./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1294298539

<...>
Warning: Permanently added '10.128.1.114' (ED25519) to the list of known hosts.
execve("./syz-executor1294298539", ["./syz-executor1294298539"], 0x7ffcec255a60 /* 10 vars */) = 0
brk(NULL)                               = 0x55557838b000
brk(0x55557838bd00)                     = 0x55557838bd00
arch_prctl(ARCH_SET_FS, 0x55557838b380) = 0
set_tid_address(0x55557838b650)         = 5781
set_robust_list(0x55557838b660, 24)     = 0
rseq(0x55557838bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1294298539", 4096) = 28
getrandom("\x28\xf6\x87\x88\x84\x62\xdc\x12", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557838bd00
brk(0x5555783acd00)                     = 0x5555783acd00
brk(0x5555783ad000)                     = 0x5555783ad000
mprotect(0x7f7bf67ca000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.mSSxj3", 0700)       = 0
chmod("./syzkaller.mSSxj3", 0777)       = 0
chdir("./syzkaller.mSSxj3")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557838b650) = 5782
./strace-static-x86_64: Process 5782 attached
[pid  5782] set_robust_list(0x55557838b660, 24) = 0
[pid  5782] chdir("./0")                = 0
[pid  5782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5782] setpgid(0, 0)               = 0
[pid  5782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5782] write(3, "1000", 4)         = 4
[pid  5782] close(3)                    = 0
[pid  5782] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5782] write(1, "executing program\n", 18executing program
) = 18
[pid  5782] memfd_create("syzkaller", 0) = 3
[pid  5782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bee200000
[pid  5782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid  5782] munmap(0x7f7bee200000, 138412032) = 0
[pid  5782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5782] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5782] close(3)                    = 0
[pid  5782] close(4)                    = 0
[pid  5782] mkdir("./file0", 0777)      = 0
[pid  5782] mount("/dev/loop0", "./file0", "hfsplus", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_POSIXACL|MS_LAZYTIME, "") = 0
[pid  5782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5782] chdir("./file0")            = 0
[pid  5782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[  208.957207][ T5782] loop0: detected capacity change from 0 to 1024
[pid  5782] mount(NULL, "./file0", "devpts", 0, NULL) = 0
[pid  5782] exit_group(0)               = ?
[pid  5782] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5782, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55557838c6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=8, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=8, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555578394730 /* 7 entries */, 32768) = 208
umount2("./0/file0/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0/file.cold")           = 0
umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/file0", {st_mode=S_IFDIR|0755, st_size=4, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55557839c770 /* 4 entries */, 32768) = 112
umount2("./0/file0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
[  209.076726][ T5781] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  209.084429][ T5781] hfsplus: xattr search failed
unlink("./0/file0/file0/file0")         = 0
umount2("./0/file0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/file0/file1", {st_mode=S_IFLNK|0777, st_size=4752, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0/file0/file1")         = 0
getdents64(5, 0x55557839c770 /* 0 entries */, 32768) = 0
close(5)                                = 0
[  209.118391][ T5781] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  209.125372][ T5781] hfsplus: xattr search failed
[  209.145272][ T5781] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  209.151984][ T5781] hfsplus: xattr search failed
rmdir("./0/file0/file0")                = 0
umount2("./0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0/file1")               = 0
[  209.165382][ T5781] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  209.172265][ T5781] hfsplus: xattr search failed
[  209.188489][ T5781] hfsplus: inconsistency in B*Tree (128,1,255,1,0)
[  209.195397][ T5781] hfsplus: xattr search failed
[  209.202276][ T5781] =====================================================
[  209.209501][ T5781] BUG: KMSAN: uninit-value in hfsplus_lookup+0x66b/0xef0
[  209.217158][ T5781]  hfsplus_lookup+0x66b/0xef0
[  209.222155][ T5781]  __lookup_slow+0x506/0x6e0
[  209.226932][ T5781]  lookup_slow+0x6a/0xd0
[  209.231295][ T5781]  walk_component+0x467/0x650
[  209.236220][ T5781]  path_lookupat+0x27d/0x6f0
[  209.241020][ T5781]  filename_lookup+0x22f/0x750
[  209.246030][ T5781]  user_path_at+0x85/0x390
[  209.250629][ T5781]  __x64_sys_umount+0x146/0x240
[  209.255798][ T5781]  x64_sys_call+0x2bbd/0x3ba0
[  209.260698][ T5781]  do_syscall_64+0xcd/0x1e0
[  209.265483][ T5781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.271789][ T5781] 
[  209.274372][ T5781] Uninit was created at:
[  209.278835][ T5781]  __alloc_pages_noprof+0x9a7/0xe00
[  209.284293][ T5781]  alloc_pages_mpol_noprof+0x299/0x990
[  209.289991][ T5781]  alloc_pages_noprof+0x1bf/0x1e0
[  209.295277][ T5781]  allocate_slab+0x33a/0x1250
[  209.300197][ T5781]  ___slab_alloc+0x12ef/0x35e0
[  209.305239][ T5781]  kmem_cache_alloc_lru_noprof+0x584/0xb30
[  209.311307][ T5781]  hfsplus_alloc_inode+0x5a/0xd0
[  209.316559][ T5781]  alloc_inode+0x86/0x460
[  209.321112][ T5781]  iget_locked+0x250/0x1290
[  209.325920][ T5781]  hfsplus_iget+0x59/0xae0
[  209.330563][ T5781]  hfsplus_btree_open+0x13e/0x1d00
[  209.335994][ T5781]  hfsplus_fill_super+0x1113/0x2700
[  209.341437][ T5781]  mount_bdev+0x39a/0x520
[  209.346045][ T5781]  hfsplus_mount+0x4d/0x60
[  209.350685][ T5781]  legacy_get_tree+0x114/0x290
[  209.355779][ T5781]  vfs_get_tree+0xb1/0x5a0
[  209.360408][ T5781]  do_new_mount+0x71f/0x15e0
[  209.365249][ T5781]  path_mount+0x742/0x1f10
[  209.369858][ T5781]  __se_sys_mount+0x722/0x810
[  209.374809][ T5781]  __x64_sys_mount+0xe4/0x150
[  209.379695][ T5781]  x64_sys_call+0x255a/0x3ba0
[  209.384684][ T5781]  do_syscall_64+0xcd/0x1e0
[  209.389448][ T5781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.395664][ T5781] 
[  209.398126][ T5781] CPU: 0 UID: 0 PID: 5781 Comm: syz-executor129 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0
[  209.409549][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  209.419867][ T5781] =====================================================
[  209.427047][ T5781] Disabling lock debugging due to kernel taint
[  209.433419][ T5781] Kernel panic - not syncing: kmsan.panic set ...
[  209.439973][ T5781] CPU: 0 UID: 0 PID: 5781 Comm: syz-executor129 Tainted: G    B              6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0
[  209.452747][ T5781] Tainted: [B]=BAD_PAGE
[  209.456982][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  209.467196][ T5781] Call Trace:
[  209.470569][ T5781]  <TASK>
[  209.473594][ T5781]  dump_stack_lvl+0x216/0x2d0
[  209.478448][ T5781]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  209.484444][ T5781]  dump_stack+0x1e/0x30
[  209.488752][ T5781]  panic+0x4e2/0xcf0
[  209.492794][ T5781]  ? kmsan_get_metadata+0x121/0x1c0
[  209.498173][ T5781]  kmsan_report+0x2c7/0x2d0
[  209.502861][ T5781]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  209.508856][ T5781]  ? __msan_warning+0x95/0x120
[  209.513786][ T5781]  ? hfsplus_lookup+0x66b/0xef0
[  209.518764][ T5781]  ? __lookup_slow+0x506/0x6e0
[  209.523648][ T5781]  ? lookup_slow+0x6a/0xd0
[  209.528189][ T5781]  ? walk_component+0x467/0x650
[  209.533202][ T5781]  ? path_lookupat+0x27d/0x6f0
[  209.538107][ T5781]  ? filename_lookup+0x22f/0x750
[  209.543198][ T5781]  ? user_path_at+0x85/0x390
[  209.547956][ T5781]  ? __x64_sys_umount+0x146/0x240
[  209.553141][ T5781]  ? x64_sys_call+0x2bbd/0x3ba0
[  209.558157][ T5781]  ? do_syscall_64+0xcd/0x1e0
[  209.563081][ T5781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.569299][ T5781]  ? __hfsplus_brec_find+0x6a4/0x7b0
[  209.574768][ T5781]  ? kmsan_get_metadata+0x13e/0x1c0
[  209.580139][ T5781]  ? kmsan_internal_memmove_metadata+0x91/0x230
[  209.586554][ T5781]  ? __msan_memcpy+0x108/0x1c0
[  209.591529][ T5781]  ? hfsplus_bnode_read+0x23a/0x250
[  209.596977][ T5781]  ? kmsan_get_metadata+0x13e/0x1c0
[  209.602375][ T5781]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  209.608411][ T5781]  __msan_warning+0x95/0x120
[  209.613156][ T5781]  hfsplus_lookup+0x66b/0xef0
[  209.617976][ T5781]  ? kmsan_get_metadata+0x13e/0x1c0
[  209.623378][ T5781]  ? kmsan_get_metadata+0x13e/0x1c0
[  209.628756][ T5781]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  209.634756][ T5781]  ? __pfx_hfsplus_lookup+0x10/0x10
[  209.640153][ T5781]  ? __pfx_hfsplus_lookup+0x10/0x10
[  209.645516][ T5781]  __lookup_slow+0x506/0x6e0
[  209.650264][ T5781]  lookup_slow+0x6a/0xd0
[  209.654642][ T5781]  walk_component+0x467/0x650
[  209.659619][ T5781]  ? kmsan_get_metadata+0x13e/0x1c0
[  209.665031][ T5781]  path_lookupat+0x27d/0x6f0
[  209.669754][ T5781]  filename_lookup+0x22f/0x750
[  209.674674][ T5781]  ? kmsan_get_metadata+0x13e/0x1c0
[  209.680086][ T5781]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  209.686098][ T5781]  user_path_at+0x85/0x390
[  209.690660][ T5781]  ? __x64_sys_umount+0x6d/0x240
[  209.695743][ T5781]  __x64_sys_umount+0x146/0x240
[  209.700832][ T5781]  x64_sys_call+0x2bbd/0x3ba0
[  209.705668][ T5781]  do_syscall_64+0xcd/0x1e0
[  209.710329][ T5781]  ? clear_bhb_loop+0x25/0x80
[  209.715150][ T5781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.721195][ T5781] RIP: 0033:0x7f7bf6757347
[  209.725727][ T5781] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[  209.745524][ T5781] RSP: 002b:00007ffea4bfab28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  209.754090][ T5781] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7bf6757347
[  209.762198][ T5781] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea4bfabe0
[  209.770333][ T5781] RBP: 00007ffea4bfabe0 R08: 0000000000000000 R09: 0000000000000000
[  209.778429][ T5781] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffea4bfbcd0
[  209.786517][ T5781] R13: 0000555578394700 R14: 0000000000000001 R15: 431bde82d7b634db
[  209.794619][ T5781]  </TASK>
[  209.798099][ T5781] Kernel Offset: disabled
[  209.802519][ T5781] Rebooting in 86400 seconds..