Warning: Permanently added '[localhost]:53407' (ED25519) to the list of known hosts.
executing program
syzkaller login: [ 59.918772][ T9411] loop0: detected capacity change from 0 to 1024
[ 59.976300][ T9411] hfsplus: request for non-existent node 32768 in B*Tree
[ 59.977861][ T9411] hfsplus: request for non-existent node 32768 in B*Tree
[ 59.980234][ T9411] ==================================================================
[ 59.981779][ T9411] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x23e/0x260
[ 59.983173][ T9411] Read of size 8 at addr ffff8880209281c0 by task syz-executor146/9411
[ 59.984525][ T9411]
[ 59.985209][ T9411] CPU: 0 UID: 0 PID: 9411 Comm: syz-executor146 Not tainted 6.14.0-rc4 #1
[ 59.985240][ T9411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 59.985256][ T9411] Call Trace:
[ 59.985265][ T9411]
[ 59.985275][ T9411] dump_stack_lvl+0x116/0x1b0
[ 59.985322][ T9411] print_address_description.constprop.0+0x2c/0x420
[ 59.985364][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 59.985406][ T9411] print_report+0xaa/0x270
[ 59.985441][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 59.985481][ T9411] ? kasan_addr_to_slab+0x27/0x80
[ 59.985513][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 59.985553][ T9411] kasan_report+0xbd/0x100
[ 59.985590][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 59.985634][ T9411] hfsplus_bnode_read+0x23e/0x260
[ 59.985677][ T9411] hfsplus_bnode_dump+0x2c6/0x3b0
[ 59.985720][ T9411] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 59.985778][ T9411] ? hfsplus_bnode_write_u16+0x84/0xc0
[ 59.985947][ T9411] ? hfsplus_bnode_move+0x2a/0x8b0
[ 59.985990][ T9411] ? __mark_inode_dirty+0x178/0x720
[ 59.986030][ T9411] hfsplus_brec_remove+0x3e7/0x4f0
[ 59.986060][ T9411] __hfsplus_delete_attr+0x296/0x3b0
[ 59.986090][ T9411] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10
[ 59.986118][ T9411] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 59.986151][ T9411] ? __asan_memset+0x24/0x50
[ 59.986180][ T9411] hfsplus_delete_all_attrs+0x26d/0x330
[ 59.986213][ T9411] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10
[ 59.986248][ T9411] ? rcu_is_watching+0x12/0xd0
[ 59.986286][ T9411] ? trace_writeback_dirty_inode_enqueue+0x16e/0x1f0
[ 59.986323][ T9411] ? __mark_inode_dirty+0x418/0x720
[ 59.986361][ T9411] hfsplus_delete_cat+0x87b/0xe70
[ 59.986400][ T9411] ? __pfx_hfsplus_delete_cat+0x10/0x10
[ 59.986442][ T9411] ? rcu_is_watching+0x12/0xd0
[ 59.986489][ T9411] hfsplus_unlink+0x1cd/0x7c0
[ 59.986529][ T9411] ? __pfx_hfsplus_unlink+0x10/0x10
[ 59.986568][ T9411] ? down_write+0x152/0x220
[ 59.986608][ T9411] ? __pfx_down_write+0x10/0x10
[ 59.986653][ T9411] vfs_unlink+0x36c/0x9e0
[ 59.986682][ T9411] do_unlinkat+0x54a/0x720
[ 59.986720][ T9411] ? __pfx_do_unlinkat+0x10/0x10
[ 59.986775][ T9411] ? __phys_addr_symbol+0x30/0x80
[ 59.986812][ T9411] ? getname_flags+0x260/0x620
[ 59.986846][ T9411] __x64_sys_unlink+0x40/0x60
[ 59.986883][ T9411] do_syscall_64+0xcb/0x260
[ 59.986922][ T9411] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.986961][ T9411] RIP: 0033:0x7f96758bdafd
[ 59.986982][ T9411] Code: c3 e8 f7 20 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.987009][ T9411] RSP: 002b:00007ffc6396d868 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 59.987036][ T9411] RAX: ffffffffffffffda RBX: 00007ffc6396da78 RCX: 00007f96758bdafd
[ 59.987053][ T9411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000140
[ 59.987069][ T9411] RBP: 0000000000000001 R08: 0000000000000640 R09: 0000000000000000
[ 59.987085][ T9411] R10: 00007ffc6396d720 R11: 0000000000000246 R12: 0000000000000001
[ 59.987101][ T9411] R13: 00007ffc6396da68 R14: 00007f967593c530 R15: 0000000000000001
[ 59.987126][ T9411]
[ 59.987135][ T9411]
[ 60.041060][ T9411] Allocated by task 9411:
[ 60.041620][ T9411] kasan_save_stack+0x24/0x50
[ 60.042219][ T9411] kasan_save_track+0x14/0x40
[ 60.042784][ T9411] __kasan_kmalloc+0xba/0xc0
[ 60.043332][ T9411] __kmalloc_noprof+0x212/0x580
[ 60.043917][ T9411] __hfs_bnode_create+0x107/0x850
[ 60.044530][ T9411] hfsplus_bnode_find+0x424/0xc70
[ 60.045145][ T9411] hfsplus_brec_find+0x2b3/0x540
[ 60.045717][ T9411] hfsplus_find_attr+0xf7/0x180
[ 60.046274][ T9411] __hfsplus_getxattr+0x2cf/0x5f0
[ 60.046858][ T9411] hfsplus_getxattr+0xc9/0x140
[ 60.047401][ T9411] hfsplus_security_getxattr+0x3a/0x60
[ 60.048033][ T9411] __vfs_getxattr+0x13f/0x1b0
[ 60.048584][ T9411] smk_fetch+0xe6/0x180
[ 60.049089][ T9411] smack_d_instantiate+0x434/0xbb0
[ 60.049668][ T9411] security_d_instantiate+0x142/0x1a0
[ 60.050269][ T9411] d_splice_alias+0x91/0x860
[ 60.050789][ T9411] hfsplus_lookup+0x652/0x890
[ 60.051319][ T9411] lookup_one_qstr_excl+0x12b/0x190
[ 60.051895][ T9411] do_unlinkat+0x27b/0x720
[ 60.052384][ T9411] __x64_sys_unlink+0x40/0x60
[ 60.052896][ T9411] do_syscall_64+0xcb/0x260
[ 60.053388][ T9411] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.054033][ T9411]
[ 60.054298][ T9411] The buggy address belongs to the object at ffff888020928100
[ 60.054298][ T9411] which belongs to the cache kmalloc-192 of size 192
[ 60.055748][ T9411] The buggy address is located 40 bytes to the right of
[ 60.055748][ T9411] allocated 152-byte region [ffff888020928100, ffff888020928198)
[ 60.057248][ T9411]
[ 60.057499][ T9411] The buggy address belongs to the physical page:
[ 60.058147][ T9411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20928
[ 60.058976][ T9411] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 60.059749][ T9411] page_type: f5(slab)
[ 60.060145][ T9411] raw: 00fff00000000000 ffff88801b4413c0 ffffea00008c6700 dead000000000003
[ 60.061010][ T9411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 60.061822][ T9411] page dumped because: kasan: bad access detected
[ 60.062434][ T9411] page_owner tracks the page as allocated
[ 60.062986][ T9411] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 13486626478, free_ts 12926895884
[ 60.064647][ T9411] post_alloc_hook+0x1a3/0x1d0
[ 60.065104][ T9411] get_page_from_freelist+0x8a5/0xfa0
[ 60.065623][ T9411] __alloc_frozen_pages_noprof+0x1d8/0x3b0
[ 60.066178][ T9411] alloc_pages_mpol+0x1f2/0x550
[ 60.066638][ T9411] allocate_slab+0x229/0x310
[ 60.067063][ T9411] ___slab_alloc+0x7f3/0x12b0
[ 60.067502][ T9411] __slab_alloc.constprop.0+0x56/0xc0
[ 60.068005][ T9411] __kmalloc_cache_noprof+0x280/0x450
[ 60.068509][ T9411] call_usermodehelper_setup+0x9c/0x350
[ 60.069020][ T9411] kobject_uevent_env+0x76c/0xa70
[ 60.069493][ T9411] device_add+0xbf3/0x1490
[ 60.069896][ T9411] usb_new_device+0x8f4/0x1430
[ 60.070311][ T9411] register_root_hub+0x299/0x730
[ 60.070768][ T9411] usb_add_hcd+0xbe8/0x1770
[ 60.071183][ T9411] dummy_hcd_probe+0x15c/0x390
[ 60.071606][ T9411] platform_probe+0x103/0x210
[ 60.072019][ T9411] page last free pid 966 tgid 966 stack trace:
[ 60.072558][ T9411] free_frozen_pages+0x71f/0xff0
[ 60.072994][ T9411] vfree+0x172/0x850
[ 60.073342][ T9411] delayed_vfree_work+0x57/0x70
[ 60.073789][ T9411] process_one_work+0x109d/0x18c0
[ 60.074232][ T9411] worker_thread+0x677/0xe90
[ 60.074628][ T9411] kthread+0x3b3/0x760
[ 60.074998][ T9411] ret_from_fork+0x48/0x80
[ 60.075397][ T9411] ret_from_fork_asm+0x1a/0x30
[ 60.075821][ T9411]
[ 60.076038][ T9411] Memory state around the buggy address:
[ 60.076569][ T9411] ffff888020928080: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.077257][ T9411] ffff888020928100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.077985][ T9411] >ffff888020928180: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.078670][ T9411] ^
[ 60.079254][ T9411] ffff888020928200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.079934][ T9411] ffff888020928280: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.080637][ T9411] ==================================================================
[ 60.087582][ T9411] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.088311][ T9411] CPU: 0 UID: 0 PID: 9411 Comm: syz-executor146 Not tainted 6.14.0-rc4 #1
[ 60.089066][ T9411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 60.089910][ T9411] Call Trace:
[ 60.090211][ T9411]
[ 60.090487][ T9411] dump_stack_lvl+0x3d/0x1b0
[ 60.090908][ T9411] panic+0x6d5/0x790
[ 60.091269][ T9411] ? __pfx_panic+0x10/0x10
[ 60.091672][ T9411] ? irqentry_exit+0x3b/0xa0
[ 60.092116][ T9411] ? preempt_schedule_thunk+0x1a/0x30
[ 60.092589][ T9411] ? preempt_schedule_common+0x44/0xc0
[ 60.093081][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 60.093582][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 60.094067][ T9411] check_panic_on_warn+0xb1/0xc0
[ 60.094538][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 60.095002][ T9411] end_report+0x83/0xa0
[ 60.095390][ T9411] kasan_report+0xcd/0x100
[ 60.095801][ T9411] ? hfsplus_bnode_read+0x23e/0x260
[ 60.096320][ T9411] hfsplus_bnode_read+0x23e/0x260
[ 60.096778][ T9411] hfsplus_bnode_dump+0x2c6/0x3b0
[ 60.097254][ T9411] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 60.097752][ T9411] ? hfsplus_bnode_write_u16+0x84/0xc0
[ 60.098281][ T9411] ? hfsplus_bnode_move+0x2a/0x8b0
[ 60.098737][ T9411] ? __mark_inode_dirty+0x178/0x720
[ 60.099223][ T9411] hfsplus_brec_remove+0x3e7/0x4f0
[ 60.099697][ T9411] __hfsplus_delete_attr+0x296/0x3b0
[ 60.100187][ T9411] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10
[ 60.100730][ T9411] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 60.101256][ T9411] ? __asan_memset+0x24/0x50
[ 60.101677][ T9411] hfsplus_delete_all_attrs+0x26d/0x330
[ 60.102169][ T9411] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10
[ 60.102696][ T9411] ? rcu_is_watching+0x12/0xd0
[ 60.103136][ T9411] ? trace_writeback_dirty_inode_enqueue+0x16e/0x1f0
[ 60.103713][ T9411] ? __mark_inode_dirty+0x418/0x720
[ 60.104182][ T9411] hfsplus_delete_cat+0x87b/0xe70
[ 60.104633][ T9411] ? __pfx_hfsplus_delete_cat+0x10/0x10
[ 60.105122][ T9411] ? rcu_is_watching+0x12/0xd0
[ 60.105558][ T9411] hfsplus_unlink+0x1cd/0x7c0
[ 60.105994][ T9411] ? __pfx_hfsplus_unlink+0x10/0x10
[ 60.106521][ T9411] ? down_write+0x152/0x220
[ 60.106940][ T9411] ? __pfx_down_write+0x10/0x10
[ 60.107392][ T9411] vfs_unlink+0x36c/0x9e0
[ 60.107792][ T9411] do_unlinkat+0x54a/0x720
[ 60.108218][ T9411] ? __pfx_do_unlinkat+0x10/0x10
[ 60.108666][ T9411] ? __phys_addr_symbol+0x30/0x80
[ 60.109117][ T9411] ? getname_flags+0x260/0x620
[ 60.109539][ T9411] __x64_sys_unlink+0x40/0x60
[ 60.109970][ T9411] do_syscall_64+0xcb/0x260
[ 60.110427][ T9411] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.110991][ T9411] RIP: 0033:0x7f96758bdafd
[ 60.111380][ T9411] Code: c3 e8 f7 20 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.113027][ T9411] RSP: 002b:00007ffc6396d868 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 60.113775][ T9411] RAX: ffffffffffffffda RBX: 00007ffc6396da78 RCX: 00007f96758bdafd
[ 60.114515][ T9411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000140
[ 60.115247][ T9411] RBP: 0000000000000001 R08: 0000000000000640 R09: 0000000000000000
[ 60.115938][ T9411] R10: 00007ffc6396d720 R11: 0000000000000246 R12: 0000000000000001
[ 60.116637][ T9411] R13: 00007ffc6396da68 R14: 00007f967593c530 R15: 0000000000000001
[ 60.117322][ T9411]
[ 60.117807][ T9411] Kernel Offset: disabled
[ 60.118179][ T9411] Rebooting in 86400 seconds..
VM DIAGNOSIS:
00:30:36 Registers:
info registers vcpu 0
RAX=0000000080000001 RBX=ffffffff82994bb3 RCX=ffffffff81b2627a RDX=ffff888022781cc0
RSI=ffffffff82994bb3 RDI=0000000000000006 RBP=00000000000102dd RSP=ffffc90002c26b00
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff82994c00 R11=0000000000000000
R12=00000000000102db R13=ffffffff82994c00 R14=00000000000102e0 R15=ffffc90002c26c00
RIP=ffffffff81be0ccc RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555593f2a3c0 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055970c4634f8 CR3=000000004b358000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000ff000000 000000000000ff00 XMM01=2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c
XMM02=ffffffffffffff00 ffffffffffffff00 XMM03=0000000000000000 0000000000000000
XMM04=00000000ff000000 000000000000ff00 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=303a303030302f30 303a303030306963
XMM08=6f656d69742c313d 707267702c30333d XMM09=0000ff000000ff00 0000ffff00000000
XMM10=0000200000200000 0000000000000000 XMM11=ffffffffffffff00 ffff00ff00000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=ffffc9000012fbc0 RCX=0000000000000000 RDX=0000000000000050
RSI=0000000000000000 RDI=ffffc9000012fbc0 RBP=0000000000000000 RSP=ffffc9000012fb18
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000004 R13=ffffc9000012fbc0 R14=ffff88804933ca80 R15=0000000000000000
RIP=ffffffff8b63a9f0 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00100
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00100
FS =0000 00007fb4aca98900 ffffffff 00c00100
GS =0000 ffff88807ee00000 ffffffff 00c00100
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055970c4f0d77 CR3=0000000028740000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=7379732f646d6574 7379732f62696c2f XMM01=65677261742e746e 756f6d752f6d6574
XMM02=007465677261742e 746e756f6d752f6d XMM03=65747379732f646d 65747379732f6269
XMM04=0000000000000000 0000000000000000 XMM05=ffffffffffffff00 ffff00000000ff00
XMM06=0000000000000000 0000000000000000 XMM07=000055970c4b0770 0000000000000020
XMM08=000055970c63d910 0000000000000020 XMM09=0000ff000000ff00 0000ffff00000000
XMM10=0000200000200000 0000000000000000 XMM11=ffffffffffffff00 ffff00ff00000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000