./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor578171780

<...>
Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts.
execve("./syz-executor578171780", ["./syz-executor578171780"], 0x7fff34365ec0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555561f9000
brk(0x5555561f9d00)                     = 0x5555561f9d00
arch_prctl(ARCH_SET_FS, 0x5555561f9380) = 0
set_tid_address(0x5555561f9650)         = 5033
set_robust_list(0x5555561f9660, 24)     = 0
rseq(0x5555561f9ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor578171780", 4096) = 27
getrandom("\x6f\x04\xd1\xec\x9d\xea\xf5\x9f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555561f9d00
brk(0x55555621ad00)                     = 0x55555621ad00
brk(0x55555621b000)                     = 0x55555621b000
mprotect(0x7fc356b0a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc34e65a000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7fc34e65a000, 524288)          = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
mount("/dev/loop0", "./file0", "hfsplus", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[   54.845607][ T5033] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5033 'syz-executor578'
[   54.864618][ T5033] loop0: detected capacity change from 0 to 1024
[   54.885276][ T5033] ==================================================================
[   54.893372][ T5033] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[   54.901048][ T5033] Read of size 2 at addr ffff88802b693a18 by task syz-executor578/5033
[   54.909293][ T5033] 
[   54.911608][ T5033] CPU: 0 PID: 5033 Comm: syz-executor578 Not tainted 6.5.0-rc3-next-20230726-syzkaller #0
[   54.921502][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   54.931576][ T5033] Call Trace:
[   54.934845][ T5033]  <TASK>
[   54.937762][ T5033]  dump_stack_lvl+0xd9/0x1b0
[   54.942362][ T5033]  print_report+0xc4/0x620
[   54.946801][ T5033]  ? __virt_addr_valid+0x5e/0x2d0
[   54.951821][ T5033]  ? __phys_addr+0xc6/0x140
[   54.956315][ T5033]  kasan_report+0xda/0x110
[   54.960728][ T5033]  ? hfsplus_uni2asc+0x8fd/0xa00
[   54.965661][ T5033]  ? hfsplus_uni2asc+0x8fd/0xa00
[   54.970656][ T5033]  hfsplus_uni2asc+0x8fd/0xa00
[   54.975420][ T5033]  hfsplus_listxattr+0x6de/0xe10
[   54.980357][ T5033]  ? hfsplus_getxattr+0x160/0x160
[   54.985378][ T5033]  ? kvmalloc_node+0x99/0x1a0
[   54.990049][ T5033]  ? kasan_save_stack+0x43/0x50
[   54.994899][ T5033]  ? do_syscall_64+0x38/0xb0
[   54.999482][ T5033]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.005563][ T5033]  ? kasan_set_track+0x25/0x30
[   55.010320][ T5033]  ? rcu_is_watching+0x12/0xb0
[   55.015078][ T5033]  ? hfsplus_getxattr+0x160/0x160
[   55.020098][ T5033]  vfs_listxattr+0xb3/0x130
[   55.024596][ T5033]  listxattr+0x69/0x180
[   55.028744][ T5033]  path_listxattr+0xc3/0x160
[   55.033358][ T5033]  ? listxattr+0x180/0x180
[   55.037780][ T5033]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.042971][ T5033]  ? _raw_spin_unlock_irq+0x2e/0x50
[   55.048161][ T5033]  ? ptrace_notify+0xf4/0x130
[   55.052826][ T5033]  do_syscall_64+0x38/0xb0
[   55.057230][ T5033]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.063110][ T5033] RIP: 0033:0x7fc356a975b9
[   55.067510][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.087104][ T5033] RSP: 002b:00007fff03875198 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[   55.095503][ T5033] RAX: ffffffffffffffda RBX: 00007fff03875378 RCX: 00007fc356a975b9
[   55.103461][ T5033] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[   55.111422][ T5033] RBP: 00007fc356b0a610 R08: 0000000000000603 R09: 0000000000000000
[   55.119382][ T5033] R10: 00007fff03875060 R11: 0000000000000246 R12: 0000000000000001
[   55.127340][ T5033] R13: 00007fff03875368 R14: 0000000000000001 R15: 0000000000000001
[   55.135302][ T5033]  </TASK>
[   55.138305][ T5033] 
[   55.140611][ T5033] Allocated by task 5033:
[   55.144924][ T5033]  kasan_save_stack+0x33/0x50
[   55.149597][ T5033]  kasan_set_track+0x25/0x30
[   55.154175][ T5033]  __kasan_kmalloc+0xa2/0xb0
[   55.158777][ T5033]  __kmalloc+0x60/0x100
[   55.162923][ T5033]  hfsplus_find_init+0x95/0x200
[   55.167765][ T5033]  hfsplus_listxattr+0x465/0xe10
[   55.172692][ T5033]  vfs_listxattr+0xb3/0x130
[   55.177183][ T5033]  listxattr+0x69/0x180
[   55.181328][ T5033]  path_listxattr+0xc3/0x160
[   55.185909][ T5033]  do_syscall_64+0x38/0xb0
[   55.190311][ T5033]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.196192][ T5033] 
[   55.198500][ T5033] The buggy address belongs to the object at ffff88802b693800
[   55.198500][ T5033]  which belongs to the cache kmalloc-1k of size 1024
[   55.212537][ T5033] The buggy address is located 0 bytes to the right of
[   55.212537][ T5033]  allocated 536-byte region [ffff88802b693800, ffff88802b693a18)
[   55.227012][ T5033] 
[   55.229318][ T5033] The buggy address belongs to the physical page:
[   55.235725][ T5033] page:ffffea0000ada400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b690
[   55.245882][ T5033] head:ffffea0000ada400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   55.254800][ T5033] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   55.262765][ T5033] page_type: 0xffffffff()
[   55.267094][ T5033] raw: 00fff00000010200 ffff888012841dc0 ffffea0001df5000 dead000000000002
[   55.275933][ T5033] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   55.284509][ T5033] page dumped because: kasan: bad access detected
[   55.290907][ T5033] page_owner tracks the page as allocated
[   55.296617][ T5033] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13066280773, free_ts 0
[   55.316332][ T5033]  post_alloc_hook+0x2d2/0x350
[   55.321113][ T5033]  get_page_from_freelist+0x10d7/0x31b0
[   55.326650][ T5033]  __alloc_pages+0x1d0/0x4a0
[   55.331240][ T5033]  alloc_page_interleave+0x1e/0x250
[   55.336430][ T5033]  alloc_pages+0x22a/0x270
[   55.341094][ T5033]  allocate_slab+0x24e/0x380
[   55.345672][ T5033]  ___slab_alloc+0x8bc/0x1570
[   55.350343][ T5033]  __slab_alloc.constprop.0+0x56/0xa0
[   55.355703][ T5033]  __kmem_cache_alloc_node+0x137/0x350
[   55.361154][ T5033]  __kmalloc_node_track_caller+0x50/0x100
[   55.366864][ T5033]  krealloc+0x5d/0x100
[   55.370923][ T5033]  add_sysfs_param+0xca/0x960
[   55.375600][ T5033]  param_sysfs_builtin_init+0x2ca/0x450
[   55.381152][ T5033]  do_one_initcall+0x117/0x630
[   55.385909][ T5033]  kernel_init_freeable+0x5bd/0x8f0
[   55.391096][ T5033]  kernel_init+0x1c/0x2a0
[   55.395422][ T5033] page_owner free stack trace missing
[   55.400768][ T5033] 
[   55.403078][ T5033] Memory state around the buggy address:
[   55.408687][ T5033]  ffff88802b693900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.416730][ T5033]  ffff88802b693980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.424773][ T5033] >ffff88802b693a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.432811][ T5033]                             ^
[   55.437653][ T5033]  ffff88802b693a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.445700][ T5033]  ffff88802b693b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.453744][ T5033] ==================================================================
[   55.462545][ T5033] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.469762][ T5033] CPU: 0 PID: 5033 Comm: syz-executor578 Not tainted 6.5.0-rc3-next-20230726-syzkaller #0
[   55.479652][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   55.489704][ T5033] Call Trace:
[   55.492976][ T5033]  <TASK>
[   55.495900][ T5033]  dump_stack_lvl+0xd9/0x1b0
[   55.500534][ T5033]  panic+0x6a4/0x750
[   55.504433][ T5033]  ? panic_smp_self_stop+0xa0/0xa0
[   55.509548][ T5033]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   55.515707][ T5033]  ? preempt_schedule_thunk+0x1a/0x30
[   55.521081][ T5033]  ? preempt_schedule_common+0x45/0xc0
[   55.526549][ T5033]  check_panic_on_warn+0xab/0xb0
[   55.531488][ T5033]  end_report+0x108/0x150
[   55.535821][ T5033]  kasan_report+0xea/0x110
[   55.540239][ T5033]  ? hfsplus_uni2asc+0x8fd/0xa00
[   55.545185][ T5033]  ? hfsplus_uni2asc+0x8fd/0xa00
[   55.550127][ T5033]  hfsplus_uni2asc+0x8fd/0xa00
[   55.554898][ T5033]  hfsplus_listxattr+0x6de/0xe10
[   55.559846][ T5033]  ? hfsplus_getxattr+0x160/0x160
[   55.564881][ T5033]  ? kvmalloc_node+0x99/0x1a0
[   55.569562][ T5033]  ? kasan_save_stack+0x43/0x50
[   55.574422][ T5033]  ? do_syscall_64+0x38/0xb0
[   55.579008][ T5033]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.585086][ T5033]  ? kasan_set_track+0x25/0x30
[   55.589856][ T5033]  ? rcu_is_watching+0x12/0xb0
[   55.594617][ T5033]  ? hfsplus_getxattr+0x160/0x160
[   55.599656][ T5033]  vfs_listxattr+0xb3/0x130
[   55.604163][ T5033]  listxattr+0x69/0x180
[   55.608323][ T5033]  path_listxattr+0xc3/0x160
[   55.612916][ T5033]  ? listxattr+0x180/0x180
[   55.617333][ T5033]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.622533][ T5033]  ? _raw_spin_unlock_irq+0x2e/0x50
[   55.627739][ T5033]  ? ptrace_notify+0xf4/0x130
[   55.632418][ T5033]  do_syscall_64+0x38/0xb0
[   55.636833][ T5033]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.642724][ T5033] RIP: 0033:0x7fc356a975b9
[   55.647135][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.666742][ T5033] RSP: 002b:00007fff03875198 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[   55.675154][ T5033] RAX: ffffffffffffffda RBX: 00007fff03875378 RCX: 00007fc356a975b9
[   55.683120][ T5033] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000020000000
[   55.691089][ T5033] RBP: 00007fc356b0a610 R08: 0000000000000603 R09: 0000000000000000
[   55.699055][ T5033] R10: 00007fff03875060 R11: 0000000000000246 R12: 0000000000000001
[   55.707029][ T5033] R13: 00007fff03875368 R14: 0000000000000001 R15: 0000000000000001
[   55.715007][ T5033]  </TASK>
[   55.718227][ T5033] Kernel Offset: disabled
[   55.722590][ T5033] Rebooting in 86400 seconds..