./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor823042538

<...>
Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts.
execve("./syz-executor823042538", ["./syz-executor823042538"], 0x7ffcce18b6c0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555569f000
brk(0x55555569fd00)                     = 0x55555569fd00
arch_prctl(ARCH_SET_FS, 0x55555569f380) = 0
set_tid_address(0x55555569f650)         = 5019
set_robust_list(0x55555569f660, 24)     = 0
rseq(0x55555569fca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor823042538", 4096) = 27
getrandom("\x10\xe9\x7c\x1a\xf1\xb0\xfd\xa3", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555569fd00
brk(0x5555556c0d00)                     = 0x5555556c0d00
brk(0x5555556c1000)                     = 0x5555556c1000
mprotect(0x7f98b2ae5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f98aa635000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f98aa635000, 524288)          = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
mount("/dev/loop0", "./file0", "hfsplus", MS_NODIRATIME|MS_SILENT, "\x74\x79\x70\x65\x3d\xfa\x35\x4a\x6d\x2c\x6e\x6c\x73\x3d\x69\x73\x6f\x38\x38\x35\x39\x2d\x31\x2c") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[   46.640279][ T5019] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5019 'syz-executor823'
[   46.659376][ T5019] loop0: detected capacity change from 0 to 1024
[   46.678914][ T5019] ==================================================================
[   46.687000][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[   46.694768][ T5019] Read of size 2 at addr ffff88801528c40c by task syz-executor823/5019
[   46.703072][ T5019] 
[   46.705382][ T5019] CPU: 1 PID: 5019 Comm: syz-executor823 Not tainted 6.5.0-rc7-syzkaller-00018-g89bf6209cad6 #0
[   46.715773][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   46.725816][ T5019] Call Trace:
[   46.729095][ T5019]  <TASK>
[   46.732009][ T5019]  dump_stack_lvl+0xd9/0x1b0
[   46.736604][ T5019]  print_report+0xc4/0x620
[   46.741017][ T5019]  ? __virt_addr_valid+0x5e/0x2d0
[   46.746118][ T5019]  ? __phys_addr+0xc6/0x140
[   46.750607][ T5019]  kasan_report+0xda/0x110
[   46.755017][ T5019]  ? hfsplus_uni2asc+0x8fd/0xa00
[   46.759943][ T5019]  ? hfsplus_uni2asc+0x8fd/0xa00
[   46.764875][ T5019]  hfsplus_uni2asc+0x8fd/0xa00
[   46.769629][ T5019]  hfsplus_readdir+0x871/0xff0
[   46.774382][ T5019]  ? hfsplus_dir_release+0x1c0/0x1c0
[   46.779652][ T5019]  ? add_lock_to_list+0x17d/0x380
[   46.784668][ T5019]  ? __lock_acquire+0x250f/0x5de0
[   46.789697][ T5019]  ? down_read_killable+0x222/0x4b0
[   46.794887][ T5019]  ? down_read+0x470/0x470
[   46.799315][ T5019]  ? fsnotify_perm.part.0+0x268/0x630
[   46.804692][ T5019]  ? apparmor_file_permission+0x21f/0x4f0
[   46.810438][ T5019]  iterate_dir+0x1e5/0x5f0
[   46.814850][ T5019]  __x64_sys_getdents64+0x14f/0x2e0
[   46.820047][ T5019]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   46.825326][ T5019]  ? fillonedir+0x400/0x400
[   46.829819][ T5019]  ? lockdep_hardirqs_on+0x7d/0x100
[   46.835014][ T5019]  ? _raw_spin_unlock_irq+0x2e/0x50
[   46.840222][ T5019]  ? ptrace_notify+0xf4/0x130
[   46.844894][ T5019]  do_syscall_64+0x38/0xb0
[   46.849300][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.855181][ T5019] RIP: 0033:0x7f98b2a72649
[   46.859606][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   46.879202][ T5019] RSP: 002b:00007fffec489e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   46.887603][ T5019] RAX: ffffffffffffffda RBX: 00007fffec489fe8 RCX: 00007f98b2a72649
[   46.895559][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[   46.903520][ T5019] RBP: 00007f98b2ae5610 R08: 0000000000000651 R09: 00007fffec489fe8
[   46.911476][ T5019] R10: 00007fffec489cd0 R11: 0000000000000246 R12: 0000000000000001
[   46.919431][ T5019] R13: 00007fffec489fd8 R14: 0000000000000001 R15: 0000000000000001
[   46.927390][ T5019]  </TASK>
[   46.930393][ T5019] 
[   46.933668][ T5019] Allocated by task 5019:
[   46.937975][ T5019]  kasan_save_stack+0x33/0x50
[   46.942647][ T5019]  kasan_set_track+0x25/0x30
[   46.947251][ T5019]  __kasan_kmalloc+0xa2/0xb0
[   46.951834][ T5019]  __kmalloc+0x5d/0x100
[   46.956002][ T5019]  hfsplus_find_init+0x95/0x200
[   46.960841][ T5019]  hfsplus_readdir+0x262/0xff0
[   46.965589][ T5019]  iterate_dir+0x1e5/0x5f0
[   46.970015][ T5019]  __x64_sys_getdents64+0x14f/0x2e0
[   46.975198][ T5019]  do_syscall_64+0x38/0xb0
[   46.979604][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.985503][ T5019] 
[   46.987809][ T5019] The buggy address belongs to the object at ffff88801528c000
[   46.987809][ T5019]  which belongs to the cache kmalloc-2k of size 2048
[   47.001850][ T5019] The buggy address is located 0 bytes to the right of
[   47.001850][ T5019]  allocated 1036-byte region [ffff88801528c000, ffff88801528c40c)
[   47.016439][ T5019] 
[   47.018748][ T5019] The buggy address belongs to the physical page:
[   47.025138][ T5019] page:ffffea000054a200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15288
[   47.035270][ T5019] head:ffffea000054a200 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.044187][ T5019] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   47.052172][ T5019] page_type: 0xffffffff()
[   47.056485][ T5019] raw: 00fff00000010200 ffff888012842000 dead000000000100 dead000000000122
[   47.065054][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   47.073624][ T5019] page dumped because: kasan: bad access detected
[   47.080013][ T5019] page_owner tracks the page as allocated
[   47.085704][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 1613420455, free_ts 0
[   47.105326][ T5019]  post_alloc_hook+0x2d2/0x350
[   47.110097][ T5019]  get_page_from_freelist+0x10a9/0x31e0
[   47.115642][ T5019]  __alloc_pages+0x1d0/0x4a0
[   47.120231][ T5019]  alloc_page_interleave+0x1e/0x250
[   47.125425][ T5019]  alloc_pages+0x22a/0x270
[   47.129834][ T5019]  allocate_slab+0x24e/0x380
[   47.134410][ T5019]  ___slab_alloc+0x8bc/0x1570
[   47.139096][ T5019]  __slab_alloc.constprop.0+0x56/0xa0
[   47.144456][ T5019]  __kmem_cache_alloc_node+0x137/0x350
[   47.149903][ T5019]  kmalloc_trace+0x25/0xe0
[   47.154308][ T5019]  acpi_ds_create_walk_state+0x78/0x240
[   47.159841][ T5019]  acpi_ds_auto_serialize_method+0xeb/0x250
[   47.165736][ T5019]  acpi_ds_init_one_object+0x359/0x450
[   47.171207][ T5019]  acpi_ns_walk_namespace+0x3fe/0x5a0
[   47.176566][ T5019]  acpi_ds_initialize_objects+0x150/0x1a0
[   47.182282][ T5019]  acpi_ns_load_table+0x8a/0x130
[   47.187204][ T5019] page_owner free stack trace missing
[   47.192571][ T5019] 
[   47.194875][ T5019] Memory state around the buggy address:
[   47.200518][ T5019]  ffff88801528c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.208563][ T5019]  ffff88801528c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.216693][ T5019] >ffff88801528c400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.224738][ T5019]                       ^
[   47.229044][ T5019]  ffff88801528c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.237086][ T5019]  ffff88801528c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.245129][ T5019] ==================================================================
[   47.253694][ T5019] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   47.260899][ T5019] CPU: 0 PID: 5019 Comm: syz-executor823 Not tainted 6.5.0-rc7-syzkaller-00018-g89bf6209cad6 #0
[   47.271315][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   47.281443][ T5019] Call Trace:
[   47.284707][ T5019]  <TASK>
[   47.287624][ T5019]  dump_stack_lvl+0xd9/0x1b0
[   47.292209][ T5019]  panic+0x6a4/0x750
[   47.296100][ T5019]  ? panic_smp_self_stop+0xa0/0xa0
[   47.301202][ T5019]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   47.307375][ T5019]  ? preempt_schedule_thunk+0x1a/0x30
[   47.312756][ T5019]  ? preempt_schedule_common+0x45/0xc0
[   47.318231][ T5019]  check_panic_on_warn+0xab/0xb0
[   47.323163][ T5019]  end_report+0x108/0x150
[   47.327500][ T5019]  kasan_report+0xea/0x110
[   47.331908][ T5019]  ? hfsplus_uni2asc+0x8fd/0xa00
[   47.336839][ T5019]  ? hfsplus_uni2asc+0x8fd/0xa00
[   47.341771][ T5019]  hfsplus_uni2asc+0x8fd/0xa00
[   47.346626][ T5019]  hfsplus_readdir+0x871/0xff0
[   47.351406][ T5019]  ? hfsplus_dir_release+0x1c0/0x1c0
[   47.356682][ T5019]  ? add_lock_to_list+0x17d/0x380
[   47.361706][ T5019]  ? __lock_acquire+0x250f/0x5de0
[   47.366846][ T5019]  ? down_read_killable+0x222/0x4b0
[   47.372043][ T5019]  ? down_read+0x470/0x470
[   47.376475][ T5019]  ? fsnotify_perm.part.0+0x268/0x630
[   47.381836][ T5019]  ? apparmor_file_permission+0x21f/0x4f0
[   47.387542][ T5019]  iterate_dir+0x1e5/0x5f0
[   47.391950][ T5019]  __x64_sys_getdents64+0x14f/0x2e0
[   47.397137][ T5019]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   47.402512][ T5019]  ? fillonedir+0x400/0x400
[   47.407014][ T5019]  ? lockdep_hardirqs_on+0x7d/0x100
[   47.412203][ T5019]  ? _raw_spin_unlock_irq+0x2e/0x50
[   47.417408][ T5019]  ? ptrace_notify+0xf4/0x130
[   47.422071][ T5019]  do_syscall_64+0x38/0xb0
[   47.426487][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   47.432367][ T5019] RIP: 0033:0x7f98b2a72649
[   47.436762][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   47.456355][ T5019] RSP: 002b:00007fffec489e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   47.464751][ T5019] RAX: ffffffffffffffda RBX: 00007fffec489fe8 RCX: 00007f98b2a72649
[   47.472731][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[   47.480698][ T5019] RBP: 00007f98b2ae5610 R08: 0000000000000651 R09: 00007fffec489fe8
[   47.488663][ T5019] R10: 00007fffec489cd0 R11: 0000000000000246 R12: 0000000000000001
[   47.496621][ T5019] R13: 00007fffec489fd8 R14: 0000000000000001 R15: 0000000000000001
[   47.504586][ T5019]  </TASK>
[   47.508385][ T5019] Kernel Offset: disabled
[   47.512689][ T5019] Rebooting in 86400 seconds..