./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1627948974 <...> Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts. execve("./syz-executor1627948974", ["./syz-executor1627948974"], 0x7fff8713ae70 /* 10 vars */) = 0 brk(NULL) = 0x55557143a000 brk(0x55557143ad00) = 0x55557143ad00 arch_prctl(ARCH_SET_FS, 0x55557143a380) = 0 set_tid_address(0x55557143a650) = 5790 set_robust_list(0x55557143a660, 24) = 0 rseq(0x55557143aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1627948974", 4096) = 28 getrandom("\xb1\x45\xeb\x0a\xfc\x4b\x68\xed", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557143ad00 brk(0x55557145bd00) = 0x55557145bd00 brk(0x55557145c000) = 0x55557145c000 mprotect(0x7f19c637f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.FIKmll", 0700) = 0 chmod("./syzkaller.FIKmll", 0777) = 0 chdir("./syzkaller.FIKmll") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557143a650) = 5791 ./strace-static-x86_64: Process 5791 attached [pid 5791] set_robust_list(0x55557143a660, 24) = 0 [pid 5791] chdir("./0") = 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5791] setpgid(0, 0) = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5791] write(3, "1000", 4) = 4 [pid 5791] close(3) = 0 [pid 5791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5791] write(1, "executing program\n", 18executing program ) = 18 [pid 5791] memfd_create("syzkaller", 0) = 3 [pid 5791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f19bde00000 [pid 5791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5791] munmap(0x7f19bde00000, 138412032) = 0 [pid 5791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5791] close(3) = 0 [pid 5791] close(4) = 0 [pid 5791] mkdir("./file1", 0777) = 0 [pid 5791] mount("/dev/loop0", "./file1", "hfsplus", MS_NODIRATIME, "") = 0 [pid 5791] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5791] chdir("./file1") = 0 [pid 5791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5791] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 4 [ 197.341117][ T5791] loop0: detected capacity change from 0 to 1024 [pid 5791] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5791] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000004,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 5791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5790] kill(-5791, SIGKILL) = 0 [pid 5790] kill(5791, SIGKILL) = 0 [pid 5791] <... openat resumed>) = ? [pid 5791] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5791, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557143b6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=8, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=8, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571443730 /* 7 entries */, 32768) = 208 umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file.cold") = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=4, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55557144b770 /* 4 entries */, 32768) = 112 umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file0") = 0 umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=4752, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file1") = 0 getdents64(5, 0x55557144b770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/file0") = 0 umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0600, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file2") = 0 [ 202.388108][ T5790] ===================================================== [ 202.395690][ T5790] BUG: KMSAN: uninit-value in hfsplus_lookup+0x66b/0xef0 [ 202.402934][ T5790] hfsplus_lookup+0x66b/0xef0 [ 202.407778][ T5790] __lookup_slow+0x506/0x6e0 [ 202.412603][ T5790] lookup_slow+0x6a/0xd0 [ 202.417010][ T5790] walk_component+0x467/0x650 [ 202.421889][ T5790] path_lookupat+0x27d/0x6f0 [ 202.426630][ T5790] filename_lookup+0x22f/0x750 [ 202.431606][ T5790] user_path_at+0x85/0x390 [ 202.436178][ T5790] __x64_sys_umount+0x146/0x240 [ 202.441134][ T5790] x64_sys_call+0x2bbd/0x3ba0 [ 202.446026][ T5790] do_syscall_64+0xcd/0x1e0 [ 202.450680][ T5790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.456824][ T5790] [ 202.459228][ T5790] Uninit was created at: [ 202.463737][ T5790] __alloc_pages_noprof+0x9a7/0xe00 [ 202.469126][ T5790] alloc_pages_mpol_noprof+0x299/0x990 [ 202.474791][ T5790] alloc_pages_noprof+0x1bf/0x1e0 [ 202.480073][ T5790] allocate_slab+0x320/0x12e0 [ 202.484979][ T5790] ___slab_alloc+0x12ef/0x35e0 [ 202.490000][ T5790] kmem_cache_alloc_lru_noprof+0x584/0xb30 [ 202.496050][ T5790] hfsplus_alloc_inode+0x5a/0xd0 [ 202.501189][ T5790] alloc_inode+0x86/0x460 [ 202.505806][ T5790] iget_locked+0x250/0x1290 [ 202.510523][ T5790] hfsplus_iget+0x59/0xae0 [ 202.515257][ T5790] hfsplus_btree_open+0x13e/0x1d00 [ 202.520564][ T5790] hfsplus_fill_super+0x1113/0x2700 [ 202.526012][ T5790] mount_bdev+0x39a/0x520 [ 202.530539][ T5790] hfsplus_mount+0x4d/0x60 [ 202.535182][ T5790] legacy_get_tree+0x114/0x290 [ 202.540120][ T5790] vfs_get_tree+0xb1/0x5a0 [ 202.544770][ T5790] do_new_mount+0x71f/0x15e0 [ 202.549551][ T5790] path_mount+0x742/0x1f10 [ 202.554195][ T5790] __se_sys_mount+0x722/0x810 [ 202.559106][ T5790] __x64_sys_mount+0xe4/0x150 [ 202.564026][ T5790] x64_sys_call+0x255a/0x3ba0 [ 202.568910][ T5790] do_syscall_64+0xcd/0x1e0 [ 202.573670][ T5790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.579752][ T5790] [ 202.582265][ T5790] CPU: 1 UID: 0 PID: 5790 Comm: syz-executor162 Not tainted 6.12.0-syzkaller #0 [ 202.591552][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 202.601870][ T5790] ===================================================== [ 202.608906][ T5790] Disabling lock debugging due to kernel taint [ 202.615260][ T5790] Kernel panic - not syncing: kmsan.panic set ... [ 202.621825][ T5790] CPU: 1 UID: 0 PID: 5790 Comm: syz-executor162 Tainted: G B 6.12.0-syzkaller #0 [ 202.632455][ T5790] Tainted: [B]=BAD_PAGE [ 202.636666][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 202.646808][ T5790] Call Trace: [ 202.650154][ T5790] [ 202.653146][ T5790] dump_stack_lvl+0x216/0x2d0 [ 202.657973][ T5790] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 202.663897][ T5790] dump_stack+0x1e/0x30 [ 202.668204][ T5790] panic+0x4e2/0xcf0 [ 202.672242][ T5790] ? kmsan_get_metadata+0x81/0x1c0 [ 202.677478][ T5790] kmsan_report+0x2c7/0x2d0 [ 202.682080][ T5790] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 202.687993][ T5790] ? __msan_warning+0x95/0x120 [ 202.692893][ T5790] ? hfsplus_lookup+0x66b/0xef0 [ 202.697852][ T5790] ? __lookup_slow+0x506/0x6e0 [ 202.702717][ T5790] ? lookup_slow+0x6a/0xd0 [ 202.707250][ T5790] ? walk_component+0x467/0x650 [ 202.712213][ T5790] ? path_lookupat+0x27d/0x6f0 [ 202.717103][ T5790] ? filename_lookup+0x22f/0x750 [ 202.722143][ T5790] ? user_path_at+0x85/0x390 [ 202.726848][ T5790] ? __x64_sys_umount+0x146/0x240 [ 202.731998][ T5790] ? x64_sys_call+0x2bbd/0x3ba0 [ 202.736983][ T5790] ? do_syscall_64+0xcd/0x1e0 [ 202.741787][ T5790] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.747987][ T5790] ? __hfsplus_brec_find+0x6a4/0x7b0 [ 202.753405][ T5790] ? kmsan_get_metadata+0x13e/0x1c0 [ 202.758742][ T5790] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 202.765146][ T5790] ? __msan_memcpy+0x108/0x1c0 [ 202.770037][ T5790] ? hfsplus_bnode_read+0x23a/0x250 [ 202.775365][ T5790] ? kmsan_get_metadata+0x13e/0x1c0 [ 202.780684][ T5790] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 202.786622][ T5790] __msan_warning+0x95/0x120 [ 202.791347][ T5790] hfsplus_lookup+0x66b/0xef0 [ 202.796175][ T5790] ? kmsan_get_metadata+0x13e/0x1c0 [ 202.801553][ T5790] ? kmsan_get_metadata+0x13e/0x1c0 [ 202.806922][ T5790] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 202.812842][ T5790] ? __pfx_hfsplus_lookup+0x10/0x10 [ 202.818150][ T5790] ? __pfx_hfsplus_lookup+0x10/0x10 [ 202.823498][ T5790] __lookup_slow+0x506/0x6e0 [ 202.828234][ T5790] lookup_slow+0x6a/0xd0 [ 202.832602][ T5790] walk_component+0x467/0x650 [ 202.837375][ T5790] ? kmsan_get_metadata+0x13e/0x1c0 [ 202.842682][ T5790] path_lookupat+0x27d/0x6f0 [ 202.847381][ T5790] filename_lookup+0x22f/0x750 [ 202.852260][ T5790] ? kmsan_get_metadata+0x13e/0x1c0 [ 202.857554][ T5790] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 202.863498][ T5790] user_path_at+0x85/0x390 [ 202.868044][ T5790] ? __x64_sys_umount+0x6d/0x240 [ 202.873128][ T5790] __x64_sys_umount+0x146/0x240 [ 202.878117][ T5790] x64_sys_call+0x2bbd/0x3ba0 [ 202.882972][ T5790] do_syscall_64+0xcd/0x1e0 [ 202.887599][ T5790] ? clear_bhb_loop+0x25/0x80 [ 202.892433][ T5790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.898480][ T5790] RIP: 0033:0x7f19c630c5c7 [ 202.903002][ T5790] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 202.922745][ T5790] RSP: 002b:00007ffe4697fc18 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 202.931290][ T5790] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f19c630c5c7 [ 202.939365][ T5790] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4697fcd0 [ 202.947452][ T5790] RBP: 00007ffe4697fcd0 R08: 0000000000000000 R09: 0000000000000000 [ 202.955532][ T5790] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe46980dc0 [ 202.963609][ T5790] R13: 0000555571443700 R14: 431bde82d7b634db R15: 00007ffe46981e50 [ 202.971741][ T5790] [ 202.975268][ T5790] Kernel Offset: disabled [ 202.979680][ T5790] Rebooting in 86400 seconds..