./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor378725011

<...>
DUID 00:04:b8:e6:73:7f:79:fd:ed:d3:a2:45:9d:0b:c9:97:07:5c
forked to background, child pid 4667
[   19.685787][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0
[   19.695579][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts.
execve("./syz-executor378725011", ["./syz-executor378725011"], 0x7ffc4c8c2ce0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555a52000
brk(0x555555a52c40)                     = 0x555555a52c40
arch_prctl(ARCH_SET_FS, 0x555555a52300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor378725011", 4096) = 27
brk(0x555555a73c40)                     = 0x555555a73c40
brk(0x555555a74000)                     = 0x555555a74000
mprotect(0x7f7655aac000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f764d5f3000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f764d5f3000, 524288)          = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./bus", 0777)                    = 0
syzkaller login: [   40.888409][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor378'
[   40.904965][ T4998] loop0: detected capacity change from 0 to 1024
[   40.914294][ T4998] =======================================================
[   40.914294][ T4998] WARNING: The mand mount option has been deprecated and
[   40.914294][ T4998]          and is ignored by this kernel. Remove the mand
mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_NODIRATIME|MS_RELATIME|MS_LAZYTIME, "") = 0
openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
chdir("./bus")                          = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[   40.914294][ T4998]          option from the mount to silence this warning.
[   40.914294][ T4998] =======================================================
[   40.966378][ T4998] hfsplus: request for non-existent node 256 in B*Tree
[   40.973308][ T4998] hfsplus: request for non-existent node 256 in B*Tree
[   40.980850][ T4998] ==================================================================
[   40.988899][ T4998] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x144/0x150
[   40.996796][ T4998] Read of size 8 at addr ffff888012eaa3c0 by task syz-executor378/4998
[   41.005005][ T4998] 
[   41.007317][ T4998] CPU: 0 PID: 4998 Comm: syz-executor378 Not tainted 6.4.0-rc5-syzkaller-00002-gf8dba31b0a82 #0
[   41.017696][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   41.027738][ T4998] Call Trace:
[   41.030988][ T4998]  <TASK>
[   41.033889][ T4998]  dump_stack_lvl+0xd9/0x150
[   41.038461][ T4998]  print_address_description.constprop.0+0x2c/0x3c0
[   41.045043][ T4998]  ? hfsplus_bnode_read+0x144/0x150
[   41.050217][ T4998]  kasan_report+0x11c/0x130
[   41.054699][ T4998]  ? hfsplus_bnode_read+0x144/0x150
[   41.059872][ T4998]  hfsplus_bnode_read+0x144/0x150
[   41.064870][ T4998]  hfsplus_bnode_dump+0x2c6/0x3a0
[   41.069884][ T4998]  ? hfsplus_bnode_read+0xb8/0x150
[   41.074971][ T4998]  ? hfsplus_bnode_move+0x8f0/0x8f0
[   41.080157][ T4998]  ? hfsplus_bnode_write_u16+0x84/0xb0
[   41.085678][ T4998]  ? hfsplus_bnode_move+0x2b/0x8f0
[   41.090772][ T4998]  ? __mark_inode_dirty+0x297/0xd60
[   41.095958][ T4998]  hfsplus_brec_remove+0x3db/0x4f0
[   41.101056][ T4998]  __hfsplus_delete_attr+0x28a/0x3a0
[   41.106332][ T4998]  ? hfsplus_find_exit+0xc0/0xc0
[   41.111253][ T4998]  ? hfsplus_part_find+0xb80/0xb80
[   41.116348][ T4998]  ? rcu_is_watching+0x12/0xb0
[   41.121104][ T4998]  hfsplus_delete_all_attrs+0x25d/0x320
[   41.126638][ T4998]  ? hfsplus_delete_attr+0x300/0x300
[   41.131997][ T4998]  ? rcu_is_watching+0x12/0xb0
[   41.136749][ T4998]  ? __mark_inode_dirty+0x297/0xd60
[   41.141933][ T4998]  hfsplus_delete_cat+0x86a/0xe40
[   41.146940][ T4998]  ? hfsplus_create_cat+0x10d0/0x10d0
[   41.152295][ T4998]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   41.157825][ T4998]  ? lock_sync+0x190/0x190
[   41.162225][ T4998]  hfsplus_unlink+0x1e3/0x830
[   41.166886][ T4998]  ? hfsplus_symlink+0x2e0/0x2e0
[   41.171824][ T4998]  ? down_write+0x14f/0x200
[   41.176420][ T4998]  ? rwsem_down_write_slowpath+0x1220/0x1220
[   41.182384][ T4998]  ? may_delete+0x388/0x900
[   41.186882][ T4998]  vfs_unlink+0x355/0x930
[   41.191198][ T4998]  ? bpf_lsm_path_unlink+0x9/0x10
[   41.196208][ T4998]  do_unlinkat+0x3e3/0x680
[   41.200612][ T4998]  ? __ia32_sys_rmdir+0x110/0x110
[   41.205626][ T4998]  ? __check_object_size+0x323/0x730
[   41.210898][ T4998]  ? getname_flags.part.0+0x1dd/0x4f0
[   41.216250][ T4998]  __x64_sys_unlink+0xca/0x110
[   41.220998][ T4998]  do_syscall_64+0x39/0xb0
[   41.225426][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.231308][ T4998] RIP: 0033:0x7f7655a3f789
[   41.235732][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.255498][ T4998] RSP: 002b:00007ffc7891ea88 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[   41.263893][ T4998] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7655a3f789
[   41.271851][ T4998] RDX: 00007f76559fde03 RSI: 0000000000000000 RDI: 0000000020000000
[   41.279815][ T4998] RBP: 00007f76559ff020 R08: 000000000000066d R09: 0000000000000000
[   41.287766][ T4998] R10: 00007ffc7891e950 R11: 0000000000000246 R12: 00007f76559ff0b0
[   41.295717][ T4998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.303678][ T4998]  </TASK>
[   41.306686][ T4998] 
[   41.308994][ T4998] Allocated by task 4998:
[   41.313295][ T4998]  kasan_save_stack+0x22/0x40
[   41.317959][ T4998]  kasan_set_track+0x25/0x30
[   41.322533][ T4998]  __kasan_kmalloc+0xa2/0xb0
[   41.327124][ T4998]  __kmalloc+0x5e/0x190
[   41.331284][ T4998]  __hfs_bnode_create+0x107/0x840
[   41.336303][ T4998]  hfsplus_bnode_find+0x41c/0xc60
[   41.341403][ T4998]  hfsplus_brec_find+0x2b3/0x520
[   41.346325][ T4998]  hfsplus_delete_all_attrs+0x236/0x320
[   41.351860][ T4998]  hfsplus_delete_cat+0x86a/0xe40
[   41.356865][ T4998]  hfsplus_unlink+0x1e3/0x830
[   41.361522][ T4998]  vfs_unlink+0x355/0x930
[   41.365836][ T4998]  do_unlinkat+0x3e3/0x680
[   41.370248][ T4998]  __x64_sys_unlink+0xca/0x110
[   41.375002][ T4998]  do_syscall_64+0x39/0xb0
[   41.379406][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.385290][ T4998] 
[   41.387594][ T4998] The buggy address belongs to the object at ffff888012eaa300
[   41.387594][ T4998]  which belongs to the cache kmalloc-192 of size 192
[   41.401626][ T4998] The buggy address is located 40 bytes to the right of
[   41.401626][ T4998]  allocated 152-byte region [ffff888012eaa300, ffff888012eaa398)
[   41.416184][ T4998] 
[   41.418512][ T4998] The buggy address belongs to the physical page:
[   41.426272][ T4998] page:ffffea00004baa80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12eaa
[   41.436399][ T4998] anon flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   41.444355][ T4998] page_type: 0xffffffff()
[   41.448673][ T4998] raw: 00fff00000000200 ffff888012441a00 0000000000000000 dead000000000001
[   41.457236][ T4998] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   41.465797][ T4998] page dumped because: kasan: bad access detected
[   41.472189][ T4998] page_owner tracks the page as allocated
[   41.477974][ T4998] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 12, tgid 12 (kworker/u4:1), ts 1767188754, free_ts 0
[   41.494968][ T4998]  post_alloc_hook+0x2db/0x350
[   41.499725][ T4998]  get_page_from_freelist+0xf41/0x2c00
[   41.505175][ T4998]  __alloc_pages+0x1cb/0x4a0
[   41.509751][ T4998]  alloc_pages+0x1aa/0x270
[   41.514151][ T4998]  allocate_slab+0x25f/0x390
[   41.518726][ T4998]  ___slab_alloc+0xa91/0x1400
[   41.523383][ T4998]  __slab_alloc.constprop.0+0x56/0xa0
[   41.528736][ T4998]  __kmem_cache_alloc_node+0x136/0x320
[   41.534176][ T4998]  kmalloc_node_trace+0x21/0xd0
[   41.539016][ T4998]  alloc_worker+0x43/0x1c0
[   41.543419][ T4998]  create_worker+0xcc/0x620
[   41.547905][ T4998]  worker_thread+0xadf/0x10c0
[   41.552568][ T4998]  kthread+0x344/0x440
[   41.556635][ T4998]  ret_from_fork+0x1f/0x30
[   41.561035][ T4998] page_owner free stack trace missing
[   41.566378][ T4998] 
[   41.568684][ T4998] Memory state around the buggy address:
[   41.574377][ T4998]  ffff888012eaa280: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   41.582417][ T4998]  ffff888012eaa300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.590460][ T4998] >ffff888012eaa380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.598499][ T4998]                                            ^
[   41.604621][ T4998]  ffff888012eaa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.612658][ T4998]  ffff888012eaa480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.620692][ T4998] ==================================================================
[   41.628958][ T4998] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   41.636222][ T4998] CPU: 0 PID: 4998 Comm: syz-executor378 Not tainted 6.4.0-rc5-syzkaller-00002-gf8dba31b0a82 #0
[   41.646634][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   41.656670][ T4998] Call Trace:
[   41.659928][ T4998]  <TASK>
[   41.662843][ T4998]  dump_stack_lvl+0xd9/0x150
[   41.667413][ T4998]  panic+0x686/0x730
[   41.671301][ T4998]  ? panic_smp_self_stop+0xa0/0xa0
[   41.676402][ T4998]  ? preempt_schedule_thunk+0x1a/0x20
[   41.681775][ T4998]  ? preempt_schedule_common+0x45/0xb0
[   41.687234][ T4998]  check_panic_on_warn+0xb1/0xc0
[   41.692160][ T4998]  end_report+0xe9/0x120
[   41.696392][ T4998]  ? hfsplus_bnode_read+0x144/0x150
[   41.701578][ T4998]  kasan_report+0xf9/0x130
[   41.706068][ T4998]  ? hfsplus_bnode_read+0x144/0x150
[   41.711251][ T4998]  hfsplus_bnode_read+0x144/0x150
[   41.716267][ T4998]  hfsplus_bnode_dump+0x2c6/0x3a0
[   41.721280][ T4998]  ? hfsplus_bnode_read+0xb8/0x150
[   41.726374][ T4998]  ? hfsplus_bnode_move+0x8f0/0x8f0
[   41.731559][ T4998]  ? hfsplus_bnode_write_u16+0x84/0xb0
[   41.737006][ T4998]  ? hfsplus_bnode_move+0x2b/0x8f0
[   41.742103][ T4998]  ? __mark_inode_dirty+0x297/0xd60
[   41.747289][ T4998]  hfsplus_brec_remove+0x3db/0x4f0
[   41.752393][ T4998]  __hfsplus_delete_attr+0x28a/0x3a0
[   41.757663][ T4998]  ? hfsplus_find_exit+0xc0/0xc0
[   41.762582][ T4998]  ? hfsplus_part_find+0xb80/0xb80
[   41.767677][ T4998]  ? rcu_is_watching+0x12/0xb0
[   41.772433][ T4998]  hfsplus_delete_all_attrs+0x25d/0x320
[   41.777983][ T4998]  ? hfsplus_delete_attr+0x300/0x300
[   41.783253][ T4998]  ? rcu_is_watching+0x12/0xb0
[   41.788003][ T4998]  ? __mark_inode_dirty+0x297/0xd60
[   41.793187][ T4998]  hfsplus_delete_cat+0x86a/0xe40
[   41.798280][ T4998]  ? hfsplus_create_cat+0x10d0/0x10d0
[   41.803636][ T4998]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   41.809168][ T4998]  ? lock_sync+0x190/0x190
[   41.813577][ T4998]  hfsplus_unlink+0x1e3/0x830
[   41.818325][ T4998]  ? hfsplus_symlink+0x2e0/0x2e0
[   41.823246][ T4998]  ? down_write+0x14f/0x200
[   41.827731][ T4998]  ? rwsem_down_write_slowpath+0x1220/0x1220
[   41.833692][ T4998]  ? may_delete+0x388/0x900
[   41.838265][ T4998]  vfs_unlink+0x355/0x930
[   41.842577][ T4998]  ? bpf_lsm_path_unlink+0x9/0x10
[   41.847587][ T4998]  do_unlinkat+0x3e3/0x680
[   41.851988][ T4998]  ? __ia32_sys_rmdir+0x110/0x110
[   41.856993][ T4998]  ? __check_object_size+0x323/0x730
[   41.862347][ T4998]  ? getname_flags.part.0+0x1dd/0x4f0
[   41.867707][ T4998]  __x64_sys_unlink+0xca/0x110
[   41.872450][ T4998]  do_syscall_64+0x39/0xb0
[   41.876949][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.882827][ T4998] RIP: 0033:0x7f7655a3f789
[   41.887222][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.906811][ T4998] RSP: 002b:00007ffc7891ea88 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[   41.915290][ T4998] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7655a3f789
[   41.923434][ T4998] RDX: 00007f76559fde03 RSI: 0000000000000000 RDI: 0000000020000000
[   41.931471][ T4998] RBP: 00007f76559ff020 R08: 000000000000066d R09: 0000000000000000
[   41.939429][ T4998] R10: 00007ffc7891e950 R11: 0000000000000246 R12: 00007f76559ff0b0
[   41.947387][ T4998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.955349][ T4998]  </TASK>
[   41.959169][ T4998] Kernel Offset: disabled
[   41.963561][ T4998] Rebooting in 86400 seconds..