./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3133675711

<...>
Warning: Permanently added '10.128.1.160' (ED25519) to the list of known hosts.
execve("./syz-executor3133675711", ["./syz-executor3133675711"], 0x7ffc06456840 /* 10 vars */) = 0
brk(NULL)                               = 0x55558d6a4000
brk(0x55558d6a4d00)                     = 0x55558d6a4d00
arch_prctl(ARCH_SET_FS, 0x55558d6a4380) = 0
set_tid_address(0x55558d6a4650)         = 5841
set_robust_list(0x55558d6a4660, 24)     = 0
rseq(0x55558d6a4ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3133675711", 4096) = 28
getrandom("\xb2\xda\x4d\x33\x92\x1b\x72\x41", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558d6a4d00
brk(0x55558d6c5d00)                     = 0x55558d6c5d00
brk(0x55558d6c6000)                     = 0x55558d6c6000
mprotect(0x7f69b1f78000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d6a4650) = 5842
./strace-static-x86_64: Process 5842 attached
[pid  5842] set_robust_list(0x55558d6a4660, 24) = 0
[pid  5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5842] setpgid(0, 0)               = 0
[pid  5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5842] write(3, "1000", 4)         = 4
[pid  5842] close(3)                    = 0
executing program
[pid  5842] write(1, "executing program\n", 18) = 18
[pid  5842] memfd_create("syzkaller", 0) = 3
[pid  5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f69a9a00000
[pid  5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5842] munmap(0x7f69a9a00000, 138412032) = 0
[pid  5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5842] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5842] close(3)                    = 0
[pid  5842] close(4)                    = 0
[pid  5842] mkdir("./file1", 0777)      = 0
[pid  5842] mount("/dev/loop0", "./file1", "hfs", 0, "") = 0
[pid  5842] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5842] chdir("./file1")            = 0
[pid  5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5842] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid  5842] mkdirat(4, "./bus", 000)    = 0
[   89.146950][ T5842] loop0: detected capacity change from 0 to 64
[   89.198053][ T5842] ==================================================================
[   89.206167][ T5842] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0xbc/0x220
[   89.213662][ T5842] Write of size 94 at addr ffff888031fb8b00 by task syz-executor313/5842
[   89.222081][ T5842] 
[   89.224406][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor313 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0
[   89.235178][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   89.245234][ T5842] Call Trace:
[   89.248683][ T5842]  <TASK>
[   89.251616][ T5842]  dump_stack_lvl+0x116/0x1f0
[   89.256331][ T5842]  print_report+0xc3/0x620
[   89.260780][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.266440][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.272099][ T5842]  ? __phys_addr+0xc6/0x150
[   89.276621][ T5842]  kasan_report+0xd9/0x110
[   89.281065][ T5842]  ? hfs_bnode_read+0xbc/0x220
[   89.285845][ T5842]  ? hfs_bnode_read+0xbc/0x220
[   89.290627][ T5842]  kasan_check_range+0xef/0x1a0
[   89.295492][ T5842]  __asan_memcpy+0x3c/0x60
[   89.299922][ T5842]  hfs_bnode_read+0xbc/0x220
[   89.304538][ T5842]  hfs_bnode_read_key+0x14e/0x1f0
[   89.309578][ T5842]  ? __pfx_hfs_bnode_read_key+0x10/0x10
[   89.315139][ T5842]  ? srso_alias_return_thunk+0x52/0xfbef5
[   89.320882][ T5842]  ? _raw_spin_unlock+0x28/0x50
[   89.325744][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.331397][ T5842]  ? hfs_bnode_put.part.0+0x1e3/0x280
[   89.336789][ T5842]  hfs_brec_insert+0x66b/0xb90
[   89.341578][ T5842]  ? __pfx_hfs_brec_insert+0x10/0x10
[   89.346969][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.352628][ T5842]  hfs_cat_move+0x3f0/0x7e0
[   89.357157][ T5842]  ? __pfx_hfs_cat_move+0x10/0x10
[   89.362208][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.367864][ T5842]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   89.373526][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.379285][ T5842]  ? rcu_is_watching+0x12/0xc0
[   89.384082][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.389738][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.395393][ T5842]  ? down_write_nested+0x152/0x210
[   89.400525][ T5842]  hfs_rename+0xe8/0x200
[   89.404815][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.410473][ T5842]  ? __pfx_hfs_rename+0x10/0x10
[   89.415357][ T5842]  vfs_rename+0xf8b/0x21f0
[   89.419812][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.425474][ T5842]  ? __pfx_vfs_rename+0x10/0x10
[   89.430338][ T5842]  ? _raw_spin_unlock+0x28/0x50
[   89.435198][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.440861][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.446515][ T5842]  ? security_path_rename+0x136/0x3c0
[   89.451910][ T5842]  do_renameat2+0xc5f/0xdd0
[   89.456442][ T5842]  ? __pfx_do_renameat2+0x10/0x10
[   89.461487][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.467144][ T5842]  ? lock_acquire+0x2f/0xb0
[   89.471659][ T5842]  ? __might_fault+0xe3/0x190
[   89.476349][ T5842]  ? __might_fault+0xe3/0x190
[   89.481036][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.486711][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.492366][ T5842]  ? getname_flags.part.0+0x1c5/0x550
[   89.497751][ T5842]  __x64_sys_renameat2+0xe7/0x130
[   89.502805][ T5842]  do_syscall_64+0xcd/0x250
[   89.507329][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.513239][ T5842] RIP: 0033:0x7f69b1f04ad9
[   89.517656][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.537273][ T5842] RSP: 002b:00007ffea7d94808 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[   89.545789][ T5842] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f69b1f04ad9
[   89.553764][ T5842] RDX: 0000000000000004 RSI: 0000000020000380 RDI: 0000000000000004
[   89.561911][ T5842] RBP: 00007f69b1f785f0 R08: 0000000000000000 R09: 000055558d6a54c0
[   89.569884][ T5842] R10: 0000000020000200 R11: 0000000000000246 R12: 00007ffea7d94830
[   89.577876][ T5842] R13: 00007ffea7d94a58 R14: 431bde82d7b634db R15: 00007f69b1f4d03b
[   89.585862][ T5842]  </TASK>
[   89.588881][ T5842] 
[   89.591199][ T5842] Allocated by task 5842:
[   89.595524][ T5842]  kasan_save_stack+0x33/0x60
[   89.600221][ T5842]  kasan_save_track+0x14/0x30
[   89.604920][ T5842]  __kasan_kmalloc+0xaa/0xb0
[   89.609552][ T5842]  __kmalloc_noprof+0x1e8/0x400
[   89.614444][ T5842]  hfs_find_init+0x95/0x220
[   89.618961][ T5842]  hfs_cat_move+0x15a/0x7e0
[   89.623848][ T5842]  hfs_rename+0xe8/0x200
[   89.628111][ T5842]  vfs_rename+0xf8b/0x21f0
[   89.632533][ T5842]  do_renameat2+0xc5f/0xdd0
[   89.637054][ T5842]  __x64_sys_renameat2+0xe7/0x130
[   89.642124][ T5842]  do_syscall_64+0xcd/0x250
[   89.646655][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.652566][ T5842] 
[   89.654884][ T5842] The buggy address belongs to the object at ffff888031fb8b00
[   89.654884][ T5842]  which belongs to the cache kmalloc-96 of size 96
[   89.669034][ T5842] The buggy address is located 0 bytes inside of
[   89.669034][ T5842]  allocated 78-byte region [ffff888031fb8b00, ffff888031fb8b4e)
[   89.682957][ T5842] 
[   89.685283][ T5842] The buggy address belongs to the physical page:
[   89.691687][ T5842] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31fb8
[   89.700455][ T5842] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   89.707926][ T5842] page_type: f5(slab)
[   89.711917][ T5842] raw: 00fff00000000000 ffff88801b041280 ffffea000510f340 0000000000000003
[   89.720507][ T5842] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
[   89.729099][ T5842] page dumped because: kasan: bad access detected
[   89.735552][ T5842] page_owner tracks the page as allocated
[   89.741270][ T5842] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5219, tgid 5219 (udevd), ts 49463600367, free_ts 49313720845
[   89.759796][ T5842]  post_alloc_hook+0x2d1/0x350
[   89.764612][ T5842]  get_page_from_freelist+0xfce/0x2f80
[   89.770098][ T5842]  __alloc_pages_noprof+0x223/0x25a0
[   89.775437][ T5842]  alloc_pages_mpol_noprof+0x2c9/0x610
[   89.780910][ T5842]  new_slab+0x2c9/0x410
[   89.785080][ T5842]  ___slab_alloc+0xdac/0x1880
[   89.789769][ T5842]  __slab_alloc.constprop.0+0x56/0xb0
[   89.795159][ T5842]  __kmalloc_noprof+0x367/0x400
[   89.800030][ T5842]  tomoyo_encode2+0x100/0x3e0
[   89.804754][ T5842]  tomoyo_encode+0x29/0x50
[   89.809185][ T5842]  tomoyo_realpath_from_path+0x19d/0x720
[   89.814834][ T5842]  tomoyo_path_perm+0x276/0x460
[   89.819693][ T5842]  security_inode_getattr+0x116/0x290
[   89.825102][ T5842]  vfs_statx_path+0x2b/0x310
[   89.829716][ T5842]  vfs_statx+0x11f/0x1c0
[   89.834002][ T5842]  vfs_fstatat+0x7b/0xf0
[   89.838446][ T5842] page last free pid 5428 tgid 5428 stack trace:
[   89.844768][ T5842]  free_unref_folios+0xa7b/0x14f0
[   89.849817][ T5842]  folios_put_refs+0x587/0x7b0
[   89.854612][ T5842]  free_pages_and_swap_cache+0x45f/0x510
[   89.860268][ T5842]  __tlb_batch_free_encoded_pages+0xf9/0x290
[   89.866285][ T5842]  tlb_finish_mmu+0x168/0x7b0
[   89.870971][ T5842]  exit_mmap+0x3df/0xb30
[   89.875230][ T5842]  __mmput+0x12a/0x480
[   89.879306][ T5842]  mmput+0x62/0x70
[   89.883047][ T5842]  do_exit+0x9bf/0x2d70
[   89.887221][ T5842]  do_group_exit+0xd3/0x2a0
[   89.891767][ T5842]  __x64_sys_exit_group+0x3e/0x50
[   89.896811][ T5842]  x64_sys_call+0x151f/0x1720
[   89.901507][ T5842]  do_syscall_64+0xcd/0x250
[   89.906025][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.911965][ T5842] 
[   89.914302][ T5842] Memory state around the buggy address:
[   89.919926][ T5842]  ffff888031fb8a00: 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc
[   89.927993][ T5842]  ffff888031fb8a80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   89.936077][ T5842] >ffff888031fb8b00: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   89.944136][ T5842]                                               ^
[   89.950545][ T5842]  ffff888031fb8b80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   89.958630][ T5842]  ffff888031fb8c00: 00 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc
[   89.966709][ T5842] ==================================================================
[   89.976380][ T5842] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[   89.984138][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor313 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0
[   89.994939][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   90.005029][ T5842] Call Trace:
[   90.008322][ T5842]  <TASK>
[   90.011263][ T5842]  dump_stack_lvl+0x3d/0x1f0
[   90.015897][ T5842]  panic+0x71d/0x800
[   90.019832][ T5842]  ? __pfx_panic+0x10/0x10
[   90.024287][ T5842]  ? lockdep_hardirqs_on+0x7c/0x110
[   90.029515][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.035366][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.041041][ T5842]  ? preempt_schedule_common+0x44/0xc0
[   90.046533][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.052292][ T5842]  ? preempt_schedule_thunk+0x1a/0x30
[   90.057697][ T5842]  end_report+0x169/0x180
[   90.062077][ T5842]  kasan_report+0xe9/0x110
[   90.066537][ T5842]  ? hfs_bnode_read+0xbc/0x220
[   90.071343][ T5842]  ? hfs_bnode_read+0xbc/0x220
[   90.076404][ T5842]  kasan_check_range+0xef/0x1a0
[   90.081287][ T5842]  __asan_memcpy+0x3c/0x60
[   90.085752][ T5842]  hfs_bnode_read+0xbc/0x220
[   90.090377][ T5842]  hfs_bnode_read_key+0x14e/0x1f0
[   90.095438][ T5842]  ? __pfx_hfs_bnode_read_key+0x10/0x10
[   90.101050][ T5842]  ? srso_alias_return_thunk+0x52/0xfbef5
[   90.106815][ T5842]  ? _raw_spin_unlock+0x28/0x50
[   90.111695][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.117377][ T5842]  ? hfs_bnode_put.part.0+0x1e3/0x280
[   90.122790][ T5842]  hfs_brec_insert+0x66b/0xb90
[   90.127603][ T5842]  ? __pfx_hfs_brec_insert+0x10/0x10
[   90.132927][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.138609][ T5842]  hfs_cat_move+0x3f0/0x7e0
[   90.143217][ T5842]  ? __pfx_hfs_cat_move+0x10/0x10
[   90.148288][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.154001][ T5842]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   90.159672][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.165440][ T5842]  ? rcu_is_watching+0x12/0xc0
[   90.170253][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.175933][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.181624][ T5842]  ? down_write_nested+0x152/0x210
[   90.186866][ T5842]  hfs_rename+0xe8/0x200
[   90.191587][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.197265][ T5842]  ? __pfx_hfs_rename+0x10/0x10
[   90.202183][ T5842]  vfs_rename+0xf8b/0x21f0
[   90.206626][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.212311][ T5842]  ? __pfx_vfs_rename+0x10/0x10
[   90.217192][ T5842]  ? _raw_spin_unlock+0x28/0x50
[   90.222071][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.227752][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.233437][ T5842]  ? security_path_rename+0x136/0x3c0
[   90.238839][ T5842]  do_renameat2+0xc5f/0xdd0
[   90.243392][ T5842]  ? __pfx_do_renameat2+0x10/0x10
[   90.248555][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.254255][ T5842]  ? lock_acquire+0x2f/0xb0
[   90.258790][ T5842]  ? __might_fault+0xe3/0x190
[   90.263502][ T5842]  ? __might_fault+0xe3/0x190
[   90.268212][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.273904][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.279609][ T5842]  ? getname_flags.part.0+0x1c5/0x550
[   90.285013][ T5842]  __x64_sys_renameat2+0xe7/0x130
[   90.290092][ T5842]  do_syscall_64+0xcd/0x250
[   90.294645][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.300586][ T5842] RIP: 0033:0x7f69b1f04ad9
[   90.305544][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   90.325276][ T5842] RSP: 002b:00007ffea7d94808 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[   90.333741][ T5842] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f69b1f04ad9
[   90.341744][ T5842] RDX: 0000000000000004 RSI: 0000000020000380 RDI: 0000000000000004
[   90.349732][ T5842] RBP: 00007f69b1f785f0 R08: 0000000000000000 R09: 000055558d6a54c0
[   90.357917][ T5842] R10: 0000000020000200 R11: 0000000000000246 R12: 00007ffea7d94830
[   90.365911][ T5842] R13: 00007ffea7d94a58 R14: 431bde82d7b634db R15: 00007f69b1f4d03b
[   90.374022][ T5842]  </TASK>
[   90.377303][ T5842] Kernel Offset: disabled
[   90.381628][ T5842] Rebooting in 86400 seconds..