./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2669191560
<...>
Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts.
execve("./syz-executor2669191560", ["./syz-executor2669191560"], 0x7ffd160a7600 /* 10 vars */) = 0
brk(NULL) = 0x555555cec000
brk(0x555555cecd00) = 0x555555cecd00
arch_prctl(ARCH_SET_FS, 0x555555cec380) = 0
set_tid_address(0x555555cec650) = 5050
set_robust_list(0x555555cec660, 24) = 0
rseq(0x555555cecca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2669191560", 4096) = 28
getrandom("\xd8\x82\x2c\x86\xdf\x26\x7c\x4d", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555cecd00
brk(0x555555d0dd00) = 0x555555d0dd00
brk(0x555555d0e000) = 0x555555d0e000
mprotect(0x7f8c805e5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c78135000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f8c78135000, 138412032) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
mount("/dev/loop0", "./file0", "hfsplus", MS_NODIRATIME|MS_SILENT, "\x74\x79\x70\x65\x3d\xfa\x35\x4a\x6d\x2c\x6e\x6c\x73\x3d\x69\x73\x6f\x38\x38\x35\x39\x2d\x31\x2c") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 96.219769][ T5050] loop0: detected capacity change from 0 to 1024
[ 96.259995][ T5050] ==================================================================
[ 96.268120][ T5050] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 96.275828][ T5050] Read of size 2 at addr ffff88807b55440c by task syz-executor266/5050
[ 96.284150][ T5050]
[ 96.286508][ T5050] CPU: 0 PID: 5050 Comm: syz-executor266 Not tainted 6.6.0-rc6-next-20231020-syzkaller #0
[ 96.296441][ T5050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 96.306533][ T5050] Call Trace:
[ 96.309850][ T5050]
[ 96.312825][ T5050] dump_stack_lvl+0xd9/0x1b0
[ 96.317497][ T5050] print_report+0xc3/0x620
[ 96.321960][ T5050] ? __virt_addr_valid+0x5e/0x580
[ 96.327020][ T5050] ? __phys_addr+0xc6/0x140
[ 96.331544][ T5050] kasan_report+0xd9/0x110
[ 96.335977][ T5050] ? hfsplus_uni2asc+0x8fd/0xa00
[ 96.340935][ T5050] ? hfsplus_uni2asc+0x8fd/0xa00
[ 96.345914][ T5050] hfsplus_uni2asc+0x8fd/0xa00
[ 96.350705][ T5050] hfsplus_readdir+0x871/0xff0
[ 96.355491][ T5050] ? hfsplus_dir_release+0x1c0/0x1c0
[ 96.360802][ T5050] ? add_lock_to_list+0x17d/0x380
[ 96.365853][ T5050] ? __lock_acquire+0x2504/0x5dc0
[ 96.370941][ T5050] ? down_read_killable+0x221/0x4a0
[ 96.376174][ T5050] ? down_read+0x470/0x470
[ 96.380617][ T5050] ? fsnotify_perm.part.0+0x247/0x5c0
[ 96.386039][ T5050] ? apparmor_file_permission+0x255/0x530
[ 96.391797][ T5050] iterate_dir+0x1e5/0x5b0
[ 96.396266][ T5050] __x64_sys_getdents64+0x14f/0x2e0
[ 96.401507][ T5050] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 96.406835][ T5050] ? fillonedir+0x400/0x400
[ 96.411358][ T5050] ? lockdep_hardirqs_on+0x7c/0x100
[ 96.416577][ T5050] ? _raw_spin_unlock_irq+0x2e/0x50
[ 96.421838][ T5050] ? ptrace_notify+0xf1/0x130
[ 96.426547][ T5050] do_syscall_64+0x3f/0x110
[ 96.431068][ T5050] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 96.436997][ T5050] RIP: 0033:0x7f8c80572649
[ 96.441437][ T5050] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 96.461069][ T5050] RSP: 002b:00007ffc063d3278 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 96.469535][ T5050] RAX: ffffffffffffffda RBX: 00007ffc063d3448 RCX: 00007f8c80572649
[ 96.477531][ T5050] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 96.485515][ T5050] RBP: 00007f8c805e5610 R08: 0000000000000651 R09: 00007ffc063d3448
[ 96.493524][ T5050] R10: 00007ffc063d3130 R11: 0000000000000246 R12: 0000000000000001
[ 96.501503][ T5050] R13: 00007ffc063d3438 R14: 0000000000000001 R15: 0000000000000001
[ 96.509495][ T5050]
[ 96.512533][ T5050]
[ 96.514891][ T5050] Allocated by task 5050:
[ 96.519216][ T5050] kasan_save_stack+0x33/0x50
[ 96.523916][ T5050] kasan_set_track+0x24/0x30
[ 96.528525][ T5050] __kasan_kmalloc+0xa2/0xb0
[ 96.533131][ T5050] __kmalloc+0x62/0x120
[ 96.537310][ T5050] hfsplus_find_init+0x95/0x200
[ 96.542182][ T5050] hfsplus_readdir+0x262/0xff0
[ 96.546987][ T5050] iterate_dir+0x1e5/0x5b0
[ 96.551419][ T5050] __x64_sys_getdents64+0x14f/0x2e0
[ 96.556637][ T5050] do_syscall_64+0x3f/0x110
[ 96.561144][ T5050] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 96.567117][ T5050]
[ 96.569445][ T5050] The buggy address belongs to the object at ffff88807b554000
[ 96.569445][ T5050] which belongs to the cache kmalloc-2k of size 2048
[ 96.583509][ T5050] The buggy address is located 0 bytes to the right of
[ 96.583509][ T5050] allocated 1036-byte region [ffff88807b554000, ffff88807b55440c)
[ 96.598095][ T5050]
[ 96.600421][ T5050] The buggy address belongs to the physical page:
[ 96.606828][ T5050] page:ffffea0001ed5400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b550
[ 96.616991][ T5050] head:ffffea0001ed5400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 96.625950][ T5050] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 96.633937][ T5050] page_type: 0xffffffff()
[ 96.638270][ T5050] raw: 00fff00000000840 ffff888012c42000 dead000000000122 0000000000000000
[ 96.646859][ T5050] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 96.655442][ T5050] page dumped because: kasan: bad access detected
[ 96.661850][ T5050] page_owner tracks the page as allocated
[ 96.667561][ T5050] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5040, tgid 5040 (sshd), ts 84955595363, free_ts 83003207436
[ 96.688245][ T5050] post_alloc_hook+0x2cf/0x340
[ 96.693031][ T5050] get_page_from_freelist+0xa16/0x3680
[ 96.698509][ T5050] __alloc_pages+0x1cf/0x4c0
[ 96.703195][ T5050] alloc_pages+0x1a8/0x270
[ 96.707621][ T5050] allocate_slab+0x251/0x380
[ 96.712230][ T5050] ___slab_alloc+0x8bf/0x1570
[ 96.716920][ T5050] __slab_alloc.constprop.0+0x56/0xa0
[ 96.722302][ T5050] __kmem_cache_alloc_node+0x131/0x310
[ 96.727772][ T5050] kmalloc_trace+0x27/0xf0
[ 96.732200][ T5050] bpf_prog_alloc_no_stats+0x101/0x600
[ 96.737681][ T5050] bpf_prog_alloc+0x3b/0x230
[ 96.742281][ T5050] bpf_prog_create_from_user+0xb4/0x2d0
[ 96.747850][ T5050] do_seccomp+0x7b2/0x2560
[ 96.752281][ T5050] prctl_set_seccomp+0x4b/0x70
[ 96.757056][ T5050] __do_sys_prctl+0xd0e/0x1f60
[ 96.761827][ T5050] do_syscall_64+0x3f/0x110
[ 96.766341][ T5050] page last free stack trace:
[ 96.771011][ T5050] free_unref_page_prepare+0x476/0xa40
[ 96.776482][ T5050] free_unref_page+0x33/0x3b0
[ 96.781169][ T5050] __unfreeze_partials+0x21d/0x240
[ 96.786290][ T5050] qlist_free_all+0x6a/0x170
[ 96.790915][ T5050] kasan_quarantine_reduce+0x18e/0x1d0
[ 96.796406][ T5050] __kasan_slab_alloc+0x65/0x90
[ 96.801276][ T5050] kmem_cache_alloc+0x163/0x390
[ 96.806136][ T5050] alloc_buffer_head+0x21/0x150
[ 96.811003][ T5050] folio_alloc_buffers+0x2c8/0x7d0
[ 96.816133][ T5050] create_empty_buffers+0x36/0x480
[ 96.821264][ T5050] ext4_block_write_begin+0xcc4/0xee0
[ 96.826654][ T5050] ext4_da_write_begin+0x40c/0x8b0
[ 96.831788][ T5050] generic_perform_write+0x277/0x600
[ 96.837090][ T5050] ext4_buffered_write_iter+0x11f/0x3c0
[ 96.842689][ T5050] ext4_file_write_iter+0x832/0x19c0
[ 96.847984][ T5050] vfs_write+0x64d/0xdf0
[ 96.852245][ T5050]
[ 96.854569][ T5050] Memory state around the buggy address:
[ 96.860197][ T5050] ffff88807b554300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 96.868267][ T5050] ffff88807b554380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 96.876329][ T5050] >ffff88807b554400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.884390][ T5050] ^
[ 96.888715][ T5050] ffff88807b554480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.896779][ T5050] ffff88807b554500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.904858][ T5050] ==================================================================
[ 96.913304][ T5050] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 96.920522][ T5050] CPU: 0 PID: 5050 Comm: syz-executor266 Not tainted 6.6.0-rc6-next-20231020-syzkaller #0
[ 96.930433][ T5050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 96.940592][ T5050] Call Trace:
[ 96.943885][ T5050]
[ 96.946833][ T5050] dump_stack_lvl+0xd9/0x1b0
[ 96.951483][ T5050] panic+0x6dc/0x790
[ 96.955410][ T5050] ? panic_smp_self_stop+0xa0/0xa0
[ 96.960553][ T5050] ? preempt_schedule_thunk+0x1a/0x30
[ 96.965967][ T5050] ? preempt_schedule_common+0x44/0xc0
[ 96.971473][ T5050] ? check_panic_on_warn+0x1f/0xb0
[ 96.976617][ T5050] check_panic_on_warn+0xab/0xb0
[ 96.981582][ T5050] end_report+0x117/0x160
[ 96.985942][ T5050] kasan_report+0xe9/0x110
[ 96.990382][ T5050] ? hfsplus_uni2asc+0x8fd/0xa00
[ 96.995351][ T5050] ? hfsplus_uni2asc+0x8fd/0xa00
[ 97.000320][ T5050] hfsplus_uni2asc+0x8fd/0xa00
[ 97.005123][ T5050] hfsplus_readdir+0x871/0xff0
[ 97.009918][ T5050] ? hfsplus_dir_release+0x1c0/0x1c0
[ 97.015232][ T5050] ? add_lock_to_list+0x17d/0x380
[ 97.020288][ T5050] ? __lock_acquire+0x2504/0x5dc0
[ 97.025375][ T5050] ? down_read_killable+0x221/0x4a0
[ 97.030608][ T5050] ? down_read+0x470/0x470
[ 97.035050][ T5050] ? fsnotify_perm.part.0+0x247/0x5c0
[ 97.040452][ T5050] ? apparmor_file_permission+0x255/0x530
[ 97.046197][ T5050] iterate_dir+0x1e5/0x5b0
[ 97.050644][ T5050] __x64_sys_getdents64+0x14f/0x2e0
[ 97.055874][ T5050] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 97.061194][ T5050] ? fillonedir+0x400/0x400
[ 97.065727][ T5050] ? lockdep_hardirqs_on+0x7c/0x100
[ 97.070964][ T5050] ? _raw_spin_unlock_irq+0x2e/0x50
[ 97.076283][ T5050] ? ptrace_notify+0xf1/0x130
[ 97.080986][ T5050] do_syscall_64+0x3f/0x110
[ 97.085509][ T5050] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 97.091431][ T5050] RIP: 0033:0x7f8c80572649
[ 97.095872][ T5050] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 97.115590][ T5050] RSP: 002b:00007ffc063d3278 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 97.124048][ T5050] RAX: ffffffffffffffda RBX: 00007ffc063d3448 RCX: 00007f8c80572649
[ 97.132036][ T5050] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 97.140044][ T5050] RBP: 00007f8c805e5610 R08: 0000000000000651 R09: 00007ffc063d3448
[ 97.148396][ T5050] R10: 00007ffc063d3130 R11: 0000000000000246 R12: 0000000000000001
[ 97.156389][ T5050] R13: 00007ffc063d3438 R14: 0000000000000001 R15: 0000000000000001
[ 97.164387][ T5050]
[ 97.167666][ T5050] Kernel Offset: disabled
[ 97.171993][ T5050] Rebooting in 86400 seconds..