./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1156438678
<...>
Warning: Permanently added '10.128.10.20' (ED25519) to the list of known hosts.
execve("./syz-executor1156438678", ["./syz-executor1156438678"], 0x7ffe42906d90 /* 10 vars */) = 0
brk(NULL) = 0x5555561ee000
brk(0x5555561eed00) = 0x5555561eed00
arch_prctl(ARCH_SET_FS, 0x5555561ee380) = 0
set_tid_address(0x5555561ee650) = 5033
set_robust_list(0x5555561ee660, 24) = 0
rseq(0x5555561eeca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1156438678", 4096) = 28
getrandom("\xb5\xe4\x45\x4a\xe5\x1c\x78\xa5", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555561eed00
brk(0x55555620fd00) = 0x55555620fd00
brk(0x555556210000) = 0x555556210000
mprotect(0x7f0fefde3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fe7933000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f0fe7933000, 524288) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./bus", 0777) = 0
mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_NOATIME|MS_POSIXACL, "") = 0
openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
chdir("./bus") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 62.637663][ T5033] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5033 'syz-executor115'
[ 62.655594][ T5033] loop0: detected capacity change from 0 to 1024
[ 62.669803][ T5033] hfsplus: request for non-existent node 32768 in B*Tree
[ 62.676884][ T5033] hfsplus: request for non-existent node 32768 in B*Tree
[ 62.685194][ T5033] ==================================================================
[ 62.693301][ T5033] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x232/0x250
[ 62.701251][ T5033] Read of size 8 at addr ffff888028dc9cc0 by task syz-executor115/5033
[ 62.709521][ T5033]
[ 62.711857][ T5033] CPU: 0 PID: 5033 Comm: syz-executor115 Not tainted 6.5.0-rc4-next-20230804-syzkaller #0
[ 62.721784][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 62.731849][ T5033] Call Trace:
[ 62.735135][ T5033]
[ 62.738075][ T5033] dump_stack_lvl+0xd9/0x1b0
[ 62.742692][ T5033] print_report+0xc4/0x620
[ 62.747145][ T5033] ? __virt_addr_valid+0x5e/0x2d0
[ 62.752188][ T5033] ? __phys_addr+0xc6/0x140
[ 62.756712][ T5033] kasan_report+0xda/0x110
[ 62.761159][ T5033] ? hfsplus_bnode_read+0x232/0x250
[ 62.766385][ T5033] ? hfsplus_bnode_read+0x232/0x250
[ 62.771610][ T5033] hfsplus_bnode_read+0x232/0x250
[ 62.776666][ T5033] hfsplus_bnode_dump+0x2a2/0x3d0
[ 62.781722][ T5033] ? hfsplus_bnode_move+0x910/0x910
[ 62.786948][ T5033] ? hfsplus_bnode_write_u16+0x84/0xb0
[ 62.792610][ T5033] ? hfsplus_bnode_move+0x2a/0x910
[ 62.797776][ T5033] ? srcu_invoke_callbacks+0xb0/0x460
[ 62.803196][ T5033] ? __mark_inode_dirty+0x297/0xd50
[ 62.808424][ T5033] hfsplus_brec_remove+0x3de/0x4f0
[ 62.813569][ T5033] __hfsplus_delete_attr+0x29e/0x3b0
[ 62.818879][ T5033] ? hfsplus_find_exit+0xc0/0xc0
[ 62.823840][ T5033] ? hfsplus_part_find+0xbb0/0xbb0
[ 62.828987][ T5033] hfsplus_delete_all_attrs+0x26d/0x330
[ 62.834563][ T5033] ? do_raw_spin_lock+0x12e/0x2b0
[ 62.839614][ T5033] ? hfsplus_delete_attr+0x300/0x300
[ 62.844934][ T5033] ? spin_bug+0x1d0/0x1d0
[ 62.849290][ T5033] ? rcu_is_watching+0x12/0xb0
[ 62.854076][ T5033] ? __mark_inode_dirty+0x599/0xd50
[ 62.859302][ T5033] hfsplus_delete_cat+0x819/0xd90
[ 62.864350][ T5033] ? trace_contention_end+0xd6/0x100
[ 62.869653][ T5033] ? hfsplus_create_cat+0x10a0/0x10a0
[ 62.875052][ T5033] ? lock_acquire+0x464/0x510
[ 62.879763][ T5033] hfsplus_unlink+0x213/0x7f0
[ 62.884470][ T5033] ? hfsplus_symlink+0x2b0/0x2b0
[ 62.889437][ T5033] ? down_write_killable_nested+0x250/0x250
[ 62.895369][ T5033] vfs_unlink+0x2f1/0x900
[ 62.899759][ T5033] ? bpf_lsm_path_unlink+0x9/0x10
[ 62.904799][ T5033] do_unlinkat+0x3da/0x6d0
[ 62.909328][ T5033] ? __ia32_sys_rmdir+0x110/0x110
[ 62.914381][ T5033] ? __check_object_size+0x323/0x740
[ 62.919690][ T5033] ? getname_flags.part.0+0x1d5/0x4d0
[ 62.925107][ T5033] __x64_sys_unlink+0xc8/0x110
[ 62.929895][ T5033] do_syscall_64+0x38/0xb0
[ 62.934332][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.940251][ T5033] RIP: 0033:0x7f0fefd705f9
[ 62.944767][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.964385][ T5033] RSP: 002b:00007fff6a2086a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 62.972811][ T5033] RAX: ffffffffffffffda RBX: 00007fff6a208888 RCX: 00007f0fefd705f9
[ 62.980792][ T5033] RDX: 00007f0fefd6f8f0 RSI: 0000000000000000 RDI: 0000000020000140
[ 62.988803][ T5033] RBP: 00007f0fefde3610 R08: 0000000000000640 R09: 0000000000000000
[ 62.996802][ T5033] R10: 00007fff6a208570 R11: 0000000000000246 R12: 0000000000000001
[ 63.004797][ T5033] R13: 00007fff6a208878 R14: 0000000000000001 R15: 0000000000000001
[ 63.012791][ T5033]
[ 63.015826][ T5033]
[ 63.018152][ T5033] Allocated by task 5033:
[ 63.022485][ T5033] kasan_save_stack+0x33/0x50
[ 63.027195][ T5033] kasan_set_track+0x25/0x30
[ 63.031811][ T5033] __kasan_kmalloc+0xa2/0xb0
[ 63.036427][ T5033] __kmalloc+0x60/0x100
[ 63.040608][ T5033] __hfs_bnode_create+0x108/0x860
[ 63.045658][ T5033] hfsplus_bnode_find+0x2c4/0xcb0
[ 63.050731][ T5033] hfsplus_brec_find+0x2b9/0x520
[ 63.055717][ T5033] hfsplus_delete_all_attrs+0x246/0x330
[ 63.061299][ T5033] hfsplus_delete_cat+0x819/0xd90
[ 63.066379][ T5033] hfsplus_unlink+0x213/0x7f0
[ 63.071099][ T5033] vfs_unlink+0x2f1/0x900
[ 63.075444][ T5033] do_unlinkat+0x3da/0x6d0
[ 63.079883][ T5033] __x64_sys_unlink+0xc8/0x110
[ 63.084668][ T5033] do_syscall_64+0x38/0xb0
[ 63.089127][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.095059][ T5033]
[ 63.097401][ T5033] Last potentially related work creation:
[ 63.103114][ T5033] kasan_save_stack+0x33/0x50
[ 63.107815][ T5033] __kasan_record_aux_stack+0xbc/0xd0
[ 63.113198][ T5033] insert_work+0x4a/0x330
[ 63.117540][ T5033] __queue_work+0x5f5/0x1040
[ 63.122185][ T5033] queue_work_on+0xed/0x110
[ 63.126708][ T5033] call_usermodehelper_exec+0x1d2/0x4c0
[ 63.132286][ T5033] kobject_uevent_env+0xf6d/0x1800
[ 63.137407][ T5033] param_sysfs_builtin_init+0x327/0x450
[ 63.142986][ T5033] do_one_initcall+0x117/0x630
[ 63.147825][ T5033] kernel_init_freeable+0x5bd/0x8f0
[ 63.153054][ T5033] kernel_init+0x1c/0x2a0
[ 63.157403][ T5033] ret_from_fork+0x2c/0x70
[ 63.161868][ T5033] ret_from_fork_asm+0x11/0x20
[ 63.166690][ T5033]
[ 63.169022][ T5033] The buggy address belongs to the object at ffff888028dc9c00
[ 63.169022][ T5033] which belongs to the cache kmalloc-192 of size 192
[ 63.183088][ T5033] The buggy address is located 40 bytes to the right of
[ 63.183088][ T5033] allocated 152-byte region [ffff888028dc9c00, ffff888028dc9c98)
[ 63.197683][ T5033]
[ 63.200012][ T5033] The buggy address belongs to the physical page:
[ 63.206424][ T5033] page:ffffea0000a37240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28dc9
[ 63.216586][ T5033] anon flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 63.224575][ T5033] page_type: 0xffffffff()
[ 63.228947][ T5033] raw: 00fff00000000200 ffff888012841a00 0000000000000000 0000000000000001
[ 63.237555][ T5033] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 63.246146][ T5033] page dumped because: kasan: bad access detected
[ 63.252565][ T5033] page_owner tracks the page as allocated
[ 63.258280][ T5033] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 24398955976, free_ts 24384829049
[ 63.275835][ T5033] post_alloc_hook+0x2d2/0x350
[ 63.280658][ T5033] get_page_from_freelist+0x10d7/0x31b0
[ 63.286243][ T5033] __alloc_pages+0x1d0/0x4a0
[ 63.290891][ T5033] alloc_page_interleave+0x1e/0x250
[ 63.296118][ T5033] alloc_pages+0x22a/0x270
[ 63.300557][ T5033] allocate_slab+0x24e/0x380
[ 63.305171][ T5033] ___slab_alloc+0x8bc/0x1570
[ 63.309871][ T5033] __slab_alloc.constprop.0+0x56/0xa0
[ 63.315265][ T5033] __kmem_cache_alloc_node+0x137/0x350
[ 63.320748][ T5033] kmalloc_trace+0x25/0xe0
[ 63.325189][ T5033] call_usermodehelper_setup+0x9a/0x340
[ 63.330747][ T5033] kobject_uevent_env+0xf4e/0x1800
[ 63.335891][ T5033] param_sysfs_builtin_init+0x327/0x450
[ 63.341448][ T5033] do_one_initcall+0x117/0x630
[ 63.346247][ T5033] kernel_init_freeable+0x5bd/0x8f0
[ 63.351465][ T5033] kernel_init+0x1c/0x2a0
[ 63.355822][ T5033] page last free stack trace:
[ 63.360498][ T5033] free_unref_page_prepare+0x508/0xb90
[ 63.365990][ T5033] free_unref_page+0x33/0x3b0
[ 63.370805][ T5033] kasan_depopulate_vmalloc_pte+0x63/0x80
[ 63.376540][ T5033] __apply_to_page_range+0x5ed/0xdb0
[ 63.381837][ T5033] kasan_release_vmalloc+0xa8/0xc0
[ 63.386959][ T5033] __purge_vmap_area_lazy+0x8b9/0x2160
[ 63.392433][ T5033] drain_vmap_area_work+0x54/0xd0
[ 63.397472][ T5033] process_one_work+0xaa2/0x16f0
[ 63.402426][ T5033] worker_thread+0x687/0x1110
[ 63.407118][ T5033] kthread+0x33a/0x430
[ 63.411195][ T5033] ret_from_fork+0x2c/0x70
[ 63.415624][ T5033] ret_from_fork_asm+0x11/0x20
[ 63.420420][ T5033]
[ 63.422748][ T5033] Memory state around the buggy address:
[ 63.428384][ T5033] ffff888028dc9b80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.436462][ T5033] ffff888028dc9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 63.444541][ T5033] >ffff888028dc9c80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.452607][ T5033] ^
[ 63.458759][ T5033] ffff888028dc9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 63.466828][ T5033] ffff888028dc9d80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.474893][ T5033] ==================================================================
[ 63.483308][ T5033] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 63.490562][ T5033] CPU: 1 PID: 5033 Comm: syz-executor115 Not tainted 6.5.0-rc4-next-20230804-syzkaller #0
[ 63.500494][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 63.510580][ T5033] Call Trace:
[ 63.513876][ T5033]
[ 63.516822][ T5033] dump_stack_lvl+0xd9/0x1b0
[ 63.521473][ T5033] panic+0x6a4/0x750
[ 63.525418][ T5033] ? panic_smp_self_stop+0xa0/0xa0
[ 63.530745][ T5033] ? preempt_schedule_thunk+0x1a/0x30
[ 63.536173][ T5033] ? preempt_schedule_common+0x45/0xc0
[ 63.541679][ T5033] check_panic_on_warn+0xab/0xb0
[ 63.546649][ T5033] end_report+0x108/0x150
[ 63.551021][ T5033] kasan_report+0xea/0x110
[ 63.555670][ T5033] ? hfsplus_bnode_read+0x232/0x250
[ 63.560917][ T5033] ? hfsplus_bnode_read+0x232/0x250
[ 63.566196][ T5033] hfsplus_bnode_read+0x232/0x250
[ 63.571265][ T5033] hfsplus_bnode_dump+0x2a2/0x3d0
[ 63.576337][ T5033] ? hfsplus_bnode_move+0x910/0x910
[ 63.581682][ T5033] ? hfsplus_bnode_write_u16+0x84/0xb0
[ 63.587249][ T5033] ? hfsplus_bnode_move+0x2a/0x910
[ 63.592421][ T5033] ? srcu_invoke_callbacks+0xb0/0x460
[ 63.597863][ T5033] ? __mark_inode_dirty+0x297/0xd50
[ 63.603109][ T5033] hfsplus_brec_remove+0x3de/0x4f0
[ 63.608288][ T5033] __hfsplus_delete_attr+0x29e/0x3b0
[ 63.613628][ T5033] ? hfsplus_find_exit+0xc0/0xc0
[ 63.618615][ T5033] ? hfsplus_part_find+0xbb0/0xbb0
[ 63.623779][ T5033] hfsplus_delete_all_attrs+0x26d/0x330
[ 63.629369][ T5033] ? do_raw_spin_lock+0x12e/0x2b0
[ 63.634430][ T5033] ? hfsplus_delete_attr+0x300/0x300
[ 63.639756][ T5033] ? spin_bug+0x1d0/0x1d0
[ 63.644130][ T5033] ? rcu_is_watching+0x12/0xb0
[ 63.648915][ T5033] ? __mark_inode_dirty+0x599/0xd50
[ 63.654166][ T5033] hfsplus_delete_cat+0x819/0xd90
[ 63.659225][ T5033] ? trace_contention_end+0xd6/0x100
[ 63.664535][ T5033] ? hfsplus_create_cat+0x10a0/0x10a0
[ 63.670055][ T5033] ? lock_acquire+0x464/0x510
[ 63.674783][ T5033] hfsplus_unlink+0x213/0x7f0
[ 63.679513][ T5033] ? hfsplus_symlink+0x2b0/0x2b0
[ 63.684504][ T5033] ? down_write_killable_nested+0x250/0x250
[ 63.690432][ T5033] vfs_unlink+0x2f1/0x900
[ 63.694849][ T5033] ? bpf_lsm_path_unlink+0x9/0x10
[ 63.699991][ T5033] do_unlinkat+0x3da/0x6d0
[ 63.704444][ T5033] ? __ia32_sys_rmdir+0x110/0x110
[ 63.709508][ T5033] ? __check_object_size+0x323/0x740
[ 63.714826][ T5033] ? getname_flags.part.0+0x1d5/0x4d0
[ 63.720226][ T5033] __x64_sys_unlink+0xc8/0x110
[ 63.725030][ T5033] do_syscall_64+0x38/0xb0
[ 63.729484][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.735412][ T5033] RIP: 0033:0x7f0fefd705f9
[ 63.739848][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 63.759649][ T5033] RSP: 002b:00007fff6a2086a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 63.768112][ T5033] RAX: ffffffffffffffda RBX: 00007fff6a208888 RCX: 00007f0fefd705f9
[ 63.776102][ T5033] RDX: 00007f0fefd6f8f0 RSI: 0000000000000000 RDI: 0000000020000140
[ 63.784091][ T5033] RBP: 00007f0fefde3610 R08: 0000000000000640 R09: 0000000000000000
[ 63.792166][ T5033] R10: 00007fff6a208570 R11: 0000000000000246 R12: 0000000000000001
[ 63.800511][ T5033] R13: 00007fff6a208878 R14: 0000000000000001 R15: 0000000000000001
[ 63.808508][ T5033]
[ 63.811851][ T5033] Kernel Offset: disabled
[ 63.816186][ T5033] Rebooting in 86400 seconds..