./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3235465832 <...> Warning: Permanently added '10.128.0.108' (ED25519) to the list of known hosts. execve("./syz-executor3235465832", ["./syz-executor3235465832"], 0x7ffc449a1d70 /* 10 vars */) = 0 brk(NULL) = 0x5555807fa000 brk(0x5555807fad00) = 0x5555807fad00 arch_prctl(ARCH_SET_FS, 0x5555807fa380) = 0 set_tid_address(0x5555807fa650) = 5042 set_robust_list(0x5555807fa660, 24) = 0 rseq(0x5555807faca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3235465832", 4096) = 28 getrandom("\xbe\x16\x75\xa4\xef\x21\xb8\x67", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555807fad00 brk(0x55558081bd00) = 0x55558081bd00 brk(0x55558081c000) = 0x55558081c000 mprotect(0x7f541383e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555807fa650) = 5043 ./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x5555807fa660, 24) = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] memfd_create("syzkaller", 0) = 3 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f540b200000 [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5043] munmap(0x7f540b200000, 138412032) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5043] close(3) = 0 [pid 5043] close(4) = 0 [pid 5043] mkdir("./bus", 0777) = 0 [ 159.916413][ T5043] loop0: detected capacity change from 0 to 64 [pid 5043] mount("/dev/loop0", "./bus", "hfs", MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_I_VERSION|MS_LAZYTIME, "") = 0 [pid 5043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5043] chdir("./bus") = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5043] mount(".", "./file0/../file0", NULL, MS_RDONLY|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_SHARED, NULL) = 0 [ 160.009221][ T5043] ===================================================== [ 160.017225][ T5043] BUG: KMSAN: uninit-value in hfs_free_fork+0x6b4/0xa50 [ 160.024523][ T5043] hfs_free_fork+0x6b4/0xa50 [ 160.029434][ T5043] hfs_cat_delete+0x501/0xb90 [ 160.034486][ T5043] hfs_remove+0x16a/0x2f0 [ 160.039037][ T5043] vfs_unlink+0x676/0xa30 [ 160.043902][ T5043] do_unlinkat+0x823/0xe10 [ 160.048561][ T5043] __x64_sys_unlink+0x78/0xb0 [ 160.053675][ T5043] x64_sys_call+0x31c7/0x3b50 [ 160.058569][ T5043] do_syscall_64+0xcf/0x1e0 [ 160.063445][ T5043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.069542][ T5043] [ 160.072180][ T5043] Uninit was created at: [ 160.076688][ T5043] __kmalloc+0x6e4/0x1000 [ 160.081298][ T5043] hfs_find_init+0x91/0x250 [ 160.086496][ T5043] hfs_free_fork+0x3bb/0xa50 [ 160.091344][ T5043] hfs_cat_delete+0x501/0xb90 [ 160.096407][ T5043] hfs_remove+0x16a/0x2f0 [ 160.100946][ T5043] vfs_unlink+0x676/0xa30 [ 160.105656][ T5043] do_unlinkat+0x823/0xe10 [ 160.110298][ T5043] __x64_sys_unlink+0x78/0xb0 [ 160.115332][ T5043] x64_sys_call+0x31c7/0x3b50 [ 160.120235][ T5043] do_syscall_64+0xcf/0x1e0 [ 160.125081][ T5043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.131204][ T5043] [ 160.133781][ T5043] CPU: 1 PID: 5043 Comm: syz-executor323 Not tainted 6.9.0-rc6-syzkaller-00290-gb9158815de52 #0 [ 160.144426][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 160.154733][ T5043] ===================================================== [ 160.161817][ T5043] Disabling lock debugging due to kernel taint [ 160.168202][ T5043] Kernel panic - not syncing: kmsan.panic set ... [ 160.174765][ T5043] CPU: 1 PID: 5043 Comm: syz-executor323 Tainted: G B 6.9.0-rc6-syzkaller-00290-gb9158815de52 #0 [ 160.186878][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 160.197103][ T5043] Call Trace: [ 160.200472][ T5043] [ 160.203509][ T5043] dump_stack_lvl+0x216/0x2d0 [ 160.208336][ T5043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 160.214295][ T5043] dump_stack+0x1e/0x30 [ 160.218649][ T5043] panic+0x4e2/0xcd0 [ 160.222715][ T5043] ? kmsan_get_metadata+0x51/0x1d0 [ 160.228051][ T5043] kmsan_report+0x2d5/0x2e0 [ 160.232765][ T5043] ? kmsan_get_metadata+0x146/0x1d0 [ 160.238157][ T5043] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 160.244587][ T5043] ? __msan_warning+0x95/0x120 [ 160.249589][ T5043] ? hfs_free_fork+0x6b4/0xa50 [ 160.254538][ T5043] ? hfs_cat_delete+0x501/0xb90 [ 160.259522][ T5043] ? hfs_remove+0x16a/0x2f0 [ 160.264357][ T5043] ? vfs_unlink+0x676/0xa30 [ 160.269065][ T5043] ? do_unlinkat+0x823/0xe10 [ 160.273876][ T5043] ? __x64_sys_unlink+0x78/0xb0 [ 160.278950][ T5043] ? x64_sys_call+0x31c7/0x3b50 [ 160.284028][ T5043] ? do_syscall_64+0xcf/0x1e0 [ 160.288886][ T5043] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.295120][ T5043] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 160.301167][ T5043] ? stack_depot_save_flags+0x66d/0x6e0 [ 160.306908][ T5043] ? kmsan_get_metadata+0x146/0x1d0 [ 160.312318][ T5043] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 160.318733][ T5043] ? kmsan_get_metadata+0x146/0x1d0 [ 160.324128][ T5043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 160.330114][ T5043] ? hfs_brec_find+0x87c/0x980 [ 160.335091][ T5043] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 160.341369][ T5043] ? kmsan_get_metadata+0x146/0x1d0 [ 160.346748][ T5043] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 160.352709][ T5043] __msan_warning+0x95/0x120 [ 160.357540][ T5043] hfs_free_fork+0x6b4/0xa50 [ 160.362393][ T5043] hfs_cat_delete+0x501/0xb90 [ 160.367237][ T5043] hfs_remove+0x16a/0x2f0 [ 160.371697][ T5043] ? __pfx_hfs_remove+0x10/0x10 [ 160.376801][ T5043] vfs_unlink+0x676/0xa30 [ 160.381403][ T5043] do_unlinkat+0x823/0xe10 [ 160.386063][ T5043] __x64_sys_unlink+0x78/0xb0 [ 160.390969][ T5043] x64_sys_call+0x31c7/0x3b50 [ 160.395875][ T5043] do_syscall_64+0xcf/0x1e0 [ 160.400593][ T5043] ? clear_bhb_loop+0x25/0x80 [ 160.405646][ T5043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.411801][ T5043] RIP: 0033:0x7f54137caad9 [ 160.416382][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 160.436297][ T5043] RSP: 002b:00007ffcea9f5788 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 160.444860][ T5043] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54137caad9 [ 160.453006][ T5043] RDX: 00007f54137caad9 RSI: 0000000000000000 RDI: 0000000020000580 [ 160.461249][ T5043] RBP: 00007f541383e5f0 R08: 00005555807fb4c0 R09: 00005555807fb4c0 [ 160.469609][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcea9f57b0 [ 160.477763][ T5043] R13: 00007ffcea9f59d8 R14: 431bde82d7b634db R15: 00007f541381303b [ 160.485920][ T5043] [ 160.489575][ T5043] Kernel Offset: disabled [ 160.494000][ T5043] Rebooting in 86400 seconds..