[ 56.145775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.221482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.232291] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.270531] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.288035] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.780607] tipc: TX() has been purged, node left! [ 58.089593] device bridge_slave_1 left promiscuous mode [ 58.095677] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.109630] device bridge_slave_0 left promiscuous mode [ 58.115217] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.171408] team0 (unregistering): Port device team_slave_1 removed [ 59.181772] team0 (unregistering): Port device team_slave_0 removed [ 59.192314] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 59.208643] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 59.244039] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.1.19' (ECDSA) to the list of known hosts. 2020/02/11 21:51:58 parsed 1 programs 2020/02/11 21:51:58 executed programs: 0 [ 63.826753] IPVS: ftp: loaded support on port[0] = 21 [ 63.836122] IPVS: ftp: loaded support on port[0] = 21 [ 63.838676] IPVS: ftp: loaded support on port[0] = 21 [ 63.855107] IPVS: ftp: loaded support on port[0] = 21 [ 63.868414] IPVS: ftp: loaded support on port[0] = 21 [ 63.874262] IPVS: ftp: loaded support on port[0] = 21 [ 63.943149] hfs: unable to locate alternate MDB [ 63.948106] hfs: continuing without an alternate MDB [ 63.956018] [ 63.957660] ============================================ [ 63.963100] WARNING: possible recursive locking detected [ 63.968542] 5.6.0-rc1-syzkaller #0 Not tainted [ 63.973113] -------------------------------------------- [ 63.978716] syz-executor5/4577 is trying to acquire lock: [ 63.984246] ffff8881c59de0a8 (&tree->tree_lock){+.+.}, at: hfs_find_init+0x110/0x180 [ 63.992183] [ 63.992183] but task is already holding lock: [ 63.998289] ffff8881c405a0a8 (&tree->tree_lock){+.+.}, at: hfs_find_init+0x110/0x180 [ 64.006241] [ 64.006241] other info that might help us debug this: [ 64.012953] Possible unsafe locking scenario: [ 64.012953] [ 64.019003] CPU0 [ 64.021562] ---- [ 64.024202] lock(&tree->tree_lock); [ 64.028263] lock(&tree->tree_lock); [ 64.032094] [ 64.032094] *** DEADLOCK *** [ 64.032094] [ 64.038154] May be due to missing lock nesting notation [ 64.038154] [ 64.045071] 3 locks held by syz-executor5/4577: [ 64.049738] #0: ffff8881c21a80d8 (&type->s_umount_key#46/1){+.+.}, at: alloc_super+0x134/0x8a0 [ 64.058574] #1: ffff8881c405a0a8 (&tree->tree_lock){+.+.}, at: hfs_find_init+0x110/0x180 [ 64.066885] #2: ffff8881c40dd728 (&HFS_I(tree->inode)->extents_lock){+.+.}, at: hfs_get_block+0x484/0x850 [ 64.076665] [ 64.076665] stack backtrace: [ 64.081175] CPU: 0 PID: 4577 Comm: syz-executor5 Not tainted 5.6.0-rc1-syzkaller #0 [ 64.089060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.098458] Call Trace: [ 64.101084] dump_stack+0x12f/0x187 [ 64.104719] __lock_acquire.cold.65+0x181/0x385 [ 64.112004] ? stack_depot_save+0x265/0x470 [ 64.116485] ? mark_held_locks+0x130/0x130 [ 64.120728] ? read_cache_page+0x45/0x70 [ 64.124774] lock_acquire+0x194/0x3e0 [ 64.128564] ? hfs_find_init+0x110/0x180 [ 64.132622] __mutex_lock+0x160/0x1400 [ 64.136520] ? hfs_find_init+0x110/0x180 [ 64.140627] ? hfs_find_init+0x110/0x180 [ 64.144682] ? mutex_trylock+0x2b0/0x2b0 [ 64.148887] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.153728] ? rcu_read_lock_any_held.part.8+0x50/0x50 [ 64.158991] ? __kasan_kmalloc.constprop.7+0xc1/0xd0 [ 64.164090] ? __kmalloc+0x5de/0x760 [ 64.167794] ? hfs_get_block+0x484/0x850 [ 64.171839] mutex_lock_nested+0x16/0x20 [ 64.175889] ? mutex_lock_nested+0x16/0x20 [ 64.180107] hfs_find_init+0x110/0x180 [ 64.183984] hfs_ext_read_extent+0x17e/0xcc0 [ 64.188410] ? __kasan_check_write+0x14/0x20 [ 64.192824] ? do_raw_spin_lock+0x132/0x2e0 [ 64.197143] ? hfs_ext_write_extent.part.4+0x160/0x160 [ 64.202449] hfs_get_block+0x490/0x850 [ 64.206339] block_read_full_page+0x288/0x950 [ 64.210832] ? hfs_extend_file+0xc20/0xc20 [ 64.215051] ? __bread_gfp+0x2b0/0x2b0 [ 64.219036] ? add_to_page_cache_lru+0x16b/0x250 [ 64.223926] ? add_to_page_cache_locked+0x10/0x10 [ 64.228767] ? __page_cache_alloc+0x1fb/0x3c0 [ 64.233392] hfs_readpage+0x13/0x20 [ 64.237013] do_read_cache_page+0x65c/0x12d0 [ 64.241428] ? __kasan_check_read+0x11/0x20 [ 64.245745] ? __kasan_check_read+0x11/0x20 [ 64.250051] ? mark_lock+0xc5/0x1200 [ 64.253802] ? grab_cache_page_write_begin+0x80/0x80 [ 64.259005] ? __hfs_bnode_create+0x337/0x750 [ 64.263503] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.268342] ? lock_downgrade+0x900/0x900 [ 64.272475] ? __kasan_check_write+0x14/0x20 [ 64.276878] ? do_raw_spin_lock+0x132/0x2e0 [ 64.281181] ? rwlock_bug.part.0+0x90/0x90 [ 64.285530] ? lock_acquire+0x194/0x3e0 [ 64.289677] read_cache_page+0x45/0x70 [ 64.293560] ? _raw_spin_unlock+0x1d/0x30 [ 64.297691] __hfs_bnode_create+0x4ea/0x750 [ 64.302006] ? hfs_bnode_findhash+0x170/0x170 [ 64.306504] ? lock_acquire+0x194/0x3e0 [ 64.310468] ? do_raw_spin_unlock+0x177/0x260 [ 64.314974] hfs_bnode_find+0x1b6/0xa10 [ 64.318934] ? hfs_bnode_put.part.6+0x210/0x210 [ 64.323602] ? mark_held_locks+0x130/0x130 [ 64.327889] ? do_mount+0x1285/0x1b70 [ 64.331690] ? lock_acquire+0x194/0x3e0 [ 64.335701] ? hfs_find_init+0x110/0x180 [ 64.339767] hfs_brec_find+0x27e/0x490 [ 64.343694] ? __hfs_brec_find+0x4f0/0x4f0 [ 64.347973] ? mutex_trylock+0x2b0/0x2b0 [ 64.352107] hfs_brec_read+0x1d/0xe0 [ 64.355883] hfs_cat_find_brec+0x142/0x310 [ 64.360513] ? hfs_cat_keycmp+0x1b0/0x1b0 [ 64.364669] ? __kmalloc+0x5de/0x760 [ 64.368381] ? free_object+0x70/0x70 [ 64.372077] ? mutex_lock_nested+0x16/0x20 [ 64.376394] ? mutex_lock_nested+0x16/0x20 [ 64.380638] hfs_fill_super+0xab2/0x12a0 [ 64.384820] ? hfs_show_options+0x550/0x550 [ 64.389136] ? file_dentry_name+0x100/0x100 [ 64.393455] ? pointer+0x650/0x650 [ 64.397033] ? down_write+0xe1/0x150 [ 64.400777] ? snprintf+0x91/0xc0 [ 64.404235] ? vsprintf+0x20/0x20 [ 64.407669] ? register_shrinker_prepared+0xe1/0x150 [ 64.412779] ? sget+0x3a1/0x4a0 [ 64.416099] mount_bdev+0x27b/0x340 [ 64.419765] ? hfs_show_options+0x550/0x550 [ 64.424088] ? hfs_statfs+0x550/0x550 [ 64.428089] hfs_mount+0x10/0x20 [ 64.431448] legacy_get_tree+0x103/0x1f0 [ 64.435529] vfs_get_tree+0x8b/0x2d0 [ 64.439712] ? capable+0x14/0x20 [ 64.443078] do_mount+0x1285/0x1b70 [ 64.446706] ? lock_downgrade+0x900/0x900 [ 64.450959] ? copy_mount_string+0x20/0x20 [ 64.455312] ? __kasan_check_write+0x14/0x20 [ 64.459846] ? _copy_from_user+0xd6/0x110 [ 64.464017] __x64_sys_mount+0x169/0x1c0 [ 64.468102] do_syscall_64+0xd0/0x600 [ 64.471919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.477219] RIP: 0033:0x457efa [ 64.480436] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 64.499587] RSP: 002b:00007fabb25f2ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 64.507295] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457efa [ 64.514584] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fabb25f2bf0 [ 64.521853] RBP: 0000000000000003 R08: 00000000200002c0 R09: 0000000020000000 [ 64.529149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 64.536633] R13: 0000000000000003 R14: 00000000006fcbb0 R15: 0000000000000000 [ 64.544809] hfs: get root inode failed [ 64.569232] hfs: unable to locate alternate MDB [ 64.573984] hfs: continuing without an alternate MDB [ 64.584388] hfs: get root inode failed [ 64.610578] hfs: unable to locate alternate MDB [ 64.615423] hfs: continuing without an alternate MDB [ 64.620913] hfs: unable to locate alternate MDB [ 64.625647] hfs: continuing without an alternate MDB [ 64.639068] hfs: get root inode failed [ 64.644954] hfs: get root inode failed [ 64.662094] hfs: unable to locate alternate MDB [ 64.667010] hfs: continuing without an alternate MDB [ 64.667357] hfs: unable to locate alternate MDB [ 64.677000] hfs: continuing without an alternate MDB [ 64.683671] hfs: unable to locate alternate MDB [ 64.688428] hfs: continuing without an alternate MDB [ 64.692270] hfs: get root inode failed [ 64.697853] hfs: unable to locate alternate MDB [ 64.702550] hfs: get root inode failed [ 64.702708] hfs: continuing without an alternate MDB [ 64.710597] hfs: get root inode failed [ 64.713468] hfs: get root inode failed [ 64.749845] hfs: unable to locate alternate MDB [ 64.754660] hfs: continuing without an alternate MDB [ 64.760630] hfs: get root inode failed [ 64.811006] hfs: unable to locate alternate MDB [ 64.815775] hfs: continuing without an alternate MDB [ 64.829981] hfs: unable to locate alternate MDB [ 64.834716] hfs: continuing without an alternate MDB [ 64.850022] hfs: unable to locate alternate MDB [ 64.852081] hfs: unable to locate alternate MDB [ 64.854879] hfs: continuing without an alternate MDB [ 64.859532] hfs: continuing without an alternate MDB [ 64.880593] hfs: unable to locate alternate MDB [ 64.885377] hfs: continuing without an alternate MDB [ 64.901085] hfs: unable to locate alternate MDB [ 64.915858] hfs: continuing without an alternate MDB [ 64.921404] hfs: get root inode failed [ 64.930101] hfs: get root inode failed [ 64.958452] hfs: get root inode failed [ 64.968485] hfs: unable to locate alternate MDB [ 64.973499] hfs: continuing without an alternate MDB [ 64.979405] hfs: unable to locate alternate MDB [ 64.984181] hfs: continuing without an alternate MDB [ 64.992055] hfs: get root inode failed [ 64.999598] hfs: get root inode failed [ 65.005951] hfs: get root inode failed [ 65.011068] hfs: get root inode failed [ 65.015428] hfs: get root inode failed [ 65.091854] hfs: unable to locate alternate MDB [ 65.096676] hfs: continuing without an alternate MDB [ 65.116156] hfs: unable to locate alternate MDB [ 65.117722] hfs: get root inode failed [ 65.120944] hfs: continuing without an alternate MDB [ 65.130901] hfs: unable to locate alternate MDB [ 65.135719] hfs: continuing without an alternate MDB [ 65.151557] hfs: get root inode failed [ 65.158613] hfs: get root inode failed [ 65.158760] hfs: unable to locate alternate MDB [ 65.167564] hfs: continuing without an alternate MDB [ 65.176131] hfs: unable to locate alternate MDB [ 65.180875] hfs: continuing without an alternate MDB [ 65.192649] hfs: unable to locate alternate MDB [ 65.197557] hfs: continuing without an alternate MDB [ 65.203441] hfs: get root inode failed [ 65.206318] hfs: get root inode failed [ 65.213307] hfs: get root inode failed [ 65.245914] hfs: unable to locate alternate MDB [ 65.250832] hfs: continuing without an alternate MDB [ 65.268286] hfs: unable to locate alternate MDB [ 65.270673] hfs: unable to locate alternate MDB [ 65.273329] hfs: continuing without an alternate MDB [ 65.277867] hfs: continuing without an alternate MDB [ 65.283978] hfs: get root inode failed [ 65.304893] hfs: unable to locate alternate MDB [ 65.309693] hfs: continuing without an alternate MDB [ 65.317821] hfs: get root inode failed [ 65.329946] hfs: unable to locate alternate MDB [ 65.334852] hfs: continuing without an alternate MDB [ 65.342881] hfs: get root inode failed [ 65.343792] hfs: get root inode failed [ 65.350627] hfs: get root inode failed [ 65.417415] hfs: unable to locate alternate MDB [ 65.423570] hfs: continuing without an alternate MDB [ 65.434860] hfs: unable to locate alternate MDB [ 65.439621] hfs: continuing without an alternate MDB [ 65.454553] hfs: unable to locate alternate MDB [ 65.459405] hfs: continuing without an alternate MDB [ 65.460861] hfs: get root inode failed [ 65.472246] hfs: unable to locate alternate MDB [ 65.477023] hfs: continuing without an alternate MDB [ 65.482731] hfs: unable to locate alternate MDB [ 65.487500] hfs: continuing without an alternate MDB [ 65.492020] hfs: get root inode failed [ 65.493622] hfs: get root inode failed [ 65.497110] hfs: get root inode failed [ 65.504999] hfs: unable to locate alternate MDB [ 65.509798] hfs: continuing without an alternate MDB [ 65.520570] hfs: get root inode failed [ 65.526402] hfs: get root inode failed [ 65.578953] hfs: unable to locate alternate MDB [ 65.583732] hfs: continuing without an alternate MDB [ 65.610573] hfs: unable to locate alternate MDB [ 65.615475] hfs: continuing without an alternate MDB [ 65.629810] hfs: unable to locate alternate MDB [ 65.634707] hfs: continuing without an alternate MDB [ 65.642758] hfs: unable to locate alternate MDB [ 65.647636] hfs: continuing without an alternate MDB [ 65.654141] hfs: unable to locate alternate MDB [ 65.659021] hfs: continuing without an alternate MDB [ 65.668118] hfs: get root inode failed [ 65.688632] hfs: unable to locate alternate MDB [ 65.693590] hfs: continuing without an alternate MDB [ 65.731344] hfs: get root inode failed [ 65.738061] hfs: get root inode failed [ 65.749632] hfs: get root inode failed [ 65.764304] hfs: get root inode failed [ 65.775257] hfs: get root inode failed [ 65.818657] hfs: unable to locate alternate MDB [ 65.820666] hfs: unable to locate alternate MDB [ 65.823473] hfs: continuing without an alternate MDB [ 65.828449] hfs: continuing without an alternate MDB [ 65.850147] hfs: get root inode failed [ 65.882972] hfs: unable to locate alternate MDB [ 65.887774] hfs: continuing without an alternate MDB [ 65.888181] hfs: get root inode failed [ 65.902113] hfs: unable to locate alternate MDB [ 65.907027] hfs: continuing without an alternate MDB [ 65.917313] hfs: unable to locate alternate MDB [ 65.922411] hfs: continuing without an alternate MDB [ 65.951691] hfs: unable to locate alternate MDB [ 65.956572] hfs: continuing without an alternate MDB [ 65.963115] ================================================================== [ 65.970521] BUG: KASAN: use-after-free in hfs_bnode_read+0xb9/0xe0 [ 65.976859] Read of size 2 at addr ffff8881b7234ffe by task syz-executor4/4731 [ 65.984335] [ 65.986005] CPU: 1 PID: 4731 Comm: syz-executor4 Not tainted 5.6.0-rc1-syzkaller #0 [ 65.993817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.003356] Call Trace: [ 66.005950] dump_stack+0x12f/0x187 [ 66.009594] ? hfs_bnode_read+0xb9/0xe0 [ 66.013603] print_address_description.constprop.8+0x3b/0x60 [ 66.019415] ? hfs_bnode_read+0xb9/0xe0 [ 66.023389] ? hfs_bnode_read+0xb9/0xe0 [ 66.027382] __kasan_report.cold.11+0x1b/0x32 [ 66.032137] ? hfs_bnode_read+0xb9/0xe0 [ 66.036132] kasan_report+0x12/0x20 [ 66.039763] check_memory_region+0x153/0x1d0 [ 66.044176] memcpy+0x23/0x50 [ 66.047276] hfs_bnode_read+0xb9/0xe0 [ 66.051190] hfs_bnode_find+0x5be/0xa10 [ 66.055182] ? hfs_bnode_put.part.6+0x210/0x210 [ 66.059855] ? __kasan_kmalloc.constprop.7+0xc1/0xd0 [ 66.064964] ? kasan_kmalloc+0x9/0x10 [ 66.068781] ? __kmalloc+0x164/0x760 [ 66.072506] ? mark_held_locks+0x130/0x130 [ 66.076741] ? do_mount+0x1285/0x1b70 [ 66.080529] ? __x64_sys_mount+0x169/0x1c0 [ 66.084774] ? do_syscall_64+0xd0/0x600 [ 66.088793] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.094443] ? lock_acquire+0x194/0x3e0 [ 66.098446] ? hfs_find_init+0x110/0x180 [ 66.102624] hfs_brec_find+0x27e/0x490 [ 66.106516] ? __hfs_brec_find+0x4f0/0x4f0 [ 66.110795] ? lock_acquire+0x194/0x3e0 [ 66.114939] ? mutex_trylock+0x2b0/0x2b0 [ 66.119035] hfs_brec_read+0x1d/0xe0 [ 66.122922] hfs_cat_find_brec+0x142/0x310 [ 66.127195] ? hfs_cat_keycmp+0x1b0/0x1b0 [ 66.131346] ? __kmalloc+0x33a/0x760 [ 66.135070] ? free_object+0x70/0x70 [ 66.138804] ? mutex_lock_nested+0x16/0x20 [ 66.143037] ? mutex_lock_nested+0x16/0x20 [ 66.147295] hfs_fill_super+0xab2/0x12a0 [ 66.151423] ? hfs_show_options+0x550/0x550 [ 66.155908] ? mark_held_locks+0x130/0x130 [ 66.160149] ? file_dentry_name+0x100/0x100 [ 66.164490] ? pointer+0x650/0x650 [ 66.168138] ? down_write+0xe1/0x150 [ 66.171858] ? snprintf+0x91/0xc0 [ 66.175297] ? vsprintf+0x20/0x20 [ 66.178740] ? register_shrinker_prepared+0xe1/0x150 [ 66.183837] ? sget+0x3a1/0x4a0 [ 66.187117] mount_bdev+0x27b/0x340 [ 66.190761] ? hfs_show_options+0x550/0x550 [ 66.195091] ? hfs_statfs+0x550/0x550 [ 66.199505] hfs_mount+0x10/0x20 [ 66.202863] legacy_get_tree+0x103/0x1f0 [ 66.206926] vfs_get_tree+0x8b/0x2d0 [ 66.210747] ? capable+0x14/0x20 [ 66.214178] do_mount+0x1285/0x1b70 [ 66.217981] ? lock_downgrade+0x900/0x900 [ 66.222162] ? copy_mount_string+0x20/0x20 [ 66.226529] ? __might_fault+0xc6/0x1b0 [ 66.230546] ? __kasan_check_write+0x14/0x20 [ 66.234951] ? _copy_from_user+0xd6/0x110 [ 66.239122] __x64_sys_mount+0x169/0x1c0 [ 66.243192] do_syscall_64+0xd0/0x600 [ 66.246997] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.252253] RIP: 0033:0x457efa [ 66.255447] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 66.274743] RSP: 002b:00007f0701821ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 66.282488] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457efa [ 66.289791] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0701821bf0 [ 66.297077] RBP: 0000000000000003 R08: 00000000200002c0 R09: 0000000020000000 [ 66.304365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 66.311667] R13: 0000000000000003 R14: 00000000006fcbb0 R15: 0000000000000000 [ 66.318969] [ 66.320590] The buggy address belongs to the page: [ 66.325543] page:ffffea0006dc8d00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 66.333969] flags: 0x2fffc0000000000() [ 66.337867] raw: 02fffc0000000000 ffffea0006ea0dc8 ffffea0006ea68c8 0000000000000000 [ 66.345736] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 66.353690] page dumped because: kasan: bad access detected [ 66.359393] [ 66.361010] Memory state around the buggy address: [ 66.365934] ffff8881b7234e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.375137] ffff8881b7234f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.382539] >ffff8881b7234f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.389998] ^ [ 66.397453] ffff8881b7235000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.404948] ffff8881b7235080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.412324] ================================================================== [ 66.420076] Kernel panic - not syncing: panic_on_warn set ... [ 66.426077] CPU: 1 PID: 4731 Comm: syz-executor4 Tainted: G B 5.6.0-rc1-syzkaller #0 [ 66.435302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.444824] Call Trace: [ 66.447440] dump_stack+0x12f/0x187 [ 66.450472] hfs: get root inode failed [ 66.451068] ? hfs_bnode_read+0x40/0xe0 [ 66.451076] panic+0x22a/0x4f5 [ 66.451081] ? add_taint.cold.7+0x11/0x11 [ 66.451091] ? do_raw_spin_unlock+0x54/0x260 [ 66.451110] ? do_raw_spin_unlock+0x54/0x260 [ 66.451131] ? hfs_bnode_read+0xb9/0xe0 [ 66.470709] hfs: unable to locate alternate MDB [ 66.470902] ? hfs_bnode_read+0xb9/0xe0 [ 66.475444] hfs: continuing without an alternate MDB [ 66.479356] end_report+0x47/0x4f [ 66.479384] __kasan_report.cold.11+0xe/0x32 [ 66.479405] ? hfs_bnode_read+0xb9/0xe0 [ 66.479424] kasan_report+0x12/0x20 [ 66.509257] check_memory_region+0x153/0x1d0 [ 66.509848] hfs: get root inode failed [ 66.513683] memcpy+0x23/0x50 [ 66.513692] hfs_bnode_read+0xb9/0xe0 [ 66.513697] hfs_bnode_find+0x5be/0xa10 [ 66.513705] ? hfs_bnode_put.part.6+0x210/0x210 [ 66.513708] ? __kasan_kmalloc.constprop.7+0xc1/0xd0 [ 66.513711] ? kasan_kmalloc+0x9/0x10 [ 66.513714] ? __kmalloc+0x164/0x760 [ 66.513723] ? mark_held_locks+0x130/0x130 [ 66.513729] ? do_mount+0x1285/0x1b70 [ 66.513732] ? __x64_sys_mount+0x169/0x1c0 [ 66.513750] ? do_syscall_64+0xd0/0x600 [ 66.513776] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.513826] ? lock_acquire+0x194/0x3e0 [ 66.513837] ? hfs_find_init+0x110/0x180 [ 66.513843] hfs_brec_find+0x27e/0x490 [ 66.513849] ? __hfs_brec_find+0x4f0/0x4f0 [ 66.513854] ? lock_acquire+0x194/0x3e0 [ 66.522496] hfs: get root inode failed [ 66.524659] ? mutex_trylock+0x2b0/0x2b0 [ 66.524669] hfs_brec_read+0x1d/0xe0 [ 66.524675] hfs_cat_find_brec+0x142/0x310 [ 66.524687] ? hfs_cat_keycmp+0x1b0/0x1b0 [ 66.524702] ? __kmalloc+0x33a/0x760 [ 66.524730] ? free_object+0x70/0x70 [ 66.524759] ? mutex_lock_nested+0x16/0x20 [ 66.524793] ? mutex_lock_nested+0x16/0x20 [ 66.529137] hfs: get root inode failed [ 66.534510] hfs_fill_super+0xab2/0x12a0 [ 66.534554] ? hfs_show_options+0x550/0x550 [ 66.534563] ? mark_held_locks+0x130/0x130 [ 66.534569] ? file_dentry_name+0x100/0x100 [ 66.534582] ? pointer+0x650/0x650 [ 66.534586] ? down_write+0xe1/0x150 [ 66.534620] ? snprintf+0x91/0xc0 [ 66.534631] ? vsprintf+0x20/0x20 [ 66.534643] ? register_shrinker_prepared+0xe1/0x150 [ 66.534651] ? sget+0x3a1/0x4a0 [ 66.669247] mount_bdev+0x27b/0x340 [ 66.672867] ? hfs_show_options+0x550/0x550 [ 66.677216] ? hfs_statfs+0x550/0x550 [ 66.681116] hfs_mount+0x10/0x20 [ 66.684544] legacy_get_tree+0x103/0x1f0 [ 66.688662] vfs_get_tree+0x8b/0x2d0 [ 66.692404] ? capable+0x14/0x20 [ 66.695921] do_mount+0x1285/0x1b70 [ 66.699597] ? lock_downgrade+0x900/0x900 [ 66.703785] ? copy_mount_string+0x20/0x20 [ 66.708167] ? __might_fault+0xc6/0x1b0 [ 66.712199] ? __kasan_check_write+0x14/0x20 [ 66.716753] ? _copy_from_user+0xd6/0x110 [ 66.721072] __x64_sys_mount+0x169/0x1c0 [ 66.725165] do_syscall_64+0xd0/0x600 [ 66.729013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.734292] RIP: 0033:0x457efa [ 66.737507] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 66.756409] RSP: 002b:00007f0701821ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 66.764849] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457efa [ 66.772141] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0701821bf0 [ 66.779425] RBP: 0000000000000003 R08: 00000000200002c0 R09: 0000000020000000 [ 66.786941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 66.794222] R13: 0000000000000003 R14: 00000000006fcbb0 R15: 0000000000000000 [ 66.802530] Kernel Offset: disabled [ 66.806221] Rebooting in 86400 seconds..