./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3917512006
<...>
Warning: Permanently added '10.128.1.85' (ECDSA) to the list of known hosts.
execve("./syz-executor3917512006", ["./syz-executor3917512006"], 0x7ffcc79e4e30 /* 10 vars */) = 0
brk(NULL) = 0x555555d3e000
brk(0x555555d3ec40) = 0x555555d3ec40
arch_prctl(ARCH_SET_FS, 0x555555d3e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3917512006", 4096) = 28
brk(0x555555d5fc40) = 0x555555d5fc40
brk(0x555555d60000) = 0x555555d60000
mprotect(0x7fdc79d0a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdc71800000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
munmap(0x7fdc71800000, 32768) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
mount("/dev/loop0", "./file0", "hfs", MS_RDONLY|MS_NOSUID, "iocharset=cp737,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 52.033483][ T3632] loop0: detected capacity change from 0 to 64
[ 52.051157][ T3632] ==================================================================
[ 52.059266][ T3632] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0
[ 52.066583][ T3632] Write of size 1 at addr ffff88801848314e by task syz-executor391/3632
[ 52.074918][ T3632]
[ 52.077332][ T3632] CPU: 0 PID: 3632 Comm: syz-executor391 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0
[ 52.087731][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.097776][ T3632] Call Trace:
[ 52.101051][ T3632]
[ 52.103983][ T3632] dump_stack_lvl+0x1b1/0x28e
[ 52.108781][ T3632] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 52.114269][ T3632] ? __wake_up_klogd+0xcd/0x100
[ 52.119212][ T3632] ? panic+0x710/0x710
[ 52.123282][ T3632] ? _printk+0xc0/0x100
[ 52.127441][ T3632] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 52.132922][ T3632] print_address_description+0x74/0x340
[ 52.138486][ T3632] print_report+0x107/0x1f0
[ 52.143002][ T3632] ? __virt_addr_valid+0x21b/0x2d0
[ 52.148204][ T3632] ? __phys_addr+0xb5/0x160
[ 52.152713][ T3632] ? hfs_asc2mac+0x467/0x9a0
[ 52.157301][ T3632] kasan_report+0xcd/0x100
[ 52.161712][ T3632] ? hfs_asc2mac+0x467/0x9a0
[ 52.166306][ T3632] hfs_asc2mac+0x467/0x9a0
[ 52.170718][ T3632] ? mutex_lock_io_nested+0x60/0x60
[ 52.175918][ T3632] ? hfs_mac2asc+0x850/0x850
[ 52.180501][ T3632] ? hfs_find_init+0x8b/0x1e0
[ 52.185185][ T3632] ? trace_kmalloc+0x30/0xf0
[ 52.189778][ T3632] ? __kmalloc+0xcc/0x1a0
[ 52.194121][ T3632] hfs_cat_build_key+0x92/0x170
[ 52.198981][ T3632] hfs_lookup+0x1ab/0x2c0
[ 52.203315][ T3632] ? hfs_dir_release+0x140/0x140
[ 52.208250][ T3632] ? d_alloc_parallel+0x1144/0x1240
[ 52.213552][ T3632] ? d_hash_and_lookup+0x1c0/0x1c0
[ 52.218683][ T3632] ? hfs_dir_release+0x140/0x140
[ 52.223629][ T3632] path_openat+0x10e6/0x2df0
[ 52.228234][ T3632] ? do_filp_open+0x4f0/0x4f0
[ 52.232913][ T3632] do_filp_open+0x264/0x4f0
[ 52.237421][ T3632] ? vfs_tmpfile+0x450/0x450
[ 52.242097][ T3632] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.247297][ T3632] ? _raw_spin_unlock+0x24/0x40
[ 52.252148][ T3632] ? alloc_fd+0x5a7/0x640
[ 52.256487][ T3632] do_sys_openat2+0x124/0x4e0
[ 52.261158][ T3632] ? print_irqtrace_events+0x220/0x220
[ 52.266607][ T3632] ? ptrace_stop+0x74d/0x970
[ 52.271194][ T3632] ? do_sys_open+0x220/0x220
[ 52.275779][ T3632] ? lockdep_hardirqs_on+0x8d/0x130
[ 52.280975][ T3632] ? _raw_spin_unlock_irq+0x2a/0x40
[ 52.286184][ T3632] ? ptrace_notify+0x245/0x340
[ 52.290960][ T3632] __x64_sys_open+0x221/0x270
[ 52.295649][ T3632] ? do_sys_openat2+0x4e0/0x4e0
[ 52.300505][ T3632] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 52.306573][ T3632] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 52.312987][ T3632] do_syscall_64+0x3d/0xb0
[ 52.317401][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.323295][ T3632] RIP: 0033:0x7fdc79c9d839
[ 52.327703][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.347300][ T3632] RSP: 002b:00007ffd57f47648 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 52.355705][ T3632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdc79c9d839
[ 52.363719][ T3632] RDX: 0000000000000100 RSI: 0000000000002000 RDI: 0000000020000800
[ 52.371697][ T3632] RBP: 00007fdc79c5d0d0 R08: 0000000000000245 R09: 0000000000000000
[ 52.379690][ T3632] R10: 00007ffd57f47510 R11: 0000000000000246 R12: 00007fdc79c5d160
[ 52.387654][ T3632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.395623][ T3632]
[ 52.398632][ T3632]
[ 52.400942][ T3632] Allocated by task 3632:
[ 52.405257][ T3632] kasan_set_track+0x3d/0x60
[ 52.409838][ T3632] __kasan_kmalloc+0x97/0xb0
[ 52.414425][ T3632] __kmalloc+0xaf/0x1a0
[ 52.418571][ T3632] hfs_find_init+0x8b/0x1e0
[ 52.423067][ T3632] hfs_lookup+0x105/0x2c0
[ 52.427386][ T3632] path_openat+0x10e6/0x2df0
[ 52.431966][ T3632] do_filp_open+0x264/0x4f0
[ 52.436544][ T3632] do_sys_openat2+0x124/0x4e0
[ 52.441214][ T3632] __x64_sys_open+0x221/0x270
[ 52.445886][ T3632] do_syscall_64+0x3d/0xb0
[ 52.450292][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.456182][ T3632]
[ 52.458501][ T3632] The buggy address belongs to the object at ffff888018483100
[ 52.458501][ T3632] which belongs to the cache kmalloc-96 of size 96
[ 52.472377][ T3632] The buggy address is located 78 bytes inside of
[ 52.472377][ T3632] 96-byte region [ffff888018483100, ffff888018483160)
[ 52.485487][ T3632]
[ 52.487802][ T3632] The buggy address belongs to the physical page:
[ 52.494291][ T3632] page:ffffea00006120c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18483
[ 52.504448][ T3632] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 52.512001][ T3632] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888012841780
[ 52.520588][ T3632] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 52.529179][ T3632] page dumped because: kasan: bad access detected
[ 52.535588][ T3632] page_owner tracks the page as allocated
[ 52.541296][ T3632] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 2311131230, free_ts 0
[ 52.557883][ T3632] get_page_from_freelist+0x742/0x7c0
[ 52.563267][ T3632] __alloc_pages+0x259/0x560
[ 52.567860][ T3632] alloc_page_interleave+0x22/0x1c0
[ 52.573061][ T3632] alloc_slab_page+0x70/0xf0
[ 52.577659][ T3632] allocate_slab+0x5e/0x4b0
[ 52.582168][ T3632] ___slab_alloc+0x782/0xe20
[ 52.586759][ T3632] __kmem_cache_alloc_node+0x252/0x310
[ 52.592216][ T3632] __kmalloc_node_track_caller+0x9c/0x190
[ 52.597931][ T3632] krealloc+0x61/0xf0
[ 52.601918][ T3632] add_sysfs_param+0x134/0x800
[ 52.606670][ T3632] kernel_add_sysfs_param+0xb0/0x126
[ 52.611977][ T3632] param_sysfs_builtin+0x1fb/0x2a5
[ 52.617081][ T3632] param_sysfs_init+0x68/0x6c
[ 52.621753][ T3632] do_one_initcall+0x1c9/0x400
[ 52.626523][ T3632] do_initcall_level+0x168/0x218
[ 52.631476][ T3632] do_initcalls+0x4b/0x8c
[ 52.635812][ T3632] page_owner free stack trace missing
[ 52.641167][ T3632]
[ 52.643483][ T3632] Memory state around the buggy address:
[ 52.649106][ T3632] ffff888018483000: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 52.657165][ T3632] ffff888018483080: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 52.665225][ T3632] >ffff888018483100: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[ 52.673282][ T3632] ^
[ 52.679696][ T3632] ffff888018483180: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 52.687758][ T3632] ffff888018483200: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 52.695818][ T3632] ==================================================================
[ 52.704189][ T3632] Kernel panic - not syncing: panic_on_warn set ...
[ 52.710786][ T3632] CPU: 1 PID: 3632 Comm: syz-executor391 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0
[ 52.721211][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.731265][ T3632] Call Trace:
[ 52.734544][ T3632]
[ 52.737473][ T3632] dump_stack_lvl+0x1b1/0x28e
[ 52.742155][ T3632] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 52.747618][ T3632] ? panic+0x710/0x710
[ 52.751684][ T3632] ? preempt_schedule_common+0xb7/0xe0
[ 52.757146][ T3632] ? vscnprintf+0x59/0x80
[ 52.761495][ T3632] panic+0x2d6/0x710
[ 52.765418][ T3632] ? memcpy_page_flushcache+0xfc/0xfc
[ 52.770808][ T3632] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 52.776805][ T3632] ? rcu_read_lock_sched_held+0x5d/0x110
[ 52.782450][ T3632] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 52.788440][ T3632] ? hfs_asc2mac+0x467/0x9a0
[ 52.793034][ T3632] end_report+0x91/0xa0
[ 52.797188][ T3632] kasan_report+0xda/0x100
[ 52.801634][ T3632] ? hfs_asc2mac+0x467/0x9a0
[ 52.806225][ T3632] hfs_asc2mac+0x467/0x9a0
[ 52.810644][ T3632] ? mutex_lock_io_nested+0x60/0x60
[ 52.815849][ T3632] ? hfs_mac2asc+0x850/0x850
[ 52.820440][ T3632] ? hfs_find_init+0x8b/0x1e0
[ 52.825127][ T3632] ? trace_kmalloc+0x30/0xf0
[ 52.829720][ T3632] ? __kmalloc+0xcc/0x1a0
[ 52.834051][ T3632] hfs_cat_build_key+0x92/0x170
[ 52.838901][ T3632] hfs_lookup+0x1ab/0x2c0
[ 52.843238][ T3632] ? hfs_dir_release+0x140/0x140
[ 52.848179][ T3632] ? d_alloc_parallel+0x1144/0x1240
[ 52.853384][ T3632] ? d_hash_and_lookup+0x1c0/0x1c0
[ 52.858496][ T3632] ? hfs_dir_release+0x140/0x140
[ 52.863450][ T3632] path_openat+0x10e6/0x2df0
[ 52.868066][ T3632] ? do_filp_open+0x4f0/0x4f0
[ 52.872755][ T3632] do_filp_open+0x264/0x4f0
[ 52.877256][ T3632] ? vfs_tmpfile+0x450/0x450
[ 52.881845][ T3632] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.887045][ T3632] ? _raw_spin_unlock+0x24/0x40
[ 52.891899][ T3632] ? alloc_fd+0x5a7/0x640
[ 52.896240][ T3632] do_sys_openat2+0x124/0x4e0
[ 52.900919][ T3632] ? print_irqtrace_events+0x220/0x220
[ 52.906379][ T3632] ? ptrace_stop+0x74d/0x970
[ 52.910973][ T3632] ? do_sys_open+0x220/0x220
[ 52.915569][ T3632] ? lockdep_hardirqs_on+0x8d/0x130
[ 52.920772][ T3632] ? _raw_spin_unlock_irq+0x2a/0x40
[ 52.925977][ T3632] ? ptrace_notify+0x245/0x340
[ 52.930736][ T3632] __x64_sys_open+0x221/0x270
[ 52.935412][ T3632] ? do_sys_openat2+0x4e0/0x4e0
[ 52.940268][ T3632] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 52.946249][ T3632] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 52.952231][ T3632] do_syscall_64+0x3d/0xb0
[ 52.956650][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.962544][ T3632] RIP: 0033:0x7fdc79c9d839
[ 52.966953][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.986552][ T3632] RSP: 002b:00007ffd57f47648 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 52.994960][ T3632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdc79c9d839
[ 53.002932][ T3632] RDX: 0000000000000100 RSI: 0000000000002000 RDI: 0000000020000800
[ 53.010895][ T3632] RBP: 00007fdc79c5d0d0 R08: 0000000000000245 R09: 0000000000000000
[ 53.018859][ T3632] R10: 00007ffd57f47510 R11: 0000000000000246 R12: 00007fdc79c5d160
[ 53.026822][ T3632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 53.034793][ T3632]
[ 53.037964][ T3632] Kernel Offset: disabled
[ 53.042286][ T3632] Rebooting in 86400 seconds..