./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor774163691 <...> Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. execve("./syz-executor774163691", ["./syz-executor774163691"], 0x7ffde39e40a0 /* 10 vars */) = 0 brk(NULL) = 0x55555648f000 brk(0x55555648fd00) = 0x55555648fd00 arch_prctl(ARCH_SET_FS, 0x55555648f380) = 0 set_tid_address(0x55555648f650) = 5008 set_robust_list(0x55555648f660, 24) = 0 rseq(0x55555648fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor774163691", 4096) = 27 getrandom("\xd2\x62\x0a\x95\x94\x44\x50\x61", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555648fd00 brk(0x5555564b0d00) = 0x5555564b0d00 brk(0x5555564b1000) = 0x5555564b1000 mprotect(0x7f1d32a60000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555648f650) = 5009 ./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x55555648f660, 24) = 0 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] memfd_create("syzkaller", 0) = 3 [pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d2a5ae000 [pid 5009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5009] munmap(0x7f1d2a5ae000, 138412032) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5009] close(3) = 0 [pid 5009] mkdir("./file0", 0777) = 0 [ 160.658469][ T5009] loop0: detected capacity change from 0 to 64 [ 160.704297][ T5009] hfs: filesystem is marked locked, mounting read-only. [ 160.711577][ T5009] hfs: keylen 9474 too large [ 160.716486][ T5009] ===================================================== [ 160.723685][ T5009] BUG: KMSAN: uninit-value in hfs_brec_find+0x65e/0x970 [ 160.731409][ T5009] hfs_brec_find+0x65e/0x970 [ 160.736368][ T5009] hfs_brec_read+0x3f/0x1a0 [ 160.741073][ T5009] hfs_cat_find_brec+0xe6/0x400 [ 160.746240][ T5009] hfs_fill_super+0x1f27/0x23c0 [ 160.751318][ T5009] mount_bdev+0x3d7/0x560 [ 160.756089][ T5009] hfs_mount+0x4d/0x60 [ 160.760345][ T5009] legacy_get_tree+0x110/0x290 [ 160.765345][ T5009] vfs_get_tree+0xa5/0x520 [ 160.769967][ T5009] do_new_mount+0x68d/0x1550 [ 160.774907][ T5009] path_mount+0x73d/0x1f20 [ 160.779525][ T5009] __se_sys_mount+0x725/0x810 [ 160.784500][ T5009] __x64_sys_mount+0xe4/0x140 [ 160.789465][ T5009] do_syscall_64+0x44/0x110 [ 160.794265][ T5009] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 160.800385][ T5009] [ 160.802821][ T5009] Local variable fd created at: [ 160.807923][ T5009] hfs_fill_super+0x4e/0x23c0 [ 160.812784][ T5009] mount_bdev+0x3d7/0x560 [ 160.817394][ T5009] [ 160.819834][ T5009] CPU: 0 PID: 5009 Comm: syz-executor774 Not tainted 6.7.0-rc8-syzkaller #0 [ 160.829422][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 160.839688][ T5009] ===================================================== [ 160.846858][ T5009] Disabling lock debugging due to kernel taint [ 160.853147][ T5009] Kernel panic - not syncing: kmsan.panic set ... [ 160.859660][ T5009] CPU: 0 PID: 5009 Comm: syz-executor774 Tainted: G B 6.7.0-rc8-syzkaller #0 [ 160.870069][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 160.880209][ T5009] Call Trace: [ 160.883606][ T5009] [ 160.886627][ T5009] dump_stack_lvl+0x1bf/0x240 [ 160.891442][ T5009] dump_stack+0x1e/0x20 [ 160.895748][ T5009] panic+0x4de/0xc90 [ 160.899880][ T5009] ? add_taint+0x108/0x1a0 [ 160.904494][ T5009] kmsan_report+0x2d0/0x2d0 [ 160.909232][ T5009] ? vprintk_default+0x3e/0x50 [ 160.914223][ T5009] ? __msan_warning+0x96/0x110 [ 160.919229][ T5009] ? hfs_brec_find+0x65e/0x970 [ 160.924217][ T5009] ? hfs_brec_read+0x3f/0x1a0 [ 160.929094][ T5009] ? hfs_cat_find_brec+0xe6/0x400 [ 160.934329][ T5009] ? hfs_fill_super+0x1f27/0x23c0 [ 160.939495][ T5009] ? mount_bdev+0x3d7/0x560 [ 160.944203][ T5009] ? hfs_mount+0x4d/0x60 [ 160.948664][ T5009] ? legacy_get_tree+0x110/0x290 [ 160.953767][ T5009] ? vfs_get_tree+0xa5/0x520 [ 160.958574][ T5009] ? do_new_mount+0x68d/0x1550 [ 160.963542][ T5009] ? path_mount+0x73d/0x1f20 [ 160.968335][ T5009] ? __se_sys_mount+0x725/0x810 [ 160.973387][ T5009] ? __x64_sys_mount+0xe4/0x140 [ 160.978465][ T5009] ? do_syscall_64+0x44/0x110 [ 160.983357][ T5009] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 160.989669][ T5009] ? hfs_brec_keylen+0x4fc/0x610 [ 160.994837][ T5009] ? hfs_brec_keylen+0x58b/0x610 [ 160.999997][ T5009] ? __hfs_brec_find+0x420/0x820 [ 161.005116][ T5009] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.011096][ T5009] __msan_warning+0x96/0x110 [ 161.015911][ T5009] hfs_brec_find+0x65e/0x970 [ 161.020720][ T5009] hfs_brec_read+0x3f/0x1a0 [ 161.025443][ T5009] hfs_cat_find_brec+0xe6/0x400 [ 161.030524][ T5009] ? mutex_lock+0x37/0x50 [ 161.035082][ T5009] ? hfs_find_init+0x224/0x250 [ 161.040054][ T5009] hfs_fill_super+0x1f27/0x23c0 [ 161.045145][ T5009] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.051155][ T5009] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 161.057626][ T5009] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.063611][ T5009] mount_bdev+0x3d7/0x560 [ 161.068171][ T5009] ? hfs_mount+0x60/0x60 [ 161.072641][ T5009] hfs_mount+0x4d/0x60 [ 161.076920][ T5009] legacy_get_tree+0x110/0x290 [ 161.081831][ T5009] ? hfs_mark_mdb_dirty+0x290/0x290 [ 161.087278][ T5009] ? legacy_parse_monolithic+0x260/0x260 [ 161.093131][ T5009] vfs_get_tree+0xa5/0x520 [ 161.097689][ T5009] ? mount_capable+0x97/0x120 [ 161.102487][ T5009] do_new_mount+0x68d/0x1550 [ 161.107229][ T5009] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.113391][ T5009] path_mount+0x73d/0x1f20 [ 161.118011][ T5009] ? user_path_at_empty+0x33e/0x3b0 [ 161.123400][ T5009] __se_sys_mount+0x725/0x810 [ 161.128214][ T5009] __x64_sys_mount+0xe4/0x140 [ 161.133020][ T5009] do_syscall_64+0x44/0x110 [ 161.137679][ T5009] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 161.143737][ T5009] RIP: 0033:0x7f1d329ee0aa [ 161.148299][ T5009] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 161.168081][ T5009] RSP: 002b:00007ffd734bf578 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 161.176629][ T5009] RAX: ffffffffffffffda RBX: 00007ffd734bf590 RCX: 00007f1d329ee0aa [ 161.184759][ T5009] RDX: 0000000020000180 RSI: 00000000200001c0 RDI: 00007ffd734bf590 [ 161.192848][ T5009] RBP: 0000000000000004 R08: 00007ffd734bf5d0 R09: 00000000000002a9 [ 161.201000][ T5009] R10: 0000000003000002 R11: 0000000000000286 R12: 0000000003000002 [ 161.209124][ T5009] R13: 00007ffd734bf5d0 R14: 0000000000000003 R15: 0000000000008000 [ 161.217278][ T5009] [ 161.220741][ T5009] Kernel Offset: disabled [ 161.225128][ T5009] Rebooting in 86400 seconds..