./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2719089633

<...>
Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts.
execve("./syz-executor2719089633", ["./syz-executor2719089633"], 0x7ffe18fff150 /* 10 vars */) = 0
brk(NULL)                               = 0x555591ac7000
brk(0x555591ac7d00)                     = 0x555591ac7d00
arch_prctl(ARCH_SET_FS, 0x555591ac7380) = 0
set_tid_address(0x555591ac7650)         = 5820
set_robust_list(0x555591ac7660, 24)     = 0
rseq(0x555591ac7ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2719089633", 4096) = 28
getrandom("\x4d\x97\xe3\xa0\xd5\x0c\x45\x92", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555591ac7d00
brk(0x555591ae8d00)                     = 0x555591ae8d00
brk(0x555591ae9000)                     = 0x555591ae9000
mprotect(0x7f2e922f7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
executing program
write(1, "executing program\n", 18)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2e89e00000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
munmap(0x7f2e89e00000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file1", 0777)                  = 0
mount("/dev/loop0", "./file1", "hfs", MS_NODEV|MS_DIRSYNC, "") = 0
[   58.469814][ T5820] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
chdir("./file1")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   58.582374][ T5820] ==================================================================
[   58.590446][ T5820] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450
[   58.598347][ T5820] Write of size 94 at addr ffff88814574c680 by task syz-executor271/5820
[   58.606744][ T5820] 
[   58.609067][ T5820] CPU: 1 UID: 0 PID: 5820 Comm: syz-executor271 Not tainted 6.13.0-syzkaller-02526-gc4b9570cfb63 #0
[   58.609079][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   58.609088][ T5820] Call Trace:
[   58.609093][ T5820]  <TASK>
[   58.609097][ T5820]  dump_stack_lvl+0x241/0x360
[   58.609116][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.609128][ T5820]  ? __pfx__printk+0x10/0x10
[   58.609138][ T5820]  ? _printk+0xd5/0x120
[   58.609149][ T5820]  ? __virt_addr_valid+0x183/0x530
[   58.609160][ T5820]  ? __virt_addr_valid+0x183/0x530
[   58.609170][ T5820]  print_report+0x169/0x550
[   58.609179][ T5820]  ? __virt_addr_valid+0x183/0x530
[   58.609189][ T5820]  ? __virt_addr_valid+0x183/0x530
[   58.609198][ T5820]  ? __virt_addr_valid+0x45f/0x530
[   58.609208][ T5820]  ? __phys_addr+0xba/0x170
[   58.609218][ T5820]  ? hfs_bnode_read_key+0x314/0x450
[   58.609230][ T5820]  kasan_report+0x143/0x180
[   58.609239][ T5820]  ? hfs_bnode_read_key+0x314/0x450
[   58.609252][ T5820]  kasan_check_range+0x282/0x290
[   58.609260][ T5820]  ? hfs_bnode_read_key+0x314/0x450
[   58.609271][ T5820]  __asan_memcpy+0x40/0x70
[   58.609283][ T5820]  hfs_bnode_read_key+0x314/0x450
[   58.609295][ T5820]  hfs_brec_insert+0x7f3/0xbd0
[   58.609310][ T5820]  ? __pfx_hfs_brec_insert+0x10/0x10
[   58.609324][ T5820]  hfs_cat_create+0x41d/0xa50
[   58.609337][ T5820]  ? __pfx_hfs_cat_create+0x10/0x10
[   58.609353][ T5820]  ? _raw_spin_unlock+0x28/0x50
[   58.609366][ T5820]  ? hfs_new_inode+0x86e/0xaf0
[   58.609377][ T5820]  hfs_create+0x66/0xe0
[   58.609388][ T5820]  ? __pfx_hfs_create+0x10/0x10
[   58.609401][ T5820]  path_openat+0x1c03/0x3590
[   58.609422][ T5820]  ? __pfx_path_openat+0x10/0x10
[   58.609436][ T5820]  do_filp_open+0x27f/0x4e0
[   58.609448][ T5820]  ? __pfx_do_filp_open+0x10/0x10
[   58.609458][ T5820]  ? do_raw_spin_lock+0x14f/0x370
[   58.609473][ T5820]  do_sys_openat2+0x13e/0x1d0
[   58.609483][ T5820]  ? __pfx_do_sys_openat2+0x10/0x10
[   58.609493][ T5820]  ? lockdep_hardirqs_on+0x99/0x150
[   58.609504][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   58.609513][ T5820]  ? ptrace_notify+0x279/0x380
[   58.609526][ T5820]  __x64_sys_openat+0x247/0x2a0
[   58.609536][ T5820]  ? __pfx___x64_sys_openat+0x10/0x10
[   58.609546][ T5820]  ? do_syscall_64+0x100/0x230
[   58.609559][ T5820]  do_syscall_64+0xf3/0x230
[   58.609570][ T5820]  ? clear_bhb_loop+0x35/0x90
[   58.609585][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.609599][ T5820] RIP: 0033:0x7f2e92284679
[   58.609612][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   58.609619][ T5820] RSP: 002b:00007fffbd1bf8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   58.609630][ T5820] RAX: ffffffffffffffda RBX: 00007fffbd1bfa98 RCX: 00007f2e92284679
[   58.609637][ T5820] RDX: 000000000000275a RSI: 0000000020000200 RDI: 00000000ffffff9c
[   58.609643][ T5820] RBP: 00007f2e922f7610 R08: 0000000000000000 R09: 0000000000000000
[   58.609649][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.609654][ T5820] R13: 00007fffbd1bfa88 R14: 0000000000000001 R15: 0000000000000001
[   58.609663][ T5820]  </TASK>
[   58.609666][ T5820] 
[   58.917566][ T5820] Allocated by task 5820:
[   58.921881][ T5820]  kasan_save_track+0x3f/0x80
[   58.926536][ T5820]  __kasan_kmalloc+0x98/0xb0
[   58.931100][ T5820]  __kmalloc_noprof+0x285/0x4c0
[   58.935924][ T5820]  hfs_find_init+0x90/0x1f0
[   58.940401][ T5820]  hfs_cat_create+0x182/0xa50
[   58.945052][ T5820]  hfs_create+0x66/0xe0
[   58.949183][ T5820]  path_openat+0x1c03/0x3590
[   58.953746][ T5820]  do_filp_open+0x27f/0x4e0
[   58.958222][ T5820]  do_sys_openat2+0x13e/0x1d0
[   58.962883][ T5820]  __x64_sys_openat+0x247/0x2a0
[   58.967705][ T5820]  do_syscall_64+0xf3/0x230
[   58.972184][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.978053][ T5820] 
[   58.980353][ T5820] The buggy address belongs to the object at ffff88814574c680
[   58.980353][ T5820]  which belongs to the cache kmalloc-96 of size 96
[   58.994203][ T5820] The buggy address is located 0 bytes inside of
[   58.994203][ T5820]  allocated 78-byte region [ffff88814574c680, ffff88814574c6ce)
[   59.008054][ T5820] 
[   59.010356][ T5820] The buggy address belongs to the physical page:
[   59.016748][ T5820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14574c
[   59.025572][ T5820] anon flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[   59.033176][ T5820] page_type: f5(slab)
[   59.037132][ T5820] raw: 057ff00000000000 ffff88801ac41280 0000000000000000 dead000000000001
[   59.045686][ T5820] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
[   59.054241][ T5820] page dumped because: kasan: bad access detected
[   59.060631][ T5820] page_owner tracks the page as allocated
[   59.066317][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 8791709313, free_ts 0
[   59.083819][ T5820]  post_alloc_hook+0x1f3/0x230
[   59.088559][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   59.094081][ T5820]  __alloc_pages_noprof+0x292/0x710
[   59.099256][ T5820]  alloc_pages_mpol_noprof+0x3e1/0x780
[   59.104689][ T5820]  alloc_slab_page+0x6a/0x110
[   59.109343][ T5820]  allocate_slab+0x5a/0x2b0
[   59.113824][ T5820]  ___slab_alloc+0xc27/0x14a0
[   59.118474][ T5820]  __slab_alloc+0x58/0xa0
[   59.122779][ T5820]  __kmalloc_cache_noprof+0x27b/0x390
[   59.128121][ T5820]  dev_pm_qos_expose_flags+0x91/0x2b0
[   59.133490][ T5820]  usb_hub_create_port_device+0x6dd/0xc10
[   59.139186][ T5820]  hub_probe+0x2503/0x3640
[   59.143579][ T5820]  usb_probe_interface+0x641/0xbb0
[   59.148667][ T5820]  really_probe+0x2b9/0xad0
[   59.153148][ T5820]  __driver_probe_device+0x1a2/0x390
[   59.158406][ T5820]  driver_probe_device+0x50/0x430
[   59.163405][ T5820] page_owner free stack trace missing
[   59.168742][ T5820] 
[   59.171041][ T5820] Memory state around the buggy address:
[   59.176641][ T5820]  ffff88814574c580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   59.184676][ T5820]  ffff88814574c600: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   59.192723][ T5820] >ffff88814574c680: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   59.200753][ T5820]                                               ^
[   59.207144][ T5820]  ffff88814574c700: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   59.215177][ T5820]  ffff88814574c780: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   59.223206][ T5820] ==================================================================
[   59.231854][ T5820] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.239057][ T5820] CPU: 1 UID: 0 PID: 5820 Comm: syz-executor271 Not tainted 6.13.0-syzkaller-02526-gc4b9570cfb63 #0
[   59.249809][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   59.259842][ T5820] Call Trace:
[   59.263107][ T5820]  <TASK>
[   59.266033][ T5820]  dump_stack_lvl+0x241/0x360
[   59.270688][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.275865][ T5820]  ? __pfx__printk+0x10/0x10
[   59.280432][ T5820]  ? preempt_schedule+0xe1/0xf0
[   59.285263][ T5820]  ? vscnprintf+0x5d/0x90
[   59.289568][ T5820]  panic+0x349/0x880
[   59.293442][ T5820]  ? check_panic_on_warn+0x21/0xb0
[   59.298529][ T5820]  ? __pfx_panic+0x10/0x10
[   59.302926][ T5820]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   59.308884][ T5820]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.315189][ T5820]  ? print_report+0x502/0x550
[   59.319840][ T5820]  check_panic_on_warn+0x86/0xb0
[   59.324759][ T5820]  ? hfs_bnode_read_key+0x314/0x450
[   59.329945][ T5820]  end_report+0x77/0x160
[   59.334175][ T5820]  kasan_report+0x154/0x180
[   59.338657][ T5820]  ? hfs_bnode_read_key+0x314/0x450
[   59.343838][ T5820]  kasan_check_range+0x282/0x290
[   59.348749][ T5820]  ? hfs_bnode_read_key+0x314/0x450
[   59.353924][ T5820]  __asan_memcpy+0x40/0x70
[   59.358323][ T5820]  hfs_bnode_read_key+0x314/0x450
[   59.363335][ T5820]  hfs_brec_insert+0x7f3/0xbd0
[   59.368081][ T5820]  ? __pfx_hfs_brec_insert+0x10/0x10
[   59.373349][ T5820]  hfs_cat_create+0x41d/0xa50
[   59.378004][ T5820]  ? __pfx_hfs_cat_create+0x10/0x10
[   59.383187][ T5820]  ? _raw_spin_unlock+0x28/0x50
[   59.388013][ T5820]  ? hfs_new_inode+0x86e/0xaf0
[   59.392755][ T5820]  hfs_create+0x66/0xe0
[   59.396888][ T5820]  ? __pfx_hfs_create+0x10/0x10
[   59.401713][ T5820]  path_openat+0x1c03/0x3590
[   59.406289][ T5820]  ? __pfx_path_openat+0x10/0x10
[   59.411204][ T5820]  do_filp_open+0x27f/0x4e0
[   59.415683][ T5820]  ? __pfx_do_filp_open+0x10/0x10
[   59.420689][ T5820]  ? do_raw_spin_lock+0x14f/0x370
[   59.425695][ T5820]  do_sys_openat2+0x13e/0x1d0
[   59.430346][ T5820]  ? __pfx_do_sys_openat2+0x10/0x10
[   59.435523][ T5820]  ? lockdep_hardirqs_on+0x99/0x150
[   59.440698][ T5820]  ? _raw_spin_unlock_irq+0x2e/0x50
[   59.445872][ T5820]  ? ptrace_notify+0x279/0x380
[   59.450616][ T5820]  __x64_sys_openat+0x247/0x2a0
[   59.455442][ T5820]  ? __pfx___x64_sys_openat+0x10/0x10
[   59.460792][ T5820]  ? do_syscall_64+0x100/0x230
[   59.465537][ T5820]  do_syscall_64+0xf3/0x230
[   59.470016][ T5820]  ? clear_bhb_loop+0x35/0x90
[   59.474674][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.480544][ T5820] RIP: 0033:0x7f2e92284679
[   59.484935][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.504514][ T5820] RSP: 002b:00007fffbd1bf8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   59.512905][ T5820] RAX: ffffffffffffffda RBX: 00007fffbd1bfa98 RCX: 00007f2e92284679
[   59.520850][ T5820] RDX: 000000000000275a RSI: 0000000020000200 RDI: 00000000ffffff9c
[   59.528797][ T5820] RBP: 00007f2e922f7610 R08: 0000000000000000 R09: 0000000000000000
[   59.536746][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.544693][ T5820] R13: 00007fffbd1bfa88 R14: 0000000000000001 R15: 0000000000000001
[   59.552644][ T5820]  </TASK>
[   59.555879][ T5820] Kernel Offset: disabled
[   59.560186][ T5820] Rebooting in 86400 seconds..