./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2384778035 <...> Warning: Permanently added '10.128.10.32' (ED25519) to the list of known hosts. execve("./syz-executor2384778035", ["./syz-executor2384778035"], 0x7fff22880070 /* 10 vars */) = 0 brk(NULL) = 0x5555953ae000 brk(0x5555953aed00) = 0x5555953aed00 arch_prctl(ARCH_SET_FS, 0x5555953ae380) = 0 set_tid_address(0x5555953ae650) = 5775 set_robust_list(0x5555953ae660, 24) = 0 rseq(0x5555953aeca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2384778035", 4096) = 28 getrandom("\x8c\xf3\xe1\x65\x7d\x01\x3b\xfa", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555953aed00 brk(0x5555953cfd00) = 0x5555953cfd00 brk(0x5555953d0000) = 0x5555953d0000 mprotect(0x7f59e9a3a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555953ae650) = 5776 ./strace-static-x86_64: Process 5776 attached [pid 5776] set_robust_list(0x5555953ae660, 24) = 0 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5776] setpgid(0, 0) = 0 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5776] write(3, "1000", 4executing program ) = 4 [pid 5776] close(3) = 0 [pid 5776] write(1, "executing program\n", 18) = 18 [pid 5776] memfd_create("syzkaller", 0) = 3 [pid 5776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59e1400000 [pid 5776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5776] munmap(0x7f59e1400000, 138412032) = 0 [pid 5776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5776] close(3) = 0 [pid 5776] close(4) = 0 [pid 5776] mkdir("./file1", 0777) = 0 [pid 5776] mount("/dev/loop0", "./file1", "hfs", MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_I_VERSION|MS_LAZYTIME, "") = 0 [pid 5776] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5776] chdir("./file1") = 0 [ 182.882940][ T5776] loop0: detected capacity change from 0 to 64 [pid 5776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 182.944084][ T5776] ===================================================== [ 182.951416][ T5776] BUG: KMSAN: uninit-value in hfs_free_fork+0x6b4/0xa50 [ 182.958726][ T5776] hfs_free_fork+0x6b4/0xa50 [ 182.963651][ T5776] hfs_cat_delete+0x501/0xb90 [ 182.968521][ T5776] hfs_remove+0x16a/0x2f0 [ 182.973101][ T5776] vfs_unlink+0x676/0xa90 [ 182.977646][ T5776] do_unlinkat+0x823/0xe20 [ 182.982277][ T5776] __x64_sys_unlink+0x76/0xa0 [ 182.987333][ T5776] x64_sys_call+0x2957/0x3c30 [ 182.992226][ T5776] do_syscall_64+0xcd/0x1e0 [ 182.997068][ T5776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.003252][ T5776] [ 183.005676][ T5776] Uninit was created at: [ 183.010187][ T5776] __kmalloc_noprof+0x923/0x1230 [ 183.015486][ T5776] hfs_find_init+0x91/0x250 [ 183.020206][ T5776] hfs_free_fork+0x3bb/0xa50 [ 183.025075][ T5776] hfs_cat_delete+0x501/0xb90 [ 183.029935][ T5776] hfs_remove+0x16a/0x2f0 [ 183.034548][ T5776] vfs_unlink+0x676/0xa90 [ 183.039086][ T5776] do_unlinkat+0x823/0xe20 [ 183.043852][ T5776] __x64_sys_unlink+0x76/0xa0 [ 183.048753][ T5776] x64_sys_call+0x2957/0x3c30 [ 183.053715][ T5776] do_syscall_64+0xcd/0x1e0 [ 183.058387][ T5776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.064572][ T5776] [ 183.067024][ T5776] CPU: 0 UID: 0 PID: 5776 Comm: syz-executor238 Not tainted 6.13.0-rc3-syzkaller-00062-gc061cf420ded #0 [ 183.078376][ T5776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 183.088619][ T5776] ===================================================== [ 183.095754][ T5776] Disabling lock debugging due to kernel taint [ 183.102003][ T5776] Kernel panic - not syncing: kmsan.panic set ... [ 183.108496][ T5776] CPU: 0 UID: 0 PID: 5776 Comm: syz-executor238 Tainted: G B 6.13.0-rc3-syzkaller-00062-gc061cf420ded #0 [ 183.121207][ T5776] Tainted: [B]=BAD_PAGE [ 183.125419][ T5776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 183.135560][ T5776] Call Trace: [ 183.138934][ T5776] [ 183.141936][ T5776] dump_stack_lvl+0x216/0x2d0 [ 183.146741][ T5776] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 183.152672][ T5776] dump_stack+0x1e/0x24 [ 183.156941][ T5776] panic+0x4e2/0xcf0 [ 183.160969][ T5776] ? kmsan_get_metadata+0x71/0x1c0 [ 183.166263][ T5776] kmsan_report+0x2c7/0x2d0 [ 183.170872][ T5776] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 183.177343][ T5776] ? __msan_warning+0x95/0x120 [ 183.182232][ T5776] ? hfs_free_fork+0x6b4/0xa50 [ 183.187122][ T5776] ? hfs_cat_delete+0x501/0xb90 [ 183.192075][ T5776] ? hfs_remove+0x16a/0x2f0 [ 183.196677][ T5776] ? vfs_unlink+0x676/0xa90 [ 183.201295][ T5776] ? do_unlinkat+0x823/0xe20 [ 183.206026][ T5776] ? __x64_sys_unlink+0x76/0xa0 [ 183.211065][ T5776] ? x64_sys_call+0x2957/0x3c30 [ 183.216042][ T5776] ? do_syscall_64+0xcd/0x1e0 [ 183.220812][ T5776] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.227009][ T5776] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 183.232941][ T5776] ? stack_depot_save_flags+0x6db/0x750 [ 183.238613][ T5776] ? kmsan_get_metadata+0x13e/0x1c0 [ 183.243910][ T5776] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 183.250368][ T5776] ? kmsan_get_metadata+0x13e/0x1c0 [ 183.255679][ T5776] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 183.261586][ T5776] ? hfs_brec_find+0x87c/0x980 [ 183.266477][ T5776] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 183.272691][ T5776] ? kmsan_get_metadata+0x13e/0x1c0 [ 183.277989][ T5776] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 183.283897][ T5776] __msan_warning+0x95/0x120 [ 183.288609][ T5776] hfs_free_fork+0x6b4/0xa50 [ 183.293318][ T5776] hfs_cat_delete+0x501/0xb90 [ 183.298152][ T5776] hfs_remove+0x16a/0x2f0 [ 183.302664][ T5776] ? __pfx_hfs_remove+0x10/0x10 [ 183.307671][ T5776] vfs_unlink+0x676/0xa90 [ 183.312128][ T5776] do_unlinkat+0x823/0xe20 [ 183.316673][ T5776] __x64_sys_unlink+0x76/0xa0 [ 183.321472][ T5776] x64_sys_call+0x2957/0x3c30 [ 183.326281][ T5776] do_syscall_64+0xcd/0x1e0 [ 183.330877][ T5776] ? clear_bhb_loop+0x25/0x80 [ 183.335677][ T5776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.341706][ T5776] RIP: 0033:0x7f59e99c6a59 [ 183.346202][ T5776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 183.365955][ T5776] RSP: 002b:00007ffd22655f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 183.374556][ T5776] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f59e99c6a59 [ 183.382651][ T5776] RDX: 00007f59e99c5a51 RSI: 0000000000000000 RDI: 0000000020000080 [ 183.390763][ T5776] RBP: 00007f59e9a3a5f0 R08: 00000000000002a1 R09: 00005555953af4c0 [ 183.398827][ T5776] R10: 00007ffd22655e60 R11: 0000000000000246 R12: 00007ffd22655fc0 [ 183.406889][ T5776] R13: 00007ffd226561e8 R14: 431bde82d7b634db R15: 00007f59e9a0f03b [ 183.414964][ T5776] [ 183.418318][ T5776] Kernel Offset: disabled [ 183.422709][ T5776] Rebooting in 86400 seconds..