./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2080755973

<...>
Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
execve("./syz-executor2080755973", ["./syz-executor2080755973"], 0x7fff6fbee330 /* 10 vars */) = 0
brk(NULL)                               = 0x55558e1d5000
brk(0x55558e1d5d00)                     = 0x55558e1d5d00
arch_prctl(ARCH_SET_FS, 0x55558e1d5380) = 0
set_tid_address(0x55558e1d5650)         = 5831
set_robust_list(0x55558e1d5660, 24)     = 0
rseq(0x55558e1d5ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2080755973", 4096) = 28
getrandom("\x35\xde\x75\x77\x97\x12\x4b\x54", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558e1d5d00
brk(0x55558e1f6d00)                     = 0x55558e1f6d00
brk(0x55558e1f7000)                     = 0x55558e1f7000
mprotect(0x7f372f75e000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3727200000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f3727200000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file1", 0777)                  = 0
[  105.484412][ T5831] loop0: detected capacity change from 0 to 1024
mount("/dev/loop0", "./file1", "hfsplus", MS_SILENT|MS_POSIXACL, "") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
chdir("./file1")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
[  105.557677][ T5831] hfsplus: request for non-existent node 67108864 in B*Tree
[  105.567411][ T5831] hfsplus: request for non-existent node 67108864 in B*Tree
[  105.579083][ T5831] ==================================================================
[  105.589159][ T5831] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[  105.599645][ T5831] Read of size 8 at addr ffff88801e2ae1c0 by task syz-executor208/5831
[  105.609327][ T5831] 
[  105.612437][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor208 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  105.612461][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.612475][ T5831] Call Trace:
[  105.612490][ T5831]  <TASK>
[  105.612499][ T5831]  dump_stack_lvl+0x189/0x250
[  105.612529][ T5831]  ? __kasan_check_byte+0x12/0x40
[  105.612551][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.612575][ T5831]  ? lock_release+0x4b/0x3e0
[  105.612598][ T5831]  ? __virt_addr_valid+0x4a5/0x5c0
[  105.612614][ T5831]  print_report+0xd2/0x2b0
[  105.612634][ T5831]  ? hfsplus_bnode_read+0xc0/0x2a0
[  105.612650][ T5831]  kasan_report+0x118/0x150
[  105.612670][ T5831]  ? hfsplus_bnode_read+0xc0/0x2a0
[  105.612689][ T5831]  hfsplus_bnode_read+0xc0/0x2a0
[  105.612707][ T5831]  hfsplus_bnode_dump+0x300/0x450
[  105.612733][ T5831]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[  105.612750][ T5831]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[  105.612766][ T5831]  ? hfsplus_bnode_move+0x393/0xb90
[  105.612784][ T5831]  ? __pfx___hfsplus_brec_find+0x10/0x10
[  105.612804][ T5831]  hfsplus_brec_remove+0x480/0x550
[  105.612828][ T5831]  __hfsplus_delete_attr+0x1d4/0x360
[  105.612851][ T5831]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[  105.612870][ T5831]  ? hfsplus_find_init+0x8c/0x1d0
[  105.612892][ T5831]  hfsplus_delete_all_attrs+0x277/0x410
[  105.612914][ T5831]  ? __pfx_hfsplus_delete_all_attrs+0x10/0x10
[  105.612937][ T5831]  ? rcu_is_watching+0x15/0xb0
[  105.612961][ T5831]  ? __mark_inode_dirty+0x8c5/0xdf0
[  105.613001][ T5831]  hfsplus_delete_cat+0x92c/0xd20
[  105.613028][ T5831]  ? __pfx_hfsplus_delete_cat+0x10/0x10
[  105.613053][ T5831]  ? __pfx___mutex_lock+0x10/0x10
[  105.613089][ T5831]  hfsplus_unlink+0x359/0x730
[  105.613106][ T5831]  ? __pfx_hfsplus_unlink+0x10/0x10
[  105.613132][ T5831]  ? __pfx_down_write+0x10/0x10
[  105.613148][ T5831]  ? bpf_lsm_inode_unlink+0x9/0x20
[  105.613167][ T5831]  vfs_unlink+0x394/0x650
[  105.613189][ T5831]  do_unlinkat+0x350/0x560
[  105.613208][ T5831]  ? __pfx_do_unlinkat+0x10/0x10
[  105.613228][ T5831]  ? getname_flags+0x1e5/0x540
[  105.613251][ T5831]  __x64_sys_unlink+0x47/0x50
[  105.613268][ T5831]  do_syscall_64+0xfa/0x3b0
[  105.613292][ T5831]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.613314][ T5831]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.613329][ T5831]  ? clear_bhb_loop+0x60/0xb0
[  105.613346][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.613362][ T5831] RIP: 0033:0x7f372f6ea8f9
[  105.613380][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  105.613393][ T5831] RSP: 002b:00007fffd1d93618 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[  105.613410][ T5831] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f372f6ea8f9
[  105.613422][ T5831] RDX: 00007f372f6e9991 RSI: 0000000000000000 RDI: 0000200000000240
[  105.613432][ T5831] RBP: 00007f372f75e610 R08: 0000000000000604 R09: 0000000000000000
[  105.613442][ T5831] R10: 00007fffd1d934e0 R11: 0000000000000246 R12: 0000000000000001
[  105.613451][ T5831] R13: 00007fffd1d937e8 R14: 0000000000000001 R15: 0000000000000001
[  105.613467][ T5831]  </TASK>
[  105.613472][ T5831] 
[  105.972162][ T5831] Allocated by task 5831:
[  105.977443][ T5831]  kasan_save_track+0x3e/0x80
[  105.982970][ T5831]  __kasan_kmalloc+0x93/0xb0
[  105.988332][ T5831]  __kmalloc_noprof+0x27a/0x4f0
[  105.993939][ T5831]  __hfs_bnode_create+0xf3/0x810
[  105.999544][ T5831]  hfsplus_bnode_find+0x224/0xd20
[  106.004793][ T5831]  hfsplus_brec_find+0x15c/0x500
[  106.011007][ T5831]  __hfsplus_getxattr+0x301/0x7e0
[  106.017421][ T5831]  hfsplus_getxattr+0x10d/0x180
[  106.022798][ T5831]  __vfs_getxattr+0x3f4/0x430
[  106.028676][ T5831]  smk_fetch+0xb4/0x140
[  106.033588][ T5831]  smack_d_instantiate+0x6f5/0x940
[  106.041598][ T5831]  security_d_instantiate+0x10a/0x200
[  106.049425][ T5831]  d_splice_alias+0x6e/0x330
[  106.054991][ T5831]  hfsplus_lookup+0x803/0x890
[  106.061313][ T5831]  lookup_one_qstr_excl_raw+0x115/0x280
[  106.067619][ T5831]  do_unlinkat+0x1d6/0x560
[  106.073084][ T5831]  __x64_sys_unlink+0x47/0x50
[  106.080216][ T5831]  do_syscall_64+0xfa/0x3b0
[  106.085392][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.093362][ T5831] 
[  106.097281][ T5831] The buggy address belongs to the object at ffff88801e2ae100
[  106.097281][ T5831]  which belongs to the cache kmalloc-192 of size 192
[  106.114153][ T5831] The buggy address is located 40 bytes to the right of
[  106.114153][ T5831]  allocated 152-byte region [ffff88801e2ae100, ffff88801e2ae198)
[  106.130579][ T5831] 
[  106.133472][ T5831] The buggy address belongs to the physical page:
[  106.140736][ T5831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e2ae
[  106.152427][ T5831] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.162091][ T5831] page_type: f5(slab)
[  106.166979][ T5831] raw: 00fff00000000000 ffff88801a4413c0 ffffea0000691800 dead000000000002
[  106.176608][ T5831] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  106.187279][ T5831] page dumped because: kasan: bad access detected
[  106.194389][ T5831] page_owner tracks the page as allocated
[  106.202050][ T5831] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 2903059082, free_ts 0
[  106.225951][ T5831]  post_alloc_hook+0x240/0x2a0
[  106.234531][ T5831]  get_page_from_freelist+0x21d5/0x22b0
[  106.243273][ T5831]  __alloc_frozen_pages_noprof+0x181/0x370
[  106.252851][ T5831]  alloc_pages_mpol+0x232/0x4a0
[  106.259082][ T5831]  allocate_slab+0x8a/0x3b0
[  106.264811][ T5831]  ___slab_alloc+0xbfc/0x1480
[  106.270349][ T5831]  __kmalloc_cache_noprof+0x296/0x3d0
[  106.276879][ T5831]  call_usermodehelper_setup+0x8e/0x270
[  106.284848][ T5831]  kobject_uevent_env+0x65c/0x8c0
[  106.291424][ T5831]  device_add+0x557/0xb50
[  106.296185][ T5831]  add_memory_block+0x2ae/0x4f0
[  106.302039][ T5831]  memory_dev_init+0x2f3/0x530
[  106.309715][ T5831]  driver_init+0x47/0x60
[  106.314434][ T5831]  do_basic_setup+0x14/0x90
[  106.319540][ T5831]  kernel_init_freeable+0x3d9/0x570
[  106.327324][ T5831]  kernel_init+0x1d/0x1d0
[  106.332050][ T5831] page_owner free stack trace missing
[  106.339764][ T5831] 
[  106.343139][ T5831] Memory state around the buggy address:
[  106.350076][ T5831]  ffff88801e2ae080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  106.360336][ T5831]  ffff88801e2ae100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  106.372266][ T5831] >ffff88801e2ae180: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.385357][ T5831]                                            ^
[  106.398600][ T5831]  ffff88801e2ae200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  106.410263][ T5831]  ffff88801e2ae280: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.422686][ T5831] ==================================================================
[  106.438473][ T5831] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  106.447841][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor208 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  106.465552][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  106.481831][ T5831] Call Trace:
[  106.485670][ T5831]  <TASK>
[  106.489159][ T5831]  dump_stack_lvl+0x99/0x250
[  106.495483][ T5831]  ? __asan_memcpy+0x40/0x70
[  106.502476][ T5831]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.508477][ T5831]  ? __pfx__printk+0x10/0x10
[  106.515089][ T5831]  panic+0x2db/0x790
[  106.520681][ T5831]  ? __pfx_preempt_schedule+0x10/0x10
[  106.526580][ T5831]  ? __pfx_panic+0x10/0x10
[  106.531965][ T5831]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  106.538336][ T5831]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  106.547295][ T5831]  ? hfsplus_bnode_read+0xc0/0x2a0
[  106.553919][ T5831]  check_panic_on_warn+0x89/0xb0
[  106.561151][ T5831]  ? hfsplus_bnode_read+0xc0/0x2a0
[  106.567026][ T5831]  end_report+0x78/0x160
[  106.572085][ T5831]  kasan_report+0x129/0x150
[  106.579332][ T5831]  ? hfsplus_bnode_read+0xc0/0x2a0
[  106.587260][ T5831]  hfsplus_bnode_read+0xc0/0x2a0
[  106.593650][ T5831]  hfsplus_bnode_dump+0x300/0x450
[  106.600902][ T5831]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[  106.606779][ T5831]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[  106.613677][ T5831]  ? hfsplus_bnode_move+0x393/0xb90
[  106.620531][ T5831]  ? __pfx___hfsplus_brec_find+0x10/0x10
[  106.627345][ T5831]  hfsplus_brec_remove+0x480/0x550
[  106.634072][ T5831]  __hfsplus_delete_attr+0x1d4/0x360
[  106.642716][ T5831]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[  106.652202][ T5831]  ? hfsplus_find_init+0x8c/0x1d0
[  106.659943][ T5831]  hfsplus_delete_all_attrs+0x277/0x410
[  106.667557][ T5831]  ? __pfx_hfsplus_delete_all_attrs+0x10/0x10
[  106.675694][ T5831]  ? rcu_is_watching+0x15/0xb0
[  106.683807][ T5831]  ? __mark_inode_dirty+0x8c5/0xdf0
[  106.690233][ T5831]  hfsplus_delete_cat+0x92c/0xd20
[  106.697408][ T5831]  ? __pfx_hfsplus_delete_cat+0x10/0x10
[  106.704005][ T5831]  ? __pfx___mutex_lock+0x10/0x10
[  106.710462][ T5831]  hfsplus_unlink+0x359/0x730
[  106.717234][ T5831]  ? __pfx_hfsplus_unlink+0x10/0x10
[  106.724257][ T5831]  ? __pfx_down_write+0x10/0x10
[  106.732024][ T5831]  ? bpf_lsm_inode_unlink+0x9/0x20
[  106.740565][ T5831]  vfs_unlink+0x394/0x650
[  106.746417][ T5831]  do_unlinkat+0x350/0x560
[  106.753297][ T5831]  ? __pfx_do_unlinkat+0x10/0x10
[  106.761129][ T5831]  ? getname_flags+0x1e5/0x540
[  106.766949][ T5831]  __x64_sys_unlink+0x47/0x50
[  106.774260][ T5831]  do_syscall_64+0xfa/0x3b0
[  106.780984][ T5831]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.787358][ T5831]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.795280][ T5831]  ? clear_bhb_loop+0x60/0xb0
[  106.802573][ T5831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.809602][ T5831] RIP: 0033:0x7f372f6ea8f9
[  106.814445][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  106.839130][ T5831] RSP: 002b:00007fffd1d93618 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[  106.850042][ T5831] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f372f6ea8f9
[  106.858705][ T5831] RDX: 00007f372f6e9991 RSI: 0000000000000000 RDI: 0000200000000240
[  106.869342][ T5831] RBP: 00007f372f75e610 R08: 0000000000000604 R09: 0000000000000000
[  106.881717][ T5831] R10: 00007fffd1d934e0 R11: 0000000000000246 R12: 0000000000000001
[  106.892553][ T5831] R13: 00007fffd1d937e8 R14: 0000000000000001 R15: 0000000000000001
[  106.903129][ T5831]  </TASK>
[  106.908932][ T5831] Kernel Offset: disabled
[  106.915877][ T5831] Rebooting in 86400 seconds..