./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1511248922 <...> DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01 forked to background, child pid 3208 [ 31.753464][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.763230][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. execve("./syz-executor1511248922", ["./syz-executor1511248922"], 0x7fff74c31380 /* 10 vars */) = 0 brk(NULL) = 0x555556196000 brk(0x555556196c40) = 0x555556196c40 arch_prctl(ARCH_SET_FS, 0x555556196300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1511248922", 4096) = 28 brk(0x5555561b7c40) = 0x5555561b7c40 brk(0x5555561b8000) = 0x5555561b8000 mprotect(0x7f7f4ba65000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f43400000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 munmap(0x7f7f43400000, 32768) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfs", MS_RDONLY|MS_NOEXEC|MS_MANDLOCK|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_STRICTATIME, "dir_umask=00000000000000000000010,iocharset=koi8-r,") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 syzkaller login: [ 66.096343][ T3630] loop0: detected capacity change from 0 to 64 [ 66.107902][ T3630] ======================================================= [ 66.107902][ T3630] WARNING: The mand mount option has been deprecated and [ 66.107902][ T3630] and is ignored by this kernel. Remove the mand [ 66.107902][ T3630] option from the mount to silence this warning. [ 66.107902][ T3630] ======================================================= close(4) = 0 [ 66.153784][ T3630] ================================================================== [ 66.161908][ T3630] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0 [ 66.169240][ T3630] Write of size 1 at addr ffff88801d5631ce by task syz-executor151/3630 [ 66.177663][ T3630] [ 66.180004][ T3630] CPU: 0 PID: 3630 Comm: syz-executor151 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0 [ 66.190516][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 66.200870][ T3630] Call Trace: [ 66.204139][ T3630] [ 66.207083][ T3630] dump_stack_lvl+0x1b1/0x28e [ 66.211781][ T3630] ? nf_tcp_handle_invalid+0x62e/0x62e [ 66.217358][ T3630] ? __wake_up_klogd+0xcd/0x100 [ 66.222255][ T3630] ? panic+0x710/0x710 [ 66.226388][ T3630] ? _printk+0xc0/0x100 [ 66.230661][ T3630] ? _raw_spin_lock_irqsave+0x8e/0x100 [ 66.236235][ T3630] print_address_description+0x74/0x340 [ 66.241798][ T3630] print_report+0x107/0x1f0 [ 66.246349][ T3630] ? __virt_addr_valid+0x21b/0x2d0 [ 66.251589][ T3630] ? __phys_addr+0xb5/0x160 [ 66.256212][ T3630] ? hfs_asc2mac+0x467/0x9a0 [ 66.260814][ T3630] kasan_report+0xcd/0x100 [ 66.265332][ T3630] ? hfs_asc2mac+0x467/0x9a0 [ 66.269951][ T3630] hfs_asc2mac+0x467/0x9a0 [ 66.274367][ T3630] ? mutex_lock_io_nested+0x60/0x60 [ 66.279761][ T3630] ? hfs_mac2asc+0x850/0x850 [ 66.284362][ T3630] ? hfs_find_init+0x8b/0x1e0 [ 66.289062][ T3630] ? trace_kmalloc+0x30/0xf0 [ 66.293750][ T3630] ? __kmalloc+0xcc/0x1a0 [ 66.298101][ T3630] hfs_cat_build_key+0x92/0x170 [ 66.303131][ T3630] hfs_lookup+0x1ab/0x2c0 [ 66.307506][ T3630] ? hfs_dir_release+0x140/0x140 [ 66.312451][ T3630] ? d_alloc+0x193/0x1d0 [ 66.316777][ T3630] ? __lock_acquire+0x1f60/0x1f60 [ 66.321810][ T3630] ? do_raw_spin_lock+0x148/0x360 [ 66.326872][ T3630] ? __d_alloc+0x566/0x750 [ 66.331293][ T3630] ? _raw_spin_unlock+0x24/0x40 [ 66.336187][ T3630] ? d_alloc+0x193/0x1d0 [ 66.340427][ T3630] __lookup_hash+0x115/0x240 [ 66.345031][ T3630] filename_create+0x25f/0x4f0 [ 66.349816][ T3630] ? kern_path_create+0x180/0x180 [ 66.355029][ T3630] ? __might_fault+0xb6/0x110 [ 66.359700][ T3630] ? __lock_acquire+0x1f60/0x1f60 [ 66.364720][ T3630] ? __virt_addr_valid+0x21b/0x2d0 [ 66.369841][ T3630] do_mknodat+0x182/0x6b0 [ 66.374233][ T3630] ? do_o_path+0x240/0x240 [ 66.378661][ T3630] ? getname_flags+0x1ea/0x4e0 [ 66.383449][ T3630] __x64_sys_mknod+0x8a/0xa0 [ 66.388045][ T3630] do_syscall_64+0x3d/0xb0 [ 66.392465][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.398362][ T3630] RIP: 0033:0x7f7f4b9f8a79 [ 66.402772][ T3630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 66.422459][ T3630] RSP: 002b:00007ffeb4441a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 66.431039][ T3630] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f4b9f8a79 [ 66.439181][ T3630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0 [ 66.447148][ T3630] RBP: 00007f7f4b9b8080 R08: 0000000000000241 R09: 0000000000000000 [ 66.455200][ T3630] R10: 00007ffeb4441930 R11: 0000000000000246 R12: 00007f7f4b9b8110 [ 66.463244][ T3630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.471310][ T3630] [ 66.474401][ T3630] [ 66.476742][ T3630] Allocated by task 3630: [ 66.481094][ T3630] kasan_set_track+0x3d/0x60 [ 66.485692][ T3630] __kasan_kmalloc+0x97/0xb0 [ 66.490277][ T3630] __kmalloc+0xaf/0x1a0 [ 66.494432][ T3630] hfs_find_init+0x8b/0x1e0 [ 66.498931][ T3630] hfs_lookup+0x105/0x2c0 [ 66.503268][ T3630] __lookup_hash+0x115/0x240 [ 66.507868][ T3630] filename_create+0x25f/0x4f0 [ 66.512663][ T3630] do_mknodat+0x182/0x6b0 [ 66.516991][ T3630] __x64_sys_mknod+0x8a/0xa0 [ 66.521582][ T3630] do_syscall_64+0x3d/0xb0 [ 66.526547][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.532453][ T3630] [ 66.534770][ T3630] The buggy address belongs to the object at ffff88801d563180 [ 66.534770][ T3630] which belongs to the cache kmalloc-96 of size 96 [ 66.549517][ T3630] The buggy address is located 78 bytes inside of [ 66.549517][ T3630] 96-byte region [ffff88801d563180, ffff88801d5631e0) [ 66.562635][ T3630] [ 66.564972][ T3630] The buggy address belongs to the physical page: [ 66.571467][ T3630] page:ffffea00007558c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d563 [ 66.581718][ T3630] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 66.589273][ T3630] raw: 00fff00000000200 ffffea000087d900 dead000000000005 ffff888012841780 [ 66.597847][ T3630] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 66.607025][ T3630] page dumped because: kasan: bad access detected [ 66.613516][ T3630] page_owner tracks the page as allocated [ 66.619218][ T3630] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 3005, tgid 3005 (udevd), ts 27091868178, free_ts 27088146446 [ 66.636862][ T3630] get_page_from_freelist+0x742/0x7c0 [ 66.642592][ T3630] __alloc_pages+0x259/0x560 [ 66.647211][ T3630] alloc_slab_page+0x70/0xf0 [ 66.651819][ T3630] allocate_slab+0x5e/0x4b0 [ 66.656404][ T3630] ___slab_alloc+0x782/0xe20 [ 66.660987][ T3630] __kmem_cache_alloc_node+0x252/0x310 [ 66.666438][ T3630] __kmalloc+0x9e/0x1a0 [ 66.670768][ T3630] tomoyo_encode+0x26f/0x540 [ 66.675367][ T3630] tomoyo_realpath_from_path+0x5ae/0x5f0 [ 66.681023][ T3630] tomoyo_path2_perm+0x322/0xb00 [ 66.685973][ T3630] tomoyo_path_rename+0x194/0x1e0 [ 66.690998][ T3630] security_path_rename+0x161/0x230 [ 66.696387][ T3630] do_renameat2+0x768/0x1370 [ 66.701094][ T3630] __x64_sys_rename+0x82/0x90 [ 66.705768][ T3630] do_syscall_64+0x3d/0xb0 [ 66.710174][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.716072][ T3630] page last free stack trace: [ 66.720764][ T3630] free_pcp_prepare+0x80c/0x8f0 [ 66.725620][ T3630] free_unref_page+0x7d/0x5f0 [ 66.730326][ T3630] __vunmap+0x877/0x9e0 [ 66.734528][ T3630] free_work+0x66/0x90 [ 66.738595][ T3630] process_one_work+0x877/0xdb0 [ 66.743441][ T3630] worker_thread+0xb14/0x1330 [ 66.748113][ T3630] kthread+0x266/0x300 [ 66.752168][ T3630] ret_from_fork+0x1f/0x30 [ 66.756594][ T3630] [ 66.758912][ T3630] Memory state around the buggy address: [ 66.764556][ T3630] ffff88801d563080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 66.772628][ T3630] ffff88801d563100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 66.780693][ T3630] >ffff88801d563180: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 66.788744][ T3630] ^ [ 66.795144][ T3630] ffff88801d563200: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 66.803982][ T3630] ffff88801d563280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 66.812028][ T3630] ================================================================== [ 66.821140][ T3630] Kernel panic - not syncing: panic_on_warn set ... [ 66.827739][ T3630] CPU: 1 PID: 3630 Comm: syz-executor151 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0 [ 66.838151][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 66.848190][ T3630] Call Trace: [ 66.851454][ T3630] [ 66.854367][ T3630] dump_stack_lvl+0x1b1/0x28e [ 66.859033][ T3630] ? nf_tcp_handle_invalid+0x62e/0x62e [ 66.864471][ T3630] ? panic+0x710/0x710 [ 66.868520][ T3630] ? preempt_schedule_common+0xb7/0xe0 [ 66.873964][ T3630] ? vscnprintf+0x59/0x80 [ 66.878285][ T3630] panic+0x2d6/0x710 [ 66.882174][ T3630] ? memcpy_page_flushcache+0xfc/0xfc [ 66.887545][ T3630] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 66.893541][ T3630] ? rcu_read_lock_sched_held+0x5d/0x110 [ 66.899164][ T3630] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 66.905126][ T3630] ? hfs_asc2mac+0x467/0x9a0 [ 66.909723][ T3630] end_report+0x91/0xa0 [ 66.913870][ T3630] kasan_report+0xda/0x100 [ 66.918270][ T3630] ? hfs_asc2mac+0x467/0x9a0 [ 66.922857][ T3630] hfs_asc2mac+0x467/0x9a0 [ 66.927270][ T3630] ? mutex_lock_io_nested+0x60/0x60 [ 66.932471][ T3630] ? hfs_mac2asc+0x850/0x850 [ 66.937061][ T3630] ? hfs_find_init+0x8b/0x1e0 [ 66.941909][ T3630] ? trace_kmalloc+0x30/0xf0 [ 66.946489][ T3630] ? __kmalloc+0xcc/0x1a0 [ 66.950807][ T3630] hfs_cat_build_key+0x92/0x170 [ 66.955639][ T3630] hfs_lookup+0x1ab/0x2c0 [ 66.959952][ T3630] ? hfs_dir_release+0x140/0x140 [ 66.964866][ T3630] ? d_alloc+0x193/0x1d0 [ 66.969090][ T3630] ? __lock_acquire+0x1f60/0x1f60 [ 66.974104][ T3630] ? do_raw_spin_lock+0x148/0x360 [ 66.979146][ T3630] ? __d_alloc+0x566/0x750 [ 66.983567][ T3630] ? _raw_spin_unlock+0x24/0x40 [ 66.988447][ T3630] ? d_alloc+0x193/0x1d0 [ 66.992681][ T3630] __lookup_hash+0x115/0x240 [ 66.997272][ T3630] filename_create+0x25f/0x4f0 [ 67.002031][ T3630] ? kern_path_create+0x180/0x180 [ 67.007142][ T3630] ? __might_fault+0xb6/0x110 [ 67.011809][ T3630] ? __lock_acquire+0x1f60/0x1f60 [ 67.016817][ T3630] ? __virt_addr_valid+0x21b/0x2d0 [ 67.021917][ T3630] do_mknodat+0x182/0x6b0 [ 67.026233][ T3630] ? do_o_path+0x240/0x240 [ 67.030719][ T3630] ? getname_flags+0x1ea/0x4e0 [ 67.035480][ T3630] __x64_sys_mknod+0x8a/0xa0 [ 67.040157][ T3630] do_syscall_64+0x3d/0xb0 [ 67.044583][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.050470][ T3630] RIP: 0033:0x7f7f4b9f8a79 [ 67.054879][ T3630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 67.074480][ T3630] RSP: 002b:00007ffeb4441a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 67.082882][ T3630] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f4b9f8a79 [ 67.090850][ T3630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0 [ 67.098807][ T3630] RBP: 00007f7f4b9b8080 R08: 0000000000000241 R09: 0000000000000000 [ 67.106763][ T3630] R10: 00007ffeb4441930 R11: 0000000000000246 R12: 00007f7f4b9b8110 [ 67.114743][ T3630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 67.122711][ T3630] [ 67.126023][ T3630] Kernel Offset: disabled [ 67.130338][ T3630] Rebooting in 86400 seconds..