./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3868569540 <...> Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts. execve("./syz-executor3868569540", ["./syz-executor3868569540"], 0x7fffc28dea10 /* 10 vars */) = 0 brk(NULL) = 0x55557a79a000 brk(0x55557a79ad00) = 0x55557a79ad00 arch_prctl(ARCH_SET_FS, 0x55557a79a380) = 0 set_tid_address(0x55557a79a650) = 5823 set_robust_list(0x55557a79a660, 24) = 0 rseq(0x55557a79aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3868569540", 4096) = 28 getrandom("\x82\x69\x40\xc3\x72\x61\x07\x6a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557a79ad00 brk(0x55557a7bbd00) = 0x55557a7bbd00 brk(0x55557a7bc000) = 0x55557a7bc000 mprotect(0x7f8aa622f000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x55557a79a660, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55557a79a650) = 5824 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 executing program [pid 5824] write(1, "executing program\n", 18) = 18 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a9dc00000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5824] munmap(0x7f8a9dc00000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] mkdir("./file1", 0777) = 0 [pid 5824] mount("/dev/loop0", "./file1", "hfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5824] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5824] chdir("./file1") = 0 [ 60.938169][ T5824] loop0: detected capacity change from 0 to 64 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5824] creat("./file8", 020) = 4 [ 61.018490][ T5824] ================================================================== [ 61.026590][ T5824] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x167/0x200 [ 61.034199][ T5824] Write of size 94 at addr ffff88814679d580 by task syz-executor386/5824 [ 61.042607][ T5824] [ 61.044938][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor386 Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0 [ 61.044949][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.044959][ T5824] Call Trace: [ 61.044965][ T5824] [ 61.044971][ T5824] dump_stack_lvl+0x241/0x360 [ 61.044986][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.044994][ T5824] ? __pfx__printk+0x10/0x10 [ 61.045008][ T5824] ? _printk+0xd5/0x120 [ 61.045020][ T5824] ? __virt_addr_valid+0x183/0x530 [ 61.045034][ T5824] ? __virt_addr_valid+0x183/0x530 [ 61.045047][ T5824] print_report+0x16e/0x5b0 [ 61.045061][ T5824] ? __virt_addr_valid+0x183/0x530 [ 61.045072][ T5824] ? __virt_addr_valid+0x183/0x530 [ 61.045084][ T5824] ? __virt_addr_valid+0x45f/0x530 [ 61.045096][ T5824] ? __phys_addr+0xba/0x170 [ 61.045108][ T5824] ? hfs_bnode_read+0x167/0x200 [ 61.045120][ T5824] kasan_report+0x143/0x180 [ 61.045133][ T5824] ? hfs_bnode_read+0x167/0x200 [ 61.045146][ T5824] kasan_check_range+0x282/0x290 [ 61.045158][ T5824] ? hfs_bnode_read+0x167/0x200 [ 61.045169][ T5824] __asan_memcpy+0x40/0x70 [ 61.045180][ T5824] hfs_bnode_read+0x167/0x200 [ 61.045193][ T5824] hfs_bnode_read_key+0x172/0x240 [ 61.045205][ T5824] ? __pfx_hfs_bnode_read_key+0x10/0x10 [ 61.045217][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 61.045228][ T5824] ? hfs_bnode_put+0x1c4/0x380 [ 61.045241][ T5824] hfs_brec_insert+0x7f3/0xbd0 [ 61.045257][ T5824] ? __pfx_hfs_brec_insert+0x10/0x10 [ 61.045271][ T5824] hfs_cat_create+0x3dc/0x760 [ 61.045285][ T5824] ? __pfx_hfs_cat_create+0x10/0x10 [ 61.045301][ T5824] ? _raw_spin_unlock+0x28/0x50 [ 61.045315][ T5824] ? hfs_new_inode+0x8df/0xba0 [ 61.045326][ T5824] hfs_create+0x66/0xe0 [ 61.045335][ T5824] vfs_create+0x23c/0x3d0 [ 61.045347][ T5824] do_mknodat+0x447/0x5b0 [ 61.045358][ T5824] ? __pfx_do_mknodat+0x10/0x10 [ 61.045367][ T5824] ? getname_flags+0x1e3/0x540 [ 61.045377][ T5824] __x64_sys_mknodat+0xa7/0xc0 [ 61.045389][ T5824] do_syscall_64+0xf3/0x230 [ 61.045402][ T5824] ? clear_bhb_loop+0x35/0x90 [ 61.045416][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.045430][ T5824] RIP: 0033:0x7f8aa61bbad9 [ 61.045443][ T5824] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.045451][ T5824] RSP: 002b:00007fffaa082978 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 61.045462][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8aa61bbad9 [ 61.045469][ T5824] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 00000000ffffff9c [ 61.045475][ T5824] RBP: 00007f8aa622f5f0 R08: 000055557a79b4c0 R09: 000055557a79b4c0 [ 61.045481][ T5824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaa0829a0 [ 61.045487][ T5824] R13: 00007fffaa082bc8 R14: 431bde82d7b634db R15: 00007f8aa620403b [ 61.045496][ T5824] [ 61.045499][ T5824] [ 61.328606][ T5824] Allocated by task 5824: [ 61.332922][ T5824] kasan_save_track+0x3f/0x80 [ 61.337587][ T5824] __kasan_kmalloc+0x98/0xb0 [ 61.342157][ T5824] __kmalloc_noprof+0x285/0x4c0 [ 61.346982][ T5824] hfs_find_init+0x90/0x1f0 [ 61.351465][ T5824] hfs_cat_create+0x17f/0x760 [ 61.356120][ T5824] hfs_create+0x66/0xe0 [ 61.360253][ T5824] vfs_create+0x23c/0x3d0 [ 61.364580][ T5824] do_mknodat+0x447/0x5b0 [ 61.368909][ T5824] __x64_sys_mknodat+0xa7/0xc0 [ 61.373649][ T5824] do_syscall_64+0xf3/0x230 [ 61.378147][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.384018][ T5824] [ 61.386333][ T5824] The buggy address belongs to the object at ffff88814679d580 [ 61.386333][ T5824] which belongs to the cache kmalloc-96 of size 96 [ 61.400206][ T5824] The buggy address is located 0 bytes inside of [ 61.400206][ T5824] allocated 78-byte region [ffff88814679d580, ffff88814679d5ce) [ 61.414060][ T5824] [ 61.416372][ T5824] The buggy address belongs to the physical page: [ 61.422841][ T5824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14679d [ 61.431681][ T5824] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 61.438870][ T5824] page_type: f5(slab) [ 61.443179][ T5824] raw: 057ff00000000000 ffff88801b041280 dead000000000100 dead000000000122 [ 61.451739][ T5824] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 61.460293][ T5824] page dumped because: kasan: bad access detected [ 61.466687][ T5824] page_owner tracks the page as allocated [ 61.472375][ T5824] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 9249013162, free_ts 0 [ 61.489980][ T5824] post_alloc_hook+0x1f4/0x240 [ 61.494897][ T5824] get_page_from_freelist+0x3651/0x37a0 [ 61.500420][ T5824] __alloc_frozen_pages_noprof+0x292/0x710 [ 61.506225][ T5824] alloc_pages_mpol+0x311/0x660 [ 61.511054][ T5824] allocate_slab+0x8f/0x3a0 [ 61.515535][ T5824] ___slab_alloc+0xc27/0x14a0 [ 61.520252][ T5824] __slab_alloc+0x58/0xa0 [ 61.524646][ T5824] __kmalloc_cache_noprof+0x27b/0x390 [ 61.529994][ T5824] usb_hub_create_port_device+0xc8/0xc10 [ 61.535620][ T5824] hub_probe+0x262c/0x3780 [ 61.540024][ T5824] usb_probe_interface+0x641/0xbb0 [ 61.545113][ T5824] really_probe+0x2b9/0xad0 [ 61.549592][ T5824] __driver_probe_device+0x1a2/0x390 [ 61.554882][ T5824] driver_probe_device+0x50/0x430 [ 61.559896][ T5824] __device_attach_driver+0x2d6/0x530 [ 61.565287][ T5824] bus_for_each_drv+0x24e/0x2e0 [ 61.570138][ T5824] page_owner free stack trace missing [ 61.575500][ T5824] [ 61.577838][ T5824] Memory state around the buggy address: [ 61.583445][ T5824] ffff88814679d480: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 61.591489][ T5824] ffff88814679d500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 61.599620][ T5824] >ffff88814679d580: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 61.607663][ T5824] ^ [ 61.614049][ T5824] ffff88814679d600: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 61.622097][ T5824] ffff88814679d680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 61.630130][ T5824] ================================================================== [ 61.638992][ T5824] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.646205][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor386 Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0 [ 61.657298][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.667430][ T5824] Call Trace: [ 61.670696][ T5824] [ 61.673616][ T5824] dump_stack_lvl+0x241/0x360 [ 61.678295][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.683485][ T5824] ? __pfx__printk+0x10/0x10 [ 61.688072][ T5824] ? preempt_schedule+0xe1/0xf0 [ 61.692929][ T5824] ? vscnprintf+0x5d/0x90 [ 61.697247][ T5824] panic+0x349/0x880 [ 61.701135][ T5824] ? check_panic_on_warn+0x21/0xb0 [ 61.706322][ T5824] ? __pfx_panic+0x10/0x10 [ 61.710732][ T5824] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 61.716706][ T5824] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 61.723019][ T5824] ? print_report+0x519/0x5b0 [ 61.727691][ T5824] check_panic_on_warn+0x86/0xb0 [ 61.732618][ T5824] ? hfs_bnode_read+0x167/0x200 [ 61.737462][ T5824] end_report+0x77/0x160 [ 61.741696][ T5824] kasan_report+0x154/0x180 [ 61.746190][ T5824] ? hfs_bnode_read+0x167/0x200 [ 61.751030][ T5824] kasan_check_range+0x282/0x290 [ 61.755956][ T5824] ? hfs_bnode_read+0x167/0x200 [ 61.760810][ T5824] __asan_memcpy+0x40/0x70 [ 61.765215][ T5824] hfs_bnode_read+0x167/0x200 [ 61.769969][ T5824] hfs_bnode_read_key+0x172/0x240 [ 61.774985][ T5824] ? __pfx_hfs_bnode_read_key+0x10/0x10 [ 61.780529][ T5824] ? do_raw_spin_unlock+0x13c/0x8b0 [ 61.785751][ T5824] ? hfs_bnode_put+0x1c4/0x380 [ 61.790512][ T5824] hfs_brec_insert+0x7f3/0xbd0 [ 61.795276][ T5824] ? __pfx_hfs_brec_insert+0x10/0x10 [ 61.800555][ T5824] hfs_cat_create+0x3dc/0x760 [ 61.805226][ T5824] ? __pfx_hfs_cat_create+0x10/0x10 [ 61.810421][ T5824] ? _raw_spin_unlock+0x28/0x50 [ 61.815260][ T5824] ? hfs_new_inode+0x8df/0xba0 [ 61.820097][ T5824] hfs_create+0x66/0xe0 [ 61.824237][ T5824] vfs_create+0x23c/0x3d0 [ 61.828559][ T5824] do_mknodat+0x447/0x5b0 [ 61.832885][ T5824] ? __pfx_do_mknodat+0x10/0x10 [ 61.837721][ T5824] ? getname_flags+0x1e3/0x540 [ 61.842470][ T5824] __x64_sys_mknodat+0xa7/0xc0 [ 61.847227][ T5824] do_syscall_64+0xf3/0x230 [ 61.851722][ T5824] ? clear_bhb_loop+0x35/0x90 [ 61.856389][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.862269][ T5824] RIP: 0033:0x7f8aa61bbad9 [ 61.866675][ T5824] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.886271][ T5824] RSP: 002b:00007fffaa082978 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 61.894672][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8aa61bbad9 [ 61.902651][ T5824] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 00000000ffffff9c [ 61.910623][ T5824] RBP: 00007f8aa622f5f0 R08: 000055557a79b4c0 R09: 000055557a79b4c0 [ 61.918589][ T5824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaa0829a0 [ 61.926549][ T5824] R13: 00007fffaa082bc8 R14: 431bde82d7b634db R15: 00007f8aa620403b [ 61.934514][ T5824] [ 61.937833][ T5824] Kernel Offset: disabled [ 61.942159][ T5824] Rebooting in 86400 seconds..