[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.770186] can: request_module (can-proto-0) failed. [ 43.774419] can: request_module (can-proto-0) failed. [ 44.555274] IPVS: ftp: loaded support on port[0] = 21 [ 45.107812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.167113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.440999] tipc: TX() has been purged, node left! [ 46.832285] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. 2019/12/10 15:21:59 parsed 1 programs 2019/12/10 15:21:59 executed programs: 0 [ 52.035437] IPVS: ftp: loaded support on port[0] = 21 [ 52.041365] IPVS: ftp: loaded support on port[0] = 21 [ 52.047965] IPVS: ftp: loaded support on port[0] = 21 [ 52.048800] IPVS: ftp: loaded support on port[0] = 21 [ 52.059286] IPVS: ftp: loaded support on port[0] = 21 [ 52.069201] IPVS: ftp: loaded support on port[0] = 21 [ 52.180587] hfs: unable to locate alternate MDB [ 52.185418] hfs: continuing without an alternate MDB [ 52.191516] hfs: unable to locate alternate MDB [ 52.196263] hfs: continuing without an alternate MDB [ 52.206215] kasan: CONFIG_KASAN_INLINE enabled [ 52.210973] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 52.218378] general protection fault: 0000 [#1] SMP KASAN [ 52.223906] CPU: 0 PID: 4441 Comm: syz-executor2 Not tainted 5.5.0-rc1-syzkaller #0 [ 52.227653] kasan: CONFIG_KASAN_INLINE enabled [ 52.231683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.231697] RIP: 0010:hfs_find_init+0x73/0x180 [ 52.231701] Code: ea 03 80 3c 02 00 0f 85 ee 00 00 00 4d 8d 6c 24 40 48 c7 43 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 41 8b 44 24 40 be [ 52.231703] RSP: 0018:ffff8881c5837300 EFLAGS: 00010202 [ 52.231709] RAX: dffffc0000000000 RBX: ffff8881c5837380 RCX: 1ffff11038e7d785 [ 52.236296] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 52.245616] RDX: 0000000000000008 RSI: ffff8881c5837380 RDI: ffff8881c5837398 [ 52.245618] RBP: ffff8881c5837320 R08: ffffed1037b102da R09: ffff8881c58373e0 [ 52.245620] R10: 0000000000000000 R11: ffff8881bd8816cf R12: 0000000000000000 [ 52.245623] R13: 0000000000000040 R14: ffff8881bd881772 R15: ffff8881c5837380 [ 52.245627] FS: 00007fce947de700(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000 [ 52.245629] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.245631] CR2: 00000000004d9e58 CR3: 00000001c5626000 CR4: 00000000001406f0 [ 52.245636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.346483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.353724] Call Trace: [ 52.356287] hfs_ext_read_extent+0x17e/0xcc0 [ 52.360668] ? __kasan_check_write+0x14/0x20 [ 52.365049] ? do_raw_spin_lock+0x123/0x2d0 [ 52.369343] ? hfs_ext_write_extent.part.4+0x160/0x160 [ 52.374592] hfs_get_block+0x490/0x850 [ 52.378454] block_read_full_page+0x288/0x950 [ 52.382920] ? hfs_extend_file+0xc20/0xc20 [ 52.387125] ? __bread_gfp+0x2b0/0x2b0 [ 52.390985] ? add_to_page_cache_lru+0x16b/0x250 [ 52.395710] ? add_to_page_cache_locked+0x10/0x10 [ 52.400532] ? __page_cache_alloc+0x1fb/0x3c0 [ 52.404998] hfs_readpage+0x13/0x20 [ 52.408593] do_read_cache_page+0x65c/0x12d0 [ 52.412971] ? find_held_lock+0x36/0x1d0 [ 52.417017] ? grab_cache_page_write_begin+0x80/0x80 [ 52.422090] ? lock_downgrade+0x900/0x900 [ 52.426220] ? __kasan_check_write+0x14/0x20 [ 52.430605] ? do_raw_spin_lock+0x123/0x2d0 [ 52.434900] ? rwlock_bug.part.2+0x90/0x90 [ 52.439104] ? lock_acquire+0x194/0x3e0 [ 52.443051] ? wake_bit_function+0x180/0x180 [ 52.447432] ? do_raw_spin_unlock+0x16e/0x260 [ 52.451898] read_cache_page+0x45/0x70 [ 52.455757] hfs_btree_open+0x45f/0x1070 [ 52.459788] hfs_mdb_get+0x1329/0x1d85 [ 52.463658] ? hfs_mdb_put+0x340/0x340 [ 52.467518] ? queue_work_node+0x320/0x320 [ 52.471725] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.476540] ? free_object+0x70/0x70 [ 52.480237] ? lockdep_init_map+0x1b6/0x6c0 [ 52.484529] ? debug_mutex_init+0x2d/0x60 [ 52.488649] hfs_fill_super+0x9b4/0x12a0 [ 52.492697] ? device_node_string.isra.5+0x160/0x160 [ 52.497771] ? hfs_show_options+0x550/0x550 [ 52.502061] ? file_dentry_name+0x100/0x100 [ 52.506353] ? vsnprintf+0x8b0/0x1820 [ 52.510121] ? pointer+0x650/0x650 [ 52.513631] ? down_write+0xe1/0x150 [ 52.517317] ? snprintf+0x91/0xc0 [ 52.520740] ? vsprintf+0x20/0x20 [ 52.524171] ? register_shrinker_prepared+0xe1/0x150 [ 52.529243] mount_bdev+0x27b/0x340 [ 52.532838] ? hfs_show_options+0x550/0x550 [ 52.537129] ? hfs_statfs+0x550/0x550 [ 52.540899] hfs_mount+0x10/0x20 [ 52.544236] legacy_get_tree+0x103/0x1f0 [ 52.548270] vfs_get_tree+0x8b/0x2d0 [ 52.551958] ? capable+0x14/0x20 [ 52.555294] do_mount+0x1285/0x1b70 [ 52.558892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.563619] ? copy_mount_string+0x20/0x20 [ 52.567825] ? retint_kernel+0x10/0x10 [ 52.571682] ? copy_mount_options+0x179/0x2c0 [ 52.576148] ? copy_mount_options+0x77/0x2c0 [ 52.580547] ksys_mount+0xba/0xe0 [ 52.583969] __x64_sys_mount+0xb9/0x150 [ 52.587914] do_syscall_64+0xd0/0x600 [ 52.591687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.596860] RIP: 0033:0x4579fa [ 52.600022] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 52.618904] RSP: 002b:00007fce947ddbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 52.626580] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004579fa [ 52.633818] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fce947ddc00 [ 52.641058] RBP: 0000000000000003 R08: 00000000200001c0 R09: 0000000020000000 [ 52.648297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 52.655536] R13: 0000000000000666 R14: 00000000006fba30 R15: 0000000000000000 [ 52.662778] Modules linked in: [ 52.665983] general protection fault: 0000 [#2] SMP KASAN [ 52.666033] ---[ end trace f66cebd163ae50b4 ]--- [ 52.671515] CPU: 1 PID: 4444 Comm: syz-executor Tainted: G D 5.5.0-rc1-syzkaller #0 [ 52.671518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.671524] RIP: 0010:hfs_find_init+0x73/0x180 [ 52.671528] Code: ea 03 80 3c 02 00 0f 85 ee 00 00 00 4d 8d 6c 24 40 48 c7 43 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 41 8b 44 24 40 be [ 52.671531] RSP: 0018:ffff8881c5877300 EFLAGS: 00010202 [ 52.676273] RIP: 0010:hfs_find_init+0x73/0x180 [ 52.685327] RAX: dffffc0000000000 RBX: ffff8881c5877380 RCX: 1ffff110396d4e85 [ 52.685329] RDX: 0000000000000008 RSI: ffff8881c5877380 RDI: ffff8881c5877398 [ 52.685331] RBP: ffff8881c5877320 R08: ffffed1038b3cee2 R09: ffff8881c58773e0 [ 52.685333] R10: 0000000000000000 R11: ffff8881c59e770f R12: 0000000000000000 [ 52.685335] R13: 0000000000000040 R14: ffff8881c59e77b2 R15: ffff8881c5877380 [ 52.685338] FS: 00007f0cf69d9700(0000) GS:ffff8881db100000(0000) knlGS:0000000000000000 [ 52.685341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.694691] Code: ea 03 80 3c 02 00 0f 85 ee 00 00 00 4d 8d 6c 24 40 48 c7 43 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 41 8b 44 24 40 be [ 52.699233] CR2: 000000000095efd0 CR3: 00000001cb5e7000 CR4: 00000000001406e0 [ 52.699238] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.699240] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.699242] Call Trace: [ 52.699249] hfs_ext_read_extent+0x17e/0xcc0 [ 52.718133] RSP: 0018:ffff8881c5837300 EFLAGS: 00010202 [ 52.723462] ? __kasan_check_write+0x14/0x20 [ 52.723467] ? do_raw_spin_lock+0x123/0x2d0 [ 52.723471] ? hfs_ext_write_extent.part.4+0x160/0x160 [ 52.728036] RAX: dffffc0000000000 RBX: ffff8881c5837380 RCX: 1ffff11038e7d785 [ 52.735284] ? create_empty_buffers+0xaa/0x4b0 [ 52.735293] hfs_get_block+0x490/0x850 [ 52.735299] block_read_full_page+0x288/0x950 [ 52.735302] ? hfs_extend_file+0xc20/0xc20 [ 52.735307] ? __bread_gfp+0x2b0/0x2b0 [ 52.735312] ? add_to_page_cache_lru+0x16b/0x250 [ 52.735318] ? add_to_page_cache_locked+0x10/0x10 [ 52.742600] RDX: 0000000000000008 RSI: ffff8881c5837380 RDI: ffff8881c5837398 [ 52.749837] ? __page_cache_alloc+0x1fb/0x3c0 [ 52.749843] hfs_readpage+0x13/0x20 [ 52.749848] do_read_cache_page+0x65c/0x12d0 [ 52.749853] ? rwlock_bug.part.2+0x90/0x90 [ 52.749860] ? grab_cache_page_write_begin+0x80/0x80 [ 52.757139] RBP: ffff8881c5837320 R08: ffffed1037b102da R09: ffff8881c58373e0 [ 52.764376] ? lock_downgrade+0x900/0x900 [ 52.764382] ? __kasan_check_write+0x14/0x20 [ 52.764385] ? do_raw_spin_lock+0x123/0x2d0 [ 52.764390] ? rwlock_bug.part.2+0x90/0x90 [ 52.772625] R10: 0000000000000000 R11: ffff8881bd8816cf R12: 0000000000000000 [ 52.778457] ? lock_acquire+0x194/0x3e0 [ 52.778462] ? wake_bit_function+0x180/0x180 [ 52.778466] ? do_raw_spin_unlock+0x16e/0x260 [ 52.778471] read_cache_page+0x45/0x70 [ 52.797380] R13: 0000000000000040 R14: ffff8881bd881772 R15: ffff8881c5837380 [ 52.804612] hfs_btree_open+0x45f/0x1070 [ 52.804617] hfs_mdb_get+0x1329/0x1d85 [ 52.804623] ? hfs_mdb_put+0x340/0x340 [ 52.804630] ? queue_work_node+0x320/0x320 [ 52.811889] FS: 00007fce947de700(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000 [ 52.819121] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.819126] ? free_object+0x70/0x70 [ 52.819129] ? lockdep_init_map+0x1b6/0x6c0 [ 52.819134] ? debug_mutex_init+0x2d/0x60 [ 52.821704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.826086] hfs_fill_super+0x9b4/0x12a0 [ 52.826092] ? device_node_string.isra.5+0x160/0x160 [ 52.826098] ? hfs_show_options+0x550/0x550 [ 52.826102] ? file_dentry_name+0x100/0x100 [ 52.831451] CR2: 00000000004d9e58 CR3: 00000001c5626000 CR4: 00000000001406f0 [ 52.835836] ? vsnprintf+0x8b0/0x1820 [ 52.835841] ? pointer+0x650/0x650 [ 52.835845] ? down_write+0xe1/0x150 [ 52.835851] ? snprintf+0x91/0xc0 [ 52.840167] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.845401] ? vsprintf+0x20/0x20 [ 52.845406] ? register_shrinker_prepared+0xe1/0x150 [ 52.845413] mount_bdev+0x27b/0x340 [ 52.845417] ? hfs_show_options+0x550/0x550 [ 52.852672] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.857216] ? hfs_statfs+0x550/0x550 [ 52.857220] hfs_mount+0x10/0x20 [ 52.857224] legacy_get_tree+0x103/0x1f0 [ 52.857228] vfs_get_tree+0x8b/0x2d0 [ 52.861099] Kernel panic - not syncing: Fatal exception [ 52.865559] ? capable+0x14/0x20 [ 53.108569] do_mount+0x1285/0x1b70 [ 53.112175] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 53.116906] ? copy_mount_string+0x20/0x20 [ 53.121206] ? retint_kernel+0x10/0x10 [ 53.125070] ? copy_mount_options+0x1b3/0x2c0 [ 53.129546] ? copy_mount_options+0x77/0x2c0 [ 53.133928] ksys_mount+0xba/0xe0 [ 53.137356] __x64_sys_mount+0xb9/0x150 [ 53.141305] do_syscall_64+0xd0/0x600 [ 53.145080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.150245] RIP: 0033:0x4579fa [ 53.153414] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 53.172291] RSP: 002b:00007f0cf69d8bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 53.179972] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004579fa [ 53.187214] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0cf69d8c00 [ 53.194459] RBP: 0000000000000003 R08: 00000000200001c0 R09: 0000000020000000 [ 53.201703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 53.208961] R13: 0000000000000666 R14: 00000000006fba30 R15: 0000000000000000 [ 53.216214] Modules linked in: [ 53.220054] Kernel Offset: disabled [ 53.223689] Rebooting in 86400 seconds..