./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3392863917

<...>
Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts.
execve("./syz-executor3392863917", ["./syz-executor3392863917"], 0x7ffc651cd9d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e5a000
brk(0x555555e5ad00)                     = 0x555555e5ad00
arch_prctl(ARCH_SET_FS, 0x555555e5a380) = 0
set_tid_address(0x555555e5a650)         = 5066
set_robust_list(0x555555e5a660, 24)     = 0
rseq(0x555555e5aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3392863917", 4096) = 28
getrandom("\xd8\xf1\x01\x2e\x26\x7d\xcb\x98", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555e5ad00
brk(0x555555e7bd00)                     = 0x555555e7bd00
brk(0x555555e7c000)                     = 0x555555e7c000
mprotect(0x7fc180b45000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc178600000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7fc178600000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file1", 0777)                  = 0
mount("/dev/loop0", "./file1", "hfsplus", MS_NODIRATIME|MS_SILENT|MS_RELATIME|MS_I_VERSION, "") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[   54.772013][ T5066] loop0: detected capacity change from 0 to 1024
chdir("./file1")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
[   54.862910][ T5066] ==================================================================
[   54.871012][ T5066] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read_key+0x394/0x610
[   54.879265][ T5066] Write of size 3970 at addr ffff88802a197800 by task syz-executor339/5066
[   54.887829][ T5066] 
[   54.890133][ T5066] CPU: 0 PID: 5066 Comm: syz-executor339 Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
[   54.900001][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   54.910037][ T5066] Call Trace:
[   54.913300][ T5066]  <TASK>
[   54.916211][ T5066]  dump_stack_lvl+0x1e7/0x2e0
[   54.920882][ T5066]  ? __pfx_dump_stack_lvl+0x10/0x10
[   54.926068][ T5066]  ? __pfx__printk+0x10/0x10
[   54.930645][ T5066]  ? _printk+0xd5/0x120
[   54.934784][ T5066]  ? __virt_addr_valid+0x183/0x520
[   54.939879][ T5066]  ? __virt_addr_valid+0x183/0x520
[   54.944977][ T5066]  print_report+0x169/0x550
[   54.949463][ T5066]  ? __virt_addr_valid+0x183/0x520
[   54.954553][ T5066]  ? __virt_addr_valid+0x183/0x520
[   54.959642][ T5066]  ? __virt_addr_valid+0x44e/0x520
[   54.964732][ T5066]  ? __phys_addr+0xba/0x170
[   54.969215][ T5066]  ? hfsplus_bnode_read_key+0x394/0x610
[   54.974744][ T5066]  kasan_report+0x143/0x180
[   54.979228][ T5066]  ? hfsplus_bnode_read_key+0x394/0x610
[   54.984762][ T5066]  kasan_check_range+0x282/0x290
[   54.989679][ T5066]  ? hfsplus_bnode_read_key+0x394/0x610
[   54.995208][ T5066]  __asan_memcpy+0x40/0x70
[   54.999604][ T5066]  hfsplus_bnode_read_key+0x394/0x610
[   55.004958][ T5066]  ? __pfx_hfsplus_bnode_read_key+0x10/0x10
[   55.010838][ T5066]  ? hfsplus_bnode_write+0x1e1/0x230
[   55.016108][ T5066]  hfsplus_brec_insert+0x6ea/0xde0
[   55.021205][ T5066]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   55.026821][ T5066]  ? hfsplus_create_attr+0x462/0x640
[   55.032087][ T5066]  hfsplus_create_attr+0x4a2/0x640
[   55.037176][ T5066]  ? __pfx_hfsplus_create_attr+0x10/0x10
[   55.042791][ T5066]  ? hfsplus_find_init+0x14a/0x1c0
[   55.047879][ T5066]  __hfsplus_setxattr+0x6fe/0x22d0
[   55.052977][ T5066]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   55.059288][ T5066]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   55.065162][ T5066]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   55.070685][ T5066]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   55.076561][ T5066]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   55.082868][ T5066]  ? stack_trace_save+0x118/0x1d0
[   55.087874][ T5066]  ? stack_depot_save_flags+0x37d/0x860
[   55.093413][ T5066]  ? __kasan_kmalloc+0x98/0xb0
[   55.098155][ T5066]  ? hfsplus_setxattr+0x68/0xe0
[   55.102985][ T5066]  ? kmalloc_trace+0x1d9/0x360
[   55.107735][ T5066]  ? hfsplus_setxattr+0x68/0xe0
[   55.112562][ T5066]  hfsplus_setxattr+0xb0/0xe0
[   55.117216][ T5066]  hfsplus_security_setxattr+0x40/0x60
[   55.122655][ T5066]  ? __pfx_hfsplus_security_setxattr+0x10/0x10
[   55.128790][ T5066]  __vfs_setxattr+0x468/0x4a0
[   55.133450][ T5066]  __vfs_setxattr_noperm+0x12e/0x5e0
[   55.138712][ T5066]  vfs_setxattr+0x221/0x430
[   55.143195][ T5066]  ? __pfx_vfs_setxattr+0x10/0x10
[   55.148232][ T5066]  ? __check_object_size+0x8e/0xa00
[   55.153417][ T5066]  ? __might_fault+0xc6/0x120
[   55.158080][ T5066]  ? strncpy_from_user+0x1a4/0x2f0
[   55.163171][ T5066]  setxattr+0x25d/0x2f0
[   55.167310][ T5066]  ? __pfx_setxattr+0x10/0x10
[   55.171976][ T5066]  ? mnt_get_write_access+0x226/0x2b0
[   55.177329][ T5066]  path_setxattr+0x1c0/0x2a0
[   55.181901][ T5066]  ? __pfx_path_setxattr+0x10/0x10
[   55.186992][ T5066]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   55.193303][ T5066]  ? do_syscall_64+0x10a/0x240
[   55.198049][ T5066]  __x64_sys_setxattr+0xbb/0xd0
[   55.202877][ T5066]  do_syscall_64+0xfb/0x240
[   55.207361][ T5066]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   55.213234][ T5066] RIP: 0033:0x7fc180ad2639
[   55.217631][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.237216][ T5066] RSP: 002b:00007ffc6080f8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   55.245608][ T5066] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fc180ad2639
[   55.253561][ T5066] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000240
[   55.261510][ T5066] RBP: 00007fc180b45610 R08: 0000000000000000 R09: 0000000000000000
[   55.269458][ T5066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.277406][ T5066] R13: 00007ffc6080fa98 R14: 0000000000000001 R15: 0000000000000001
[   55.285361][ T5066]  </TASK>
[   55.288359][ T5066] 
[   55.290661][ T5066] Allocated by task 5066:
[   55.294964][ T5066]  kasan_save_track+0x3f/0x80
[   55.299621][ T5066]  __kasan_kmalloc+0x98/0xb0
[   55.304187][ T5066]  __kmalloc+0x231/0x4a0
[   55.308408][ T5066]  hfsplus_find_init+0x85/0x1c0
[   55.313235][ T5066]  hfsplus_create_attr+0x161/0x640
[   55.318320][ T5066]  __hfsplus_setxattr+0x6fe/0x22d0
[   55.323425][ T5066]  hfsplus_setxattr+0xb0/0xe0
[   55.328090][ T5066]  hfsplus_security_setxattr+0x40/0x60
[   55.333541][ T5066]  __vfs_setxattr+0x468/0x4a0
[   55.338205][ T5066]  __vfs_setxattr_noperm+0x12e/0x5e0
[   55.343469][ T5066]  vfs_setxattr+0x221/0x430
[   55.347946][ T5066]  setxattr+0x25d/0x2f0
[   55.352077][ T5066]  path_setxattr+0x1c0/0x2a0
[   55.356647][ T5066]  __x64_sys_setxattr+0xbb/0xd0
[   55.361475][ T5066]  do_syscall_64+0xfb/0x240
[   55.365962][ T5066]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   55.371831][ T5066] 
[   55.374133][ T5066] The buggy address belongs to the object at ffff88802a197800
[   55.374133][ T5066]  which belongs to the cache kmalloc-1k of size 1024
[   55.388162][ T5066] The buggy address is located 0 bytes inside of
[   55.388162][ T5066]  allocated 536-byte region [ffff88802a197800, ffff88802a197a18)
[   55.402109][ T5066] 
[   55.404412][ T5066] The buggy address belongs to the physical page:
[   55.410800][ T5066] page:ffffea0000a86400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a190
[   55.420930][ T5066] head:ffffea0000a86400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   55.429836][ T5066] anon flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[   55.438229][ T5066] page_type: 0xffffffff()
[   55.442538][ T5066] raw: 00fff80000000840 ffff888014c41dc0 0000000000000000 dead000000000001
[   55.451098][ T5066] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   55.459652][ T5066] page dumped because: kasan: bad access detected
[   55.466039][ T5066] page_owner tracks the page as allocated
[   55.471727][ T5066] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10670801188, free_ts 0
[   55.491419][ T5066]  post_alloc_hook+0x1ea/0x210
[   55.496165][ T5066]  get_page_from_freelist+0x34eb/0x3680
[   55.501693][ T5066]  __alloc_pages+0x256/0x680
[   55.506259][ T5066]  alloc_slab_page+0x5f/0x160
[   55.510912][ T5066]  new_slab+0x84/0x2f0
[   55.514958][ T5066]  ___slab_alloc+0xc73/0x1260
[   55.519609][ T5066]  __kmalloc+0x2e3/0x4a0
[   55.523833][ T5066]  alloc_workqueue+0x19b/0x1f40
[   55.528665][ T5066]  nf_flow_table_offload_init+0x3c/0xb0
[   55.534204][ T5066]  nf_flow_table_module_init+0x2b/0x70
[   55.539641][ T5066]  do_one_initcall+0x238/0x830
[   55.544386][ T5066]  do_initcall_level+0x157/0x210
[   55.549305][ T5066]  do_initcalls+0x3f/0x80
[   55.553613][ T5066]  kernel_init_freeable+0x430/0x5d0
[   55.558792][ T5066]  kernel_init+0x1d/0x2b0
[   55.563100][ T5066]  ret_from_fork+0x4b/0x80
[   55.567497][ T5066] page_owner free stack trace missing
[   55.572840][ T5066] 
[   55.575143][ T5066] Memory state around the buggy address:
[   55.580749][ T5066]  ffff88802a197900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.588787][ T5066]  ffff88802a197980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.596827][ T5066] >ffff88802a197a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.605039][ T5066]                             ^
[   55.609863][ T5066]  ffff88802a197a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.617901][ T5066]  ffff88802a197b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.625936][ T5066] ==================================================================
[   55.634274][ T5066] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.641474][ T5066] CPU: 0 PID: 5066 Comm: syz-executor339 Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
[   55.651351][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   55.661392][ T5066] Call Trace:
[   55.664665][ T5066]  <TASK>
[   55.667589][ T5066]  dump_stack_lvl+0x1e7/0x2e0
[   55.672262][ T5066]  ? __pfx_dump_stack_lvl+0x10/0x10
[   55.677451][ T5066]  ? __pfx__printk+0x10/0x10
[   55.682036][ T5066]  ? vscnprintf+0x5d/0x90
[   55.686359][ T5066]  panic+0x349/0x860
[   55.690250][ T5066]  ? check_panic_on_warn+0x21/0xb0
[   55.695354][ T5066]  ? __pfx_panic+0x10/0x10
[   55.699765][ T5066]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   55.705742][ T5066]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   55.712066][ T5066]  ? print_report+0x502/0x550
[   55.716734][ T5066]  check_panic_on_warn+0x86/0xb0
[   55.721664][ T5066]  ? hfsplus_bnode_read_key+0x394/0x610
[   55.727202][ T5066]  end_report+0x6e/0x140
[   55.731440][ T5066]  kasan_report+0x154/0x180
[   55.735933][ T5066]  ? hfsplus_bnode_read_key+0x394/0x610
[   55.741475][ T5066]  kasan_check_range+0x282/0x290
[   55.746402][ T5066]  ? hfsplus_bnode_read_key+0x394/0x610
[   55.751941][ T5066]  __asan_memcpy+0x40/0x70
[   55.756344][ T5066]  hfsplus_bnode_read_key+0x394/0x610
[   55.761710][ T5066]  ? __pfx_hfsplus_bnode_read_key+0x10/0x10
[   55.767592][ T5066]  ? hfsplus_bnode_write+0x1e1/0x230
[   55.772875][ T5066]  hfsplus_brec_insert+0x6ea/0xde0
[   55.777989][ T5066]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   55.783615][ T5066]  ? hfsplus_create_attr+0x462/0x640
[   55.788893][ T5066]  hfsplus_create_attr+0x4a2/0x640
[   55.793997][ T5066]  ? __pfx_hfsplus_create_attr+0x10/0x10
[   55.799620][ T5066]  ? hfsplus_find_init+0x14a/0x1c0
[   55.804720][ T5066]  __hfsplus_setxattr+0x6fe/0x22d0
[   55.809830][ T5066]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   55.816154][ T5066]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   55.822046][ T5066]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   55.827580][ T5066]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   55.833464][ T5066]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   55.839785][ T5066]  ? stack_trace_save+0x118/0x1d0
[   55.844807][ T5066]  ? stack_depot_save_flags+0x37d/0x860
[   55.850361][ T5066]  ? __kasan_kmalloc+0x98/0xb0
[   55.855112][ T5066]  ? hfsplus_setxattr+0x68/0xe0
[   55.859949][ T5066]  ? kmalloc_trace+0x1d9/0x360
[   55.864727][ T5066]  ? hfsplus_setxattr+0x68/0xe0
[   55.869596][ T5066]  hfsplus_setxattr+0xb0/0xe0
[   55.874276][ T5066]  hfsplus_security_setxattr+0x40/0x60
[   55.879726][ T5066]  ? __pfx_hfsplus_security_setxattr+0x10/0x10
[   55.885874][ T5066]  __vfs_setxattr+0x468/0x4a0
[   55.890546][ T5066]  __vfs_setxattr_noperm+0x12e/0x5e0
[   55.895823][ T5066]  vfs_setxattr+0x221/0x430
[   55.900341][ T5066]  ? __pfx_vfs_setxattr+0x10/0x10
[   55.905352][ T5066]  ? __check_object_size+0x8e/0xa00
[   55.910540][ T5066]  ? __might_fault+0xc6/0x120
[   55.915210][ T5066]  ? strncpy_from_user+0x1a4/0x2f0
[   55.920313][ T5066]  setxattr+0x25d/0x2f0
[   55.924459][ T5066]  ? __pfx_setxattr+0x10/0x10
[   55.929137][ T5066]  ? mnt_get_write_access+0x226/0x2b0
[   55.934502][ T5066]  path_setxattr+0x1c0/0x2a0
[   55.939084][ T5066]  ? __pfx_path_setxattr+0x10/0x10
[   55.944187][ T5066]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   55.950508][ T5066]  ? do_syscall_64+0x10a/0x240
[   55.955268][ T5066]  __x64_sys_setxattr+0xbb/0xd0
[   55.960112][ T5066]  do_syscall_64+0xfb/0x240
[   55.964614][ T5066]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   55.970498][ T5066] RIP: 0033:0x7fc180ad2639
[   55.974902][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.994497][ T5066] RSP: 002b:00007ffc6080f8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   56.002900][ T5066] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fc180ad2639
[   56.010859][ T5066] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000240
[   56.018816][ T5066] RBP: 00007fc180b45610 R08: 0000000000000000 R09: 0000000000000000
[   56.026773][ T5066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.034731][ T5066] R13: 00007ffc6080fa98 R14: 0000000000000001 R15: 0000000000000001
[   56.042757][ T5066]  </TASK>
[   56.046001][ T5066] Kernel Offset: disabled
[   56.050310][ T5066] Rebooting in 86400 seconds..