./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3820277685

<...>
Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts.
execve("./syz-executor3820277685", ["./syz-executor3820277685"], 0x7fff0be9c490 /* 10 vars */) = 0
brk(NULL)                               = 0x5555871e5000
brk(0x5555871e5d00)                     = 0x5555871e5d00
arch_prctl(ARCH_SET_FS, 0x5555871e5380) = 0
set_tid_address(0x5555871e5650)         = 5084
set_robust_list(0x5555871e5660, 24)     = 0
rseq(0x5555871e5ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3820277685", 4096) = 28
getrandom("\x48\xa2\x80\x80\xc3\x6b\xe1\x79", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555871e5d00
brk(0x555587206d00)                     = 0x555587206d00
brk(0x555587207000)                     = 0x555587207000
mprotect(0x7f30dc4d7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached
, child_tidptr=0x5555871e5650) = 5085
[pid  5085] set_robust_list(0x5555871e5660, 24) = 0
[pid  5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5085] setpgid(0, 0)               = 0
[pid  5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "1000", 4)         = 4
[pid  5085] close(3)                    = 0
[pid  5085] write(1, "executing program\n", 18executing program
) = 18
[pid  5085] memfd_create("syzkaller", 0) = 3
[pid  5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30d4000000
[pid  5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid  5085] munmap(0x7f30d4000000, 138412032) = 0
[pid  5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5085] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5085] close(3)                    = 0
[pid  5085] close(4)                    = 0
[pid  5085] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid  5085] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "hfsplus", 0, "") = 0
syzkaller login: [   76.312344][ T5085] loop0: detected capacity change from 0 to 1024
[pid  5085] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5085] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5085] open(".", O_RDONLY)         = 4
[   76.400279][ T5085] ==================================================================
[   76.408381][ T5085] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x57f/0x1200
[   76.416303][ T5085] Read of size 2 at addr ffff888011ee740c by task syz-executor382/5085
[   76.424542][ T5085] 
[   76.426875][ T5085] CPU: 0 PID: 5085 Comm: syz-executor382 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[   76.437376][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   76.447646][ T5085] Call Trace:
[   76.450999][ T5085]  <TASK>
[   76.453952][ T5085]  dump_stack_lvl+0x241/0x360
[   76.458660][ T5085]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.463874][ T5085]  ? __pfx__printk+0x10/0x10
[   76.468482][ T5085]  ? _printk+0xd5/0x120
[   76.472653][ T5085]  ? __virt_addr_valid+0x183/0x520
[   76.477774][ T5085]  ? __virt_addr_valid+0x183/0x520
[   76.482899][ T5085]  print_report+0x169/0x550
[   76.487407][ T5085]  ? __virt_addr_valid+0x183/0x520
[   76.492553][ T5085]  ? __virt_addr_valid+0x183/0x520
[   76.497675][ T5085]  ? __virt_addr_valid+0x44e/0x520
[   76.502807][ T5085]  ? __phys_addr+0xba/0x170
[   76.507410][ T5085]  ? hfsplus_uni2asc+0x57f/0x1200
[   76.512446][ T5085]  kasan_report+0x143/0x180
[   76.516962][ T5085]  ? hfsplus_uni2asc+0x57f/0x1200
[   76.522002][ T5085]  hfsplus_uni2asc+0x57f/0x1200
[   76.526902][ T5085]  hfsplus_readdir+0x93b/0x1320
[   76.531765][ T5085]  ? __pfx_hfsplus_readdir+0x10/0x10
[   76.537080][ T5085]  ? __mutex_lock+0x2ef/0xd70
[   76.541764][ T5085]  ? iterate_dir+0x215/0x810
[   76.546373][ T5085]  ? __pfx_down_read_killable+0x10/0x10
[   76.551929][ T5085]  ? __fdget_pos+0x24e/0x310
[   76.556544][ T5085]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   76.562618][ T5085]  ? bpf_lsm_file_permission+0x9/0x10
[   76.568187][ T5085]  iterate_dir+0x57a/0x810
[   76.572623][ T5085]  __se_sys_getdents+0x1ef/0x4d0
[   76.577580][ T5085]  ? _raw_spin_unlock_irq+0x2e/0x50
[   76.582828][ T5085]  ? __pfx___se_sys_getdents+0x10/0x10
[   76.588300][ T5085]  ? __pfx_filldir+0x10/0x10
[   76.592907][ T5085]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   76.599239][ T5085]  ? exc_page_fault+0x590/0x8c0
[   76.604207][ T5085]  do_syscall_64+0xf3/0x230
[   76.608754][ T5085]  ? clear_bhb_loop+0x35/0x90
[   76.613448][ T5085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.619366][ T5085] RIP: 0033:0x7f30dc463a99
[   76.623800][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.643503][ T5085] RSP: 002b:00007ffe50b2a8f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[   76.651930][ T5085] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30dc463a99
[   76.659906][ T5085] RDX: 00000000000000b8 RSI: 0000000020001fc0 RDI: 0000000000000004
[   76.667881][ T5085] RBP: 00007f30dc4d75f0 R08: 00005555871e64c0 R09: 00005555871e64c0
[   76.675858][ T5085] R10: 00000000000006bc R11: 0000000000000246 R12: 00007ffe50b2a920
[   76.684019][ T5085] R13: 00007ffe50b2ab48 R14: 431bde82d7b634db R15: 00007f30dc4ac03b
[   76.692178][ T5085]  </TASK>
[   76.695211][ T5085] 
[   76.697537][ T5085] Allocated by task 5085:
[   76.701859][ T5085]  kasan_save_track+0x3f/0x80
[   76.706556][ T5085]  __kasan_kmalloc+0x98/0xb0
[   76.711159][ T5085]  __kmalloc_noprof+0x1f9/0x400
[   76.716020][ T5085]  hfsplus_find_init+0x85/0x1c0
[   76.720969][ T5085]  hfsplus_readdir+0x20e/0x1320
[   76.725839][ T5085]  iterate_dir+0x57a/0x810
[   76.730357][ T5085]  __se_sys_getdents+0x1ef/0x4d0
[   76.735300][ T5085]  do_syscall_64+0xf3/0x230
[   76.739816][ T5085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.745716][ T5085] 
[   76.748050][ T5085] The buggy address belongs to the object at ffff888011ee7000
[   76.748050][ T5085]  which belongs to the cache kmalloc-2k of size 2048
[   76.762102][ T5085] The buggy address is located 0 bytes to the right of
[   76.762102][ T5085]  allocated 1036-byte region [ffff888011ee7000, ffff888011ee740c)
[   76.776679][ T5085] 
[   76.779089][ T5085] The buggy address belongs to the physical page:
[   76.785599][ T5085] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ee0
[   76.794449][ T5085] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   76.802948][ T5085] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   76.810682][ T5085] page_type: 0xffffefff(slab)
[   76.815372][ T5085] raw: 00fff00000000040 ffff888015042000 dead000000000122 0000000000000000
[   76.824330][ T5085] raw: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[   76.833332][ T5085] head: 00fff00000000040 ffff888015042000 dead000000000122 0000000000000000
[   76.842191][ T5085] head: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[   76.851076][ T5085] head: 00fff00000000003 ffffea000047b801 ffffffffffffffff 0000000000000000
[   76.859752][ T5085] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   76.868421][ T5085] page dumped because: kasan: bad access detected
[   76.874855][ T5085] page_owner tracks the page as allocated
[   76.880569][ T5085] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4750, tgid 4750 (dhcpcd), ts 64079093681, free_ts 64078396443
[   76.901609][ T5085]  post_alloc_hook+0x1f3/0x230
[   76.906385][ T5085]  get_page_from_freelist+0x2e4c/0x2f10
[   76.911968][ T5085]  __alloc_pages_noprof+0x256/0x6c0
[   76.917176][ T5085]  alloc_slab_page+0x5f/0x120
[   76.921890][ T5085]  allocate_slab+0x5a/0x2f0
[   76.926406][ T5085]  ___slab_alloc+0xcd1/0x14b0
[   76.931094][ T5085]  __slab_alloc+0x58/0xa0
[   76.935433][ T5085]  __kmalloc_noprof+0x257/0x400
[   76.940292][ T5085]  sk_prot_alloc+0xe0/0x210
[   76.944807][ T5085]  sk_alloc+0x38/0x370
[   76.948881][ T5085]  __netlink_create+0x6c/0x280
[   76.953674][ T5085]  netlink_create+0x3d5/0x590
[   76.958361][ T5085]  __sock_create+0x490/0x920
[   76.962953][ T5085]  __sys_socket+0x150/0x3c0
[   76.967551][ T5085]  __x64_sys_socket+0x7a/0x90
[   76.972406][ T5085]  do_syscall_64+0xf3/0x230
[   76.976924][ T5085] page last free pid 4749 tgid 4749 stack trace:
[   76.983275][ T5085]  free_unref_page+0xd19/0xea0
[   76.988159][ T5085]  __folio_put+0x3b9/0x620
[   76.992633][ T5085]  free_large_kmalloc+0x105/0x1c0
[   76.997678][ T5085]  kfree+0x1c4/0x360
[   77.001609][ T5085]  skb_release_data+0x676/0x880
[   77.006512][ T5085]  consume_skb+0xb1/0x160
[   77.010986][ T5085]  netlink_recvmsg+0x60a/0x11d0
[   77.015874][ T5085]  sock_recvmsg+0x22f/0x280
[   77.020385][ T5085]  ____sys_recvmsg+0x1db/0x470
[   77.025165][ T5085]  __sys_recvmsg+0x2f0/0x3e0
[   77.029766][ T5085]  do_syscall_64+0xf3/0x230
[   77.034305][ T5085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.040231][ T5085] 
[   77.042566][ T5085] Memory state around the buggy address:
[   77.048207][ T5085]  ffff888011ee7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.056292][ T5085]  ffff888011ee7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.064452][ T5085] >ffff888011ee7400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.072516][ T5085]                       ^
[   77.076938][ T5085]  ffff888011ee7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.085026][ T5085]  ffff888011ee7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.093271][ T5085] ==================================================================
[   77.101582][ T5085] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   77.108913][ T5085] CPU: 1 PID: 5085 Comm: syz-executor382 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[   77.119446][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   77.129599][ T5085] Call Trace:
[   77.133084][ T5085]  <TASK>
[   77.136113][ T5085]  dump_stack_lvl+0x241/0x360
[   77.140851][ T5085]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.146085][ T5085]  ? __pfx__printk+0x10/0x10
[   77.150691][ T5085]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   77.156707][ T5085]  ? vscnprintf+0x5d/0x90
[   77.161075][ T5085]  panic+0x349/0x860
[   77.165037][ T5085]  ? check_panic_on_warn+0x21/0xb0
[   77.170605][ T5085]  ? __pfx_panic+0x10/0x10
[   77.175330][ T5085]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   77.181439][ T5085]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.187811][ T5085]  check_panic_on_warn+0x86/0xb0
[   77.192871][ T5085]  ? hfsplus_uni2asc+0x57f/0x1200
[   77.197944][ T5085]  end_report+0x77/0x160
[   77.202835][ T5085]  kasan_report+0x154/0x180
[   77.207373][ T5085]  ? hfsplus_uni2asc+0x57f/0x1200
[   77.212427][ T5085]  hfsplus_uni2asc+0x57f/0x1200
[   77.217399][ T5085]  hfsplus_readdir+0x93b/0x1320
[   77.222281][ T5085]  ? __pfx_hfsplus_readdir+0x10/0x10
[   77.227865][ T5085]  ? __mutex_lock+0x2ef/0xd70
[   77.232595][ T5085]  ? iterate_dir+0x215/0x810
[   77.237208][ T5085]  ? __pfx_down_read_killable+0x10/0x10
[   77.242938][ T5085]  ? __fdget_pos+0x24e/0x310
[   77.247554][ T5085]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   77.253543][ T5085]  ? bpf_lsm_file_permission+0x9/0x10
[   77.258948][ T5085]  iterate_dir+0x57a/0x810
[   77.263383][ T5085]  __se_sys_getdents+0x1ef/0x4d0
[   77.268334][ T5085]  ? _raw_spin_unlock_irq+0x2e/0x50
[   77.273552][ T5085]  ? __pfx___se_sys_getdents+0x10/0x10
[   77.279031][ T5085]  ? __pfx_filldir+0x10/0x10
[   77.283629][ T5085]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   77.290072][ T5085]  ? exc_page_fault+0x590/0x8c0
[   77.294943][ T5085]  do_syscall_64+0xf3/0x230
[   77.299461][ T5085]  ? clear_bhb_loop+0x35/0x90
[   77.304151][ T5085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.310056][ T5085] RIP: 0033:0x7f30dc463a99
[   77.314477][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   77.334260][ T5085] RSP: 002b:00007ffe50b2a8f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[   77.342690][ T5085] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f30dc463a99
[   77.350668][ T5085] RDX: 00000000000000b8 RSI: 0000000020001fc0 RDI: 0000000000000004
[   77.358989][ T5085] RBP: 00007f30dc4d75f0 R08: 00005555871e64c0 R09: 00005555871e64c0
[   77.366980][ T5085] R10: 00000000000006bc R11: 0000000000000246 R12: 00007ffe50b2a920
[   77.375130][ T5085] R13: 00007ffe50b2ab48 R14: 431bde82d7b634db R15: 00007f30dc4ac03b
[   77.383220][ T5085]  </TASK>
[   77.386500][ T5085] Kernel Offset: disabled
[   77.390945][ T5085] Rebooting in 86400 seconds..