./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2031978463

<...>
forked to background, child pid 3207
no interfaces have a carrier
[   28.537090][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.560257][ T3208] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.125' (ECDSA) to the list of known hosts.
execve("./syz-executor2031978463", ["./syz-executor2031978463"], 0x7ffce26cb360 /* 10 vars */) = 0
brk(NULL)                               = 0x555556cb2000
brk(0x555556cb2d00)                     = 0x555556cb2d00
arch_prctl(ARCH_SET_FS, 0x555556cb23c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2031978463", 4096) = 28
brk(0x555556cd3d00)                     = 0x555556cd3d00
brk(0x555556cd4000)                     = 0x555556cd4000
mprotect(0x7fa80a21b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fa80a16c480, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fa80a16d4d0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fa80a16c480, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fa80a16d4d0}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa801d62000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
munmap(0x7fa801d62000, 32768)           = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./bus", 0777)                    = 0
mount("/dev/loop0", "./bus", "hfs", MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d\x61\x63\x74\x75\x72\x6b\x69\x73\x68\x2c\x63\x72\x65\x61\x74\x6f\x72\x3d\x6e\x12\x35\x1b\x2c") = 0
openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
chdir("./bus")                          = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 8192
mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000300} ---
syzkaller login: [   56.249309][ T3632] loop0: detected capacity change from 0 to 64
[   56.274154][ T3632] ==================================================================
[   56.282273][ T3632] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x693/0x720
[   56.289606][ T3632] Write of size 1 at addr ffff8880220d5ace by task syz-executor203/3632
[   56.297918][ T3632] 
[   56.300220][ T3632] CPU: 0 PID: 3632 Comm: syz-executor203 Not tainted 6.1.0-syzkaller #0
[   56.308532][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.318568][ T3632] Call Trace:
[   56.321826][ T3632]  <TASK>
[   56.324738][ T3632]  dump_stack_lvl+0xd1/0x138
[   56.329332][ T3632]  print_report+0x15e/0x45d
[   56.333850][ T3632]  ? __phys_addr+0xc8/0x140
[   56.338344][ T3632]  ? hfs_asc2mac+0x693/0x720
[   56.342919][ T3632]  kasan_report+0xbf/0x1f0
[   56.347318][ T3632]  ? hfs_asc2mac+0x693/0x720
[   56.351893][ T3632]  hfs_asc2mac+0x693/0x720
[   56.356293][ T3632]  ? hfs_mac2asc+0x530/0x530
[   56.360884][ T3632]  ? hfs_find_init+0x95/0x240
[   56.365545][ T3632]  ? rcu_read_lock_sched_held+0x3e/0x70
[   56.371081][ T3632]  hfs_cat_build_key+0xc4/0x170
[   56.375918][ T3632]  hfs_lookup+0x1c6/0x310
[   56.380242][ T3632]  ? hfs_rename+0x210/0x210
[   56.384745][ T3632]  ? d_alloc_parallel+0x694/0x1410
[   56.389859][ T3632]  ? map_id_up+0x178/0x2f0
[   56.394362][ T3632]  ? apparmor_path_mknod+0x16a/0x720
[   56.399658][ T3632]  ? from_kgid+0x8b/0xd0
[   56.403898][ T3632]  ? from_kuid_munged+0x130/0x130
[   56.408914][ T3632]  ? generic_permission+0x38e/0x7b0
[   56.414111][ T3632]  ? bpf_lsm_inode_permission+0x9/0x10
[   56.419559][ T3632]  ? security_inode_permission+0xc9/0xf0
[   56.425189][ T3632]  ? bpf_lsm_inode_create+0x9/0x10
[   56.430303][ T3632]  lookup_open.isra.0+0x76a/0x12a0
[   56.435424][ T3632]  ? link_path_walk.part.0+0xe20/0xe20
[   56.440893][ T3632]  path_openat+0x996/0x2860
[   56.445401][ T3632]  ? path_lookupat+0x840/0x840
[   56.450172][ T3632]  do_filp_open+0x1ba/0x410
[   56.454847][ T3632]  ? may_open_dev+0xf0/0xf0
[   56.459346][ T3632]  ? find_held_lock+0x2d/0x110
[   56.464108][ T3632]  ? do_raw_spin_lock+0x124/0x2b0
[   56.469123][ T3632]  ? rwlock_bug.part.0+0x90/0x90
[   56.474050][ T3632]  ? _raw_spin_unlock+0x28/0x40
[   56.478892][ T3632]  ? alloc_fd+0x2d8/0x6d0
[   56.483213][ T3632]  do_sys_openat2+0x16d/0x4c0
[   56.487885][ T3632]  ? build_open_flags+0x6f0/0x6f0
[   56.492903][ T3632]  ? ptrace_notify+0xfe/0x140
[   56.497578][ T3632]  ? lock_downgrade+0x6e0/0x6e0
[   56.502430][ T3632]  __x64_sys_openat+0x143/0x1f0
[   56.507275][ T3632]  ? __ia32_sys_open+0x1c0/0x1c0
[   56.512208][ T3632]  ? _raw_spin_unlock_irq+0x23/0x50
[   56.517407][ T3632]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.522603][ T3632]  ? _raw_spin_unlock_irq+0x2e/0x50
[   56.527800][ T3632]  ? ptrace_notify+0xfe/0x140
[   56.532478][ T3632]  do_syscall_64+0x39/0xb0
[   56.536888][ T3632]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.542778][ T3632] RIP: 0033:0x7fa80a1aeec9
[   56.547180][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.566782][ T3632] RSP: 002b:00007ffdbe5ebbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   56.575188][ T3632] RAX: ffffffffffffffda RBX: 00007ffdbe5ebbc8 RCX: 00007fa80a1aeec9
[   56.583160][ T3632] RDX: 000000000000275a RSI: 0000000020000300 RDI: 00000000ffffff9c
[   56.591122][ T3632] RBP: 00007ffdbe5ebbc0 R08: 00007ffdbe5ebbc0 R09: 00007fa80a16c480
[   56.599081][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   56.607040][ T3632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.615007][ T3632]  </TASK>
[   56.618013][ T3632] 
[   56.620322][ T3632] Allocated by task 3632:
[   56.624637][ T3632]  kasan_save_stack+0x22/0x40
[   56.629306][ T3632]  kasan_set_track+0x25/0x30
[   56.633884][ T3632]  __kasan_kmalloc+0xa5/0xb0
[   56.638461][ T3632]  __kmalloc+0x5a/0xd0
[   56.642515][ T3632]  hfs_find_init+0x95/0x240
[   56.647005][ T3632]  hfs_lookup+0x102/0x310
[   56.651329][ T3632]  lookup_open.isra.0+0x76a/0x12a0
[   56.656440][ T3632]  path_openat+0x996/0x2860
[   56.660942][ T3632]  do_filp_open+0x1ba/0x410
[   56.665429][ T3632]  do_sys_openat2+0x16d/0x4c0
[   56.670103][ T3632]  __x64_sys_openat+0x143/0x1f0
[   56.674948][ T3632]  do_syscall_64+0x39/0xb0
[   56.679356][ T3632]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.685238][ T3632] 
[   56.687549][ T3632] The buggy address belongs to the object at ffff8880220d5a80
[   56.687549][ T3632]  which belongs to the cache kmalloc-96 of size 96
[   56.701421][ T3632] The buggy address is located 78 bytes inside of
[   56.701421][ T3632]  96-byte region [ffff8880220d5a80, ffff8880220d5ae0)
[   56.714514][ T3632] 
[   56.716819][ T3632] The buggy address belongs to the physical page:
[   56.723209][ T3632] page:ffffea0000883540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x220d5
[   56.733347][ T3632] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   56.740887][ T3632] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888012041780
[   56.749457][ T3632] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   56.758021][ T3632] page dumped because: kasan: bad access detected
[   56.764410][ T3632] page_owner tracks the page as allocated
[   56.770106][ T3632] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 7851050128, free_ts 7430834663
[   56.787469][ T3632]  get_page_from_freelist+0x10b5/0x2d50
[   56.793023][ T3632]  __alloc_pages+0x1cb/0x5b0
[   56.797610][ T3632]  alloc_page_interleave+0x1e/0x200
[   56.802799][ T3632]  alloc_pages+0x233/0x270
[   56.807205][ T3632]  allocate_slab+0x25f/0x350
[   56.811780][ T3632]  ___slab_alloc+0xa91/0x1400
[   56.816444][ T3632]  __slab_alloc.constprop.0+0x56/0xa0
[   56.821802][ T3632]  __kmem_cache_alloc_node+0x199/0x3e0
[   56.827252][ T3632]  kmalloc_trace+0x26/0x60
[   56.831663][ T3632]  dev_pm_qos_expose_flags+0x9c/0x310
[   56.837022][ T3632]  usb_hub_create_port_device+0x9c5/0xd70
[   56.842733][ T3632]  hub_probe.cold+0x2534/0x2aa3
[   56.847578][ T3632]  usb_probe_interface+0x30f/0x7f0
[   56.852677][ T3632]  really_probe+0x249/0xb90
[   56.857167][ T3632]  __driver_probe_device+0x1df/0x4d0
[   56.862444][ T3632]  driver_probe_device+0x4c/0x1a0
[   56.867461][ T3632] page last free stack trace:
[   56.872112][ T3632]  free_pcp_prepare+0x65c/0xd90
[   56.876952][ T3632]  free_unref_page+0x1d/0x4d0
[   56.881709][ T3632]  __vunmap+0x85d/0xd30
[   56.885851][ T3632]  free_work+0x5c/0x80
[   56.889905][ T3632]  process_one_work+0x9bf/0x1710
[   56.894827][ T3632]  worker_thread+0x669/0x1090
[   56.899490][ T3632]  kthread+0x2e8/0x3a0
[   56.903541][ T3632]  ret_from_fork+0x1f/0x30
[   56.907955][ T3632] 
[   56.910261][ T3632] Memory state around the buggy address:
[   56.915871][ T3632]  ffff8880220d5980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   56.923922][ T3632]  ffff8880220d5a00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   56.931971][ T3632] >ffff8880220d5a80: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   56.940019][ T3632]                                               ^
[   56.946415][ T3632]  ffff8880220d5b00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   56.954471][ T3632]  ffff8880220d5b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   56.962518][ T3632] ==================================================================
[   56.970830][ T3632] Kernel panic - not syncing: panic_on_warn set ...
[   56.977427][ T3632] CPU: 0 PID: 3632 Comm: syz-executor203 Not tainted 6.1.0-syzkaller #0
[   56.985780][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.995829][ T3632] Call Trace:
[   56.999094][ T3632]  <TASK>
[   57.002010][ T3632]  dump_stack_lvl+0xd1/0x138
[   57.006593][ T3632]  panic+0x2cc/0x626
[   57.010485][ T3632]  ? panic_print_sys_info.part.0+0x110/0x110
[   57.016464][ T3632]  ? preempt_schedule_common+0x59/0xc0
[   57.021921][ T3632]  ? preempt_schedule_thunk+0x1a/0x1c
[   57.027296][ T3632]  end_report.part.0+0x3f/0x7c
[   57.032056][ T3632]  ? hfs_asc2mac+0x693/0x720
[   57.036643][ T3632]  kasan_report.cold+0xa/0xf
[   57.041231][ T3632]  ? hfs_asc2mac+0x693/0x720
[   57.045819][ T3632]  hfs_asc2mac+0x693/0x720
[   57.050262][ T3632]  ? hfs_mac2asc+0x530/0x530
[   57.054848][ T3632]  ? hfs_find_init+0x95/0x240
[   57.059524][ T3632]  ? rcu_read_lock_sched_held+0x3e/0x70
[   57.065073][ T3632]  hfs_cat_build_key+0xc4/0x170
[   57.069922][ T3632]  hfs_lookup+0x1c6/0x310
[   57.074255][ T3632]  ? hfs_rename+0x210/0x210
[   57.078762][ T3632]  ? d_alloc_parallel+0x694/0x1410
[   57.083881][ T3632]  ? map_id_up+0x178/0x2f0
[   57.088292][ T3632]  ? apparmor_path_mknod+0x16a/0x720
[   57.093575][ T3632]  ? from_kgid+0x8b/0xd0
[   57.097818][ T3632]  ? from_kuid_munged+0x130/0x130
[   57.102840][ T3632]  ? generic_permission+0x38e/0x7b0
[   57.108046][ T3632]  ? bpf_lsm_inode_permission+0x9/0x10
[   57.113501][ T3632]  ? security_inode_permission+0xc9/0xf0
[   57.119140][ T3632]  ? bpf_lsm_inode_create+0x9/0x10
[   57.124266][ T3632]  lookup_open.isra.0+0x76a/0x12a0
[   57.129393][ T3632]  ? link_path_walk.part.0+0xe20/0xe20
[   57.134869][ T3632]  path_openat+0x996/0x2860
[   57.139398][ T3632]  ? path_lookupat+0x840/0x840
[   57.144171][ T3632]  do_filp_open+0x1ba/0x410
[   57.148662][ T3632]  ? may_open_dev+0xf0/0xf0
[   57.153155][ T3632]  ? find_held_lock+0x2d/0x110
[   57.158045][ T3632]  ? do_raw_spin_lock+0x124/0x2b0
[   57.164422][ T3632]  ? rwlock_bug.part.0+0x90/0x90
[   57.170564][ T3632]  ? _raw_spin_unlock+0x28/0x40
[   57.175537][ T3632]  ? alloc_fd+0x2d8/0x6d0
[   57.179981][ T3632]  do_sys_openat2+0x16d/0x4c0
[   57.184775][ T3632]  ? build_open_flags+0x6f0/0x6f0
[   57.189850][ T3632]  ? ptrace_notify+0xfe/0x140
[   57.194524][ T3632]  ? lock_downgrade+0x6e0/0x6e0
[   57.199371][ T3632]  __x64_sys_openat+0x143/0x1f0
[   57.204215][ T3632]  ? __ia32_sys_open+0x1c0/0x1c0
[   57.209150][ T3632]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.214345][ T3632]  ? lockdep_hardirqs_on+0x7d/0x100
[   57.219540][ T3632]  ? _raw_spin_unlock_irq+0x2e/0x50
[   57.224737][ T3632]  ? ptrace_notify+0xfe/0x140
[   57.229420][ T3632]  do_syscall_64+0x39/0xb0
[   57.233923][ T3632]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.239812][ T3632] RIP: 0033:0x7fa80a1aeec9
[   57.244213][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.263815][ T3632] RSP: 002b:00007ffdbe5ebbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   57.272234][ T3632] RAX: ffffffffffffffda RBX: 00007ffdbe5ebbc8 RCX: 00007fa80a1aeec9
[   57.280201][ T3632] RDX: 000000000000275a RSI: 0000000020000300 RDI: 00000000ffffff9c
[   57.288162][ T3632] RBP: 00007ffdbe5ebbc0 R08: 00007ffdbe5ebbc0 R09: 00007fa80a16c480
[   57.296118][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   57.304075][ T3632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   57.312037][ T3632]  </TASK>
[   57.315918][ T3632] Kernel Offset: disabled
[   57.320233][ T3632] Rebooting in 86400 seconds..