[ 15.538983][ T3892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.542439][ T3892] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.583006][ T303] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.585708][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.134' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.854583][ T4216] loop0: detected capacity change from 0 to 64 [ 35.881261][ T4216] hfs: unable to locate alternate MDB [ 35.882634][ T4216] hfs: continuing without an alternate MDB [ 35.887782][ T4216] ================================================================== [ 35.889690][ T4216] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x310/0x454 [ 35.891605][ T4216] Write of size 256 at addr ffff0000c4d43300 by task syz-executor324/4216 [ 35.893635][ T4216] [ 35.894223][ T4216] CPU: 0 PID: 4216 Comm: syz-executor324 Not tainted 6.1.31-syzkaller #0 [ 35.896240][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 35.898663][ T4216] Call trace: [ 35.899439][ T4216] dump_backtrace+0x1c8/0x1f4 [ 35.900511][ T4216] show_stack+0x2c/0x3c [ 35.901546][ T4216] dump_stack_lvl+0x108/0x170 [ 35.902745][ T4216] print_report+0x174/0x4c0 [ 35.903923][ T4216] kasan_report+0xd4/0x130 [ 35.905050][ T4216] kasan_check_range+0x264/0x2a4 [ 35.906253][ T4216] memcpy+0x60/0x90 [ 35.907176][ T4216] hfs_bnode_read_key+0x310/0x454 [ 35.908463][ T4216] hfs_brec_insert+0x508/0x97c [ 35.909696][ T4216] hfs_cat_create+0x4f0/0x844 [ 35.910919][ T4216] hfs_create+0x70/0xe4 [ 35.911983][ T4216] path_openat+0xeac/0x2548 [ 35.913091][ T4216] do_filp_open+0x1bc/0x3cc [ 35.914214][ T4216] do_sys_openat2+0x128/0x3d8 [ 35.915410][ T4216] __arm64_sys_openat+0x1f0/0x240 [ 35.916695][ T4216] invoke_syscall+0x98/0x2c0 [ 35.917805][ T4216] el0_svc_common+0x138/0x258 [ 35.919029][ T4216] do_el0_svc+0x64/0x218 [ 35.920106][ T4216] el0_svc+0x58/0x168 [ 35.921098][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 35.922330][ T4216] el0t_64_sync+0x18c/0x190 [ 35.923449][ T4216] [ 35.924001][ T4216] Allocated by task 4216: [ 35.925102][ T4216] kasan_set_track+0x4c/0x80 [ 35.926247][ T4216] kasan_save_alloc_info+0x24/0x30 [ 35.927477][ T4216] __kasan_kmalloc+0xac/0xc4 [ 35.928589][ T4216] __kmalloc+0xd8/0x1c4 [ 35.929643][ T4216] hfs_find_init+0x88/0x1c8 [ 35.930749][ T4216] hfs_cat_create+0x168/0x844 [ 35.931961][ T4216] hfs_create+0x70/0xe4 [ 35.932955][ T4216] path_openat+0xeac/0x2548 [ 35.934120][ T4216] do_filp_open+0x1bc/0x3cc [ 35.935271][ T4216] do_sys_openat2+0x128/0x3d8 [ 35.936473][ T4216] __arm64_sys_openat+0x1f0/0x240 [ 35.937673][ T4216] invoke_syscall+0x98/0x2c0 [ 35.938857][ T4216] el0_svc_common+0x138/0x258 [ 35.939985][ T4216] do_el0_svc+0x64/0x218 [ 35.941115][ T4216] el0_svc+0x58/0x168 [ 35.942157][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 35.943445][ T4216] el0t_64_sync+0x18c/0x190 [ 35.944571][ T4216] [ 35.945148][ T4216] The buggy address belongs to the object at ffff0000c4d43300 [ 35.945148][ T4216] which belongs to the cache kmalloc-128 of size 128 [ 35.948686][ T4216] The buggy address is located 0 bytes inside of [ 35.948686][ T4216] 128-byte region [ffff0000c4d43300, ffff0000c4d43380) [ 35.952068][ T4216] [ 35.952707][ T4216] The buggy address belongs to the physical page: [ 35.954242][ T4216] page:000000008da5510c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d43 [ 35.956727][ T4216] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 35.958670][ T4216] raw: 05ffc00000000200 fffffc00033ca600 dead000000000004 ffff0000c0002300 [ 35.960842][ T4216] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 35.963031][ T4216] page dumped because: kasan: bad access detected [ 35.964674][ T4216] [ 35.965255][ T4216] Memory state around the buggy address: [ 35.966768][ T4216] ffff0000c4d43200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 35.968839][ T4216] ffff0000c4d43280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.970807][ T4216] >ffff0000c4d43300: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 35.972768][ T4216] ^ [ 35.974242][ T4216] ffff0000c4d43380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.976292][ T4216] ffff0000c4d43400: 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.978278][ T4216] ================================================================== [ 35.980682][ T4216] Disabling lock debugging due to kernel taint