./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1652091561 <...> Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. execve("./syz-executor1652091561", ["./syz-executor1652091561"], 0x7ffc35979040 /* 10 vars */) = 0 brk(NULL) = 0x555555ae6000 brk(0x555555ae6d00) = 0x555555ae6d00 arch_prctl(ARCH_SET_FS, 0x555555ae6380) = 0 set_tid_address(0x555555ae6650) = 4988 set_robust_list(0x555555ae6660, 24) = 0 rseq(0x555555ae6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1652091561", 4096) = 28 getrandom("\x8b\xe2\x31\xfd\xa1\x54\xd8\x4b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555ae6d00 brk(0x555555b07d00) = 0x555555b07d00 brk(0x555555b08000) = 0x555555b08000 mprotect(0x7f78eaa93000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ae6650) = 4989 ./strace-static-x86_64: Process 4989 attached [pid 4989] set_robust_list(0x555555ae6660, 24) = 0 [pid 4989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4989] setpgid(0, 0) = 0 [pid 4989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4989] write(3, "1000", 4) = 4 [pid 4989] close(3) = 0 [pid 4989] memfd_create("syzkaller", 0) = 3 [pid 4989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f78e25e1000 [pid 4989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 4989] munmap(0x7f78e25e1000, 138412032) = 0 [pid 4989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4989] close(3) = 0 [pid 4989] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 263.602470][ T4989] loop0: detected capacity change from 0 to 1024 [ 263.646886][ T4989] ===================================================== [ 263.655454][ T4989] BUG: KMSAN: uninit-value in hfsplus_cat_case_cmp_key+0xf1/0x190 [ 263.668719][ T4989] hfsplus_cat_case_cmp_key+0xf1/0x190 [ 263.680457][ T4989] hfs_find_rec_by_key+0xb0/0x240 [ 263.691219][ T4989] __hfsplus_brec_find+0x26b/0x7b0 [ 263.699733][ T4989] hfsplus_brec_find+0x445/0x970 [ 263.708490][ T4989] hfsplus_brec_read+0x46/0x1a0 [ 263.719320][ T4989] hfsplus_find_cat+0xdb/0x460 [ 263.729629][ T4989] hfsplus_iget+0x740/0xaf0 [ 263.734905][ T4989] hfsplus_fill_super+0x151b/0x26f0 [ 263.744454][ T4989] mount_bdev+0x3d7/0x560 [ 263.749751][ T4989] hfsplus_mount+0x4d/0x60 [ 263.756579][ T4989] legacy_get_tree+0x110/0x290 [ 263.767686][ T4989] vfs_get_tree+0xa5/0x520 [ 263.774417][ T4989] do_new_mount+0x68d/0x1550 [ 263.782156][ T4989] path_mount+0x73d/0x1f20 [ 263.790153][ T4989] __se_sys_mount+0x725/0x810 [ 263.795502][ T4989] __x64_sys_mount+0xe4/0x140 [ 263.802283][ T4989] do_syscall_64+0x44/0x110 [ 263.811481][ T4989] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 263.819814][ T4989] [ 263.823924][ T4989] Uninit was created at: [ 263.829418][ T4989] slab_post_alloc_hook+0x129/0xa70 [ 263.835906][ T4989] __kmem_cache_alloc_node+0x5c9/0x970 [ 263.845371][ T4989] __kmalloc+0x121/0x3c0 [ 263.850387][ T4989] hfsplus_find_init+0x91/0x250 [ 263.857959][ T4989] hfsplus_iget+0x3e1/0xaf0 [ 263.869711][ T4989] hfsplus_fill_super+0x151b/0x26f0 [ 263.878313][ T4989] mount_bdev+0x3d7/0x560 [ 263.886308][ T4989] hfsplus_mount+0x4d/0x60 [ 263.892331][ T4989] legacy_get_tree+0x110/0x290 [ 263.903163][ T4989] vfs_get_tree+0xa5/0x520 [ 263.910492][ T4989] do_new_mount+0x68d/0x1550 [ 263.917001][ T4989] path_mount+0x73d/0x1f20 [ 263.921647][ T4989] __se_sys_mount+0x725/0x810 [ 263.934054][ T4989] __x64_sys_mount+0xe4/0x140 [ 263.942573][ T4989] do_syscall_64+0x44/0x110 [ 263.950070][ T4989] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 263.958208][ T4989] [ 263.964006][ T4989] CPU: 1 PID: 4989 Comm: syz-executor165 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 [ 263.976589][ T4989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 263.993799][ T4989] ===================================================== [ 264.007332][ T4989] Disabling lock debugging due to kernel taint [ 264.018800][ T4989] Kernel panic - not syncing: kmsan.panic set ... [ 264.033032][ T4989] CPU: 1 PID: 4989 Comm: syz-executor165 Tainted: G B 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 [ 264.048398][ T4989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 264.062587][ T4989] Call Trace: [ 264.069932][ T4989] [ 264.073870][ T4989] dump_stack_lvl+0x1bf/0x240 [ 264.083571][ T4989] dump_stack+0x1e/0x20 [ 264.090309][ T4989] panic+0x4de/0xc90 [ 264.095165][ T4989] ? add_taint+0x108/0x1a0 [ 264.101684][ T4989] kmsan_report+0x2d0/0x2d0 [ 264.109914][ T4989] ? _raw_spin_lock_irqsave+0x35/0xc0 [ 264.120672][ T4989] ? __msan_warning+0x96/0x110 [ 264.128885][ T4989] ? hfsplus_cat_case_cmp_key+0xf1/0x190 [ 264.135752][ T4989] ? hfs_find_rec_by_key+0xb0/0x240 [ 264.142601][ T4989] ? __hfsplus_brec_find+0x26b/0x7b0 [ 264.151734][ T4989] ? hfsplus_brec_find+0x445/0x970 [ 264.157565][ T4989] ? hfsplus_brec_read+0x46/0x1a0 [ 264.163600][ T4989] ? hfsplus_find_cat+0xdb/0x460 [ 264.170375][ T4989] ? hfsplus_iget+0x740/0xaf0 [ 264.175638][ T4989] ? hfsplus_fill_super+0x151b/0x26f0 [ 264.187344][ T4989] ? mount_bdev+0x3d7/0x560 [ 264.193697][ T4989] ? hfsplus_mount+0x4d/0x60 [ 264.203335][ T4989] ? legacy_get_tree+0x110/0x290 [ 264.209240][ T4989] ? vfs_get_tree+0xa5/0x520 [ 264.215014][ T4989] ? do_new_mount+0x68d/0x1550 [ 264.223572][ T4989] ? path_mount+0x73d/0x1f20 [ 264.230079][ T4989] ? __se_sys_mount+0x725/0x810 [ 264.235180][ T4989] ? __x64_sys_mount+0xe4/0x140 [ 264.246002][ T4989] ? do_syscall_64+0x44/0x110 [ 264.254048][ T4989] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 264.265145][ T4989] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 264.275078][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.283021][ T4989] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 264.292581][ T4989] ? kmsan_internal_memmove_metadata+0x91/0x220 [ 264.304723][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.313329][ T4989] __msan_warning+0x96/0x110 [ 264.319016][ T4989] hfsplus_cat_case_cmp_key+0xf1/0x190 [ 264.328564][ T4989] hfs_find_rec_by_key+0xb0/0x240 [ 264.335491][ T4989] ? __hfsplus_ext_write_extent+0x600/0x600 [ 264.344999][ T4989] __hfsplus_brec_find+0x26b/0x7b0 [ 264.351627][ T4989] ? hfs_find_1st_rec_by_cnid+0x3f0/0x3f0 [ 264.358442][ T4989] hfsplus_brec_find+0x445/0x970 [ 264.373542][ T4989] ? hfs_find_1st_rec_by_cnid+0x3f0/0x3f0 [ 264.385726][ T4989] hfsplus_brec_read+0x46/0x1a0 [ 264.392165][ T4989] hfsplus_find_cat+0xdb/0x460 [ 264.399499][ T4989] ? kmsan_slab_alloc+0xdd/0x150 [ 264.406926][ T4989] ? slab_post_alloc_hook+0x129/0xa70 [ 264.418346][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.424538][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.431642][ T4989] ? __kmem_cache_alloc_node+0x5d9/0x970 [ 264.440054][ T4989] ? hfsplus_find_init+0x91/0x250 [ 264.448507][ T4989] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 264.455247][ T4989] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 264.466447][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.473654][ T4989] hfsplus_iget+0x740/0xaf0 [ 264.480735][ T4989] hfsplus_fill_super+0x151b/0x26f0 [ 264.487895][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.495663][ T4989] ? vsnprintf+0x2975/0x29e0 [ 264.502095][ T4989] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 264.513879][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.523433][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.531996][ T4989] mount_bdev+0x3d7/0x560 [ 264.537742][ T4989] ? hfsplus_mount+0x60/0x60 [ 264.543487][ T4989] hfsplus_mount+0x4d/0x60 [ 264.548911][ T4989] legacy_get_tree+0x110/0x290 [ 264.555042][ T4989] ? hfsplus_mark_mdb_dirty+0x290/0x290 [ 264.563486][ T4989] ? legacy_parse_monolithic+0x260/0x260 [ 264.573085][ T4989] vfs_get_tree+0xa5/0x520 [ 264.582006][ T4989] ? mount_capable+0x97/0x120 [ 264.589330][ T4989] do_new_mount+0x68d/0x1550 [ 264.594775][ T4989] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 264.606743][ T4989] path_mount+0x73d/0x1f20 [ 264.611749][ T4989] ? user_path_at_empty+0x33e/0x3b0 [ 264.621640][ T4989] __se_sys_mount+0x725/0x810 [ 264.630348][ T4989] __x64_sys_mount+0xe4/0x140 [ 264.638062][ T4989] do_syscall_64+0x44/0x110 [ 264.646471][ T4989] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 264.662078][ T4989] RIP: 0033:0x7f78eaa210aa [ 264.667955][ T4989] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 264.697233][ T4989] RSP: 002b:00007fff0abb4568 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 264.710106][ T4989] RAX: ffffffffffffffda RBX: 00007fff0abb4580 RCX: 00007f78eaa210aa [ 264.721649][ T4989] RDX: 0000000020000000 RSI: 0000000020000140 RDI: 00007fff0abb4580 [ 264.735858][ T4989] RBP: 0000000000000004 R08: 00007fff0abb45c0 R09: 002c353532317063 [ 264.752460][ T4989] R10: 0000000000804000 R11: 0000000000000286 R12: 0000000000804000 [ 264.770167][ T4989] R13: 00007fff0abb45c0 R14: 0000000000000003 R15: 0000000000080000 [ 264.780501][ T4989] [ 264.785853][ T4989] Kernel Offset: disabled [ 264.790298][ T4989] Rebooting in 86400 seconds..