DUID 00:04:17:4d:40:87:6e:bf:2d:0e:65:92:c1:2a:fb:91:5f:79
forked to background, child pid 3174
[   21.881222][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.896870][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   43.988041][ T3505] loop0: detected capacity change from 0 to 64
[   43.998502][ T3505] hfs: unable to locate alternate MDB
[   44.003938][ T3505] hfs: continuing without an alternate MDB
[   44.014623][ T3505] ==================================================================
[   44.022790][ T3505] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x179/0x2a0
[   44.030360][ T3505] Write of size 256 at addr ffff88801e67f000 by task syz-executor210/3505
[   44.038855][ T3505] 
[   44.041170][ T3505] CPU: 1 PID: 3505 Comm: syz-executor210 Not tainted 5.15.118-syzkaller #0
[   44.049734][ T3505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   44.059857][ T3505] Call Trace:
[   44.063120][ T3505]  <TASK>
[   44.066031][ T3505]  dump_stack_lvl+0x1e3/0x2cb
[   44.070692][ T3505]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   44.076302][ T3505]  ? _printk+0xd1/0x111
[   44.080434][ T3505]  ? __wake_up_klogd+0xcc/0x100
[   44.085261][ T3505]  ? panic+0x84d/0x84d
[   44.089307][ T3505]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   44.094745][ T3505]  print_address_description+0x63/0x3b0
[   44.100276][ T3505]  ? hfs_bnode_read+0x179/0x2a0
[   44.105105][ T3505]  kasan_report+0x16b/0x1c0
[   44.109585][ T3505]  ? hfs_bnode_read+0x179/0x2a0
[   44.114410][ T3505]  kasan_check_range+0x27e/0x290
[   44.119330][ T3505]  ? hfs_bnode_read+0x179/0x2a0
[   44.124156][ T3505]  memcpy+0x3c/0x60
[   44.127939][ T3505]  hfs_bnode_read+0x179/0x2a0
[   44.132856][ T3505]  hfs_bnode_read_key+0x16e/0x240
[   44.137863][ T3505]  ? hfs_bnode_read_u8+0x110/0x110
[   44.143842][ T3505]  ? __set_page_dirty_buffers+0x2c5/0x4b0
[   44.149541][ T3505]  hfs_brec_insert+0x69d/0xbd0
[   44.154298][ T3505]  ? hfs_brec_keylen+0x350/0x350
[   44.159210][ T3505]  ? memset+0x1f/0x40
[   44.163164][ T3505]  ? hfs_cat_build_record+0x242/0x800
[   44.168513][ T3505]  hfs_cat_create+0x5db/0xa60
[   44.173169][ T3505]  ? hfs_cat_build_key+0x170/0x170
[   44.178264][ T3505]  ? _raw_spin_unlock+0x24/0x40
[   44.183095][ T3505]  ? hfs_new_inode+0x88a/0xac0
[   44.187844][ T3505]  hfs_create+0x62/0xd0
[   44.191974][ T3505]  ? hfs_lookup+0x2e0/0x2e0
[   44.196453][ T3505]  path_openat+0x12f6/0x2f20
[   44.201038][ T3505]  ? do_filp_open+0x460/0x460
[   44.205700][ T3505]  do_filp_open+0x21c/0x460
[   44.210182][ T3505]  ? vfs_tmpfile+0x2e0/0x2e0
[   44.214761][ T3505]  ? _raw_spin_unlock+0x24/0x40
[   44.219587][ T3505]  ? alloc_fd+0x594/0x630
[   44.223921][ T3505]  do_sys_openat2+0x13b/0x500
[   44.228575][ T3505]  ? read_lock_is_recursive+0x10/0x10
[   44.233977][ T3505]  ? do_sys_open+0x220/0x220
[   44.238646][ T3505]  ? __fput+0x683/0x890
[   44.242781][ T3505]  __x64_sys_openat+0x243/0x290
[   44.247608][ T3505]  ? __ia32_sys_open+0x270/0x270
[   44.252523][ T3505]  ? syscall_enter_from_user_mode+0x2e/0x230
[   44.258477][ T3505]  ? lockdep_hardirqs_on+0x94/0x130
[   44.263655][ T3505]  ? syscall_enter_from_user_mode+0x2e/0x230
[   44.269619][ T3505]  do_syscall_64+0x3d/0xb0
[   44.274019][ T3505]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   44.279902][ T3505] RIP: 0033:0x7f5233a46b49
[   44.284298][ T3505] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   44.303880][ T3505] RSP: 002b:00007ffca3d8cb38 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   44.312277][ T3505] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5233a46b49
[   44.320228][ T3505] RDX: 0000000000141842 RSI: 0000000020000380 RDI: 00000000ffffff9c
[   44.328181][ T3505] RBP: 00007f5233a06150 R08: 0000000000000260 R09: 0000000000000000
[   44.336131][ T3505] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5233a061e0
[   44.344088][ T3505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   44.352063][ T3505]  </TASK>
[   44.355063][ T3505] 
[   44.357368][ T3505] Allocated by task 3505:
[   44.361670][ T3505]  ____kasan_kmalloc+0xba/0xf0
[   44.366420][ T3505]  __kmalloc+0x168/0x300
[   44.370645][ T3505]  hfs_find_init+0x8c/0x1e0
[   44.375121][ T3505]  hfs_cat_create+0x17e/0xa60
[   44.379772][ T3505]  hfs_create+0x62/0xd0
[   44.383897][ T3505]  path_openat+0x12f6/0x2f20
[   44.388469][ T3505]  do_filp_open+0x21c/0x460
[   44.392956][ T3505]  do_sys_openat2+0x13b/0x500
[   44.397603][ T3505]  __x64_sys_openat+0x243/0x290
[   44.402429][ T3505]  do_syscall_64+0x3d/0xb0
[   44.406819][ T3505]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   44.412687][ T3505] 
[   44.414989][ T3505] The buggy address belongs to the object at ffff88801e67f000
[   44.414989][ T3505]  which belongs to the cache kmalloc-96 of size 96
[   44.428841][ T3505] The buggy address is located 0 bytes inside of
[   44.428841][ T3505]  96-byte region [ffff88801e67f000, ffff88801e67f060)
[   44.441828][ T3505] The buggy address belongs to the page:
[   44.447430][ T3505] page:ffffea0000799fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e67f
[   44.457553][ T3505] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   44.465098][ T3505] raw: 00fff00000000200 ffffea0001d3bf40 0000000600000006 ffff888011c41780
[   44.473657][ T3505] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   44.482207][ T3505] page dumped because: kasan: bad access detected
[   44.488590][ T3505] page_owner tracks the page as allocated
[   44.494284][ T3505] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2969, ts 18771314214, free_ts 18768438905
[   44.510165][ T3505]  get_page_from_freelist+0x322a/0x33c0
[   44.515690][ T3505]  __alloc_pages+0x272/0x700
[   44.520262][ T3505]  new_slab+0xbb/0x4b0
[   44.524304][ T3505]  ___slab_alloc+0x6f6/0xe10
[   44.528870][ T3505]  __kmalloc+0x1c9/0x300
[   44.533082][ T3505]  tomoyo_encode+0x26b/0x530
[   44.537644][ T3505]  tomoyo_realpath_from_path+0x5a2/0x5e0
[   44.543251][ T3505]  tomoyo_path_perm+0x273/0x6b0
[   44.548078][ T3505]  tomoyo_path_symlink+0xda/0x110
[   44.553077][ T3505]  security_path_symlink+0xd9/0x130
[   44.558252][ T3505]  do_symlinkat+0x129/0x600
[   44.562733][ T3505]  __x64_sys_symlink+0x7a/0x90
[   44.567472][ T3505]  do_syscall_64+0x3d/0xb0
[   44.571861][ T3505]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   44.577728][ T3505] page last free stack trace:
[   44.582373][ T3505]  free_unref_page_prepare+0xc34/0xcf0
[   44.587810][ T3505]  free_unref_page+0x95/0x2d0
[   44.592462][ T3505]  __mmdrop+0xac/0x3e0
[   44.596506][ T3505]  finish_task_switch+0x218/0x630
[   44.601508][ T3505]  __schedule+0x12cc/0x4590
[   44.605984][ T3505]  schedule+0x11b/0x1f0
[   44.610143][ T3505]  schedule_hrtimeout_range_clock+0x27f/0x470
[   44.616184][ T3505]  ep_poll+0x199a/0x1c60
[   44.620404][ T3505]  do_epoll_wait+0x1ae/0x220
[   44.624966][ T3505]  __x64_sys_epoll_wait+0x253/0x2a0
[   44.630155][ T3505]  do_syscall_64+0x3d/0xb0
[   44.634544][ T3505]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   44.640415][ T3505] 
[   44.642717][ T3505] Memory state around the buggy address:
[   44.648320][ T3505]  ffff88801e67ef00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   44.656356][ T3505]  ffff88801e67ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.664391][ T3505] >ffff88801e67f000: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   44.672424][ T3505]                                               ^
[   44.678808][ T3505]  ffff88801e67f080: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   44.686959][ T3505]  ffff88801e67f100: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   44.694990][ T3505] ==================================================================
[   44.703020][ T3505] Disabling lock debugging due to kernel taint
[   44.709285][ T3505] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   44.716467][ T3505] CPU: 1 PID: 3505 Comm: syz-executor210 Tainted: G    B             5.15.118-syzkaller #0
[   44.726427][ T3505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   44.736458][ T3505] Call Trace:
[   44.739716][ T3505]  <TASK>
[   44.742620][ T3505]  dump_stack_lvl+0x1e3/0x2cb
[   44.747274][ T3505]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   44.752880][ T3505]  ? panic+0x84d/0x84d
[   44.756917][ T3505]  ? rcu_is_watching+0x11/0xa0
[   44.761656][ T3505]  panic+0x318/0x84d
[   44.765523][ T3505]  ? check_panic_on_warn+0x1d/0xa0
[   44.770608][ T3505]  ? fb_is_primary_device+0xcc/0xcc
[   44.775774][ T3505]  ? _raw_spin_unlock_irqrestore+0xd4/0x130
[   44.781660][ T3505]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   44.787555][ T3505]  ? _raw_spin_unlock+0x40/0x40
[   44.792394][ T3505]  ? print_memory_metadata+0xe2/0x140
[   44.797845][ T3505]  check_panic_on_warn+0x7e/0xa0
[   44.802761][ T3505]  ? hfs_bnode_read+0x179/0x2a0
[   44.807585][ T3505]  end_report+0x6d/0xf0
[   44.811730][ T3505]  kasan_report+0x18e/0x1c0
[   44.816218][ T3505]  ? hfs_bnode_read+0x179/0x2a0
[   44.821044][ T3505]  kasan_check_range+0x27e/0x290
[   44.825954][ T3505]  ? hfs_bnode_read+0x179/0x2a0
[   44.830778][ T3505]  memcpy+0x3c/0x60
[   44.834557][ T3505]  hfs_bnode_read+0x179/0x2a0
[   44.839207][ T3505]  hfs_bnode_read_key+0x16e/0x240
[   44.844204][ T3505]  ? hfs_bnode_read_u8+0x110/0x110
[   44.849296][ T3505]  ? __set_page_dirty_buffers+0x2c5/0x4b0
[   44.854996][ T3505]  hfs_brec_insert+0x69d/0xbd0
[   44.859735][ T3505]  ? hfs_brec_keylen+0x350/0x350
[   44.864642][ T3505]  ? memset+0x1f/0x40
[   44.868596][ T3505]  ? hfs_cat_build_record+0x242/0x800
[   44.873938][ T3505]  hfs_cat_create+0x5db/0xa60
[   44.878588][ T3505]  ? hfs_cat_build_key+0x170/0x170
[   44.883671][ T3505]  ? _raw_spin_unlock+0x24/0x40
[   44.888493][ T3505]  ? hfs_new_inode+0x88a/0xac0
[   44.893231][ T3505]  hfs_create+0x62/0xd0
[   44.897388][ T3505]  ? hfs_lookup+0x2e0/0x2e0
[   44.901863][ T3505]  path_openat+0x12f6/0x2f20
[   44.906541][ T3505]  ? do_filp_open+0x460/0x460
[   44.911212][ T3505]  do_filp_open+0x21c/0x460
[   44.915706][ T3505]  ? vfs_tmpfile+0x2e0/0x2e0
[   44.920282][ T3505]  ? _raw_spin_unlock+0x24/0x40
[   44.925104][ T3505]  ? alloc_fd+0x594/0x630
[   44.929408][ T3505]  do_sys_openat2+0x13b/0x500
[   44.934080][ T3505]  ? read_lock_is_recursive+0x10/0x10
[   44.939454][ T3505]  ? do_sys_open+0x220/0x220
[   44.944031][ T3505]  ? __fput+0x683/0x890
[   44.948186][ T3505]  __x64_sys_openat+0x243/0x290
[   44.953054][ T3505]  ? __ia32_sys_open+0x270/0x270
[   44.957967][ T3505]  ? syscall_enter_from_user_mode+0x2e/0x230
[   44.963926][ T3505]  ? lockdep_hardirqs_on+0x94/0x130
[   44.969098][ T3505]  ? syscall_enter_from_user_mode+0x2e/0x230
[   44.975061][ T3505]  do_syscall_64+0x3d/0xb0
[   44.979463][ T3505]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   44.985442][ T3505] RIP: 0033:0x7f5233a46b49
[   44.989837][ T3505] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   45.009505][ T3505] RSP: 002b:00007ffca3d8cb38 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   45.017895][ T3505] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5233a46b49
[   45.025842][ T3505] RDX: 0000000000141842 RSI: 0000000020000380 RDI: 00000000ffffff9c
[   45.033787][ T3505] RBP: 00007f5233a06150 R08: 0000000000000260 R09: 0000000000000000
[   45.041735][ T3505] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5233a061e0
[   45.049679][ T3505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   45.057629][ T3505]  </TASK>
[   45.060891][ T3505] Kernel Offset: disabled
[   45.065197][ T3505] Rebooting in 86400 seconds..