Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 41.780169] can: request_module (can-proto-0) failed. [ 41.785341] can: request_module (can-proto-0) failed. [ 42.589374] IPVS: ftp: loaded support on port[0] = 21 [ 42.899613] ip (3617) used greatest stack depth: 24136 bytes left [ 42.934988] ip (3631) used greatest stack depth: 23712 bytes left [ 43.339994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.416220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.734832] tipc: TX() has been purged, node left! [ 45.431449] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. 2020/05/16 14:27:36 parsed 1 programs 2020/05/16 14:27:36 executed programs: 0 [ 50.870243] IPVS: ftp: loaded support on port[0] = 21 [ 50.880911] IPVS: ftp: loaded support on port[0] = 21 [ 50.905723] IPVS: ftp: loaded support on port[0] = 21 [ 50.909679] IPVS: ftp: loaded support on port[0] = 21 [ 50.930573] IPVS: ftp: loaded support on port[0] = 21 [ 50.962566] IPVS: ftp: loaded support on port[0] = 21 [ 51.020434] hfs: unable to locate alternate MDB [ 51.025275] hfs: continuing without an alternate MDB [ 51.036687] hfs: unable to locate alternate MDB [ 51.041452] hfs: continuing without an alternate MDB [ 51.100784] general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN [ 51.111214] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 51.118914] CPU: 0 PID: 3897 Comm: syz-executor3 Not tainted 5.7.0-rc5-syzkaller #0 [ 51.126706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.136061] RIP: 0010:hfs_find_init+0x73/0x180 [ 51.140628] Code: ea 03 80 3c 02 00 0f 85 ee 00 00 00 4d 8d 6c 24 40 48 c7 43 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 41 8b 44 24 40 be [ 51.159690] RSP: 0018:ffff8881c8987328 EFLAGS: 00010202 [ 51.165026] RAX: dffffc0000000000 RBX: ffff8881c89873a8 RCX: 1ffff11039845e05 [ 51.172287] RDX: 0000000000000008 RSI: ffff8881c89873a8 RDI: ffff8881c89873c0 [ 51.179528] RBP: ffff8881c8987348 R08: 0000000000000000 R09: ffff8881c8987408 [ 51.187379] R10: 0000000000000000 R11: ffffed10390c131a R12: 0000000000000000 [ 51.194620] R13: 0000000000000040 R14: ffff8881c860998a R15: ffff8881c89873a8 [ 51.201953] FS: 00007f73aee6c700(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000 [ 51.210152] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.216014] CR2: 000055b065825160 CR3: 00000001c928f000 CR4: 00000000001406f0 [ 51.223257] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.231069] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.238333] Call Trace: [ 51.240917] hfs_ext_read_extent+0x17e/0xcc0 [ 51.245298] ? __kasan_check_write+0x14/0x20 [ 51.249678] ? do_raw_spin_lock+0x132/0x2e0 [ 51.253971] ? hfs_ext_write_extent.part.4+0x160/0x160 [ 51.259222] ? alloc_buffer_head+0x81/0xd0 [ 51.263435] hfs_get_block+0x490/0x850 [ 51.267298] block_read_full_page+0x290/0x9b0 [ 51.271785] ? hfs_extend_file+0xc20/0xc20 [ 51.276002] ? block_truncate_page+0x8c0/0x8c0 [ 51.280569] ? add_to_page_cache_lru+0x16b/0x250 [ 51.285307] ? add_to_page_cache_locked+0x10/0x10 [ 51.290143] ? __page_cache_alloc+0x1fb/0x3c0 [ 51.294613] hfs_readpage+0x13/0x20 [ 51.298215] do_read_cache_page+0x65c/0x1380 [ 51.302599] ? find_held_lock+0x36/0x1d0 [ 51.306632] ? generic_file_read_iter+0x2220/0x2220 [ 51.312153] ? unlock_new_inode+0x5c/0x100 [ 51.316367] ? lock_downgrade+0x960/0x960 [ 51.320487] ? __kasan_check_write+0x14/0x20 [ 51.324870] ? do_raw_spin_lock+0x132/0x2e0 [ 51.329177] ? rwlock_bug.part.0+0x90/0x90 [ 51.333475] ? wake_bit_function+0x180/0x180 [ 51.337858] ? do_raw_spin_unlock+0x177/0x260 [ 51.342351] read_cache_page+0x45/0x70 [ 51.346223] hfs_btree_open+0x464/0x1070 [ 51.350260] hfs_mdb_get+0x1329/0x1d86 [ 51.354132] ? hfs_mdb_put+0x340/0x340 [ 51.357995] ? queue_work_node+0x320/0x320 [ 51.362201] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 51.367027] ? lockdep_init_map_waits+0x270/0x870 [ 51.371842] ? debug_mutex_init+0x36/0x70 [ 51.375963] hfs_fill_super+0x9bf/0x12a0 [ 51.380002] ? hfs_show_options+0x550/0x550 [ 51.384310] ? file_dentry_name+0x100/0x100 [ 51.388605] ? vsnprintf+0x8b0/0x1820 [ 51.392379] ? pointer+0x760/0x760 [ 51.395997] ? down_write+0xe1/0x150 [ 51.399686] ? snprintf+0x91/0xc0 [ 51.403982] ? vsprintf+0x20/0x20 [ 51.407412] ? register_shrinker_prepared+0xe1/0x150 [ 51.412851] ? sget+0x3a1/0x4a0 [ 51.416122] mount_bdev+0x27b/0x340 [ 51.419726] ? hfs_show_options+0x550/0x550 [ 51.424037] ? hfs_statfs+0x550/0x550 [ 51.427814] hfs_mount+0x10/0x20 [ 51.431168] legacy_get_tree+0x103/0x1f0 [ 51.435203] vfs_get_tree+0x8b/0x2d0 [ 51.438908] ? capable+0x14/0x20 [ 51.442251] do_mount+0x1287/0x1c30 [ 51.445853] ? lock_downgrade+0x960/0x960 [ 51.449980] ? copy_mount_string+0x20/0x20 [ 51.454189] ? ___might_sleep+0x13e/0x2b0 [ 51.458333] ? __kasan_check_write+0x14/0x20 [ 51.462740] ? _copy_from_user+0xc5/0x110 [ 51.466879] __x64_sys_mount+0x169/0x1c0 [ 51.471017] do_syscall_64+0xd0/0x630 [ 51.474796] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 51.479964] RIP: 0033:0x4579fa [ 51.483136] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 51.502018] RSP: 002b:00007f73aee6bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.509698] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004579fa [ 51.517119] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f73aee6bc00 [ 51.524365] RBP: 0000000000000003 R08: 00000000200001c0 R09: 0000000020000000 [ 51.531610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 51.538857] R13: 0000000000000666 R14: 00000000006fba30 R15: 0000000000000000 [ 51.546109] Modules linked in: [ 51.550182] ---[ end trace 23bcb0602088a05c ]--- [ 51.555101] RIP: 0010:hfs_find_init+0x73/0x180 [ 51.559716] Code: ea 03 80 3c 02 00 0f 85 ee 00 00 00 4d 8d 6c 24 40 48 c7 43 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 41 8b 44 24 40 be [ 51.566877] general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#2] SMP KASAN [ 51.578671] RSP: 0018:ffff8881c8987328 EFLAGS: 00010202 [ 51.589015] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 51.589022] CPU: 1 PID: 3884 Comm: syz-executor Tainted: G D 5.7.0-rc5-syzkaller #0 [ 51.589024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.589033] RIP: 0010:hfs_find_init+0x73/0x180 [ 51.589038] Code: ea 03 80 3c 02 00 0f 85 ee 00 00 00 4d 8d 6c 24 40 48 c7 43 18 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 41 8b 44 24 40 be [ 51.594385] RAX: dffffc0000000000 RBX: ffff8881c89873a8 RCX: 1ffff11039845e05 [ 51.603293] RSP: 0018:ffff8881b82ef328 EFLAGS: 00010202 [ 51.603297] RAX: dffffc0000000000 RBX: ffff8881b82ef3a8 RCX: 1ffff11037d0cc05 [ 51.603299] RDX: 0000000000000008 RSI: ffff8881b82ef3a8 RDI: ffff8881b82ef3c0 [ 51.603302] RBP: ffff8881b82ef348 R08: 0000000000000000 R09: ffff8881b82ef408 [ 51.603304] R10: 0000000000000000 R11: ffffed1039024322 R12: 0000000000000000 [ 51.603306] R13: 0000000000000040 R14: ffff8881c81219ca R15: ffff8881b82ef3a8 [ 51.603310] FS: 00007f0653362700(0000) GS:ffff8881db100000(0000) knlGS:0000000000000000 [ 51.612388] RDX: 0000000000000008 RSI: ffff8881c89873a8 RDI: ffff8881c89873c0 [ 51.621725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.621728] CR2: 00007f6d4c1a3000 CR3: 00000001ca009000 CR4: 00000000001406e0 [ 51.621734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.621736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.621738] Call Trace: [ 51.626326] RBP: ffff8881c8987348 R08: 0000000000000000 R09: ffff8881c8987408 [ 51.645204] hfs_ext_read_extent+0x17e/0xcc0 [ 51.645211] ? __kasan_check_write+0x14/0x20 [ 51.652471] R10: 0000000000000000 R11: ffffed10390c131a R12: 0000000000000000 [ 51.657805] ? do_raw_spin_lock+0x132/0x2e0 [ 51.657810] ? hfs_ext_write_extent.part.4+0x160/0x160 [ 51.657816] ? alloc_buffer_head+0x81/0xd0 [ 51.665079] R13: 0000000000000040 R14: ffff8881c860998a R15: ffff8881c89873a8 [ 51.672351] hfs_get_block+0x490/0x850 [ 51.672362] block_read_full_page+0x290/0x9b0 [ 51.679619] FS: 00007f73aee6c700(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000 [ 51.686859] ? hfs_extend_file+0xc20/0xc20 [ 51.686866] ? block_truncate_page+0x8c0/0x8c0 [ 51.686872] ? add_to_page_cache_lru+0x16b/0x250 [ 51.694133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.702533] ? add_to_page_cache_locked+0x10/0x10 [ 51.702538] ? __page_cache_alloc+0x1fb/0x3c0 [ 51.702543] hfs_readpage+0x13/0x20 [ 51.702547] do_read_cache_page+0x65c/0x1380 [ 51.709807] CR2: 000055b065825160 CR3: 00000001c928f000 CR4: 00000000001406f0 [ 51.715660] ? inode_sb_list_add+0x43/0x200 [ 51.715666] ? generic_file_read_iter+0x2220/0x2220 [ 51.715671] ? unlock_new_inode+0x5c/0x100 [ 51.722938] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.730275] ? lock_downgrade+0x960/0x960 [ 51.730280] ? __kasan_check_write+0x14/0x20 [ 51.730285] ? do_raw_spin_lock+0x132/0x2e0 [ 51.737540] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.740095] ? rwlock_bug.part.0+0x90/0x90 [ 51.740101] ? wake_bit_function+0x180/0x180 [ 51.740106] ? do_raw_spin_unlock+0x177/0x260 [ 51.747449] Kernel panic - not syncing: Fatal exception [ 51.751833] read_cache_page+0x45/0x70 [ 51.908956] hfs_btree_open+0x464/0x1070 [ 51.912996] hfs_mdb_get+0x1329/0x1d86 [ 51.916864] ? hfs_mdb_put+0x340/0x340 [ 51.920731] ? queue_work_node+0x320/0x320 [ 51.924945] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 51.929776] ? lockdep_init_map_waits+0x270/0x870 [ 51.934594] ? debug_mutex_init+0x36/0x70 [ 51.938846] hfs_fill_super+0x9bf/0x12a0 [ 51.942893] ? hfs_show_options+0x550/0x550 [ 51.947192] ? file_dentry_name+0x100/0x100 [ 51.951509] ? vsnprintf+0x8b0/0x1820 [ 51.955292] ? pointer+0x760/0x760 [ 51.958827] ? down_write+0xe1/0x150 [ 51.962519] ? snprintf+0x91/0xc0 [ 51.965947] ? vsprintf+0x20/0x20 [ 51.969376] ? register_shrinker_prepared+0xe1/0x150 [ 51.974457] ? sget+0x3a1/0x4a0 [ 51.977713] mount_bdev+0x27b/0x340 [ 51.981316] ? hfs_show_options+0x550/0x550 [ 51.985614] ? hfs_statfs+0x550/0x550 [ 51.989390] hfs_mount+0x10/0x20 [ 51.993426] legacy_get_tree+0x103/0x1f0 [ 51.997464] vfs_get_tree+0x8b/0x2d0 [ 52.001157] ? capable+0x14/0x20 [ 52.004501] do_mount+0x1287/0x1c30 [ 52.008122] ? lock_downgrade+0x960/0x960 [ 52.012337] ? copy_mount_string+0x20/0x20 [ 52.016565] ? ___might_sleep+0x13e/0x2b0 [ 52.020717] ? __kasan_check_write+0x14/0x20 [ 52.025893] ? _copy_from_user+0xc5/0x110 [ 52.030038] __x64_sys_mount+0x169/0x1c0 [ 52.034082] do_syscall_64+0xd0/0x630 [ 52.037865] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 52.043035] RIP: 0033:0x4579fa [ 52.046213] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 52.065094] RSP: 002b:00007f0653361bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 52.072797] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004579fa [ 52.080058] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0653361c00 [ 52.087309] RBP: 0000000000000003 R08: 00000000200001c0 R09: 0000000020000000 [ 52.094556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 52.101802] R13: 0000000000000666 R14: 00000000006fba30 R15: 0000000000000000 [ 52.109227] Modules linked in: [ 52.113179] Kernel Offset: disabled [ 52.116823] Rebooting in 86400 seconds..