./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2496097376
<...>
Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts.
execve("./syz-executor2496097376", ["./syz-executor2496097376"], 0x7fffe1b64ec0 /* 10 vars */) = 0
brk(NULL) = 0x55555614a000
brk(0x55555614ac40) = 0x55555614ac40
arch_prctl(ARCH_SET_FS, 0x55555614a300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2496097376", 4096) = 28
brk(0x55555616bc40) = 0x55555616bc40
brk(0x55555616c000) = 0x55555616c000
mprotect(0x7f48833d4000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f487af1b000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f487af1b000, 524288) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
mount("/dev/loop0", "./file0", "hfsplus", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 42.569075][ T4999] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4999 'syz-executor249'
[ 42.585825][ T4999] loop0: detected capacity change from 0 to 1024
[ 42.610862][ T4999] ==================================================================
[ 42.618953][ T4999] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x953/0xa50
[ 42.626633][ T4999] Read of size 2 at addr ffff888076e31218 by task syz-executor249/4999
[ 42.634865][ T4999]
[ 42.637183][ T4999] CPU: 1 PID: 4999 Comm: syz-executor249 Not tainted 6.4.0-rc6-syzkaller-00269-g1b29d271614a #0
[ 42.647564][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 42.657596][ T4999] Call Trace:
[ 42.660851][ T4999]
[ 42.663759][ T4999] dump_stack_lvl+0xd9/0x150
[ 42.668342][ T4999] print_address_description.constprop.0+0x2c/0x3c0
[ 42.674912][ T4999] ? hfsplus_uni2asc+0x953/0xa50
[ 42.679835][ T4999] kasan_report+0x11c/0x130
[ 42.684322][ T4999] ? hfsplus_uni2asc+0x953/0xa50
[ 42.689243][ T4999] ? char2uni+0x130/0x130
[ 42.693554][ T4999] hfsplus_uni2asc+0x953/0xa50
[ 42.698297][ T4999] ? char2uni+0x130/0x130
[ 42.702610][ T4999] ? hfsplus_bnode_read+0xb8/0x150
[ 42.707718][ T4999] hfsplus_listxattr+0x5b7/0xbe0
[ 42.712640][ T4999] ? hfsplus_getxattr+0x120/0x120
[ 42.717649][ T4999] ? kasan_save_stack+0x22/0x40
[ 42.722492][ T4999] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.728557][ T4999] ? find_held_lock+0x2d/0x110
[ 42.733311][ T4999] ? find_held_lock+0x2d/0x110
[ 42.738067][ T4999] ? __kmem_cache_alloc_node+0x48/0x320
[ 42.743607][ T4999] ? __kmem_cache_alloc_node+0x1b0/0x320
[ 42.749249][ T4999] ? kvmalloc_node+0xa2/0x1a0
[ 42.753935][ T4999] ? rcu_is_watching+0x12/0xb0
[ 42.758694][ T4999] ? __kmalloc_node+0xfb/0x1a0
[ 42.763441][ T4999] ? hfsplus_getxattr+0x120/0x120
[ 42.768463][ T4999] vfs_listxattr+0xb7/0x130
[ 42.773045][ T4999] listxattr+0x70/0x180
[ 42.777188][ T4999] path_listxattr+0xae/0x140
[ 42.781768][ T4999] ? listxattr+0x180/0x180
[ 42.786258][ T4999] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.791449][ T4999] ? _raw_spin_unlock_irq+0x2e/0x50
[ 42.796637][ T4999] ? ptrace_notify+0xfe/0x140
[ 42.801304][ T4999] do_syscall_64+0x39/0xb0
[ 42.805705][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.811593][ T4999] RIP: 0033:0x7f4883367779
[ 42.815990][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 42.835583][ T4999] RSP: 002b:00007ffc2714fec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[ 42.843997][ T4999] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4883367779
[ 42.851950][ T4999] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[ 42.859994][ T4999] RBP: 00007f4883327010 R08: 0000000000000603 R09: 0000000000000000
[ 42.867957][ T4999] R10: 00007ffc2714fd90 R11: 0000000000000246 R12: 00007f48833270a0
[ 42.876000][ T4999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 42.883958][ T4999]
[ 42.886959][ T4999]
[ 42.889262][ T4999] Allocated by task 4999:
[ 42.893568][ T4999] kasan_save_stack+0x22/0x40
[ 42.898241][ T4999] kasan_set_track+0x25/0x30
[ 42.902825][ T4999] __kasan_kmalloc+0xa2/0xb0
[ 42.907407][ T4999] __kmalloc+0x5e/0x190
[ 42.911546][ T4999] hfsplus_find_init+0x95/0x230
[ 42.916389][ T4999] hfsplus_listxattr+0x333/0xbe0
[ 42.921319][ T4999] vfs_listxattr+0xb7/0x130
[ 42.925835][ T4999] listxattr+0x70/0x180
[ 42.929977][ T4999] path_listxattr+0xae/0x140
[ 42.934556][ T4999] do_syscall_64+0x39/0xb0
[ 42.938953][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.944837][ T4999]
[ 42.947144][ T4999] The buggy address belongs to the object at ffff888076e31000
[ 42.947144][ T4999] which belongs to the cache kmalloc-1k of size 1024
[ 42.961183][ T4999] The buggy address is located 0 bytes to the right of
[ 42.961183][ T4999] allocated 536-byte region [ffff888076e31000, ffff888076e31218)
[ 42.975682][ T4999]
[ 42.977992][ T4999] The buggy address belongs to the physical page:
[ 42.984379][ T4999] page:ffffea0001db8c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888076e37800 pfn:0x76e30
[ 42.995926][ T4999] head:ffffea0001db8c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 43.004942][ T4999] anon flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 43.013337][ T4999] page_type: 0xffffffff()
[ 43.017654][ T4999] raw: 00fff00000010200 ffff888012441dc0 0000000000000000 0000000000000001
[ 43.026223][ T4999] raw: ffff888076e37800 000000008010000b 00000001ffffffff 0000000000000000
[ 43.034786][ T4999] page dumped because: kasan: bad access detected
[ 43.041177][ T4999] page_owner tracks the page as allocated
[ 43.046869][ T4999] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4671, tgid 4671 (dhcpcd), ts 20812153063, free_ts 20782987547
[ 43.067081][ T4999] post_alloc_hook+0x2db/0x350
[ 43.071927][ T4999] get_page_from_freelist+0xf41/0x2c00
[ 43.077377][ T4999] __alloc_pages+0x1cb/0x4a0
[ 43.081957][ T4999] alloc_pages+0x1aa/0x270
[ 43.086378][ T4999] allocate_slab+0x25f/0x390
[ 43.090955][ T4999] ___slab_alloc+0xa91/0x1400
[ 43.095618][ T4999] __slab_alloc.constprop.0+0x56/0xa0
[ 43.100980][ T4999] __kmem_cache_alloc_node+0x136/0x320
[ 43.106428][ T4999] __kmalloc+0x4e/0x190
[ 43.110584][ T4999] tomoyo_init_log+0x1290/0x1f00
[ 43.115509][ T4999] tomoyo_supervisor+0x34e/0xec0
[ 43.120440][ T4999] tomoyo_env_perm+0x183/0x200
[ 43.125188][ T4999] tomoyo_find_next_domain+0x148f/0x1ff0
[ 43.130801][ T4999] tomoyo_bprm_check_security+0x136/0x1d0
[ 43.136518][ T4999] security_bprm_check+0x49/0xb0
[ 43.141444][ T4999] bprm_execve+0x740/0x1980
[ 43.145941][ T4999] page last free stack trace:
[ 43.150591][ T4999] free_unref_page_prepare+0x62e/0xcb0
[ 43.156038][ T4999] free_unref_page+0x33/0x370
[ 43.160704][ T4999] __unfreeze_partials+0x17c/0x1a0
[ 43.165804][ T4999] qlist_free_all+0x6a/0x170
[ 43.170398][ T4999] kasan_quarantine_reduce+0x195/0x220
[ 43.175845][ T4999] __kasan_slab_alloc+0x63/0x90
[ 43.180682][ T4999] kmem_cache_alloc_node+0x185/0x3e0
[ 43.185955][ T4999] __alloc_skb+0x288/0x330
[ 43.190356][ T4999] netlink_sendmsg+0x9b0/0xe30
[ 43.195102][ T4999] sock_sendmsg+0xde/0x190
[ 43.199500][ T4999] ____sys_sendmsg+0x71c/0x900
[ 43.204242][ T4999] ___sys_sendmsg+0x110/0x1b0
[ 43.208906][ T4999] __sys_sendmsg+0xf7/0x1c0
[ 43.213396][ T4999] do_syscall_64+0x39/0xb0
[ 43.217797][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.223682][ T4999]
[ 43.225983][ T4999] Memory state around the buggy address:
[ 43.231593][ T4999] ffff888076e31100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.239636][ T4999] ffff888076e31180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.247677][ T4999] >ffff888076e31200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.255714][ T4999] ^
[ 43.260539][ T4999] ffff888076e31280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.268584][ T4999] ffff888076e31300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.276621][ T4999] ==================================================================
[ 43.285009][ T4999] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 43.292201][ T4999] CPU: 0 PID: 4999 Comm: syz-executor249 Not tainted 6.4.0-rc6-syzkaller-00269-g1b29d271614a #0
[ 43.302693][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 43.312723][ T4999] Call Trace:
[ 43.315991][ T4999]
[ 43.318899][ T4999] dump_stack_lvl+0xd9/0x150
[ 43.323464][ T4999] panic+0x686/0x730
[ 43.327338][ T4999] ? panic_smp_self_stop+0xa0/0xa0
[ 43.332426][ T4999] ? preempt_schedule_thunk+0x1a/0x20
[ 43.337774][ T4999] ? preempt_schedule_common+0x45/0xb0
[ 43.343221][ T4999] check_panic_on_warn+0xb1/0xc0
[ 43.348136][ T4999] end_report+0xe9/0x120
[ 43.352443][ T4999] ? hfsplus_uni2asc+0x953/0xa50
[ 43.357360][ T4999] kasan_report+0xf9/0x130
[ 43.361756][ T4999] ? hfsplus_uni2asc+0x953/0xa50
[ 43.366673][ T4999] ? char2uni+0x130/0x130
[ 43.370977][ T4999] hfsplus_uni2asc+0x953/0xa50
[ 43.375731][ T4999] ? char2uni+0x130/0x130
[ 43.380034][ T4999] ? hfsplus_bnode_read+0xb8/0x150
[ 43.385138][ T4999] hfsplus_listxattr+0x5b7/0xbe0
[ 43.390058][ T4999] ? hfsplus_getxattr+0x120/0x120
[ 43.395062][ T4999] ? kasan_save_stack+0x22/0x40
[ 43.399976][ T4999] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.406027][ T4999] ? find_held_lock+0x2d/0x110
[ 43.410769][ T4999] ? find_held_lock+0x2d/0x110
[ 43.415506][ T4999] ? __kmem_cache_alloc_node+0x48/0x320
[ 43.421117][ T4999] ? __kmem_cache_alloc_node+0x1b0/0x320
[ 43.426730][ T4999] ? kvmalloc_node+0xa2/0x1a0
[ 43.431385][ T4999] ? rcu_is_watching+0x12/0xb0
[ 43.436126][ T4999] ? __kmalloc_node+0xfb/0x1a0
[ 43.440950][ T4999] ? hfsplus_getxattr+0x120/0x120
[ 43.445953][ T4999] vfs_listxattr+0xb7/0x130
[ 43.450520][ T4999] listxattr+0x70/0x180
[ 43.454649][ T4999] path_listxattr+0xae/0x140
[ 43.459219][ T4999] ? listxattr+0x180/0x180
[ 43.463612][ T4999] ? lockdep_hardirqs_on+0x7d/0x100
[ 43.468803][ T4999] ? _raw_spin_unlock_irq+0x2e/0x50
[ 43.473997][ T4999] ? ptrace_notify+0xfe/0x140
[ 43.478660][ T4999] do_syscall_64+0x39/0xb0
[ 43.483048][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.488921][ T4999] RIP: 0033:0x7f4883367779
[ 43.493311][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.512894][ T4999] RSP: 002b:00007ffc2714fec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[ 43.521283][ T4999] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4883367779
[ 43.529227][ T4999] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[ 43.537174][ T4999] RBP: 00007f4883327010 R08: 0000000000000603 R09: 0000000000000000
[ 43.545118][ T4999] R10: 00007ffc2714fd90 R11: 0000000000000246 R12: 00007f48833270a0
[ 43.553064][ T4999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 43.561011][ T4999]
[ 43.565089][ T4999] Kernel Offset: disabled
[ 43.569481][ T4999] Rebooting in 86400 seconds..