DUID 00:04:a4:d9:44:a1:3e:a2:79:db:da:6d:5d:0b:f7:25:ed:85
forked to background, child pid 3213
[ 36.322514][ T3214] 8021q: adding VLAN 0 to HW filter on device bond0
[ 36.331981][ T3214] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 57.424850][ T3543] loop0: detected capacity change from 0 to 1024
[ 57.442995][ T3543] ==================================================================
[ 57.451108][ T3543] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x576/0x11f0
[ 57.458874][ T3543] Read of size 2 at addr ffff888021744218 by task syz-executor137/3543
[ 57.467246][ T3543]
[ 57.469629][ T3543] CPU: 0 PID: 3543 Comm: syz-executor137 Not tainted 6.1.31-syzkaller #0
[ 57.478071][ T3543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 57.488476][ T3543] Call Trace:
[ 57.491751][ T3543]
[ 57.494692][ T3543] dump_stack_lvl+0x1e3/0x2cb
[ 57.499396][ T3543] ? irq_work_queue+0xc6/0x150
[ 57.504191][ T3543] ? nf_tcp_handle_invalid+0x642/0x642
[ 57.509663][ T3543] ? panic+0x75d/0x75d
[ 57.513744][ T3543] ? _printk+0xd1/0x111
[ 57.517903][ T3543] ? _raw_spin_lock_irqsave+0xac/0x120
[ 57.523365][ T3543] print_report+0x15f/0x4f0
[ 57.527878][ T3543] ? hfsplus_find_exit+0xa0/0xa0
[ 57.532815][ T3543] ? hfs_find_rec_by_key+0x1f0/0x1f0
[ 57.538101][ T3543] ? __virt_addr_valid+0x22b/0x2e0
[ 57.543225][ T3543] ? __phys_addr+0xb6/0x170
[ 57.547739][ T3543] ? hfsplus_uni2asc+0x576/0x11f0
[ 57.552766][ T3543] kasan_report+0x136/0x160
[ 57.557286][ T3543] ? hfsplus_uni2asc+0x576/0x11f0
[ 57.562330][ T3543] hfsplus_uni2asc+0x576/0x11f0
[ 57.567185][ T3543] ? memcpy+0x3c/0x60
[ 57.571170][ T3543] hfsplus_listxattr+0x70a/0xf00
[ 57.576120][ T3543] ? hfsplus_getxattr+0xd0/0xd0
[ 57.580992][ T3543] ? kvmalloc_node+0x6e/0x180
[ 57.585670][ T3543] ? listxattr+0x50/0x2e0
[ 57.589998][ T3543] ? __x64_sys_llistxattr+0x16f/0x230
[ 57.595384][ T3543] ? do_syscall_64+0x3d/0xb0
[ 57.600000][ T3543] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.606112][ T3543] ? kvmalloc_node+0x6e/0x180
[ 57.610798][ T3543] ? rcu_is_watching+0x11/0xb0
[ 57.615570][ T3543] ? kvmalloc_node+0x6e/0x180
[ 57.620246][ T3543] ? __kmalloc_node+0xe3/0x230
[ 57.625010][ T3543] ? bpf_lsm_inode_listxattr+0x5/0x10
[ 57.630393][ T3543] listxattr+0x282/0x2e0
[ 57.634642][ T3543] ? hfsplus_getxattr+0xd0/0xd0
[ 57.639500][ T3543] __x64_sys_llistxattr+0x16f/0x230
[ 57.644702][ T3543] ? print_irqtrace_events+0x210/0x210
[ 57.650162][ T3543] ? __ia32_sys_listxattr+0x230/0x230
[ 57.655537][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 57.661526][ T3543] ? lockdep_hardirqs_on+0x94/0x130
[ 57.666737][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 57.672737][ T3543] do_syscall_64+0x3d/0xb0
[ 57.677162][ T3543] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.683058][ T3543] RIP: 0033:0x7f5d141b5799
[ 57.687480][ T3543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.707087][ T3543] RSP: 002b:00007fff263dd1a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[ 57.715507][ T3543] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d141b5799
[ 57.723488][ T3543] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[ 57.731464][ T3543] RBP: 00007f5d14175030 R08: 0000000000000603 R09: 0000000000000000
[ 57.739444][ T3543] R10: 00007fff263dd070 R11: 0000000000000246 R12: 00007f5d141750c0
[ 57.747510][ T3543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 57.755506][ T3543]
[ 57.758528][ T3543]
[ 57.760848][ T3543] Allocated by task 3543:
[ 57.765167][ T3543] kasan_set_track+0x4b/0x70
[ 57.769822][ T3543] __kasan_kmalloc+0x97/0xb0
[ 57.774423][ T3543] __kmalloc+0xb2/0x230
[ 57.778580][ T3543] hfsplus_find_init+0x81/0x1c0
[ 57.783434][ T3543] hfsplus_listxattr+0x3bd/0xf00
[ 57.788405][ T3543] listxattr+0x282/0x2e0
[ 57.792655][ T3543] __x64_sys_llistxattr+0x16f/0x230
[ 57.797853][ T3543] do_syscall_64+0x3d/0xb0
[ 57.802276][ T3543] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.808170][ T3543]
[ 57.810978][ T3543] The buggy address belongs to the object at ffff888021744000
[ 57.810978][ T3543] which belongs to the cache kmalloc-1k of size 1024
[ 57.825027][ T3543] The buggy address is located 536 bytes inside of
[ 57.825027][ T3543] 1024-byte region [ffff888021744000, ffff888021744400)
[ 57.838390][ T3543]
[ 57.840712][ T3543] The buggy address belongs to the physical page:
[ 57.847117][ T3543] page:ffffea000085d000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21740
[ 57.857268][ T3543] head:ffffea000085d000 order:3 compound_mapcount:0 compound_pincount:0
[ 57.865597][ T3543] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 57.873579][ T3543] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012441dc0
[ 57.882166][ T3543] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 57.890745][ T3543] page dumped because: kasan: bad access detected
[ 57.897150][ T3543] page_owner tracks the page as allocated
[ 57.902865][ T3543] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3543, tgid 3543 (sh), ts 57406648259, free_ts 57405892756
[ 57.922862][ T3543] post_alloc_hook+0x18d/0x1b0
[ 57.927639][ T3543] get_page_from_freelist+0x32ed/0x3480
[ 57.933186][ T3543] __alloc_pages+0x28d/0x770
[ 57.937778][ T3543] alloc_slab_page+0x6a/0x150
[ 57.942461][ T3543] new_slab+0x84/0x2d0
[ 57.946533][ T3543] ___slab_alloc+0xa71/0x1080
[ 57.951218][ T3543] __kmem_cache_alloc_node+0x19f/0x260
[ 57.956765][ T3543] __kmalloc+0xa1/0x230
[ 57.960917][ T3543] tomoyo_init_log+0x1b02/0x2010
[ 57.965860][ T3543] tomoyo_supervisor+0x396/0x12d0
[ 57.970887][ T3543] tomoyo_env_perm+0x174/0x210
[ 57.975655][ T3543] tomoyo_find_next_domain+0x137e/0x1cd0
[ 57.981317][ T3543] tomoyo_bprm_check_security+0xdb/0x120
[ 57.986956][ T3543] security_bprm_check+0x5f/0xa0
[ 57.991894][ T3543] bprm_execve+0x850/0x1820
[ 57.996492][ T3543] do_execveat_common+0x580/0x720
[ 58.001527][ T3543] page last free stack trace:
[ 58.006196][ T3543] free_unref_page_prepare+0xf63/0x1120
[ 58.011758][ T3543] free_unref_page+0x98/0x570
[ 58.016443][ T3543] __unfreeze_partials+0x1b7/0x210
[ 58.021559][ T3543] put_cpu_partial+0x116/0x180
[ 58.026327][ T3543] qlist_free_all+0x22/0x60
[ 58.030833][ T3543] kasan_quarantine_reduce+0x162/0x180
[ 58.036293][ T3543] __kasan_slab_alloc+0x1f/0x70
[ 58.041152][ T3543] slab_post_alloc_hook+0x50/0x370
[ 58.046268][ T3543] __kmem_cache_alloc_node+0x137/0x260
[ 58.051728][ T3543] __kmalloc+0xa1/0x230
[ 58.055881][ T3543] tomoyo_supervisor+0xeda/0x12d0
[ 58.060925][ T3543] tomoyo_env_perm+0x174/0x210
[ 58.065693][ T3543] tomoyo_find_next_domain+0x137e/0x1cd0
[ 58.071333][ T3543] tomoyo_bprm_check_security+0xdb/0x120
[ 58.076999][ T3543] security_bprm_check+0x5f/0xa0
[ 58.081943][ T3543] bprm_execve+0x850/0x1820
[ 58.086467][ T3543]
[ 58.088787][ T3543] Memory state around the buggy address:
[ 58.094409][ T3543] ffff888021744100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.102467][ T3543] ffff888021744180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.110524][ T3543] >ffff888021744200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 58.118580][ T3543] ^
[ 58.123422][ T3543] ffff888021744280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 58.131481][ T3543] ffff888021744300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 58.139538][ T3543] ==================================================================
[ 58.147967][ T3543] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 58.155191][ T3543] CPU: 1 PID: 3543 Comm: syz-executor137 Not tainted 6.1.31-syzkaller #0
[ 58.163617][ T3543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 58.173669][ T3543] Call Trace:
[ 58.176946][ T3543]
[ 58.179873][ T3543] dump_stack_lvl+0x1e3/0x2cb
[ 58.184555][ T3543] ? nf_tcp_handle_invalid+0x642/0x642
[ 58.190012][ T3543] ? panic+0x75d/0x75d
[ 58.194078][ T3543] ? preempt_schedule_common+0xa6/0xd0
[ 58.199539][ T3543] ? vscnprintf+0x59/0x80
[ 58.203893][ T3543] panic+0x318/0x75d
[ 58.207792][ T3543] ? check_panic_on_warn+0x1d/0xa0
[ 58.212903][ T3543] ? memcpy_page_flushcache+0xfc/0xfc
[ 58.218286][ T3543] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 58.224261][ T3543] ? _raw_spin_unlock+0x40/0x40
[ 58.229105][ T3543] ? print_report+0x4a3/0x4f0
[ 58.233787][ T3543] check_panic_on_warn+0x7e/0xa0
[ 58.238732][ T3543] ? hfsplus_uni2asc+0x576/0x11f0
[ 58.243753][ T3543] end_report+0x66/0x110
[ 58.247995][ T3543] kasan_report+0x143/0x160
[ 58.252500][ T3543] ? hfsplus_uni2asc+0x576/0x11f0
[ 58.257524][ T3543] hfsplus_uni2asc+0x576/0x11f0
[ 58.262387][ T3543] ? memcpy+0x3c/0x60
[ 58.266372][ T3543] hfsplus_listxattr+0x70a/0xf00
[ 58.271316][ T3543] ? hfsplus_getxattr+0xd0/0xd0
[ 58.276166][ T3543] ? kvmalloc_node+0x6e/0x180
[ 58.280835][ T3543] ? listxattr+0x50/0x2e0
[ 58.285160][ T3543] ? __x64_sys_llistxattr+0x16f/0x230
[ 58.290529][ T3543] ? do_syscall_64+0x3d/0xb0
[ 58.295114][ T3543] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.301195][ T3543] ? kvmalloc_node+0x6e/0x180
[ 58.305865][ T3543] ? rcu_is_watching+0x11/0xb0
[ 58.310627][ T3543] ? kvmalloc_node+0x6e/0x180
[ 58.315296][ T3543] ? __kmalloc_node+0xe3/0x230
[ 58.320056][ T3543] ? bpf_lsm_inode_listxattr+0x5/0x10
[ 58.325437][ T3543] listxattr+0x282/0x2e0
[ 58.329677][ T3543] ? hfsplus_getxattr+0xd0/0xd0
[ 58.334529][ T3543] __x64_sys_llistxattr+0x16f/0x230
[ 58.339737][ T3543] ? print_irqtrace_events+0x210/0x210
[ 58.345197][ T3543] ? __ia32_sys_listxattr+0x230/0x230
[ 58.350565][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 58.356544][ T3543] ? lockdep_hardirqs_on+0x94/0x130
[ 58.361739][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 58.367724][ T3543] do_syscall_64+0x3d/0xb0
[ 58.372139][ T3543] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.378027][ T3543] RIP: 0033:0x7f5d141b5799
[ 58.382435][ T3543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.402032][ T3543] RSP: 002b:00007fff263dd1a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[ 58.410438][ T3543] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d141b5799
[ 58.418401][ T3543] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[ 58.426372][ T3543] RBP: 00007f5d14175030 R08: 0000000000000603 R09: 0000000000000000
[ 58.434347][ T3543] R10: 00007fff263dd070 R11: 0000000000000246 R12: 00007f5d141750c0
[ 58.442323][ T3543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.450293][ T3543]
[ 58.453618][ T3543] Kernel Offset: disabled
[ 58.458126][ T3543] Rebooting in 86400 seconds..