./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4266706676

<...>
Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts.
execve("./syz-executor4266706676", ["./syz-executor4266706676"], 0x7fffbf35ece0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555b10000
brk(0x555555b10d00)                     = 0x555555b10d00
arch_prctl(ARCH_SET_FS, 0x555555b103c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4266706676", 4096) = 28
brk(0x555555b31d00)                     = 0x555555b31d00
brk(0x555555b32000)                     = 0x555555b32000
mprotect(0x7fdc3fc22000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fdc3fb73480, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fdc3fb744d0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fdc3fb73480, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fdc3fb744d0}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdc37600000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
munmap(0x7fdc37600000, 32768)           = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./bus", 0777)                    = 0
mount("/dev/loop0", "./bus", "hfs", MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x74\x75\x72\x6b\x69\x73\x68\x2c\x63\x72\x65\x61\x74\x6f\x72\x3d\x6e\x12\x35\x1b\x2c") = 0
openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
chdir("./bus")                          = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 8192
mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000300} ---
syzkaller login: [   49.717218][ T3631] loop0: detected capacity change from 0 to 64
[   49.744937][ T3631] ==================================================================
[   49.753046][ T3631] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0
[   49.760369][ T3631] Write of size 1 at addr ffff88801834f3ce by task syz-executor426/3631
[   49.768692][ T3631] 
[   49.770999][ T3631] CPU: 0 PID: 3631 Comm: syz-executor426 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   49.781381][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   49.791415][ T3631] Call Trace:
[   49.794674][ T3631]  <TASK>
[   49.797589][ T3631]  dump_stack_lvl+0x1b1/0x28e
[   49.802279][ T3631]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   49.807722][ T3631]  ? __wake_up_klogd+0xcd/0x100
[   49.812557][ T3631]  ? panic+0x710/0x710
[   49.816634][ T3631]  ? _printk+0xc0/0x100
[   49.820766][ T3631]  ? _raw_spin_lock_irqsave+0x8e/0x100
[   49.826214][ T3631]  print_address_description+0x74/0x340
[   49.831745][ T3631]  print_report+0x107/0x1f0
[   49.836229][ T3631]  ? __virt_addr_valid+0x21b/0x2d0
[   49.841323][ T3631]  ? __phys_addr+0xb5/0x160
[   49.845808][ T3631]  ? hfs_asc2mac+0x467/0x9a0
[   49.850387][ T3631]  kasan_report+0xcd/0x100
[   49.854787][ T3631]  ? hfs_asc2mac+0x467/0x9a0
[   49.859358][ T3631]  hfs_asc2mac+0x467/0x9a0
[   49.863756][ T3631]  ? mutex_lock_io_nested+0x60/0x60
[   49.868938][ T3631]  ? hfs_mac2asc+0x850/0x850
[   49.873509][ T3631]  ? hfs_find_init+0x8b/0x1e0
[   49.878169][ T3631]  ? trace_kmalloc+0x30/0xf0
[   49.882741][ T3631]  ? __kmalloc+0xcc/0x1a0
[   49.887055][ T3631]  hfs_cat_build_key+0x92/0x170
[   49.891884][ T3631]  hfs_lookup+0x1ab/0x2c0
[   49.896197][ T3631]  ? hfs_dir_release+0x140/0x140
[   49.901112][ T3631]  ? hook_path_mknod+0x157/0x4d0
[   49.906060][ T3631]  ? apparmor_path_mknod+0x466/0x530
[   49.911349][ T3631]  ? from_kgid+0x193/0x6b0
[   49.915769][ T3631]  ? generic_permission+0x214/0x4e0
[   49.920964][ T3631]  ? inode_permission+0xf5/0x450
[   49.925902][ T3631]  ? bpf_lsm_inode_create+0x5/0x10
[   49.931026][ T3631]  ? security_inode_create+0xdd/0x120
[   49.936438][ T3631]  ? hfs_dir_release+0x140/0x140
[   49.941364][ T3631]  path_openat+0x10e6/0x2df0
[   49.945955][ T3631]  ? do_filp_open+0x4f0/0x4f0
[   49.950615][ T3631]  do_filp_open+0x264/0x4f0
[   49.955109][ T3631]  ? vfs_tmpfile+0x490/0x490
[   49.959680][ T3631]  ? do_raw_spin_unlock+0x134/0x8a0
[   49.964865][ T3631]  ? _raw_spin_unlock+0x24/0x40
[   49.969699][ T3631]  ? alloc_fd+0x5a7/0x640
[   49.974014][ T3631]  do_sys_openat2+0x124/0x4e0
[   49.978677][ T3631]  ? print_irqtrace_events+0x220/0x220
[   49.984114][ T3631]  ? ptrace_stop+0x74d/0x970
[   49.988693][ T3631]  ? do_sys_open+0x220/0x220
[   49.993264][ T3631]  ? lockdep_hardirqs_on+0x8d/0x130
[   49.998445][ T3631]  ? _raw_spin_unlock_irq+0x2a/0x40
[   50.003625][ T3631]  ? ptrace_notify+0x245/0x340
[   50.008485][ T3631]  __x64_sys_openat+0x243/0x290
[   50.013318][ T3631]  ? __ia32_sys_open+0x270/0x270
[   50.018238][ T3631]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   50.024200][ T3631]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   50.030160][ T3631]  do_syscall_64+0x3d/0xb0
[   50.034558][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.040437][ T3631] RIP: 0033:0x7fdc3fbb5ec9
[   50.044833][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.064422][ T3631] RSP: 002b:00007ffe817b19e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   50.072815][ T3631] RAX: ffffffffffffffda RBX: 00007ffe817b19f8 RCX: 00007fdc3fbb5ec9
[   50.080766][ T3631] RDX: 000000000000275a RSI: 0000000020000300 RDI: 00000000ffffff9c
[   50.088716][ T3631] RBP: 00007ffe817b19f0 R08: 00007ffe817b19f0 R09: 00007fdc3fb73480
[   50.096671][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   50.104623][ T3631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.112579][ T3631]  </TASK>
[   50.115579][ T3631] 
[   50.117878][ T3631] Allocated by task 3631:
[   50.122180][ T3631]  kasan_set_track+0x3d/0x60
[   50.126752][ T3631]  __kasan_kmalloc+0x97/0xb0
[   50.131321][ T3631]  __kmalloc+0xaf/0x1a0
[   50.135458][ T3631]  hfs_find_init+0x8b/0x1e0
[   50.140309][ T3631]  hfs_lookup+0x105/0x2c0
[   50.144664][ T3631]  path_openat+0x10e6/0x2df0
[   50.149239][ T3631]  do_filp_open+0x264/0x4f0
[   50.153725][ T3631]  do_sys_openat2+0x124/0x4e0
[   50.158384][ T3631]  __x64_sys_openat+0x243/0x290
[   50.163237][ T3631]  do_syscall_64+0x3d/0xb0
[   50.167641][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.173541][ T3631] 
[   50.175853][ T3631] The buggy address belongs to the object at ffff88801834f380
[   50.175853][ T3631]  which belongs to the cache kmalloc-96 of size 96
[   50.190651][ T3631] The buggy address is located 78 bytes inside of
[   50.190651][ T3631]  96-byte region [ffff88801834f380, ffff88801834f3e0)
[   50.203831][ T3631] 
[   50.206151][ T3631] The buggy address belongs to the physical page:
[   50.212541][ T3631] page:ffffea000060d3c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1834f
[   50.222773][ T3631] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   50.230315][ T3631] raw: 00fff00000000200 ffffea000076c980 dead000000000002 ffff888012841780
[   50.238878][ T3631] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   50.247437][ T3631] page dumped because: kasan: bad access detected
[   50.253825][ T3631] page_owner tracks the page as allocated
[   50.259530][ T3631] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 3001, tgid 3001 (udevd), ts 26226968803, free_ts 26209754569
[   50.277047][ T3631]  get_page_from_freelist+0x742/0x7c0
[   50.282406][ T3631]  __alloc_pages+0x259/0x560
[   50.286981][ T3631]  alloc_slab_page+0x70/0xf0
[   50.291551][ T3631]  allocate_slab+0x5e/0x4b0
[   50.296035][ T3631]  ___slab_alloc+0x782/0xe20
[   50.300612][ T3631]  __kmem_cache_alloc_node+0x252/0x310
[   50.306055][ T3631]  __kmalloc+0x9e/0x1a0
[   50.310192][ T3631]  tomoyo_encode+0x26f/0x540
[   50.314833][ T3631]  tomoyo_realpath_from_path+0x5ae/0x5f0
[   50.320470][ T3631]  tomoyo_path_perm+0x227/0x670
[   50.325311][ T3631]  security_inode_getattr+0xc0/0x140
[   50.330589][ T3631]  vfs_statx+0x188/0x4a0
[   50.334812][ T3631]  __se_sys_newfstatat+0xed/0x7d0
[   50.339815][ T3631]  do_syscall_64+0x3d/0xb0
[   50.344212][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.350084][ T3631] page last free stack trace:
[   50.354758][ T3631]  free_pcp_prepare+0x80c/0x8f0
[   50.359611][ T3631]  free_unref_page+0x7d/0x5f0
[   50.364281][ T3631]  __mmdrop+0xb4/0x400
[   50.368328][ T3631]  exit_mm+0x1f5/0x2d0
[   50.372390][ T3631]  do_exit+0x5e7/0x2070
[   50.376549][ T3631]  do_group_exit+0x1fd/0x2b0
[   50.381119][ T3631]  __x64_sys_exit_group+0x3b/0x40
[   50.386125][ T3631]  do_syscall_64+0x3d/0xb0
[   50.390521][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.396572][ T3631] 
[   50.398878][ T3631] Memory state around the buggy address:
[   50.404485][ T3631]  ffff88801834f280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   50.412533][ T3631]  ffff88801834f300: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   50.420584][ T3631] >ffff88801834f380: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   50.428652][ T3631]                                               ^
[   50.435079][ T3631]  ffff88801834f400: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   50.443574][ T3631]  ffff88801834f480: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   50.451801][ T3631] ==================================================================
[   50.463001][ T3631] Kernel panic - not syncing: panic_on_warn set ...
[   50.469609][ T3631] CPU: 1 PID: 3631 Comm: syz-executor426 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   50.480008][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   50.490051][ T3631] Call Trace:
[   50.493314][ T3631]  <TASK>
[   50.496232][ T3631]  dump_stack_lvl+0x1b1/0x28e
[   50.500897][ T3631]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   50.506338][ T3631]  ? panic+0x710/0x710
[   50.510430][ T3631]  ? preempt_schedule_common+0xb7/0xe0
[   50.515873][ T3631]  ? vscnprintf+0x59/0x80
[   50.520186][ T3631]  panic+0x2d6/0x710
[   50.524065][ T3631]  ? memcpy_page_flushcache+0xfc/0xfc
[   50.529421][ T3631]  ? _raw_spin_unlock_irqrestore+0x110/0x120
[   50.535391][ T3631]  ? rcu_read_lock_sched_held+0x5d/0x110
[   50.541017][ T3631]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   50.547007][ T3631]  ? hfs_asc2mac+0x467/0x9a0
[   50.551597][ T3631]  end_report+0x91/0xa0
[   50.555751][ T3631]  kasan_report+0xda/0x100
[   50.560150][ T3631]  ? hfs_asc2mac+0x467/0x9a0
[   50.564723][ T3631]  hfs_asc2mac+0x467/0x9a0
[   50.569133][ T3631]  ? mutex_lock_io_nested+0x60/0x60
[   50.574342][ T3631]  ? hfs_mac2asc+0x850/0x850
[   50.578931][ T3631]  ? hfs_find_init+0x8b/0x1e0
[   50.583600][ T3631]  ? trace_kmalloc+0x30/0xf0
[   50.588175][ T3631]  ? __kmalloc+0xcc/0x1a0
[   50.592489][ T3631]  hfs_cat_build_key+0x92/0x170
[   50.597323][ T3631]  hfs_lookup+0x1ab/0x2c0
[   50.601636][ T3631]  ? hfs_dir_release+0x140/0x140
[   50.606553][ T3631]  ? hook_path_mknod+0x157/0x4d0
[   50.611477][ T3631]  ? apparmor_path_mknod+0x466/0x530
[   50.616746][ T3631]  ? from_kgid+0x193/0x6b0
[   50.621148][ T3631]  ? generic_permission+0x214/0x4e0
[   50.626333][ T3631]  ? inode_permission+0xf5/0x450
[   50.631268][ T3631]  ? bpf_lsm_inode_create+0x5/0x10
[   50.636384][ T3631]  ? security_inode_create+0xdd/0x120
[   50.641740][ T3631]  ? hfs_dir_release+0x140/0x140
[   50.646661][ T3631]  path_openat+0x10e6/0x2df0
[   50.651263][ T3631]  ? do_filp_open+0x4f0/0x4f0
[   50.655928][ T3631]  do_filp_open+0x264/0x4f0
[   50.660415][ T3631]  ? vfs_tmpfile+0x490/0x490
[   50.664991][ T3631]  ? do_raw_spin_unlock+0x134/0x8a0
[   50.670174][ T3631]  ? _raw_spin_unlock+0x24/0x40
[   50.675010][ T3631]  ? alloc_fd+0x5a7/0x640
[   50.679339][ T3631]  do_sys_openat2+0x124/0x4e0
[   50.684025][ T3631]  ? print_irqtrace_events+0x220/0x220
[   50.689484][ T3631]  ? ptrace_stop+0x74d/0x970
[   50.694063][ T3631]  ? do_sys_open+0x220/0x220
[   50.698665][ T3631]  ? lockdep_hardirqs_on+0x8d/0x130
[   50.703879][ T3631]  ? _raw_spin_unlock_irq+0x2a/0x40
[   50.709080][ T3631]  ? ptrace_notify+0x245/0x340
[   50.713840][ T3631]  __x64_sys_openat+0x243/0x290
[   50.718690][ T3631]  ? __ia32_sys_open+0x270/0x270
[   50.723660][ T3631]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   50.729637][ T3631]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   50.735786][ T3631]  do_syscall_64+0x3d/0xb0
[   50.740194][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.746072][ T3631] RIP: 0033:0x7fdc3fbb5ec9
[   50.750475][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.770077][ T3631] RSP: 002b:00007ffe817b19e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   50.778481][ T3631] RAX: ffffffffffffffda RBX: 00007ffe817b19f8 RCX: 00007fdc3fbb5ec9
[   50.786441][ T3631] RDX: 000000000000275a RSI: 0000000020000300 RDI: 00000000ffffff9c
[   50.794400][ T3631] RBP: 00007ffe817b19f0 R08: 00007ffe817b19f0 R09: 00007fdc3fb73480
[   50.802370][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   50.810380][ T3631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.818371][ T3631]  </TASK>
[   50.821714][ T3631] Kernel Offset: disabled
[   50.826293][ T3631] Rebooting in 86400 seconds..