./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor657719399 <...> Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts. execve("./syz-executor657719399", ["./syz-executor657719399"], 0x7ffc9b4c92d0 /* 10 vars */) = 0 brk(NULL) = 0x55557fc97000 brk(0x55557fc97d00) = 0x55557fc97d00 arch_prctl(ARCH_SET_FS, 0x55557fc97380) = 0 set_tid_address(0x55557fc97650) = 5783 set_robust_list(0x55557fc97660, 24) = 0 rseq(0x55557fc97ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor657719399", 4096) = 27 getrandom("\xeb\xb4\xa1\xb8\x55\x5e\xd7\xe2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557fc97d00 brk(0x55557fcb8d00) = 0x55557fcb8d00 brk(0x55557fcb9000) = 0x55557fcb9000 mprotect(0x7f1c954dc000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("./syzkaller.2AwCAa", 0700) = 0 chmod("./syzkaller.2AwCAa", 0777) = 0 chdir("./syzkaller.2AwCAa") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fc97650) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x55557fc97660, 24) = 0 [pid 5784] chdir("./0") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] write(1, "executing program\n", 18executing program ) = 18 [pid 5784] memfd_create("syzkaller", 0) = 3 [pid 5784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1c8d000000 [pid 5784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5784] munmap(0x7f1c8d000000, 138412032) = 0 [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5784] close(3) = 0 [pid 5784] close(4) = 0 [pid 5784] mkdir("./file0", 0777) = 0 [pid 5784] mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_NOATIME|MS_NODIRATIME|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5784] chdir("./file0") = 0 [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 181.003559][ T5784] loop0: detected capacity change from 0 to 1024 [pid 5784] clone(child_stack=NULL, flags=0./strace-static-x86_64: Process 5786 attached ) = 5786 [pid 5784] exit_group(0) = ? [pid 5784] +++ exited with 0 +++ [pid 5783] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5783] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5783] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5783] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5783] getdents64(3, 0x55557fc986f0 /* 4 entries */, 32768) = 112 [pid 5783] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5783] unlink("./0/binderfs") = 0 [pid 5783] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 5783] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=8, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5783] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 5783] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5783] newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=8, ...}, AT_EMPTY_PATH) = 0 [pid 5783] getdents64(4, 0x55557fca0730 /* 7 entries */, 32768) = 208 [pid 5783] umount2("./0/file0/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] newfstatat(AT_FDCWD, "./0/file0/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5783] unlink("./0/file0/file.cold") = 0 [pid 5783] umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] newfstatat(AT_FDCWD, "./0/file0/file0", {st_mode=S_IFDIR|0755, st_size=4, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5783] umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] openat(AT_FDCWD, "./0/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 [pid 5783] newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4, ...}, AT_EMPTY_PATH) = 0 [pid 5783] getdents64(5, 0x55557fca8770 /* 4 entries */, 32768) = 112 [pid 5783] umount2("./0/file0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] newfstatat(AT_FDCWD, "./0/file0/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5783] unlink("./0/file0/file0/file0") = 0 [pid 5783] umount2("./0/file0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] newfstatat(AT_FDCWD, "./0/file0/file0/file1", {st_mode=S_IFLNK|0777, st_size=4752, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5783] unlink("./0/file0/file0/file1") = 0 [pid 5783] getdents64(5, 0x55557fca8770 /* 0 entries */, 32768) = 0 [pid 5783] close(5) = 0 [pid 5783] rmdir("./0/file0/file0") = 0 [pid 5783] umount2("./0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5783] newfstatat(AT_FDCWD, "./0/file0/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.142890][ T5783] hfsplus: unable to mark blocks free: error -5 [ 181.149279][ T5783] hfsplus: can't free extent [ 181.163054][ T5783] hfsplus: unable to mark blocks free: error -5 [ 181.169496][ T5783] hfsplus: can't free extent [pid 5783] unlink("./0/file0/file1") = 0 [pid 5783] umount2("./0/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5786] exit(0) = ? [pid 5786] +++ exited with 0 +++ [ 181.188455][ T5783] hfsplus: unable to mark blocks free: error -5 [ 181.195080][ T5783] hfsplus: can't free extent [ 181.201021][ T5783] ===================================================== [ 181.208433][ T5783] BUG: KMSAN: uninit-value in hfsplus_lookup+0x66b/0xef0 [ 181.215958][ T5783] hfsplus_lookup+0x66b/0xef0 [ 181.220754][ T5783] __lookup_slow+0x538/0x710 [ 181.225702][ T5783] lookup_slow+0x6a/0xd0 [ 181.230118][ T5783] walk_component+0x467/0x650 [ 181.235060][ T5783] path_lookupat+0x27d/0x6f0 [ 181.239814][ T5783] filename_lookup+0x288/0x7c0 [ 181.244787][ T5783] user_path_at+0x90/0x3e0 [ 181.249354][ T5783] __x64_sys_umount+0x146/0x240 [ 181.254584][ T5783] x64_sys_call+0x265e/0x3c30 [ 181.259413][ T5783] do_syscall_64+0xcd/0x1e0 [ 181.264196][ T5783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.270289][ T5783] [ 181.272802][ T5783] Uninit was created at: [ 181.277247][ T5783] __alloc_frozen_pages_noprof+0x9a7/0xe00 [ 181.283327][ T5783] alloc_pages_mpol+0x4cd/0x890 [ 181.288407][ T5783] alloc_frozen_pages_noprof+0x1bf/0x1e0 [ 181.294302][ T5783] allocate_slab+0x23a/0x1110 [ 181.299154][ T5783] ___slab_alloc+0x1287/0x3540 [ 181.304150][ T5783] kmem_cache_alloc_lru_noprof+0x855/0xe20 [ 181.310130][ T5783] hfsplus_alloc_inode+0x5a/0xd0 [ 181.315358][ T5783] alloc_inode+0x86/0x460 [ 181.319869][ T5783] iget_locked+0x250/0x1290 [ 181.324634][ T5783] hfsplus_iget+0x59/0xae0 [ 181.329209][ T5783] hfsplus_btree_open+0x13e/0x1d00 [ 181.334615][ T5783] hfsplus_fill_super+0x118b/0x26e0 [ 181.340081][ T5783] get_tree_bdev_flags+0x6ec/0x910 [ 181.345440][ T5783] get_tree_bdev+0x37/0x50 [ 181.350020][ T5783] hfsplus_get_tree+0x34/0x40 [ 181.354909][ T5783] vfs_get_tree+0xb1/0x5a0 [ 181.359485][ T5783] do_new_mount+0x71f/0x15e0 [ 181.364329][ T5783] path_mount+0x742/0x1f10 [ 181.368910][ T5783] __se_sys_mount+0x71f/0x800 [ 181.373902][ T5783] __x64_sys_mount+0xe4/0x150 [ 181.378752][ T5783] x64_sys_call+0x39bf/0x3c30 [ 181.383683][ T5783] do_syscall_64+0xcd/0x1e0 [ 181.388348][ T5783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.394580][ T5783] [ 181.397003][ T5783] CPU: 0 UID: 0 PID: 5783 Comm: syz-executor657 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 181.408362][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 181.418637][ T5783] ===================================================== [ 181.425815][ T5783] Disabling lock debugging due to kernel taint [ 181.432204][ T5783] Kernel panic - not syncing: kmsan.panic set ... [ 181.438694][ T5783] CPU: 0 UID: 0 PID: 5783 Comm: syz-executor657 Tainted: G B 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 181.451408][ T5783] Tainted: [B]=BAD_PAGE [ 181.455613][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 181.465755][ T5783] Call Trace: [ 181.469092][ T5783] [ 181.472075][ T5783] dump_stack_lvl+0x216/0x2d0 [ 181.476854][ T5783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 181.482783][ T5783] dump_stack+0x1e/0x24 [ 181.487016][ T5783] panic+0x4e2/0xcf0 [ 181.491038][ T5783] ? kmsan_get_metadata+0x61/0x1c0 [ 181.496279][ T5783] kmsan_report+0x2c7/0x2d0 [ 181.500917][ T5783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 181.506846][ T5783] ? __msan_warning+0x95/0x120 [ 181.511714][ T5783] ? hfsplus_lookup+0x66b/0xef0 [ 181.516676][ T5783] ? __lookup_slow+0x538/0x710 [ 181.521526][ T5783] ? lookup_slow+0x6a/0xd0 [ 181.526026][ T5783] ? walk_component+0x467/0x650 [ 181.530974][ T5783] ? path_lookupat+0x27d/0x6f0 [ 181.535822][ T5783] ? filename_lookup+0x288/0x7c0 [ 181.540843][ T5783] ? user_path_at+0x90/0x3e0 [ 181.545535][ T5783] ? __x64_sys_umount+0x146/0x240 [ 181.550662][ T5783] ? x64_sys_call+0x265e/0x3c30 [ 181.555643][ T5783] ? do_syscall_64+0xcd/0x1e0 [ 181.560419][ T5783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.566608][ T5783] ? kmsan_get_metadata+0x13e/0x1c0 [ 181.571915][ T5783] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 181.578269][ T5783] ? __msan_memcpy+0x108/0x1c0 [ 181.583128][ T5783] ? hfsplus_bnode_read+0x33c/0x350 [ 181.588429][ T5783] ? kmsan_get_metadata+0x13e/0x1c0 [ 181.593744][ T5783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 181.599666][ T5783] __msan_warning+0x95/0x120 [ 181.604352][ T5783] hfsplus_lookup+0x66b/0xef0 [ 181.609131][ T5783] ? kmsan_get_metadata+0x13e/0x1c0 [ 181.614483][ T5783] ? kmsan_get_metadata+0x13e/0x1c0 [ 181.619786][ T5783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 181.625701][ T5783] ? __pfx_hfsplus_lookup+0x10/0x10 [ 181.630984][ T5783] ? __pfx_hfsplus_lookup+0x10/0x10 [ 181.636265][ T5783] __lookup_slow+0x538/0x710 [ 181.640949][ T5783] lookup_slow+0x6a/0xd0 [ 181.645291][ T5783] walk_component+0x467/0x650 [ 181.650051][ T5783] ? kmsan_get_metadata+0x13e/0x1c0 [ 181.655384][ T5783] path_lookupat+0x27d/0x6f0 [ 181.660069][ T5783] filename_lookup+0x288/0x7c0 [ 181.664922][ T5783] ? strncpy_from_user+0x46a/0x540 [ 181.670150][ T5783] ? kmsan_get_metadata+0x13e/0x1c0 [ 181.675457][ T5783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 181.681384][ T5783] ? getname_flags+0x5df/0xa30 [ 181.686274][ T5783] user_path_at+0x90/0x3e0 [ 181.690780][ T5783] ? __x64_sys_umount+0x6d/0x240 [ 181.695824][ T5783] __x64_sys_umount+0x146/0x240 [ 181.700781][ T5783] x64_sys_call+0x265e/0x3c30 [ 181.705553][ T5783] do_syscall_64+0xcd/0x1e0 [ 181.710154][ T5783] ? clear_bhb_loop+0x25/0x80 [ 181.714940][ T5783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.720952][ T5783] RIP: 0033:0x7f1c95469407 [ 181.725439][ T5783] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 181.745160][ T5783] RSP: 002b:00007ffe35a70378 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 181.753682][ T5783] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1c95469407 [ 181.761750][ T5783] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe35a70430 [ 181.769805][ T5783] RBP: 00007ffe35a70430 R08: 0000000000000000 R09: 0000000000000000 [ 181.777846][ T5783] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe35a71520 [ 181.785890][ T5783] R13: 000055557fca0700 R14: 0000000000000001 R15: 431bde82d7b634db [ 181.793956][ T5783] [ 181.797362][ T5783] Kernel Offset: disabled [ 181.801758][ T5783] Rebooting in 86400 seconds..