./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1242878648

<...>
Warning: Permanently added '10.128.1.92' (ED25519) to the list of known hosts.
execve("./syz-executor1242878648", ["./syz-executor1242878648"], 0x7ffc49a18ea0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555a969000
brk(0x55555a969d00)                     = 0x55555a969d00
arch_prctl(ARCH_SET_FS, 0x55555a969380) = 0
set_tid_address(0x55555a969650)         = 5819
set_robust_list(0x55555a969660, 24)     = 0
rseq(0x55555a969ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1242878648", 4096) = 28
getrandom("\xba\xbe\xec\x38\x45\x12\x7b\x5c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555a969d00
brk(0x55555a98ad00)                     = 0x55555a98ad00
brk(0x55555a98b000)                     = 0x55555a98b000
mprotect(0x7f016c54d000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5821 attached
 <unfinished ...>
[pid  5821] set_robust_list(0x55555a969660, 24 <unfinished ...>
[pid  5819] <... clone resumed>, child_tidptr=0x55555a969650) = 5821
[pid  5821] <... set_robust_list resumed>) = 0
[pid  5821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5821] setpgid(0, 0)               = 0
[pid  5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5821] write(3, "1000", 4)         = 4
[pid  5821] close(3)                    = 0
[pid  5821] write(1, "executing program\n", 18executing program
) = 18
[pid  5821] memfd_create("syzkaller", 0) = 3
[pid  5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0164000000
[pid  5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid  5821] munmap(0x7f0164000000, 138412032) = 0
[pid  5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5821] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5821] close(3)                    = 0
[pid  5821] close(4)                    = 0
[pid  5821] mkdir("./file1", 0777)      = 0
[pid  5821] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid  5821] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
syzkaller login: [   67.131587][ T5821] loop0: detected capacity change from 0 to 1024
[pid  5821] getdents64(3, 0x400000000100 /* 3 entries */, 89) = 80
[   67.192696][ T5821] ==================================================================
[   67.200911][ T5821] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x57f/0x1200
[   67.208656][ T5821] Read of size 2 at addr ffff888144fe340c by task syz-executor124/5821
[   67.216881][ T5821] 
[   67.219216][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor124 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0
[   67.219228][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   67.219237][ T5821] Call Trace:
[   67.219242][ T5821]  <TASK>
[   67.219246][ T5821]  dump_stack_lvl+0x241/0x360
[   67.219262][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.219271][ T5821]  ? __pfx__printk+0x10/0x10
[   67.219283][ T5821]  ? _printk+0xd5/0x120
[   67.219296][ T5821]  ? __virt_addr_valid+0x183/0x530
[   67.219309][ T5821]  ? __virt_addr_valid+0x183/0x530
[   67.219322][ T5821]  print_report+0x16e/0x5b0
[   67.219335][ T5821]  ? __virt_addr_valid+0x183/0x530
[   67.219347][ T5821]  ? __virt_addr_valid+0x183/0x530
[   67.219359][ T5821]  ? __virt_addr_valid+0x45f/0x530
[   67.219371][ T5821]  ? __phys_addr+0xba/0x170
[   67.219383][ T5821]  ? hfsplus_uni2asc+0x57f/0x1200
[   67.219394][ T5821]  kasan_report+0x143/0x180
[   67.219406][ T5821]  ? hfsplus_uni2asc+0x57f/0x1200
[   67.219417][ T5821]  hfsplus_uni2asc+0x57f/0x1200
[   67.219427][ T5821]  ? __asan_memcpy+0x40/0x70
[   67.219439][ T5821]  hfsplus_readdir+0x938/0x1320
[   67.219455][ T5821]  ? __pfx_hfsplus_readdir+0x10/0x10
[   67.219477][ T5821]  ? iterate_dir+0x4a6/0x760
[   67.219489][ T5821]  ? __pfx_down_read_killable+0x10/0x10
[   67.219507][ T5821]  ? __pfx___mutex_lock+0x10/0x10
[   67.219520][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.219534][ T5821]  iterate_dir+0x5a9/0x760
[   67.219546][ T5821]  __se_sys_getdents64+0x1e2/0x4b0
[   67.219559][ T5821]  ? __pfx___se_sys_getdents64+0x10/0x10
[   67.219571][ T5821]  ? __pfx_filldir64+0x10/0x10
[   67.219583][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.219595][ T5821]  ? do_syscall_64+0x100/0x230
[   67.219608][ T5821]  do_syscall_64+0xf3/0x230
[   67.219620][ T5821]  ? clear_bhb_loop+0x35/0x90
[   67.219634][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.219649][ T5821] RIP: 0033:0x7f016c4d9aa9
[   67.219661][ T5821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   67.219669][ T5821] RSP: 002b:00007ffef26d4238 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   67.219680][ T5821] RAX: ffffffffffffffda RBX: 0000400000000100 RCX: 00007f016c4d9aa9
[   67.219687][ T5821] RDX: 0000000000000059 RSI: 0000400000000100 RDI: 0000000000000003
[   67.219693][ T5821] RBP: 00007f016c54d5f0 R08: 000055555a96a4c0 R09: 000055555a96a4c0
[   67.219699][ T5821] R10: 00000000000006a7 R11: 0000000000000246 R12: 00007ffef26d4260
[   67.219705][ T5821] R13: 00007ffef26d4488 R14: 431bde82d7b634db R15: 00007f016c52201d
[   67.219714][ T5821]  </TASK>
[   67.219718][ T5821] 
[   67.478521][ T5821] Allocated by task 5821:
[   67.482838][ T5821]  kasan_save_track+0x3f/0x80
[   67.487506][ T5821]  __kasan_kmalloc+0x98/0xb0
[   67.492086][ T5821]  __kmalloc_noprof+0x285/0x4c0
[   67.496920][ T5821]  hfsplus_find_init+0x85/0x1c0
[   67.501754][ T5821]  hfsplus_readdir+0x20b/0x1320
[   67.506620][ T5821]  iterate_dir+0x5a9/0x760
[   67.511021][ T5821]  __se_sys_getdents64+0x1e2/0x4b0
[   67.516119][ T5821]  do_syscall_64+0xf3/0x230
[   67.520605][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.526515][ T5821] 
[   67.528822][ T5821] The buggy address belongs to the object at ffff888144fe3000
[   67.528822][ T5821]  which belongs to the cache kmalloc-2k of size 2048
[   67.542889][ T5821] The buggy address is located 0 bytes to the right of
[   67.542889][ T5821]  allocated 1036-byte region [ffff888144fe3000, ffff888144fe340c)
[   67.557889][ T5821] 
[   67.560218][ T5821] The buggy address belongs to the physical page:
[   67.566614][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x144fe0
[   67.575460][ T5821] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   67.583944][ T5821] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   67.591557][ T5821] page_type: f5(slab)
[   67.595522][ T5821] raw: 057ff00000000040 ffff88801b042000 dead000000000100 dead000000000122
[   67.604095][ T5821] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   67.612661][ T5821] head: 057ff00000000040 ffff88801b042000 dead000000000100 dead000000000122
[   67.621317][ T5821] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   67.629971][ T5821] head: 057ff00000000003 ffffea000513f801 ffffffffffffffff 0000000000000000
[   67.638631][ T5821] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   67.647289][ T5821] page dumped because: kasan: bad access detected
[   67.653698][ T5821] page_owner tracks the page as allocated
[   67.659583][ T5821] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7734638582, free_ts 0
[   67.679197][ T5821]  post_alloc_hook+0x1f4/0x240
[   67.683961][ T5821]  get_page_from_freelist+0x3651/0x37a0
[   67.689514][ T5821]  __alloc_frozen_pages_noprof+0x292/0x710
[   67.695308][ T5821]  alloc_pages_mpol+0x311/0x660
[   67.700147][ T5821]  allocate_slab+0x8f/0x3a0
[   67.704636][ T5821]  ___slab_alloc+0xc27/0x14a0
[   67.709295][ T5821]  __slab_alloc+0x58/0xa0
[   67.713602][ T5821]  __kmalloc_noprof+0x2e6/0x4c0
[   67.718428][ T5821]  rfkill_alloc+0xb0/0x2e0
[   67.722823][ T5821]  wiphy_new_nm+0x1084/0x19a0
[   67.727498][ T5821]  ieee80211_alloc_hw_nm+0x3d4/0x1ea0
[   67.732852][ T5821]  mac80211_hwsim_new_radio+0x203/0x4a40
[   67.738465][ T5821]  init_mac80211_hwsim+0x87a/0xb00
[   67.743645][ T5821]  do_one_initcall+0x248/0x930
[   67.748404][ T5821]  do_initcall_level+0x157/0x210
[   67.753328][ T5821]  do_initcalls+0x71/0xd0
[   67.757641][ T5821] page_owner free stack trace missing
[   67.762987][ T5821] 
[   67.765289][ T5821] Memory state around the buggy address:
[   67.770909][ T5821]  ffff888144fe3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.779131][ T5821]  ffff888144fe3380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.787170][ T5821] >ffff888144fe3400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.795319][ T5821]                       ^
[   67.799632][ T5821]  ffff888144fe3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.807686][ T5821]  ffff888144fe3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.815733][ T5821] ==================================================================
[   67.824894][ T5821] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   67.832116][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor124 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0
[   67.843271][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   67.853404][ T5821] Call Trace:
[   67.856666][ T5821]  <TASK>
[   67.859581][ T5821]  dump_stack_lvl+0x241/0x360
[   67.864254][ T5821]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.869440][ T5821]  ? __pfx__printk+0x10/0x10
[   67.874016][ T5821]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   67.879991][ T5821]  ? vscnprintf+0x5d/0x90
[   67.884304][ T5821]  panic+0x349/0x880
[   67.888188][ T5821]  ? check_panic_on_warn+0x21/0xb0
[   67.893285][ T5821]  ? __pfx_panic+0x10/0x10
[   67.897686][ T5821]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   67.903650][ T5821]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.909958][ T5821]  check_panic_on_warn+0x86/0xb0
[   67.914881][ T5821]  ? hfsplus_uni2asc+0x57f/0x1200
[   67.919912][ T5821]  end_report+0x77/0x160
[   67.924147][ T5821]  kasan_report+0x154/0x180
[   67.928634][ T5821]  ? hfsplus_uni2asc+0x57f/0x1200
[   67.933641][ T5821]  hfsplus_uni2asc+0x57f/0x1200
[   67.938476][ T5821]  ? __asan_memcpy+0x40/0x70
[   67.943059][ T5821]  hfsplus_readdir+0x938/0x1320
[   67.947910][ T5821]  ? __pfx_hfsplus_readdir+0x10/0x10
[   67.953211][ T5821]  ? iterate_dir+0x4a6/0x760
[   67.957789][ T5821]  ? __pfx_down_read_killable+0x10/0x10
[   67.963332][ T5821]  ? __pfx___mutex_lock+0x10/0x10
[   67.968349][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.974672][ T5821]  iterate_dir+0x5a9/0x760
[   67.979084][ T5821]  __se_sys_getdents64+0x1e2/0x4b0
[   67.984189][ T5821]  ? __pfx___se_sys_getdents64+0x10/0x10
[   67.989811][ T5821]  ? __pfx_filldir64+0x10/0x10
[   67.994568][ T5821]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.000887][ T5821]  ? do_syscall_64+0x100/0x230
[   68.005640][ T5821]  do_syscall_64+0xf3/0x230
[   68.010133][ T5821]  ? clear_bhb_loop+0x35/0x90
[   68.014798][ T5821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.020676][ T5821] RIP: 0033:0x7f016c4d9aa9
[   68.025077][ T5821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   68.044680][ T5821] RSP: 002b:00007ffef26d4238 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   68.053095][ T5821] RAX: ffffffffffffffda RBX: 0000400000000100 RCX: 00007f016c4d9aa9
[   68.061072][ T5821] RDX: 0000000000000059 RSI: 0000400000000100 RDI: 0000000000000003
[   68.069036][ T5821] RBP: 00007f016c54d5f0 R08: 000055555a96a4c0 R09: 000055555a96a4c0
[   68.076993][ T5821] R10: 00000000000006a7 R11: 0000000000000246 R12: 00007ffef26d4260
[   68.084951][ T5821] R13: 00007ffef26d4488 R14: 431bde82d7b634db R15: 00007f016c52201d
[   68.092927][ T5821]  </TASK>
[   68.096318][ T5821] Kernel Offset: disabled
[   68.100658][ T5821] Rebooting in 86400 seconds..