.572205][ T2551] __x64_sys_unlink+0x44/0x50 [ 50.576860][ T2551] do_syscall_64+0x45/0xe0 [ 50.581266][ T2551] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 50.587139][ T2551] RIP: 0033:0x7f58d8a7c859 [ 50.591550][ T2551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.611459][ T2551] RSP: 002b:00007f58d97550c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 50.619928][ T2551] RAX: ffffffffffffffda RBX: 00007f58d8b9bf80 RCX: 00007f58d8a7c859 [ 50.627986][ T2551] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 50.636218][ T2551] RBP: 00007f58d8ad8ad0 R08: 0000000000000000 R09: 0000000000000000 [ 50.644500][ T2551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.652744][ T2551] R13: 0000000000000006 R14: 00007f58d8b9bf80 R15: 00007fffae086518 [ 50.660879][ T2551] [ 50.663880][ T2551] [ 50.666193][ T2551] Allocated by task 2551: [ 50.670516][ T2551] kasan_set_track+0x4f/0x70 [ 50.675229][ T2551] __kasan_kmalloc+0x98/0xb0 [ 50.679888][ T2551] __kmalloc+0xaa/0x1d0 [ 50.684036][ T2551] __hfs_bnode_create+0xdc/0x6c0 [ 50.689143][ T2551] hfsplus_bnode_find+0x2a1/0xce0 [ 50.694264][ T2551] hfsplus_brec_find+0x151/0x4e0 [ 50.699626][ T2551] hfsplus_delete_all_attrs+0x223/0x360 [ 50.705385][ T2551] hfsplus_delete_cat+0x965/0xda0 [ 50.710401][ T2551] hfsplus_unlink+0x306/0x630 [ 50.715343][ T2551] vfs_unlink+0x2be/0x4e0 [ 50.719762][ T2551] do_unlinkat+0x447/0x770 [ 50.724174][ T2551] __x64_sys_unlink+0x44/0x50 [ 50.728926][ T2551] do_syscall_64+0x45/0xe0 [ 50.733576][ T2551] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 50.739504][ T2551] [ 50.741834][ T2551] The buggy address belongs to the object at ffff88817ce92a00 [ 50.741834][ T2551] which belongs to the cache kmalloc-192 of size 192 [ 50.756326][ T2551] The buggy address is located 40 bytes to the right of [ 50.756326][ T2551] allocated 152-byte region [ffff88817ce92a00, ffff88817ce92a98) [ 50.771083][ T2551] [ 50.773494][ T2551] The buggy address belongs to the physical page: [ 50.779990][ T2551] page:ffffea0005f3a480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17ce92 [ 50.790434][ T2551] flags: 0x100000000000800(slab|node=0|zone=2) [ 50.796856][ T2551] page_type: 0xffffffff() [ 50.801164][ T2551] raw: 0100000000000800 ffff888100041a00 dead000000000122 0000000000000000 [ 50.809842][ T2551] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 50.818499][ T2551] page dumped because: kasan: bad access detected [ 50.824890][ T2551] page_owner tracks the page as allocated [ 50.830764][ T2551] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 2133, tgid 2133 (syz-executor.0), ts 50308536772, free_ts 50286060460 [ 50.849318][ T2551] post_alloc_hook+0x10b/0x130 [ 50.854063][ T2551] get_page_from_freelist+0x3e5f/0x4080 [ 50.859597][ T2551] __alloc_pages+0x255/0x650 [ 50.864252][ T2551] alloc_slab_page+0x59/0x170 [ 50.868940][ T2551] new_slab+0x70/0x270 [ 50.872994][ T2551] ___slab_alloc+0x94b/0xee0 [ 50.877585][ T2551] __kmem_cache_alloc_node+0x1f7/0x2c0 [ 50.883038][ T2551] __kmalloc_node+0x9c/0x1d0 [ 50.887797][ T2551] memcg_alloc_slab_cgroups+0x81/0x120 [ 50.893232][ T2551] slab_post_alloc_hook+0xec/0x3c0 [ 50.898372][ T2551] kmem_cache_alloc+0x198/0x2f0 [ 50.903493][ T2551] vm_area_dup+0x5b/0x130 [ 50.908078][ T2551] copy_mm+0xa83/0x1910 [ 50.912431][ T2551] copy_process+0x125f/0x3400 [ 50.917272][ T2551] kernel_clone+0x194/0x6c0 [ 50.921787][ T2551] __x64_sys_clone+0x253/0x2a0 [ 50.926641][ T2551] page last free stack trace: [ 50.931293][ T2551] free_unref_page_prepare+0x7e3/0x900 [ 50.936824][ T2551] free_unref_page+0x37/0x3a0 [ 50.941564][ T2551] __unfreeze_partials+0x1b1/0x1f0 [ 50.946670][ T2551] put_cpu_partial+0x150/0x1b0 [ 50.951602][ T2551] __slab_free+0x26b/0x330 [ 50.956284][ T2551] qlist_free_all+0x75/0xe0 [ 50.960787][ T2551] kasan_quarantine_reduce+0x14b/0x160 [ 50.966368][ T2551] __kasan_slab_alloc+0x23/0x70 [ 50.971284][ T2551] slab_post_alloc_hook+0x67/0x3c0 [ 50.976404][ T2551] kmem_cache_alloc+0x198/0x2f0 [ 50.981313][ T2551] getname_flags+0xa0/0x440 [ 50.985792][ T2551] do_sys_openat2+0xb0/0x170 [ 50.990353][ T2551] __x64_sys_openat+0x20d/0x260 [ 50.995184][ T2551] do_syscall_64+0x45/0xe0 [ 50.999595][ T2551] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 51.005463][ T2551] [ 51.007763][ T2551] Memory state around the buggy address: [ 51.013627][ T2551] ffff88817ce92980: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.021683][ T2551] ffff88817ce92a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.030089][ T2551] >ffff88817ce92a80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.038489][ T2551] ^ [ 51.044806][ T2551] ffff88817ce92b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.052953][ T2551] ffff88817ce92b80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.061269][ T2551] ================================================================== [ 51.069605][ T2551] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.077398][ T2551] Kernel Offset: disabled [ 51.081801][ T2551] Rebooting in 86400 seconds..