./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2889840277 <...> Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts. execve("./syz-executor2889840277", ["./syz-executor2889840277"], 0x7ffcec5a5c50 /* 10 vars */) = 0 brk(NULL) = 0x5555558a7000 brk(0x5555558a7d00) = 0x5555558a7d00 arch_prctl(ARCH_SET_FS, 0x5555558a7380) = 0 set_tid_address(0x5555558a7650) = 5000 set_robust_list(0x5555558a7660, 24) = 0 rseq(0x5555558a7ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2889840277", 4096) = 28 getrandom("\x50\xf4\x2c\xe7\x57\x63\xf9\x84", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555558a7d00 brk(0x5555558c8d00) = 0x5555558c8d00 brk(0x5555558c9000) = 0x5555558c9000 mprotect(0x7f242d13d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5001 attached , child_tidptr=0x5555558a7650) = 5001 [pid 5001] set_robust_list(0x5555558a7660, 24) = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] memfd_create("syzkaller", 0) = 3 [pid 5001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2424c8b000 [pid 5001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5001] munmap(0x7f2424c8b000, 138412032) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5001] close(3) = 0 [pid 5001] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5001] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "hfsplus", 0, "") = 0 [pid 5001] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5001] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5001] ioctl(4, LOOP_CLR_FD) = 0 [pid 5001] close(4) = 0 [pid 5001] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 162.785195][ T5001] loop0: detected capacity change from 0 to 1024 [pid 5001] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [ 162.857693][ T5001] ===================================================== [ 162.865054][ T5001] BUG: KMSAN: uninit-value in hfsplus_delete_cat+0x10eb/0x1340 [ 162.873000][ T5001] hfsplus_delete_cat+0x10eb/0x1340 [ 162.878482][ T5001] hfsplus_rmdir+0x140/0x2d0 [ 162.883409][ T5001] vfs_rmdir+0x5aa/0x780 [ 162.887872][ T5001] do_rmdir+0x630/0x8a0 [ 162.892242][ T5001] __x64_sys_unlinkat+0x1bc/0x220 [ 162.897585][ T5001] do_syscall_64+0x44/0x110 [ 162.902336][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 162.908801][ T5001] [ 162.911235][ T5001] Uninit was stored to memory at: [ 162.916658][ T5001] hfsplus_create_cat+0x1800/0x1810 [ 162.922128][ T5001] hfsplus_mknod+0x201/0x560 [ 162.927244][ T5001] hfsplus_mkdir+0x58/0x70 [ 162.931908][ T5001] vfs_mkdir+0x49a/0x700 [ 162.936611][ T5001] do_mkdirat+0x529/0x800 [ 162.941255][ T5001] __x64_sys_mkdirat+0xc8/0x120 [ 162.946482][ T5001] do_syscall_64+0x44/0x110 [ 162.951251][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 162.957535][ T5001] [ 162.959970][ T5001] Uninit was stored to memory at: [ 162.965603][ T5001] hfsplus_create_cat+0x1800/0x1810 [ 162.971048][ T5001] hfsplus_fill_super+0x227b/0x26f0 [ 162.976653][ T5001] mount_bdev+0x3d7/0x560 [ 162.981293][ T5001] hfsplus_mount+0x4d/0x60 [ 162.986094][ T5001] legacy_get_tree+0x110/0x290 [ 162.991108][ T5001] vfs_get_tree+0xa5/0x520 [ 162.995977][ T5001] do_new_mount+0x68d/0x1550 [ 163.000779][ T5001] path_mount+0x73d/0x1f20 [ 163.005537][ T5001] __se_sys_mount+0x725/0x810 [ 163.010414][ T5001] __x64_sys_mount+0xe4/0x140 [ 163.015328][ T5001] do_syscall_64+0x44/0x110 [ 163.020100][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 163.026352][ T5001] [ 163.028784][ T5001] Uninit was created at: [ 163.033501][ T5001] __alloc_pages+0x9a4/0xe00 [ 163.038330][ T5001] alloc_pages_mpol+0x62b/0x9d0 [ 163.043468][ T5001] alloc_pages+0x1be/0x1e0 [ 163.048101][ T5001] new_slab+0x421/0x1570 [ 163.052713][ T5001] ___slab_alloc+0x13db/0x33d0 [ 163.057688][ T5001] kmem_cache_alloc_lru+0x552/0x970 [ 163.063224][ T5001] hfsplus_alloc_inode+0x5a/0xc0 [ 163.068404][ T5001] alloc_inode+0x83/0x440 [ 163.073089][ T5001] iget_locked+0x2dd/0xe80 [ 163.077714][ T5001] hfsplus_iget+0x59/0xaf0 [ 163.082331][ T5001] hfsplus_btree_open+0x13e/0x1d00 [ 163.087798][ T5001] hfsplus_fill_super+0x1113/0x26f0 [ 163.093251][ T5001] mount_bdev+0x3d7/0x560 [ 163.097800][ T5001] hfsplus_mount+0x4d/0x60 [ 163.102568][ T5001] legacy_get_tree+0x110/0x290 [ 163.107570][ T5001] vfs_get_tree+0xa5/0x520 [ 163.112205][ T5001] do_new_mount+0x68d/0x1550 [ 163.117210][ T5001] path_mount+0x73d/0x1f20 [ 163.121816][ T5001] __se_sys_mount+0x725/0x810 [ 163.126761][ T5001] __x64_sys_mount+0xe4/0x140 [ 163.131661][ T5001] do_syscall_64+0x44/0x110 [ 163.136599][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 163.142796][ T5001] [ 163.145187][ T5001] CPU: 1 PID: 5001 Comm: syz-executor288 Not tainted 6.7.0-rc8-syzkaller #0 [ 163.154102][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 163.164406][ T5001] ===================================================== [ 163.171458][ T5001] Disabling lock debugging due to kernel taint [ 163.177986][ T5001] Kernel panic - not syncing: kmsan.panic set ... [ 163.184562][ T5001] CPU: 1 PID: 5001 Comm: syz-executor288 Tainted: G B 6.7.0-rc8-syzkaller #0 [ 163.194984][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 163.205178][ T5001] Call Trace: [ 163.208581][ T5001] [ 163.211654][ T5001] dump_stack_lvl+0x1bf/0x240 [ 163.216488][ T5001] dump_stack+0x1e/0x20 [ 163.220807][ T5001] panic+0x4de/0xc90 [ 163.224916][ T5001] ? add_taint+0x108/0x1a0 [ 163.229552][ T5001] kmsan_report+0x2d0/0x2d0 [ 163.234315][ T5001] ? kmsan_internal_memmove_metadata+0x91/0x220 [ 163.240799][ T5001] ? __msan_warning+0x96/0x110 [ 163.245703][ T5001] ? hfsplus_delete_cat+0x10eb/0x1340 [ 163.251338][ T5001] ? hfsplus_rmdir+0x140/0x2d0 [ 163.256376][ T5001] ? vfs_rmdir+0x5aa/0x780 [ 163.261007][ T5001] ? do_rmdir+0x630/0x8a0 [ 163.265550][ T5001] ? __x64_sys_unlinkat+0x1bc/0x220 [ 163.270958][ T5001] ? do_syscall_64+0x44/0x110 [ 163.275788][ T5001] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 163.282041][ T5001] ? hfsplus_bnode_dump+0xca0/0xcd0 [ 163.287493][ T5001] ? set_page_dirty+0xa5/0x210 [ 163.292496][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.298565][ T5001] ? hfsplus_brec_remove+0x91d/0x9d0 [ 163.304085][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.310126][ T5001] __msan_warning+0x96/0x110 [ 163.314971][ T5001] hfsplus_delete_cat+0x10eb/0x1340 [ 163.320467][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.326546][ T5001] hfsplus_rmdir+0x140/0x2d0 [ 163.331393][ T5001] ? hfsplus_mkdir+0x70/0x70 [ 163.336371][ T5001] vfs_rmdir+0x5aa/0x780 [ 163.340820][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.346821][ T5001] do_rmdir+0x630/0x8a0 [ 163.351231][ T5001] __x64_sys_unlinkat+0x1bc/0x220 [ 163.356506][ T5001] do_syscall_64+0x44/0x110 [ 163.361186][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 163.367286][ T5001] RIP: 0033:0x7f242d0c9a99 [ 163.371874][ T5001] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 163.392069][ T5001] RSP: 002b:00007ffca9b7e158 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 163.400692][ T5001] RAX: ffffffffffffffda RBX: 00007f242d1120c0 RCX: 00007f242d0c9a99 [ 163.408861][ T5001] RDX: 0000000000000200 RSI: 0000000020000400 RDI: 0000000000000004 [ 163.417003][ T5001] RBP: 00007f242d13d5f0 R08: 00005555558a84c0 R09: 00005555558a84c0 [ 163.425255][ T5001] R10: 00005555558a84c0 R11: 0000000000000246 R12: 00007ffca9b7e180 [ 163.433472][ T5001] R13: 00007ffca9b7e3a8 R14: 431bde82d7b634db R15: 00007f242d11203b [ 163.441609][ T5001] [ 163.445172][ T5001] Kernel Offset: disabled [ 163.449577][ T5001] Rebooting in 86400 seconds..