./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1731657651

<...>
Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts.
execve("./syz-executor1731657651", ["./syz-executor1731657651"], 0x7ffecd646220 /* 10 vars */) = 0
brk(NULL)                               = 0x5555699c2000
brk(0x5555699c2d00)                     = 0x5555699c2d00
arch_prctl(ARCH_SET_FS, 0x5555699c2380) = 0
set_tid_address(0x5555699c2650)         = 5831
set_robust_list(0x5555699c2660, 24)     = 0
rseq(0x5555699c2ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1731657651", 4096) = 28
getrandom("\x00\x92\xfa\x84\x48\x4f\x28\x3e", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555699c2d00
brk(0x5555699e3d00)                     = 0x5555699e3d00
brk(0x5555699e4000)                     = 0x5555699e4000
mprotect(0x7f6cc2473000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
write(1, "executing program\n", 18executing program
)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6cb9e00000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f6cb9e00000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file1", 0777)                  = 0
mount("/dev/loop0", "./file1", "hfsplus", MS_RDONLY|MS_DIRSYNC|MS_I_VERSION, "") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[   88.850643][ T5831] loop0: detected capacity change from 0 to 1024
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
[   88.934444][ T5831] ==================================================================
[   88.942585][ T5831] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x680/0x1270
[   88.950310][ T5831] Read of size 2 at addr ffff88814ba5c40c by task syz-executor173/5831
[   88.958531][ T5831] 
[   88.960847][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor173 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(full) 
[   88.960870][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.960881][ T5831] Call Trace:
[   88.960889][ T5831]  <TASK>
[   88.960897][ T5831]  dump_stack_lvl+0x189/0x250
[   88.960924][ T5831]  ? __kasan_check_byte+0x12/0x40
[   88.960949][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.960975][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.960996][ T5831]  ? lock_release+0x4b/0x3e0
[   88.961020][ T5831]  ? lock_release+0x4b/0x3e0
[   88.961047][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961068][ T5831]  ? __virt_addr_valid+0x469/0x540
[   88.961094][ T5831]  print_report+0xb4/0x290
[   88.961116][ T5831]  ? hfsplus_uni2asc+0x680/0x1270
[   88.961136][ T5831]  kasan_report+0x118/0x150
[   88.961157][ T5831]  ? __asan_memcpy+0x40/0x70
[   88.961175][ T5831]  ? hfsplus_uni2asc+0x680/0x1270
[   88.961199][ T5831]  hfsplus_uni2asc+0x680/0x1270
[   88.961223][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961247][ T5831]  hfsplus_readdir+0x709/0xd60
[   88.961274][ T5831]  ? arch_stack_walk+0xfc/0x150
[   88.961303][ T5831]  ? __pfx_hfsplus_readdir+0x10/0x10
[   88.961329][ T5831]  ? stack_trace_save+0x9c/0xe0
[   88.961378][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961400][ T5831]  ? __pfx___mutex_lock+0x10/0x10
[   88.961431][ T5831]  ? iterate_dir+0x49f/0x770
[   88.961448][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961471][ T5831]  ? down_read_killable+0x1d1/0x350
[   88.961507][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961534][ T5831]  iterate_dir+0x5af/0x770
[   88.961564][ T5831]  __se_sys_getdents64+0xe4/0x260
[   88.961585][ T5831]  ? __pfx___se_sys_getdents64+0x10/0x10
[   88.961604][ T5831]  ? __pfx_filldir64+0x10/0x10
[   88.961628][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961651][ T5831]  do_syscall_64+0xf6/0x210
[   88.961674][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.961695][ T5831]  ? exc_page_fault+0x91/0x110
[   88.961716][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.961734][ T5831] RIP: 0033:0x7f6cc23ff649
[   88.961750][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.961765][ T5831] RSP: 002b:00007ffe991c7ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   88.961784][ T5831] RAX: ffffffffffffffda RBX: 00007ffe991c80b8 RCX: 00007f6cc23ff649
[   88.961798][ T5831] RDX: 00000000000000bd RSI: 0000200000000900 RDI: 0000000000000003
[   88.961810][ T5831] RBP: 00007f6cc2473610 R08: 00000000000006e1 R09: 00007ffe991c80b8
[   88.961823][ T5831] R10: 00007ffe991c7da0 R11: 0000000000000246 R12: 0000000000000001
[   88.961835][ T5831] R13: 00007ffe991c80a8 R14: 0000000000000001 R15: 0000000000000001
[   88.961855][ T5831]  </TASK>
[   88.961862][ T5831] 
[   89.239197][ T5831] Allocated by task 5831:
[   89.243517][ T5831]  kasan_save_track+0x3e/0x80
[   89.248203][ T5831]  __kasan_kmalloc+0x93/0xb0
[   89.252796][ T5831]  __kmalloc_noprof+0x27a/0x4f0
[   89.257648][ T5831]  hfsplus_find_init+0x8c/0x1d0
[   89.262498][ T5831]  hfsplus_readdir+0x1d4/0xd60
[   89.267270][ T5831]  iterate_dir+0x5af/0x770
[   89.271704][ T5831]  __se_sys_getdents64+0xe4/0x260
[   89.276822][ T5831]  do_syscall_64+0xf6/0x210
[   89.281325][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.287214][ T5831] 
[   89.289536][ T5831] The buggy address belongs to the object at ffff88814ba5c000
[   89.289536][ T5831]  which belongs to the cache kmalloc-2k of size 2048
[   89.303588][ T5831] The buggy address is located 0 bytes to the right of
[   89.303588][ T5831]  allocated 1036-byte region [ffff88814ba5c000, ffff88814ba5c40c)
[   89.318160][ T5831] 
[   89.320501][ T5831] The buggy address belongs to the physical page:
[   89.326904][ T5831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14ba58
[   89.335744][ T5831] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   89.344238][ T5831] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   89.351866][ T5831] page_type: f5(slab)
[   89.355842][ T5831] raw: 057ff00000000040 ffff88801a042000 ffffea00052e7c00 dead000000000002
[   89.364419][ T5831] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   89.372998][ T5831] head: 057ff00000000040 ffff88801a042000 ffffea00052e7c00 dead000000000002
[   89.381663][ T5831] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   89.390332][ T5831] head: 057ff00000000003 ffffea00052e9601 00000000ffffffff 00000000ffffffff
[   89.399000][ T5831] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   89.407657][ T5831] page dumped because: kasan: bad access detected
[   89.414056][ T5831] page_owner tracks the page as allocated
[   89.419756][ T5831] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18607178363, free_ts 0
[   89.439465][ T5831]  post_alloc_hook+0x1d8/0x230
[   89.444238][ T5831]  get_page_from_freelist+0x21ce/0x22b0
[   89.449799][ T5831]  __alloc_frozen_pages_noprof+0x181/0x370
[   89.455623][ T5831]  alloc_pages_mpol+0x232/0x4a0
[   89.460513][ T5831]  allocate_slab+0x8a/0x3b0
[   89.465016][ T5831]  ___slab_alloc+0xbfc/0x1480
[   89.469724][ T5831]  __kvmalloc_node_noprof+0x411/0x5e0
[   89.475098][ T5831]  v4l2_ctrl_new+0xfb0/0x1780
[   89.479860][ T5831]  v4l2_ctrl_new_custom+0x57c/0x7b0
[   89.485057][ T5831]  vivid_create_controls+0xdd6/0x3a50
[   89.490425][ T5831]  vivid_probe+0x41bf/0x7180
[   89.495035][ T5831]  platform_probe+0x148/0x1d0
[   89.499709][ T5831]  really_probe+0x26d/0x9a0
[   89.504212][ T5831]  __driver_probe_device+0x18c/0x2f0
[   89.509496][ T5831]  driver_probe_device+0x4f/0x430
[   89.514520][ T5831]  __driver_attach+0x452/0x700
[   89.519288][ T5831] page_owner free stack trace missing
[   89.524645][ T5831] 
[   89.526958][ T5831] Memory state around the buggy address:
[   89.532583][ T5831]  ffff88814ba5c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.540729][ T5831]  ffff88814ba5c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.548786][ T5831] >ffff88814ba5c400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.557110][ T5831]                       ^
[   89.561429][ T5831]  ffff88814ba5c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.569488][ T5831]  ffff88814ba5c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.577539][ T5831] ==================================================================
[   89.586015][ T5831] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.593219][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor173 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(full) 
[   89.605671][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.615726][ T5831] Call Trace:
[   89.618998][ T5831]  <TASK>
[   89.621984][ T5831]  dump_stack_lvl+0x99/0x250
[   89.626585][ T5831]  ? __asan_memcpy+0x40/0x70
[   89.631353][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.636573][ T5831]  ? __pfx__printk+0x10/0x10
[   89.641163][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.646801][ T5831]  panic+0x2db/0x790
[   89.650703][ T5831]  ? __pfx_preempt_schedule+0x10/0x10
[   89.656076][ T5831]  ? __pfx_panic+0x10/0x10
[   89.660495][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.666138][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.671804][ T5831]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   89.677696][ T5831]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.684029][ T5831]  ? hfsplus_uni2asc+0x680/0x1270
[   89.689050][ T5831]  check_panic_on_warn+0x89/0xb0
[   89.693994][ T5831]  ? hfsplus_uni2asc+0x680/0x1270
[   89.699019][ T5831]  end_report+0x78/0x160
[   89.703267][ T5831]  kasan_report+0x129/0x150
[   89.707771][ T5831]  ? __asan_memcpy+0x40/0x70
[   89.712359][ T5831]  ? hfsplus_uni2asc+0x680/0x1270
[   89.717386][ T5831]  hfsplus_uni2asc+0x680/0x1270
[   89.722239][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.727875][ T5831]  hfsplus_readdir+0x709/0xd60
[   89.732648][ T5831]  ? arch_stack_walk+0xfc/0x150
[   89.737508][ T5831]  ? __pfx_hfsplus_readdir+0x10/0x10
[   89.742805][ T5831]  ? stack_trace_save+0x9c/0xe0
[   89.747690][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.753322][ T5831]  ? __pfx___mutex_lock+0x10/0x10
[   89.758350][ T5831]  ? iterate_dir+0x49f/0x770
[   89.762937][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.768571][ T5831]  ? down_read_killable+0x1d1/0x350
[   89.773780][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.779416][ T5831]  iterate_dir+0x5af/0x770
[   89.783841][ T5831]  __se_sys_getdents64+0xe4/0x260
[   89.788867][ T5831]  ? __pfx___se_sys_getdents64+0x10/0x10
[   89.794498][ T5831]  ? __pfx_filldir64+0x10/0x10
[   89.799321][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.804954][ T5831]  do_syscall_64+0xf6/0x210
[   89.809458][ T5831]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.815089][ T5831]  ? exc_page_fault+0x91/0x110
[   89.819855][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.825745][ T5831] RIP: 0033:0x7f6cc23ff649
[   89.830154][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.849780][ T5831] RSP: 002b:00007ffe991c7ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   89.858197][ T5831] RAX: ffffffffffffffda RBX: 00007ffe991c80b8 RCX: 00007f6cc23ff649
[   89.866167][ T5831] RDX: 00000000000000bd RSI: 0000200000000900 RDI: 0000000000000003
[   89.874132][ T5831] RBP: 00007f6cc2473610 R08: 00000000000006e1 R09: 00007ffe991c80b8
[   89.882096][ T5831] R10: 00007ffe991c7da0 R11: 0000000000000246 R12: 0000000000000001
[   89.890061][ T5831] R13: 00007ffe991c80a8 R14: 0000000000000001 R15: 0000000000000001
[   89.898035][ T5831]  </TASK>
[   89.901308][ T5831] Kernel Offset: disabled
[   89.905623][ T5831] Rebooting in 86400 seconds..