./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2403206541 <...> Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts. execve("./syz-executor2403206541", ["./syz-executor2403206541"], 0x7ffd38c79310 /* 10 vars */) = 0 brk(NULL) = 0x55557b81b000 brk(0x55557b81bd00) = 0x55557b81bd00 arch_prctl(ARCH_SET_FS, 0x55557b81b380) = 0 set_tid_address(0x55557b81b650) = 4998 set_robust_list(0x55557b81b660, 24) = 0 rseq(0x55557b81bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2403206541", 4096) = 28 getrandom("\xba\x98\x51\x20\x60\xd1\x6e\x9b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557b81bd00 brk(0x55557b83cd00) = 0x55557b83cd00 brk(0x55557b83d000) = 0x55557b83d000 mprotect(0x7fb8719d1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b81b650) = 4999 ./strace-static-x86_64: Process 4999 attached [pid 4999] set_robust_list(0x55557b81b660, 24) = 0 [pid 4999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] setpgid(0, 0) = 0 [pid 4999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4999] write(3, "1000", 4) = 4 [pid 4999] close(3) = 0 [pid 4999] memfd_create("syzkaller", 0) = 3 [pid 4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb869400000 [pid 4999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4999] munmap(0x7fb869400000, 138412032) = 0 [pid 4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4999] close(3) = 0 [pid 4999] close(4) = 0 [pid 4999] mkdir("./file0", 0777) = 0 [pid 4999] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0 [pid 4999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4999] chdir("./file0") = 0 [ 170.541101][ T4999] loop0: detected capacity change from 0 to 64 [pid 4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 4999] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 170.608558][ T28] audit: type=1800 audit(1710447774.520:2): pid=4999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor240" name="file1" dev="loop0" ino=18 res=0 errno=0 [ 170.625900][ T4999] ===================================================== [ 170.637307][ T4999] BUG: KMSAN: uninit-value in hfs_find_set_zero_bits+0x836/0xca0 [ 170.645420][ T4999] hfs_find_set_zero_bits+0x836/0xca0 [ 170.651025][ T4999] hfs_vbm_search_free+0x141/0x530 [ 170.656461][ T4999] hfs_extend_file+0x69e/0x19f0 [ 170.661630][ T4999] hfs_get_block+0x3d8/0xf50 [ 170.666410][ T4999] __block_write_begin_int+0xa6b/0x2f80 [ 170.672282][ T4999] block_write_begin+0x143/0x450 [ 170.677456][ T4999] cont_write_begin+0xcc0/0x1320 [ 170.682812][ T4999] hfs_write_begin+0x9a/0x140 [ 170.687691][ T4999] cont_write_begin+0x341/0x1320 [ 170.693042][ T4999] hfs_write_begin+0x9a/0x140 [ 170.697919][ T4999] hfs_file_truncate+0x1a5/0xd30 [ 170.703136][ T4999] hfs_inode_setattr+0x998/0xab0 [ 170.708289][ T4999] notify_change+0x1a07/0x1af0 [ 170.713392][ T4999] do_ftruncate+0x8d3/0xc00 [ 170.718087][ T4999] __x64_sys_ftruncate+0x133/0x280 [ 170.723472][ T4999] do_syscall_64+0xd5/0x1f0 [ 170.728197][ T4999] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 170.734432][ T4999] [ 170.736858][ T4999] Uninit was created at: [ 170.741468][ T4999] kmalloc_trace+0x578/0xba0 [ 170.746263][ T4999] hfs_mdb_get+0x1bd4/0x28b0 [ 170.751064][ T4999] hfs_fill_super+0x1cf6/0x23c0 [ 170.756352][ T4999] mount_bdev+0x397/0x520 [ 170.760886][ T4999] hfs_mount+0x4d/0x60 [ 170.765220][ T4999] legacy_get_tree+0x114/0x290 [ 170.770162][ T4999] vfs_get_tree+0xa7/0x570 [ 170.774940][ T4999] do_new_mount+0x71f/0x15e0 [ 170.779727][ T4999] path_mount+0x742/0x1f20 [ 170.784436][ T4999] __se_sys_mount+0x725/0x810 [ 170.789281][ T4999] __x64_sys_mount+0xe4/0x150 [ 170.794212][ T4999] do_syscall_64+0xd5/0x1f0 [ 170.798936][ T4999] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 170.805142][ T4999] [ 170.807575][ T4999] CPU: 1 PID: 4999 Comm: syz-executor240 Not tainted 6.8.0-syzkaller-08073-g480e035fc4c7 #0 [ 170.817973][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 170.828199][ T4999] ===================================================== [ 170.835343][ T4999] Disabling lock debugging due to kernel taint [ 170.841668][ T4999] Kernel panic - not syncing: kmsan.panic set ... [ 170.848201][ T4999] CPU: 1 PID: 4999 Comm: syz-executor240 Tainted: G B 6.8.0-syzkaller-08073-g480e035fc4c7 #0 [ 170.859946][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 170.870172][ T4999] Call Trace: [ 170.873554][ T4999] [ 170.876555][ T4999] dump_stack_lvl+0x216/0x2d0 [ 170.881446][ T4999] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 170.887521][ T4999] dump_stack+0x1e/0x30 [ 170.891892][ T4999] panic+0x4e2/0xcd0 [ 170.895992][ T4999] ? kmsan_get_metadata+0x71/0x1d0 [ 170.901373][ T4999] kmsan_report+0x2d5/0x2e0 [ 170.906120][ T4999] ? filter_irq_stacks+0x60/0x1a0 [ 170.911418][ T4999] ? __msan_warning+0x95/0x120 [ 170.916412][ T4999] ? hfs_find_set_zero_bits+0x836/0xca0 [ 170.922221][ T4999] ? hfs_vbm_search_free+0x141/0x530 [ 170.927689][ T4999] ? hfs_extend_file+0x69e/0x19f0 [ 170.932920][ T4999] ? hfs_get_block+0x3d8/0xf50 [ 170.937884][ T4999] ? __block_write_begin_int+0xa6b/0x2f80 [ 170.943843][ T4999] ? block_write_begin+0x143/0x450 [ 170.949199][ T4999] ? cont_write_begin+0xcc0/0x1320 [ 170.954575][ T4999] ? hfs_write_begin+0x9a/0x140 [ 170.959674][ T4999] ? cont_write_begin+0x341/0x1320 [ 170.965057][ T4999] ? hfs_write_begin+0x9a/0x140 [ 170.970064][ T4999] ? hfs_file_truncate+0x1a5/0xd30 [ 170.975332][ T4999] ? hfs_inode_setattr+0x998/0xab0 [ 170.980586][ T4999] ? notify_change+0x1a07/0x1af0 [ 170.985709][ T4999] ? do_ftruncate+0x8d3/0xc00 [ 170.990576][ T4999] ? __x64_sys_ftruncate+0x133/0x280 [ 170.996075][ T4999] ? do_syscall_64+0xd5/0x1f0 [ 171.000995][ T4999] ? entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 171.007303][ T4999] ? kmsan_internal_poison_memory+0x49/0x90 [ 171.013438][ T4999] ? kmsan_slab_free+0xd6/0x140 [ 171.018519][ T4999] ? kfree+0x20c/0xa30 [ 171.022789][ T4999] ? hfs_find_exit+0x4e/0xb0 [ 171.027532][ T4999] ? hfs_extend_file+0x467/0x19f0 [ 171.032692][ T4999] ? hfs_get_block+0x3d8/0xf50 [ 171.037586][ T4999] ? __block_write_begin_int+0xa6b/0x2f80 [ 171.043490][ T4999] ? block_write_begin+0x143/0x450 [ 171.048859][ T4999] ? cont_write_begin+0xcc0/0x1320 [ 171.054231][ T4999] ? hfs_write_begin+0x9a/0x140 [ 171.059306][ T4999] ? cont_write_begin+0x341/0x1320 [ 171.064607][ T4999] ? hfs_write_begin+0x9a/0x140 [ 171.069588][ T4999] ? hfs_file_truncate+0x1a5/0xd30 [ 171.074826][ T4999] ? hfs_inode_setattr+0x998/0xab0 [ 171.080104][ T4999] ? notify_change+0x1a07/0x1af0 [ 171.085297][ T4999] ? do_ftruncate+0x8d3/0xc00 [ 171.090194][ T4999] ? __x64_sys_ftruncate+0x133/0x280 [ 171.095674][ T4999] ? do_syscall_64+0xd5/0x1f0 [ 171.100493][ T4999] ? entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 171.106729][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.112176][ T4999] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.118253][ T4999] ? kfree+0x18c/0xa30 [ 171.122545][ T4999] ? filter_irq_stacks+0x60/0x1a0 [ 171.127721][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.133064][ T4999] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.139070][ T4999] __msan_warning+0x95/0x120 [ 171.143895][ T4999] hfs_find_set_zero_bits+0x836/0xca0 [ 171.149516][ T4999] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 171.155925][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.161384][ T4999] hfs_vbm_search_free+0x141/0x530 [ 171.166772][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.172131][ T4999] hfs_extend_file+0x69e/0x19f0 [ 171.177114][ T4999] ? filemap_get_folios+0x4a/0x60 [ 171.182303][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.187733][ T4999] hfs_get_block+0x3d8/0xf50 [ 171.192472][ T4999] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.198467][ T4999] __block_write_begin_int+0xa6b/0x2f80 [ 171.204264][ T4999] ? __pfx_hfs_get_block+0x10/0x10 [ 171.209502][ T4999] ? kmsan_get_shadow_origin_ptr+0x38/0xb0 [ 171.215476][ T4999] block_write_begin+0x143/0x450 [ 171.220655][ T4999] ? __pfx_hfs_get_block+0x10/0x10 [ 171.225893][ T4999] cont_write_begin+0xcc0/0x1320 [ 171.231051][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.236489][ T4999] hfs_write_begin+0x9a/0x140 [ 171.241368][ T4999] ? __pfx_hfs_get_block+0x10/0x10 [ 171.246667][ T4999] ? __pfx_hfs_write_begin+0x10/0x10 [ 171.252105][ T4999] cont_write_begin+0x341/0x1320 [ 171.257338][ T4999] hfs_write_begin+0x9a/0x140 [ 171.262225][ T4999] ? __pfx_hfs_get_block+0x10/0x10 [ 171.267553][ T4999] hfs_file_truncate+0x1a5/0xd30 [ 171.272652][ T4999] ? unmap_mapping_range+0xc8/0x400 [ 171.277990][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.283454][ T4999] hfs_inode_setattr+0x998/0xab0 [ 171.288623][ T4999] ? __pfx_hfs_inode_setattr+0x10/0x10 [ 171.294258][ T4999] ? __pfx_hfs_inode_setattr+0x10/0x10 [ 171.299913][ T4999] notify_change+0x1a07/0x1af0 [ 171.304931][ T4999] ? kmsan_get_metadata+0x146/0x1d0 [ 171.310326][ T4999] do_ftruncate+0x8d3/0xc00 [ 171.314948][ T4999] ? ptrace_notify+0x263/0x320 [ 171.319845][ T4999] __x64_sys_ftruncate+0x133/0x280 [ 171.325116][ T4999] do_syscall_64+0xd5/0x1f0 [ 171.329847][ T4999] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 171.335924][ T4999] RIP: 0033:0x7fb87195dd19 [ 171.340423][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 171.360195][ T4999] RSP: 002b:00007fff22850c68 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 171.368802][ T4999] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb87195dd19 [ 171.376903][ T4999] RDX: 00007fb87195dd19 RSI: 0000000002007fff RDI: 0000000000000004 [ 171.385052][ T4999] RBP: 00007fb8719d15f0 R08: 000055557b81c4c0 R09: 000055557b81c4c0 [ 171.393175][ T4999] R10: 0000000000000260 R11: 0000000000000246 R12: 00007fff22850c90 [ 171.401291][ T4999] R13: 00007fff22850eb8 R14: 431bde82d7b634db R15: 00007fb8719a603b [ 171.409459][ T4999] [ 171.412953][ T4999] Kernel Offset: disabled [ 171.417356][ T4999] Rebooting in 86400 seconds..