./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor429199416
<...>
forked to background, child pid 3207
no interfaces have a carrier
[ 26.599734][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0
[ 26.610371][ T3208] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts.
execve("./syz-executor429199416", ["./syz-executor429199416"], 0x7fff0ae3ac40 /* 10 vars */) = 0
brk(NULL) = 0x555557488000
brk(0x555557488c40) = 0x555557488c40
arch_prctl(ARCH_SET_FS, 0x555557488300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor429199416", 4096) = 27
brk(0x5555574a9c40) = 0x5555574a9c40
brk(0x5555574aa000) = 0x5555574aa000
mprotect(0x7fa7d4b9d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7cc6e4000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
munmap(0x7fa7cc6e4000, 32768) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file1", 0777) = 0
mount("/dev/loop0", "./file1", "hfs", MS_RDONLY|MS_NOEXEC|MS_MANDLOCK|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_STRICTATIME, "dir_umask=00000000000000000000010,iocharset=koi8-r,") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
chdir("./file1") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
syzkaller login: [ 46.144423][ T3628] loop0: detected capacity change from 0 to 64
[ 46.153683][ T3628] =======================================================
[ 46.153683][ T3628] WARNING: The mand mount option has been deprecated and
[ 46.153683][ T3628] and is ignored by this kernel. Remove the mand
[ 46.153683][ T3628] option from the mount to silence this warning.
[ 46.153683][ T3628] =======================================================
[ 46.198934][ T3628] ==================================================================
[ 46.207036][ T3628] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x693/0x720
[ 46.214360][ T3628] Write of size 1 at addr ffff88801cb20ece by task syz-executor429/3628
[ 46.222687][ T3628]
[ 46.224990][ T3628] CPU: 1 PID: 3628 Comm: syz-executor429 Not tainted 6.1.0-syzkaller #0
[ 46.233310][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 46.243346][ T3628] Call Trace:
[ 46.246601][ T3628]
[ 46.249599][ T3628] dump_stack_lvl+0xd1/0x138
[ 46.254174][ T3628] print_report+0x15e/0x45d
[ 46.258670][ T3628] ? __phys_addr+0xc8/0x140
[ 46.263155][ T3628] ? hfs_asc2mac+0x693/0x720
[ 46.267908][ T3628] kasan_report+0xbf/0x1f0
[ 46.272335][ T3628] ? hfs_asc2mac+0x693/0x720
[ 46.276906][ T3628] hfs_asc2mac+0x693/0x720
[ 46.281318][ T3628] ? hfs_mac2asc+0x530/0x530
[ 46.285973][ T3628] ? hfs_find_init+0x95/0x240
[ 46.290629][ T3628] ? rcu_read_lock_sched_held+0x3e/0x70
[ 46.296157][ T3628] hfs_cat_build_key+0xc4/0x170
[ 46.301073][ T3628] hfs_lookup+0x1c6/0x310
[ 46.305382][ T3628] ? hfs_rename+0x210/0x210
[ 46.309865][ T3628] ? find_held_lock+0x2d/0x110
[ 46.314708][ T3628] ? d_alloc+0x1bb/0x240
[ 46.319019][ T3628] ? lock_downgrade+0x6e0/0x6e0
[ 46.323849][ T3628] ? do_raw_spin_lock+0x124/0x2b0
[ 46.328851][ T3628] ? rwlock_bug.part.0+0x90/0x90
[ 46.333781][ T3628] ? do_raw_spin_unlock+0x175/0x230
[ 46.338959][ T3628] ? _raw_spin_unlock+0x28/0x40
[ 46.343790][ T3628] ? d_alloc+0x1c0/0x240
[ 46.348017][ T3628] __lookup_hash+0x117/0x180
[ 46.352593][ T3628] filename_create+0x1d6/0x4a0
[ 46.357339][ T3628] ? filename_parentat+0x5a0/0x5a0
[ 46.362451][ T3628] ? __might_fault+0xd9/0x180
[ 46.367113][ T3628] do_mknodat+0x19e/0x530
[ 46.371445][ T3628] ? user_path_create+0x60/0x60
[ 46.376284][ T3628] ? getname_flags.part.0+0x1dd/0x4f0
[ 46.381642][ T3628] __x64_sys_mknod+0x11e/0x180
[ 46.386382][ T3628] do_syscall_64+0x39/0xb0
[ 46.390787][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.396664][ T3628] RIP: 0033:0x7fa7d4b30a79
[ 46.401058][ T3628] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 46.420646][ T3628] RSP: 002b:00007ffd90980b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 46.429039][ T3628] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7d4b30a79
[ 46.436987][ T3628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0
[ 46.444937][ T3628] RBP: 00007fa7d4af0080 R08: 0000000000000241 R09: 0000000000000000
[ 46.452892][ T3628] R10: 00007ffd90980a30 R11: 0000000000000246 R12: 00007fa7d4af0110
[ 46.460841][ T3628] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 46.468796][ T3628]
[ 46.471790][ T3628]
[ 46.474088][ T3628] Allocated by task 3628:
[ 46.478403][ T3628] kasan_save_stack+0x22/0x40
[ 46.483071][ T3628] kasan_set_track+0x25/0x30
[ 46.487649][ T3628] __kasan_kmalloc+0xa5/0xb0
[ 46.492236][ T3628] __kmalloc+0x5a/0xd0
[ 46.496367][ T3628] hfs_find_init+0x95/0x240
[ 46.500866][ T3628] hfs_lookup+0x102/0x310
[ 46.505175][ T3628] __lookup_hash+0x117/0x180
[ 46.509752][ T3628] filename_create+0x1d6/0x4a0
[ 46.514498][ T3628] do_mknodat+0x19e/0x530
[ 46.518813][ T3628] __x64_sys_mknod+0x11e/0x180
[ 46.523551][ T3628] do_syscall_64+0x39/0xb0
[ 46.527952][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.534010][ T3628]
[ 46.536317][ T3628] The buggy address belongs to the object at ffff88801cb20e80
[ 46.536317][ T3628] which belongs to the cache kmalloc-96 of size 96
[ 46.550178][ T3628] The buggy address is located 78 bytes inside of
[ 46.550178][ T3628] 96-byte region [ffff88801cb20e80, ffff88801cb20ee0)
[ 46.563259][ T3628]
[ 46.565557][ T3628] The buggy address belongs to the physical page:
[ 46.571942][ T3628] page:ffffea000072c800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cb20
[ 46.582085][ T3628] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 46.589612][ T3628] raw: 00fff00000000200 ffffea000099b900 dead000000000002 ffff888012041780
[ 46.598176][ T3628] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 46.606818][ T3628] page dumped because: kasan: bad access detected
[ 46.613221][ T3628] page_owner tracks the page as allocated
[ 46.618909][ T3628] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 3006, tgid 3006 (udevd), ts 22224948385, free_ts 22214976251
[ 46.636428][ T3628] get_page_from_freelist+0x10b5/0x2d50
[ 46.641968][ T3628] __alloc_pages+0x1cb/0x5b0
[ 46.646540][ T3628] alloc_pages+0x1aa/0x270
[ 46.650940][ T3628] allocate_slab+0x25f/0x350
[ 46.655506][ T3628] ___slab_alloc+0xa91/0x1400
[ 46.660162][ T3628] __slab_alloc.constprop.0+0x56/0xa0
[ 46.665512][ T3628] __kmem_cache_alloc_node+0x199/0x3e0
[ 46.670952][ T3628] __kmalloc+0x4a/0xd0
[ 46.675012][ T3628] tomoyo_encode2.part.0+0xe9/0x3a0
[ 46.680192][ T3628] tomoyo_encode+0x2c/0x50
[ 46.684586][ T3628] tomoyo_realpath_from_path+0x185/0x600
[ 46.690199][ T3628] tomoyo_path_perm+0x21f/0x410
[ 46.695026][ T3628] security_inode_getattr+0xd3/0x140
[ 46.700306][ T3628] vfs_statx+0x16e/0x430
[ 46.704525][ T3628] vfs_fstatat+0x90/0xb0
[ 46.708744][ T3628] __do_sys_newfstatat+0x94/0x120
[ 46.713746][ T3628] page last free stack trace:
[ 46.718395][ T3628] free_pcp_prepare+0x65c/0xd90
[ 46.723225][ T3628] free_unref_page+0x1d/0x4d0
[ 46.727886][ T3628] free_pipe_info+0x2b6/0x3b0
[ 46.732562][ T3628] pipe_release+0x2ba/0x310
[ 46.737045][ T3628] __fput+0x27c/0xa90
[ 46.741011][ T3628] task_work_run+0x16f/0x270
[ 46.745596][ T3628] exit_to_user_mode_prepare+0x23c/0x250
[ 46.751205][ T3628] syscall_exit_to_user_mode+0x1d/0x50
[ 46.756642][ T3628] do_syscall_64+0x46/0xb0
[ 46.761041][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.766928][ T3628]
[ 46.769231][ T3628] Memory state around the buggy address:
[ 46.774835][ T3628] ffff88801cb20d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 46.782871][ T3628] ffff88801cb20e00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 46.790923][ T3628] >ffff88801cb20e80: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[ 46.799043][ T3628] ^
[ 46.805429][ T3628] ffff88801cb20f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 46.813470][ T3628] ffff88801cb20f80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 46.821504][ T3628] ==================================================================
[ 46.829769][ T3628] Kernel panic - not syncing: panic_on_warn set ...
[ 46.836344][ T3628] CPU: 1 PID: 3628 Comm: syz-executor429 Not tainted 6.1.0-syzkaller #0
[ 46.844656][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 46.854695][ T3628] Call Trace:
[ 46.857957][ T3628]
[ 46.860870][ T3628] dump_stack_lvl+0xd1/0x138
[ 46.865450][ T3628] panic+0x2cc/0x626
[ 46.869339][ T3628] ? panic_print_sys_info.part.0+0x110/0x110
[ 46.875313][ T3628] ? preempt_schedule_common+0x59/0xc0
[ 46.880761][ T3628] ? preempt_schedule_thunk+0x1a/0x1c
[ 46.886128][ T3628] end_report.part.0+0x3f/0x7c
[ 46.890875][ T3628] ? hfs_asc2mac+0x693/0x720
[ 46.895458][ T3628] kasan_report.cold+0xa/0xf
[ 46.900122][ T3628] ? hfs_asc2mac+0x693/0x720
[ 46.904787][ T3628] hfs_asc2mac+0x693/0x720
[ 46.909195][ T3628] ? hfs_mac2asc+0x530/0x530
[ 46.913771][ T3628] ? hfs_find_init+0x95/0x240
[ 46.918431][ T3628] ? rcu_read_lock_sched_held+0x3e/0x70
[ 46.923971][ T3628] hfs_cat_build_key+0xc4/0x170
[ 46.928806][ T3628] hfs_lookup+0x1c6/0x310
[ 46.933121][ T3628] ? hfs_rename+0x210/0x210
[ 46.937613][ T3628] ? find_held_lock+0x2d/0x110
[ 46.942369][ T3628] ? d_alloc+0x1bb/0x240
[ 46.946601][ T3628] ? lock_downgrade+0x6e0/0x6e0
[ 46.951450][ T3628] ? do_raw_spin_lock+0x124/0x2b0
[ 46.956460][ T3628] ? rwlock_bug.part.0+0x90/0x90
[ 46.961381][ T3628] ? do_raw_spin_unlock+0x175/0x230
[ 46.966563][ T3628] ? _raw_spin_unlock+0x28/0x40
[ 46.971419][ T3628] ? d_alloc+0x1c0/0x240
[ 46.975655][ T3628] __lookup_hash+0x117/0x180
[ 46.980254][ T3628] filename_create+0x1d6/0x4a0
[ 46.985008][ T3628] ? filename_parentat+0x5a0/0x5a0
[ 46.990110][ T3628] ? __might_fault+0xd9/0x180
[ 46.994782][ T3628] do_mknodat+0x19e/0x530
[ 46.999104][ T3628] ? user_path_create+0x60/0x60
[ 47.003946][ T3628] ? getname_flags.part.0+0x1dd/0x4f0
[ 47.009313][ T3628] __x64_sys_mknod+0x11e/0x180
[ 47.014061][ T3628] do_syscall_64+0x39/0xb0
[ 47.018467][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.024350][ T3628] RIP: 0033:0x7fa7d4b30a79
[ 47.028748][ T3628] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 47.048514][ T3628] RSP: 002b:00007ffd90980b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 47.056910][ T3628] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7d4b30a79
[ 47.064881][ T3628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0
[ 47.072834][ T3628] RBP: 00007fa7d4af0080 R08: 0000000000000241 R09: 0000000000000000
[ 47.080789][ T3628] R10: 00007ffd90980a30 R11: 0000000000000246 R12: 00007fa7d4af0110
[ 47.088742][ T3628] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 47.096698][ T3628]
[ 47.100529][ T3628] Kernel Offset: disabled
[ 47.104847][ T3628] Rebooting in 86400 seconds..