./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3208103218

<...>

syzkaller
syzkaller login: [   46.256914][   T26] kauditd_printk_skb: 42 callbacks suppressed
[   46.256931][   T26] audit: type=1400 audit(1686862029.375:77): avc:  denied  { transition } for  pid=4848 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.305623][   T26] audit: type=1400 audit(1686862029.385:78): avc:  denied  { noatsecure } for  pid=4848 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.333538][   T26] audit: type=1400 audit(1686862029.405:79): avc:  denied  { write } for  pid=4848 comm="sh" path="pipe:[29841]" dev="pipefs" ino=29841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   46.365865][   T26] audit: type=1400 audit(1686862029.405:80): avc:  denied  { rlimitinh } for  pid=4848 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.394269][   T26] audit: type=1400 audit(1686862029.405:81): avc:  denied  { siginh } for  pid=4848 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.995358][   T26] audit: type=1400 audit(1686862030.105:82): avc:  denied  { read } for  pid=4430 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
execve("./syz-executor3208103218", ["./syz-executor3208103218"], 0x7ffebc80d560 /* 10 vars */) = 0
brk(NULL)                               = 0x555555c4b000
brk(0x555555c4bc40)                     = 0x555555c4bc40
arch_prctl(ARCH_SET_FS, 0x555555c4b300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3208103218", 4096) = 28
brk(0x555555c6cc40)                     = 0x555555c6cc40
brk(0x555555c6d000)                     = 0x555555c6d000
mprotect(0x7fd222be6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[   62.280232][   T26] audit: type=1400 audit(1686862045.395:83): avc:  denied  { write } for  pid=4995 comm="strace-static-x" path="pipe:[28540]" dev="pipefs" ino=28540 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   62.304666][   T26] audit: type=1400 audit(1686862045.415:84): avc:  denied  { execmem } for  pid=4998 comm="syz-executor320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd21a72c000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7fd21a72c000, 524288)          = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
[   62.306199][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor320'
[   62.341695][   T26] audit: type=1400 audit(1686862045.455:85): avc:  denied  { read write } for  pid=4998 comm="syz-executor320" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   62.348772][ T4998] loop0: detected capacity change from 0 to 1024
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./bus", 0777)                    = 0
[   62.366527][   T26] audit: type=1400 audit(1686862045.465:86): avc:  denied  { open } for  pid=4998 comm="syz-executor320" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   62.398123][   T26] audit: type=1400 audit(1686862045.465:87): avc:  denied  { ioctl } for  pid=4998 comm="syz-executor320" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0
openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
chdir("./bus")                          = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, ".", O_RDONLY)         = 4
getdents64(4, 0x20000340 /* 3 entries */, 97) = 80
getdents64(4, 0x20000340 /* 3 entries */, 97) = 96
[   62.425017][   T26] audit: type=1400 audit(1686862045.515:88): avc:  denied  { mounton } for  pid=4998 comm="syz-executor320" path="/root/bus" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   62.441166][ T4998] ==================================================================
[   62.455693][ T4998] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x953/0xa50
[   62.463370][ T4998] Read of size 2 at addr ffff8880142eb40c by task syz-executor320/4998
[   62.466846][   T26] audit: type=1400 audit(1686862045.545:89): avc:  denied  { mount } for  pid=4998 comm="syz-executor320" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   62.471609][ T4998] 
[   62.471616][ T4998] CPU: 0 PID: 4998 Comm: syz-executor320 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[   62.506473][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   62.516552][ T4998] Call Trace:
[   62.519838][ T4998]  <TASK>
[   62.522756][ T4998]  dump_stack_lvl+0xd9/0x150
[   62.527349][ T4998]  print_address_description.constprop.0+0x2c/0x3c0
[   62.533928][ T4998]  ? hfsplus_uni2asc+0x953/0xa50
[   62.538852][ T4998]  kasan_report+0x11c/0x130
[   62.543343][ T4998]  ? hfsplus_uni2asc+0x953/0xa50
[   62.548314][ T4998]  ? char2uni+0x130/0x130
[   62.552737][ T4998]  hfsplus_uni2asc+0x953/0xa50
[   62.557495][ T4998]  ? char2uni+0x130/0x130
[   62.561819][ T4998]  ? hfsplus_bnode_read+0xb8/0x150
[   62.566924][ T4998]  hfsplus_readdir+0x952/0xfd0
[   62.571677][ T4998]  ? hfsplus_dir_release+0x1d0/0x1d0
[   62.576961][ T4998]  ? lock_sync+0x190/0x190
[   62.581363][ T4998]  ? down_read_killable+0x14a/0x4f0
[   62.586551][ T4998]  ? down_read+0x480/0x480
[   62.590975][ T4998]  ? fsnotify_perm.part.0+0x221/0x610
[   62.596352][ T4998]  iterate_dir+0x56e/0x6f0
[   62.600765][ T4998]  __x64_sys_getdents64+0x13e/0x2c0
[   62.605954][ T4998]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   62.611225][ T4998]  ? compat_fillonedir+0x470/0x470
[   62.616319][ T4998]  ? lockdep_hardirqs_on+0x7d/0x100
[   62.621506][ T4998]  ? _raw_spin_unlock_irq+0x2e/0x50
[   62.626700][ T4998]  ? ptrace_notify+0xfe/0x140
[   62.631369][ T4998]  do_syscall_64+0x39/0xb0
[   62.635770][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.641668][ T4998] RIP: 0033:0x7fd222b78889
[   62.646067][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   62.665749][ T4998] RSP: 002b:00007ffc134c5498 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   62.674148][ T4998] RAX: ffffffffffffffda RBX: 000000000000003f RCX: 00007fd222b78889
[   62.682109][ T4998] RDX: 0000000000000061 RSI: 0000000020000340 RDI: 0000000000000004
[   62.690071][ T4998] RBP: 00007fd222b38120 R08: 0000000000000000 R09: 0000000000000000
[   62.698041][ T4998] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd222b381b0
[   62.706014][ T4998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   62.713978][ T4998]  </TASK>
[   62.716993][ T4998] 
[   62.719316][ T4998] Allocated by task 4998:
[   62.723636][ T4998]  kasan_save_stack+0x22/0x40
[   62.728332][ T4998]  kasan_set_track+0x25/0x30
[   62.732907][ T4998]  __kasan_kmalloc+0xa3/0xb0
[   62.737483][ T4998]  __kmalloc+0x5e/0x190
[   62.741624][ T4998]  hfsplus_find_init+0x95/0x230
[   62.747205][ T4998]  hfsplus_readdir+0x21e/0xfd0
[   62.752067][ T4998]  iterate_dir+0x56e/0x6f0
[   62.756474][ T4998]  __x64_sys_getdents64+0x13e/0x2c0
[   62.761673][ T4998]  do_syscall_64+0x39/0xb0
[   62.766072][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.771959][ T4998] 
[   62.774264][ T4998] Last potentially related work creation:
[   62.779957][ T4998]  kasan_save_stack+0x22/0x40
[   62.784637][ T4998]  __kasan_record_aux_stack+0x7b/0x90
[   62.790021][ T4998]  __call_rcu_common.constprop.0+0x99/0x7e0
[   62.795909][ T4998]  netlink_release+0xcde/0x1e40
[   62.800755][ T4998]  __sock_release+0xcd/0x290
[   62.805339][ T4998]  sock_close+0x1c/0x20
[   62.809484][ T4998]  __fput+0x27c/0xa90
[   62.813458][ T4998]  task_work_run+0x16f/0x270
[   62.818041][ T4998]  exit_to_user_mode_prepare+0x210/0x240
[   62.823664][ T4998]  syscall_exit_to_user_mode+0x1d/0x50
[   62.829111][ T4998]  do_syscall_64+0x46/0xb0
[   62.833517][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.839401][ T4998] 
[   62.841954][ T4998] The buggy address belongs to the object at ffff8880142eb000
[   62.841954][ T4998]  which belongs to the cache kmalloc-2k of size 2048
[   62.857231][ T4998] The buggy address is located 0 bytes to the right of
[   62.857231][ T4998]  allocated 1036-byte region [ffff8880142eb000, ffff8880142eb40c)
[   62.871912][ T4998] 
[   62.874221][ T4998] The buggy address belongs to the physical page:
[   62.880631][ T4998] page:ffffea000050bac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x142eb
[   62.890780][ T4998] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   62.898307][ T4998] page_type: 0x1()
[   62.902021][ T4998] raw: 00fff00000000200 ffff888012440800 ffffea000050b750 ffffea00005ef050
[   62.910600][ T4998] raw: 0000000000000000 ffff8880142eb000 0000000100000001 0000000000000000
[   62.919174][ T4998] page dumped because: kasan: bad access detected
[   62.925567][ T4998] page_owner tracks the page as allocated
[   62.931260][ T4998] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 1, tgid 1 (swapper/0), ts 2487009578, free_ts 0
[   62.949829][ T4998]  post_alloc_hook+0x2db/0x350
[   62.954580][ T4998]  get_page_from_freelist+0xf41/0x2c00
[   62.960027][ T4998]  __alloc_pages+0x1cb/0x4a0
[   62.964615][ T4998]  cache_grow_begin+0x9b/0x3b0
[   62.969376][ T4998]  cache_alloc_refill+0x27f/0x380
[   62.974395][ T4998]  __kmem_cache_alloc_node+0x360/0x3f0
[   62.979841][ T4998]  kmalloc_trace+0x26/0xe0
[   62.984245][ T4998]  acpi_ds_create_walk_state+0x7e/0x260
[   62.989783][ T4998]  acpi_ds_auto_serialize_method+0xef/0x260
[   62.995689][ T4998]  acpi_ds_init_one_object+0x359/0x450
[   63.001132][ T4998]  acpi_ns_walk_namespace+0x41d/0x5e0
[   63.006501][ T4998]  acpi_ds_initialize_objects+0x12f/0x190
[   63.012205][ T4998]  acpi_ns_load_table+0x9c/0x140
[   63.017128][ T4998]  acpi_tb_load_namespace+0x26b/0x700
[   63.022484][ T4998]  acpi_load_tables+0x2f/0x120
[   63.027244][ T4998]  acpi_init+0x123/0xab0
[   63.031759][ T4998] page_owner free stack trace missing
[   63.038681][ T4998] 
[   63.040993][ T4998] Memory state around the buggy address:
[   63.046689][ T4998]  ffff8880142eb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   63.054904][ T4998]  ffff8880142eb380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   63.063050][ T4998] >ffff8880142eb400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.071268][ T4998]                       ^
[   63.075947][ T4998]  ffff8880142eb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.084086][ T4998]  ffff8880142eb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.092397][ T4998] ==================================================================
[   63.101014][ T4998] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   63.108220][ T4998] CPU: 0 PID: 4998 Comm: syz-executor320 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[   63.118649][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   63.128890][ T4998] Call Trace:
[   63.132290][ T4998]  <TASK>
[   63.135257][ T4998]  dump_stack_lvl+0xd9/0x150
[   63.139857][ T4998]  panic+0x686/0x730
[   63.143762][ T4998]  ? panic_smp_self_stop+0xa0/0xa0
[   63.148878][ T4998]  ? preempt_schedule_thunk+0x1a/0x20
[   63.154269][ T4998]  ? preempt_schedule_common+0x45/0xb0
[   63.159737][ T4998]  check_panic_on_warn+0xb1/0xc0
[   63.164681][ T4998]  end_report+0xe9/0x120
[   63.169007][ T4998]  ? hfsplus_uni2asc+0x953/0xa50
[   63.173946][ T4998]  kasan_report+0xf9/0x130
[   63.178550][ T4998]  ? hfsplus_uni2asc+0x953/0xa50
[   63.183491][ T4998]  ? char2uni+0x130/0x130
[   63.187936][ T4998]  hfsplus_uni2asc+0x953/0xa50
[   63.192789][ T4998]  ? char2uni+0x130/0x130
[   63.197127][ T4998]  ? hfsplus_bnode_read+0xb8/0x150
[   63.202247][ T4998]  hfsplus_readdir+0x952/0xfd0
[   63.207030][ T4998]  ? hfsplus_dir_release+0x1d0/0x1d0
[   63.212331][ T4998]  ? lock_sync+0x190/0x190
[   63.216753][ T4998]  ? down_read_killable+0x14a/0x4f0
[   63.222046][ T4998]  ? down_read+0x480/0x480
[   63.226480][ T4998]  ? fsnotify_perm.part.0+0x221/0x610
[   63.231856][ T4998]  iterate_dir+0x56e/0x6f0
[   63.236362][ T4998]  __x64_sys_getdents64+0x13e/0x2c0
[   63.241566][ T4998]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   63.246952][ T4998]  ? compat_fillonedir+0x470/0x470
[   63.252096][ T4998]  ? lockdep_hardirqs_on+0x7d/0x100
[   63.257677][ T4998]  ? _raw_spin_unlock_irq+0x2e/0x50
[   63.263333][ T4998]  ? ptrace_notify+0xfe/0x140
[   63.268290][ T4998]  do_syscall_64+0x39/0xb0
[   63.272739][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.278668][ T4998] RIP: 0033:0x7fd222b78889
[   63.283097][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   63.302802][ T4998] RSP: 002b:00007ffc134c5498 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   63.311304][ T4998] RAX: ffffffffffffffda RBX: 000000000000003f RCX: 00007fd222b78889
[   63.319361][ T4998] RDX: 0000000000000061 RSI: 0000000020000340 RDI: 0000000000000004
[   63.327504][ T4998] RBP: 00007fd222b38120 R08: 0000000000000000 R09: 0000000000000000
[   63.335657][ T4998] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd222b381b0
[   63.343646][ T4998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   63.352767][ T4998]  </TASK>
[   63.355950][ T4998] Kernel Offset: disabled
[   63.360267][ T4998] Rebooting in 86400 seconds..