./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1107324412
<...>
5292][ T28] audit: type=1400 audit(1709676767.356:81): avc: denied { siginh } for pid=4907 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 60.368759][ T28] audit: type=1400 audit(1709676768.176:82): avc: denied { read } for pid=4490 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 60.391951][ T28] audit: type=1400 audit(1709676768.176:83): avc: denied { append } for pid=4490 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 60.419744][ T28] audit: type=1400 audit(1709676768.176:84): avc: denied { open } for pid=4490 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 60.443771][ T28] audit: type=1400 audit(1709676768.176:85): avc: denied { getattr } for pid=4490 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts.
execve("./syz-executor1107324412", ["./syz-executor1107324412"], 0x7ffd683f2840 /* 10 vars */) = 0
brk(NULL) = 0x555555569000
brk(0x555555569d00) = 0x555555569d00
arch_prctl(ARCH_SET_FS, 0x555555569380) = 0
set_tid_address(0x555555569650) = 5057
set_robust_list(0x555555569660, 24) = 0
rseq(0x555555569ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1107324412", 4096) = 28
getrandom("\x72\x7d\xbe\xe3\xea\x73\x6c\x8f", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555569d00
brk(0x55555558ad00) = 0x55555558ad00
brk(0x55555558b000) = 0x55555558b000
mprotect(0x7fd3e641f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3dde00000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[ 77.241790][ T28] audit: type=1400 audit(1709676785.046:86): avc: denied { execmem } for pid=5057 comm="syz-executor110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
munmap(0x7fd3dde00000, 138412032) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
[ 77.303674][ T28] audit: type=1400 audit(1709676785.106:87): avc: denied { read write } for pid=5057 comm="syz-executor110" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 77.319074][ T5057] loop0: detected capacity change from 0 to 1024
close(4) = 0
mkdir("./file0", 0777) = 0
[ 77.328147][ T28] audit: type=1400 audit(1709676785.106:88): avc: denied { open } for pid=5057 comm="syz-executor110" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 77.358769][ T28] audit: type=1400 audit(1709676785.126:89): avc: denied { ioctl } for pid=5057 comm="syz-executor110" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
mount("/dev/loop0", "./file0", "hfsplus", MS_NODIRATIME|MS_SILENT, "\x74\x79\x70\x65\x3d\xfa\x35\x4a\x6d\x2c\x6e\x6c\x73\x3d\x69\x73\x6f\x38\x38\x35\x39\x2d\x31\x2c") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 77.387560][ T28] audit: type=1400 audit(1709676785.196:90): avc: denied { mounton } for pid=5057 comm="syz-executor110" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 77.427110][ T28] audit: type=1400 audit(1709676785.236:91): avc: denied { mount } for pid=5057 comm="syz-executor110" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[ 77.459154][ T5057] ==================================================================
[ 77.467256][ T5057] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20
[ 77.474901][ T5057] Read of size 2 at addr ffff88801aaeb40c by task syz-executor110/5057
[ 77.483127][ T5057]
[ 77.485439][ T5057] CPU: 1 PID: 5057 Comm: syz-executor110 Not tainted 6.8.0-rc7-syzkaller #0
[ 77.494097][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 77.504167][ T5057] Call Trace:
[ 77.507438][ T5057]
[ 77.510359][ T5057] dump_stack_lvl+0xd9/0x1b0
[ 77.514980][ T5057] print_report+0xc4/0x620
[ 77.519386][ T5057] ? __virt_addr_valid+0x5e/0x580
[ 77.524397][ T5057] ? __phys_addr+0xc6/0x150
[ 77.528888][ T5057] kasan_report+0xda/0x110
[ 77.533297][ T5057] ? hfsplus_uni2asc+0x910/0xa20
[ 77.538228][ T5057] ? hfsplus_uni2asc+0x910/0xa20
[ 77.543165][ T5057] hfsplus_uni2asc+0x910/0xa20
[ 77.547960][ T5057] hfsplus_readdir+0x87b/0x1000
[ 77.552830][ T5057] ? __pfx_hfsplus_readdir+0x10/0x10
[ 77.558115][ T5057] ? _find_first_zero_bit+0x94/0xb0
[ 77.563310][ T5057] ? lockdep_unlock+0x11b/0x2a0
[ 77.568159][ T5057] ? down_read_killable+0xcc/0x380
[ 77.573274][ T5057] ? __pfx_down_read_killable+0x10/0x10
[ 77.578808][ T5057] ? selinux_file_permission+0x126/0x590
[ 77.584435][ T5057] iterate_dir+0x292/0x9e0
[ 77.588848][ T5057] __x64_sys_getdents64+0x14f/0x2e0
[ 77.594041][ T5057] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 77.599754][ T5057] ? __pfx_filldir64+0x10/0x10
[ 77.604513][ T5057] ? lockdep_hardirqs_on+0x7d/0x110
[ 77.609703][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50
[ 77.614934][ T5057] ? ptrace_notify+0xf4/0x140
[ 77.619632][ T5057] do_syscall_64+0xd5/0x270
[ 77.624133][ T5057] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 77.630026][ T5057] RIP: 0033:0x7fd3e63ac649
[ 77.634429][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.654027][ T5057] RSP: 002b:00007ffd674657c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 77.662431][ T5057] RAX: ffffffffffffffda RBX: 00007ffd67465998 RCX: 00007fd3e63ac649
[ 77.670829][ T5057] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 77.678806][ T5057] RBP: 00007fd3e641f610 R08: 0000000000000651 R09: 00007ffd67465998
[ 77.686774][ T5057] R10: 00007ffd67465680 R11: 0000000000000246 R12: 0000000000000001
[ 77.694736][ T5057] R13: 00007ffd67465988 R14: 0000000000000001 R15: 0000000000000001
[ 77.702698][ T5057]
[ 77.705703][ T5057]
[ 77.708108][ T5057] Allocated by task 5057:
[ 77.712420][ T5057] kasan_save_stack+0x33/0x60
[ 77.717091][ T5057] kasan_save_track+0x14/0x30
[ 77.721757][ T5057] __kasan_kmalloc+0xaa/0xb0
[ 77.726356][ T5057] __kmalloc+0x1f9/0x440
[ 77.730615][ T5057] hfsplus_find_init+0x95/0x200
[ 77.735472][ T5057] hfsplus_readdir+0x266/0x1000
[ 77.740311][ T5057] iterate_dir+0x292/0x9e0
[ 77.744722][ T5057] __x64_sys_getdents64+0x14f/0x2e0
[ 77.750088][ T5057] do_syscall_64+0xd5/0x270
[ 77.754585][ T5057] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 77.760477][ T5057]
[ 77.762788][ T5057] The buggy address belongs to the object at ffff88801aaeb000
[ 77.762788][ T5057] which belongs to the cache kmalloc-2k of size 2048
[ 77.776824][ T5057] The buggy address is located 0 bytes to the right of
[ 77.776824][ T5057] allocated 1036-byte region [ffff88801aaeb000, ffff88801aaeb40c)
[ 77.791390][ T5057]
[ 77.793700][ T5057] The buggy address belongs to the physical page:
[ 77.800569][ T5057] page:ffffea00006aba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1aae8
[ 77.810716][ T5057] head:ffffea00006aba00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 77.819637][ T5057] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 77.827602][ T5057] page_type: 0xffffffff()
[ 77.831926][ T5057] raw: 00fff00000000840 ffff888014c42000 dead000000000100 dead000000000122
[ 77.840500][ T5057] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 77.849065][ T5057] page dumped because: kasan: bad access detected
[ 77.855459][ T5057] page_owner tracks the page as allocated
[ 77.861155][ T5057] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3644680840, free_ts 0
[ 77.880770][ T5057] post_alloc_hook+0x2d4/0x350
[ 77.885548][ T5057] get_page_from_freelist+0xa28/0x3780
[ 77.891012][ T5057] __alloc_pages+0x22f/0x2440
[ 77.895685][ T5057] new_slab+0xcc/0x3a0
[ 77.899744][ T5057] ___slab_alloc+0x4af/0x19a0
[ 77.904411][ T5057] __slab_alloc.constprop.0+0x56/0xb0
[ 77.909771][ T5057] kmalloc_trace+0x30b/0x340
[ 77.914351][ T5057] acpi_ds_create_walk_state+0x78/0x250
[ 77.919897][ T5057] acpi_ds_execute_arguments+0x70/0x2c0
[ 77.925440][ T5057] acpi_ds_get_package_arguments+0xdf/0x150
[ 77.931328][ T5057] acpi_ns_init_one_package+0x82/0x110
[ 77.936786][ T5057] acpi_ns_init_one_object+0x269/0x4d0
[ 77.942241][ T5057] acpi_ns_walk_namespace+0x405/0x5b0
[ 77.947603][ T5057] acpi_walk_namespace+0x110/0x130
[ 77.952707][ T5057] acpi_ns_initialize_objects+0xa3/0x120
[ 77.958332][ T5057] acpi_load_tables+0x62/0x110
[ 77.963094][ T5057] page_owner free stack trace missing
[ 77.968460][ T5057]
[ 77.970773][ T5057] Memory state around the buggy address:
[ 77.976386][ T5057] ffff88801aaeb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.984437][ T5057] ffff88801aaeb380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.992488][ T5057] >ffff88801aaeb400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.000564][ T5057] ^
[ 78.004877][ T5057] ffff88801aaeb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.012929][ T5057] ffff88801aaeb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.021067][ T5057] ==================================================================
[ 78.029695][ T5057] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 78.036909][ T5057] CPU: 0 PID: 5057 Comm: syz-executor110 Not tainted 6.8.0-rc7-syzkaller #0
[ 78.045602][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 78.055660][ T5057] Call Trace:
[ 78.058940][ T5057]
[ 78.061874][ T5057] dump_stack_lvl+0xd9/0x1b0
[ 78.066485][ T5057] panic+0x6ee/0x7a0
[ 78.070393][ T5057] ? __pfx_panic+0x10/0x10
[ 78.074817][ T5057] ? preempt_schedule_thunk+0x1a/0x30
[ 78.080206][ T5057] ? preempt_schedule_common+0x45/0xd0
[ 78.085683][ T5057] ? check_panic_on_warn+0x1f/0xb0
[ 78.090803][ T5057] check_panic_on_warn+0xab/0xb0
[ 78.095751][ T5057] end_report+0x108/0x150
[ 78.100096][ T5057] kasan_report+0xea/0x110
[ 78.104516][ T5057] ? hfsplus_uni2asc+0x910/0xa20
[ 78.109794][ T5057] ? hfsplus_uni2asc+0x910/0xa20
[ 78.114738][ T5057] hfsplus_uni2asc+0x910/0xa20
[ 78.119513][ T5057] hfsplus_readdir+0x87b/0x1000
[ 78.124446][ T5057] ? __pfx_hfsplus_readdir+0x10/0x10
[ 78.129736][ T5057] ? _find_first_zero_bit+0x94/0xb0
[ 78.134953][ T5057] ? lockdep_unlock+0x11b/0x2a0
[ 78.139814][ T5057] ? down_read_killable+0xcc/0x380
[ 78.144930][ T5057] ? __pfx_down_read_killable+0x10/0x10
[ 78.150482][ T5057] ? selinux_file_permission+0x126/0x590
[ 78.156122][ T5057] iterate_dir+0x292/0x9e0
[ 78.160638][ T5057] __x64_sys_getdents64+0x14f/0x2e0
[ 78.165879][ T5057] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 78.171712][ T5057] ? __pfx_filldir64+0x10/0x10
[ 78.176497][ T5057] ? lockdep_hardirqs_on+0x7d/0x110
[ 78.181698][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50
[ 78.186907][ T5057] ? ptrace_notify+0xf4/0x140
[ 78.191591][ T5057] do_syscall_64+0xd5/0x270
[ 78.196102][ T5057] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 78.202013][ T5057] RIP: 0033:0x7fd3e63ac649
[ 78.206436][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.226224][ T5057] RSP: 002b:00007ffd674657c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 78.234643][ T5057] RAX: ffffffffffffffda RBX: 00007ffd67465998 RCX: 00007fd3e63ac649
[ 78.242615][ T5057] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 78.250609][ T5057] RBP: 00007fd3e641f610 R08: 0000000000000651 R09: 00007ffd67465998
[ 78.258580][ T5057] R10: 00007ffd67465680 R11: 0000000000000246 R12: 0000000000000001
[ 78.266568][ T5057] R13: 00007ffd67465988 R14: 0000000000000001 R15: 0000000000000001
[ 78.274546][ T5057]
[ 78.277831][ T5057] Kernel Offset: disabled
[ 78.282164][ T5057] Rebooting in 86400 seconds..