DUID 00:04:70:54:fc:d0:2a:32:b7:62:cf:21:72:23:c9:95:e9:3f forked to background, child pid 3172 [ 32.196934][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.212138][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.361114][ T3498] loop0: detected capacity change from 0 to 1024 [ 52.385127][ T3498] hfsplus: request for non-existent node 32768 in B*Tree [ 52.392431][ T3498] hfsplus: request for non-existent node 32768 in B*Tree [ 52.402698][ T3498] ================================================================== [ 52.411103][ T3498] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x85/0x1c0 [ 52.418960][ T3498] Read of size 8 at addr ffff88802416f4c0 by task syz-executor352/3498 [ 52.427197][ T3498] [ 52.429517][ T3498] CPU: 1 PID: 3498 Comm: syz-executor352 Not tainted 5.15.117-syzkaller #0 [ 52.438148][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 52.448208][ T3498] Call Trace: [ 52.451491][ T3498] <TASK> [ 52.454436][ T3498] dump_stack_lvl+0x1e3/0x2cb [ 52.459120][ T3498] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 52.464895][ T3498] ? _printk+0xd1/0x111 [ 52.469050][ T3498] ? __wake_up_klogd+0xcc/0x100 [ 52.473913][ T3498] ? panic+0x84d/0x84d [ 52.477973][ T3498] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 52.483434][ T3498] print_address_description+0x63/0x3b0 [ 52.489225][ T3498] ? hfsplus_bnode_read+0x85/0x1c0 [ 52.494355][ T3498] kasan_report+0x16b/0x1c0 [ 52.498858][ T3498] ? hfsplus_bnode_read+0x85/0x1c0 [ 52.504244][ T3498] hfsplus_bnode_read+0x85/0x1c0 [ 52.509206][ T3498] hfsplus_bnode_dump+0x3f7/0x7c0 [ 52.514232][ T3498] ? hfsplus_bnode_move+0xa80/0xa80 [ 52.519433][ T3498] ? hfsplus_bnode_write_u16+0x97/0xf0 [ 52.525049][ T3498] ? rcu_is_watching+0x11/0xa0 [ 52.529824][ T3498] ? hfsplus_bnode_move+0x355/0xa80 [ 52.535120][ T3498] ? __mark_inode_dirty+0x3dd/0xd60 [ 52.540340][ T3498] hfsplus_brec_remove+0x428/0x4e0 [ 52.545513][ T3498] __hfsplus_delete_attr+0x271/0x450 [ 52.550937][ T3498] ? hfsplus_delete_attr+0x4a0/0x4a0 [ 52.556259][ T3498] ? mutex_lock_nested+0x17/0x20 [ 52.561308][ T3498] hfsplus_delete_all_attrs+0x267/0x3c0 [ 52.566878][ T3498] ? __hfsplus_delete_attr+0x450/0x450 [ 52.572415][ T3498] ? do_raw_spin_unlock+0x137/0x8b0 [ 52.577627][ T3498] ? rcu_is_watching+0x11/0xa0 [ 52.582394][ T3498] ? __mark_inode_dirty+0x7ef/0xd60 [ 52.587631][ T3498] hfsplus_delete_cat+0xb83/0xfb0 [ 52.592721][ T3498] ? hfsplus_mark_inode_dirty+0x30/0x30 [ 52.598300][ T3498] ? mutex_lock_io_nested+0x60/0x60 [ 52.603514][ T3498] ? read_lock_is_recursive+0x10/0x10 [ 52.608896][ T3498] hfsplus_unlink+0x35f/0x7f0 [ 52.613839][ T3498] ? end_current_label_crit_section+0x147/0x170 [ 52.620101][ T3498] ? hfsplus_link+0x840/0x840 [ 52.624804][ T3498] ? down_write+0x10e/0x170 [ 52.629325][ T3498] ? bpf_lsm_inode_unlink+0x5/0x10 [ 52.634542][ T3498] ? security_inode_unlink+0xca/0x110 [ 52.639939][ T3498] vfs_unlink+0x359/0x5f0 [ 52.644285][ T3498] do_unlinkat+0x49d/0x940 [ 52.648708][ T3498] ? fsnotify_link_count+0xf0/0xf0 [ 52.653824][ T3498] ? strncpy_from_user+0x209/0x370 [ 52.658950][ T3498] __x64_sys_unlink+0x45/0x50 [ 52.663650][ T3498] do_syscall_64+0x3d/0xb0 [ 52.668074][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.673984][ T3498] RIP: 0033:0x7fcd51cce799 [ 52.678536][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.698329][ T3498] RSP: 002b:00007fff190afa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 52.706745][ T3498] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcd51cce799 [ 52.714835][ T3498] RDX: 00007fcd51c8ce13 RSI: 0000000000000000 RDI: 0000000020000140 [ 52.723076][ T3498] RBP: 00007fcd51c8e030 R08: 0000000000000640 R09: 0000000000000000 [ 52.731333][ T3498] R10: 00007fff190af950 R11: 0000000000000246 R12: 00007fcd51c8e0c0 [ 52.739393][ T3498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.747468][ T3498] </TASK> [ 52.750487][ T3498] [ 52.752795][ T3498] Allocated by task 3498: [ 52.757119][ T3498] ____kasan_kmalloc+0xba/0xf0 [ 52.761880][ T3498] __kmalloc+0x168/0x300 [ 52.766226][ T3498] __hfs_bnode_create+0xf9/0xbb0 [ 52.771185][ T3498] hfsplus_bnode_find+0x22e/0xe80 [ 52.776218][ T3498] hfsplus_brec_find+0x17f/0x570 [ 52.781147][ T3498] hfsplus_delete_all_attrs+0x23e/0x3c0 [ 52.786750][ T3498] hfsplus_delete_cat+0xb83/0xfb0 [ 52.791782][ T3498] hfsplus_unlink+0x35f/0x7f0 [ 52.796470][ T3498] vfs_unlink+0x359/0x5f0 [ 52.800914][ T3498] do_unlinkat+0x49d/0x940 [ 52.805338][ T3498] __x64_sys_unlink+0x45/0x50 [ 52.810032][ T3498] do_syscall_64+0x3d/0xb0 [ 52.814560][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.820456][ T3498] [ 52.822770][ T3498] Last potentially related work creation: [ 52.828492][ T3498] kasan_save_stack+0x36/0x60 [ 52.833179][ T3498] kasan_record_aux_stack+0xba/0x100 [ 52.838584][ T3498] insert_work+0x54/0x3e0 [ 52.843054][ T3498] __queue_work+0x963/0xd00 [ 52.847738][ T3498] queue_work_on+0x14b/0x250 [ 52.852333][ T3498] call_usermodehelper_exec+0x269/0x450 [ 52.857877][ T3498] kobject_uevent_env+0x69e/0x8d0 [ 52.862920][ T3498] net_rx_queue_update_kobjects+0x215/0x470 [ 52.869010][ T3498] netdev_register_kobject+0x222/0x310 [ 52.874483][ T3498] register_netdevice+0x1067/0x1700 [ 52.880469][ T3498] register_netdev+0x37/0x50 [ 52.885077][ T3498] rose_proto_init+0x19c/0x7b6 [ 52.889863][ T3498] do_one_initcall+0x22b/0x7a0 [ 52.894647][ T3498] do_initcall_level+0x157/0x207 [ 52.899602][ T3498] do_initcalls+0x49/0x86 [ 52.903943][ T3498] kernel_init_freeable+0x43c/0x5c5 [ 52.909344][ T3498] kernel_init+0x19/0x290 [ 52.913684][ T3498] ret_from_fork+0x1f/0x30 [ 52.918108][ T3498] [ 52.920462][ T3498] The buggy address belongs to the object at ffff88802416f400 [ 52.920462][ T3498] which belongs to the cache kmalloc-192 of size 192 [ 52.934611][ T3498] The buggy address is located 0 bytes to the right of [ 52.934611][ T3498] 192-byte region [ffff88802416f400, ffff88802416f4c0) [ 52.948316][ T3498] The buggy address belongs to the page: [ 52.953935][ T3498] page:ffffea0000905bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2416f [ 52.964083][ T3498] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 52.971641][ T3498] raw: 00fff00000000200 ffffea00008d9780 0000000300000003 ffff888011c41a00 [ 52.980348][ T3498] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 52.989542][ T3498] page dumped because: kasan: bad access detected [ 52.995957][ T3498] page_owner tracks the page as allocated [ 53.001665][ T3498] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 14459726568, free_ts 0 [ 53.016786][ T3498] get_page_from_freelist+0x322a/0x33c0 [ 53.022336][ T3498] __alloc_pages+0x272/0x700 [ 53.027106][ T3498] alloc_page_interleave+0x22/0x1c0 [ 53.032348][ T3498] new_slab+0xbb/0x4b0 [ 53.036526][ T3498] ___slab_alloc+0x6f6/0xe10 [ 53.041112][ T3498] kmem_cache_alloc_trace+0x1a0/0x290 [ 53.046669][ T3498] call_usermodehelper_setup+0x8a/0x260 [ 53.052225][ T3498] kobject_uevent_env+0x681/0x8d0 [ 53.057263][ T3498] netdev_queue_update_kobjects+0x1c1/0x3f0 [ 53.063260][ T3498] netdev_register_kobject+0x263/0x310 [ 53.068717][ T3498] register_netdevice+0x1067/0x1700 [ 53.074144][ T3498] register_netdev+0x37/0x50 [ 53.078842][ T3498] rose_proto_init+0x19c/0x7b6 [ 53.083618][ T3498] do_one_initcall+0x22b/0x7a0 [ 53.088404][ T3498] do_initcall_level+0x157/0x207 [ 53.093357][ T3498] do_initcalls+0x49/0x86 [ 53.097702][ T3498] page_owner free stack trace missing [ 53.103055][ T3498] [ 53.105391][ T3498] Memory state around the buggy address: [ 53.111080][ T3498] ffff88802416f380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.119151][ T3498] ffff88802416f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.127201][ T3498] >ffff88802416f480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.135829][ T3498] ^ [ 53.142002][ T3498] ffff88802416f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.150069][ T3498] ffff88802416f580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.159002][ T3498] ================================================================== [ 53.167070][ T3498] Disabling lock debugging due to kernel taint [ 53.173635][ T3498] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.181046][ T3498] CPU: 1 PID: 3498 Comm: syz-executor352 Tainted: G B 5.15.117-syzkaller #0 [ 53.191226][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 53.201288][ T3498] Call Trace: [ 53.204578][ T3498] <TASK> [ 53.207496][ T3498] dump_stack_lvl+0x1e3/0x2cb [ 53.212167][ T3498] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 53.217786][ T3498] ? panic+0x84d/0x84d [ 53.221841][ T3498] ? rcu_is_watching+0x11/0xa0 [ 53.226591][ T3498] ? preempt_schedule_common+0xa6/0xd0 [ 53.232040][ T3498] panic+0x318/0x84d [ 53.235919][ T3498] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 53.242056][ T3498] ? check_panic_on_warn+0x1d/0xa0 [ 53.247165][ T3498] ? fb_is_primary_device+0xcc/0xcc [ 53.252368][ T3498] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 53.258431][ T3498] ? _raw_spin_unlock+0x40/0x40 [ 53.263275][ T3498] check_panic_on_warn+0x7e/0xa0 [ 53.268207][ T3498] ? hfsplus_bnode_read+0x85/0x1c0 [ 53.273306][ T3498] end_report+0x6d/0xf0 [ 53.277450][ T3498] kasan_report+0x18e/0x1c0 [ 53.281942][ T3498] ? hfsplus_bnode_read+0x85/0x1c0 [ 53.287129][ T3498] hfsplus_bnode_read+0x85/0x1c0 [ 53.292075][ T3498] hfsplus_bnode_dump+0x3f7/0x7c0 [ 53.297089][ T3498] ? hfsplus_bnode_move+0xa80/0xa80 [ 53.302273][ T3498] ? hfsplus_bnode_write_u16+0x97/0xf0 [ 53.307728][ T3498] ? rcu_is_watching+0x11/0xa0 [ 53.312476][ T3498] ? hfsplus_bnode_move+0x355/0xa80 [ 53.317757][ T3498] ? __mark_inode_dirty+0x3dd/0xd60 [ 53.322947][ T3498] hfsplus_brec_remove+0x428/0x4e0 [ 53.328049][ T3498] __hfsplus_delete_attr+0x271/0x450 [ 53.333344][ T3498] ? hfsplus_delete_attr+0x4a0/0x4a0 [ 53.338641][ T3498] ? mutex_lock_nested+0x17/0x20 [ 53.343603][ T3498] hfsplus_delete_all_attrs+0x267/0x3c0 [ 53.349149][ T3498] ? __hfsplus_delete_attr+0x450/0x450 [ 53.354599][ T3498] ? do_raw_spin_unlock+0x137/0x8b0 [ 53.359783][ T3498] ? rcu_is_watching+0x11/0xa0 [ 53.364536][ T3498] ? __mark_inode_dirty+0x7ef/0xd60 [ 53.369720][ T3498] hfsplus_delete_cat+0xb83/0xfb0 [ 53.374737][ T3498] ? hfsplus_mark_inode_dirty+0x30/0x30 [ 53.380273][ T3498] ? mutex_lock_io_nested+0x60/0x60 [ 53.385462][ T3498] ? read_lock_is_recursive+0x10/0x10 [ 53.390825][ T3498] hfsplus_unlink+0x35f/0x7f0 [ 53.395488][ T3498] ? end_current_label_crit_section+0x147/0x170 [ 53.401746][ T3498] ? hfsplus_link+0x840/0x840 [ 53.406406][ T3498] ? down_write+0x10e/0x170 [ 53.410910][ T3498] ? bpf_lsm_inode_unlink+0x5/0x10 [ 53.416034][ T3498] ? security_inode_unlink+0xca/0x110 [ 53.421399][ T3498] vfs_unlink+0x359/0x5f0 [ 53.425719][ T3498] do_unlinkat+0x49d/0x940 [ 53.430168][ T3498] ? fsnotify_link_count+0xf0/0xf0 [ 53.435282][ T3498] ? strncpy_from_user+0x209/0x370 [ 53.440385][ T3498] __x64_sys_unlink+0x45/0x50 [ 53.445138][ T3498] do_syscall_64+0x3d/0xb0 [ 53.449542][ T3498] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 53.455423][ T3498] RIP: 0033:0x7fcd51cce799 [ 53.459826][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.479413][ T3498] RSP: 002b:00007fff190afa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 53.487813][ T3498] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcd51cce799 [ 53.495883][ T3498] RDX: 00007fcd51c8ce13 RSI: 0000000000000000 RDI: 0000000020000140 [ 53.503939][ T3498] RBP: 00007fcd51c8e030 R08: 0000000000000640 R09: 0000000000000000 [ 53.512013][ T3498] R10: 00007fff190af950 R11: 0000000000000246 R12: 00007fcd51c8e0c0 [ 53.519987][ T3498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.528001][ T3498] </TASK> [ 53.531188][ T3498] Kernel Offset: disabled [ 53.535508][ T3498] Rebooting in 86400 seconds..