./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2627212183

<...>
Warning: Permanently added '10.128.0.221' (ED25519) to the list of known hosts.
execve("./syz-executor2627212183", ["./syz-executor2627212183"], 0x7ffe64ba1c30 /* 10 vars */) = 0
brk(NULL)                               = 0x5555564f8000
brk(0x5555564f8d00)                     = 0x5555564f8d00
arch_prctl(ARCH_SET_FS, 0x5555564f8380) = 0
set_tid_address(0x5555564f8650)         = 5067
set_robust_list(0x5555564f8660, 24)     = 0
rseq(0x5555564f8ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2627212183", 4096) = 28
getrandom("\x00\xb1\x0a\x58\x84\xdb\xd0\x69", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555564f8d00
brk(0x555556519d00)                     = 0x555556519d00
brk(0x55555651a000)                     = 0x55555651a000
mprotect(0x7fb95c425000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb953f75000
[  105.527020][   T27] audit: type=1400 audit(1702116220.342:83): avc:  denied  { execmem } for  pid=5067 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  105.555351][   T27] audit: type=1400 audit(1702116220.372:84): avc:  denied  { append } for  pid=4497 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7fb953f75000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
[  105.577542][   T27] audit: type=1400 audit(1702116220.372:85): avc:  denied  { open } for  pid=4497 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  105.599978][   T27] audit: type=1400 audit(1702116220.372:86): avc:  denied  { getattr } for  pid=4497 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[  105.616306][ T5067] loop0: detected capacity change from 0 to 1024
[  105.622693][   T27] audit: type=1400 audit(1702116220.412:87): avc:  denied  { read write } for  pid=5067 comm="syz-executor262" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  105.653361][   T27] audit: type=1400 audit(1702116220.412:88): avc:  denied  { open } for  pid=5067 comm="syz-executor262" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
mount("/dev/loop0", "./file0", "hfsplus", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[  105.678398][   T27] audit: type=1400 audit(1702116220.432:89): avc:  denied  { ioctl } for  pid=5067 comm="syz-executor262" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  105.704865][   T27] audit: type=1400 audit(1702116220.492:90): avc:  denied  { mounton } for  pid=5067 comm="syz-executor262" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[  105.728193][   T27] audit: type=1400 audit(1702116220.522:91): avc:  denied  { mount } for  pid=5067 comm="syz-executor262" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  105.757651][ T5067] ==================================================================
[  105.765756][ T5067] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[  105.773444][ T5067] Read of size 2 at addr ffff88807a7f5218 by task syz-executor262/5067
[  105.781719][ T5067] 
[  105.784064][ T5067] CPU: 0 PID: 5067 Comm: syz-executor262 Not tainted 6.7.0-rc4-syzkaller-00358-gf2e8a57ee903 #0
[  105.794506][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[  105.804587][ T5067] Call Trace:
[  105.807875][ T5067]  <TASK>
[  105.810804][ T5067]  dump_stack_lvl+0xd9/0x1b0
[  105.815421][ T5067]  print_report+0xc4/0x620
[  105.819857][ T5067]  ? __virt_addr_valid+0x5e/0x2d0
[  105.824900][ T5067]  ? __phys_addr+0xc6/0x140
[  105.829426][ T5067]  kasan_report+0xda/0x110
[  105.833893][ T5067]  ? hfsplus_uni2asc+0x8fd/0xa00
[  105.838857][ T5067]  ? hfsplus_uni2asc+0x8fd/0xa00
[  105.843806][ T5067]  hfsplus_uni2asc+0x8fd/0xa00
[  105.848590][ T5067]  hfsplus_listxattr+0x6de/0xe10
[  105.853578][ T5067]  ? hfsplus_getxattr+0x160/0x160
[  105.858622][ T5067]  ? avc_perm_nonode+0xee/0x170
[  105.863484][ T5067]  ? kvmalloc_node+0x99/0x1a0
[  105.868184][ T5067]  ? inode_has_perm+0x19a/0x200
[  105.873056][ T5067]  ? selinux_inode_listxattr+0x104/0x160
[  105.878721][ T5067]  ? hfsplus_getxattr+0x160/0x160
[  105.883766][ T5067]  vfs_listxattr+0xb3/0x130
[  105.888280][ T5067]  listxattr+0x69/0x180
[  105.892472][ T5067]  path_listxattr+0xc3/0x160
[  105.897077][ T5067]  ? lockdep_hardirqs_on+0x7d/0x110
[  105.902316][ T5067]  ? listxattr+0x180/0x180
[  105.906777][ T5067]  ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[  105.913035][ T5067]  do_syscall_64+0x40/0x110
[  105.917563][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  105.923513][ T5067] RIP: 0033:0x7fb95c3b25b9
[  105.927929][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  105.947629][ T5067] RSP: 002b:00007fffe6332088 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  105.956050][ T5067] RAX: ffffffffffffffda RBX: 00007fffe6332268 RCX: 00007fb95c3b25b9
[  105.964029][ T5067] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[  105.972010][ T5067] RBP: 00007fb95c425610 R08: 0000000000000603 R09: 0000000000000000
[  105.979991][ T5067] R10: 00007fffe6331f50 R11: 0000000000000246 R12: 0000000000000001
[  105.987973][ T5067] R13: 00007fffe6332258 R14: 0000000000000001 R15: 0000000000000001
[  105.995963][ T5067]  </TASK>
[  105.999015][ T5067] 
[  106.001344][ T5067] Allocated by task 5067:
[  106.005701][ T5067]  kasan_save_stack+0x33/0x50
[  106.010385][ T5067]  kasan_set_track+0x25/0x30
[  106.015002][ T5067]  __kasan_kmalloc+0xa3/0xb0
[  106.019596][ T5067]  __kmalloc+0x59/0x90
[  106.023675][ T5067]  hfsplus_find_init+0x95/0x200
[  106.028537][ T5067]  hfsplus_listxattr+0x465/0xe10
[  106.033498][ T5067]  vfs_listxattr+0xb3/0x130
[  106.038029][ T5067]  listxattr+0x69/0x180
[  106.042189][ T5067]  path_listxattr+0xc3/0x160
[  106.046791][ T5067]  do_syscall_64+0x40/0x110
[  106.051317][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  106.057240][ T5067] 
[  106.059567][ T5067] The buggy address belongs to the object at ffff88807a7f5000
[  106.059567][ T5067]  which belongs to the cache kmalloc-1k of size 1024
[  106.073630][ T5067] The buggy address is located 0 bytes to the right of
[  106.073630][ T5067]  allocated 536-byte region [ffff88807a7f5000, ffff88807a7f5218)
[  106.088125][ T5067] 
[  106.090450][ T5067] The buggy address belongs to the physical page:
[  106.096860][ T5067] page:ffffea0001e9fd40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a7f5
[  106.107020][ T5067] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[  106.114566][ T5067] page_type: 0x2()
[  106.118300][ T5067] raw: 00fff00000000800 ffff888013040700 ffffea0001e81d10 ffffea0001e9d750
[  106.126894][ T5067] raw: 0000000000000000 ffff88807a7f5000 0000000100000002 0000000000000000
[  106.135495][ T5067] page dumped because: kasan: bad access detected
[  106.141903][ T5067] page_owner tracks the page as allocated
[  106.147621][ T5067] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 4594, tgid 4594 (udevd), ts 51156367647, free_ts 51014087839
[  106.167084][ T5067]  post_alloc_hook+0x2d0/0x350
[  106.171867][ T5067]  get_page_from_freelist+0xa25/0x36d0
[  106.177347][ T5067]  __alloc_pages+0x22e/0x2420
[  106.182043][ T5067]  cache_grow_begin+0x99/0x3a0
[  106.186836][ T5067]  cache_alloc_refill+0x295/0x3b0
[  106.191906][ T5067]  __kmem_cache_alloc_node+0x3ba/0x460
[  106.197398][ T5067]  __kmalloc+0x49/0x90
[  106.201529][ T5067]  load_elf_phdrs+0x103/0x210
[  106.206223][ T5067]  load_elf_binary+0x1fe/0x4e30
[  106.211086][ T5067]  bprm_execve+0x7f9/0x1a90
[  106.215636][ T5067]  do_execveat_common.isra.0+0x5d3/0x740
[  106.221286][ T5067]  __x64_sys_execve+0x8c/0xb0
[  106.225979][ T5067]  do_syscall_64+0x40/0x110
[  106.230493][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  106.236443][ T5067] page last free stack trace:
[  106.241117][ T5067]  free_unref_page_prepare+0x4fa/0xaa0
[  106.246608][ T5067]  free_unref_page+0x33/0x3b0
[  106.251317][ T5067]  slabs_destroy+0x85/0xc0
[  106.255761][ T5067]  ___cache_free+0x2b7/0x420
[  106.260392][ T5067]  qlist_free_all+0x4c/0x1b0
[  106.265020][ T5067]  kasan_quarantine_reduce+0x18e/0x1d0
[  106.270526][ T5067]  __kasan_slab_alloc+0x65/0x90
[  106.275400][ T5067]  kmem_cache_alloc_node+0x173/0x4a0
[  106.280715][ T5067]  __alloc_skb+0x287/0x330
[  106.285162][ T5067]  netlink_sendmsg+0x9c6/0xe40
[  106.289967][ T5067]  __sock_sendmsg+0xd5/0x180
[  106.294598][ T5067]  ____sys_sendmsg+0x6ac/0x940
[  106.299381][ T5067]  ___sys_sendmsg+0x135/0x1d0
[  106.304084][ T5067]  __sys_sendmsg+0x117/0x1e0
[  106.308693][ T5067]  do_syscall_64+0x40/0x110
[  106.313212][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  106.319131][ T5067] 
[  106.321479][ T5067] Memory state around the buggy address:
[  106.327124][ T5067]  ffff88807a7f5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  106.335195][ T5067]  ffff88807a7f5180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  106.343270][ T5067] >ffff88807a7f5200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.351346][ T5067]                             ^
[  106.356201][ T5067]  ffff88807a7f5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.364277][ T5067]  ffff88807a7f5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.372345][ T5067] ==================================================================
[  106.381123][ T5067] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  106.388355][ T5067] CPU: 1 PID: 5067 Comm: syz-executor262 Not tainted 6.7.0-rc4-syzkaller-00358-gf2e8a57ee903 #0
[  106.398810][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[  106.408895][ T5067] Call Trace:
[  106.412190][ T5067]  <TASK>
[  106.415135][ T5067]  dump_stack_lvl+0xd9/0x1b0
[  106.419756][ T5067]  panic+0x6dc/0x790
[  106.423688][ T5067]  ? panic_smp_self_stop+0xa0/0xa0
[  106.428819][ T5067]  ? preempt_schedule_thunk+0x1a/0x30
[  106.434321][ T5067]  ? preempt_schedule_common+0x45/0xc0
[  106.439810][ T5067]  ? check_panic_on_warn+0x1f/0xb0
[  106.444952][ T5067]  check_panic_on_warn+0xab/0xb0
[  106.449913][ T5067]  end_report+0x108/0x150
[  106.454260][ T5067]  kasan_report+0xea/0x110
[  106.458714][ T5067]  ? hfsplus_uni2asc+0x8fd/0xa00
[  106.463670][ T5067]  ? hfsplus_uni2asc+0x8fd/0xa00
[  106.468628][ T5067]  hfsplus_uni2asc+0x8fd/0xa00
[  106.473417][ T5067]  hfsplus_listxattr+0x6de/0xe10
[  106.478380][ T5067]  ? hfsplus_getxattr+0x160/0x160
[  106.483419][ T5067]  ? avc_perm_nonode+0xee/0x170
[  106.488283][ T5067]  ? kvmalloc_node+0x99/0x1a0
[  106.492978][ T5067]  ? inode_has_perm+0x19a/0x200
[  106.497857][ T5067]  ? selinux_inode_listxattr+0x104/0x160
[  106.503524][ T5067]  ? hfsplus_getxattr+0x160/0x160
[  106.508577][ T5067]  vfs_listxattr+0xb3/0x130
[  106.513115][ T5067]  listxattr+0x69/0x180
[  106.517311][ T5067]  path_listxattr+0xc3/0x160
[  106.521933][ T5067]  ? lockdep_hardirqs_on+0x7d/0x110
[  106.527182][ T5067]  ? listxattr+0x180/0x180
[  106.531612][ T5067]  ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[  106.537885][ T5067]  do_syscall_64+0x40/0x110
[  106.542418][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  106.548381][ T5067] RIP: 0033:0x7fb95c3b25b9
[  106.552824][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  106.572450][ T5067] RSP: 002b:00007fffe6332088 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  106.580888][ T5067] RAX: ffffffffffffffda RBX: 00007fffe6332268 RCX: 00007fb95c3b25b9
[  106.588894][ T5067] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[  106.596885][ T5067] RBP: 00007fb95c425610 R08: 0000000000000603 R09: 0000000000000000
[  106.604867][ T5067] R10: 00007fffe6331f50 R11: 0000000000000246 R12: 0000000000000001
[  106.612863][ T5067] R13: 00007fffe6332258 R14: 0000000000000001 R15: 0000000000000001
[  106.620870][ T5067]  </TASK>
[  106.624194][ T5067] Kernel Offset: disabled
[  106.628529][ T5067] Rebooting in 86400 seconds..