./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1860731187

<...>
Warning: Permanently added '10.128.1.88' (ED25519) to the list of known hosts.
execve("./syz-executor1860731187", ["./syz-executor1860731187"], 0x7fffbc31c0a0 /* 10 vars */) = 0
brk(NULL)                               = 0x55557ab25000
brk(0x55557ab25d00)                     = 0x55557ab25d00
arch_prctl(ARCH_SET_FS, 0x55557ab25380) = 0
set_tid_address(0x55557ab25650)         = 5837
set_robust_list(0x55557ab25660, 24)     = 0
rseq(0x55557ab25ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1860731187", 4096) = 28
getrandom("\xcf\x2c\xd5\x25\x08\xbe\x3f\x2c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557ab25d00
brk(0x55557ab46d00)                     = 0x55557ab46d00
brk(0x55557ab47000)                     = 0x55557ab47000
mprotect(0x7f8348856000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached
, child_tidptr=0x55557ab25650) = 5838
[pid  5838] set_robust_list(0x55557ab25660, 24) = 0
[pid  5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5838] setpgid(0, 0)               = 0
[pid  5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5838] write(3, "1000", 4)         = 4
[pid  5838] close(3)                    = 0
[pid  5838] write(1, "executing program\n", 18executing program
) = 18
[pid  5838] memfd_create("syzkaller", 0) = 3
[pid  5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8340200000
[pid  5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid  5838] munmap(0x7f8340200000, 138412032) = 0
[pid  5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5838] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5838] close(3)                    = 0
[pid  5838] close(4)                    = 0
[pid  5838] mkdir("./file1", 0777)      = 0
[pid  5838] mount("/dev/loop0", "./file1", "hfsplus", MS_NODIRATIME|MS_SILENT|MS_RELATIME|MS_I_VERSION, "") = 0
[pid  5838] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5838] chdir("./file1")            = 0
[pid  5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5838] openat(AT_FDCWD, ".", O_RDONLY) = 4
[   88.828931][ T5838] loop0: detected capacity change from 0 to 1024
[   88.887102][ T5838] ==================================================================
[   88.895188][ T5838] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x588/0x1220
[   88.902941][ T5838] Read of size 2 at addr ffff888144b4b40c by task syz-executor186/5838
[   88.911167][ T5838] 
[   88.913479][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor186 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[   88.913501][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   88.913513][ T5838] Call Trace:
[   88.913521][ T5838]  <TASK>
[   88.913529][ T5838]  dump_stack_lvl+0x241/0x360
[   88.913561][ T5838]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.913586][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.913608][ T5838]  ? rcu_is_watching+0x15/0xb0
[   88.913631][ T5838]  ? __virt_addr_valid+0x183/0x530
[   88.913656][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.913676][ T5838]  ? lock_release+0x4e/0x3e0
[   88.913698][ T5838]  ? __virt_addr_valid+0x183/0x530
[   88.913722][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.913745][ T5838]  print_report+0x16e/0x5b0
[   88.913770][ T5838]  ? __virt_addr_valid+0x183/0x530
[   88.913794][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.913820][ T5838]  ? __virt_addr_valid+0x45f/0x530
[   88.913844][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.913865][ T5838]  ? __phys_addr+0xba/0x170
[   88.913890][ T5838]  ? hfsplus_uni2asc+0x588/0x1220
[   88.913914][ T5838]  kasan_report+0x143/0x180
[   88.913940][ T5838]  ? hfsplus_uni2asc+0x588/0x1220
[   88.913968][ T5838]  hfsplus_uni2asc+0x588/0x1220
[   88.913994][ T5838]  ? __asan_memcpy+0x40/0x70
[   88.914016][ T5838]  hfsplus_readdir+0x94e/0x1350
[   88.914046][ T5838]  ? __pfx_hfsplus_readdir+0x10/0x10
[   88.914094][ T5838]  ? iterate_dir+0x4a6/0x760
[   88.914116][ T5838]  ? __pfx_down_read_killable+0x10/0x10
[   88.914151][ T5838]  ? _raw_spin_lock_irq+0xdf/0x120
[   88.914169][ T5838]  ? __pfx___mutex_lock+0x10/0x10
[   88.914193][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.914214][ T5838]  ? common_file_perm+0x1a6/0x210
[   88.914244][ T5838]  iterate_dir+0x5ab/0x760
[   88.914269][ T5838]  __se_sys_getdents64+0x1e4/0x4c0
[   88.914297][ T5838]  ? __pfx___se_sys_getdents64+0x10/0x10
[   88.914319][ T5838]  ? __pfx_filldir64+0x10/0x10
[   88.914348][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.914371][ T5838]  do_syscall_64+0xf3/0x230
[   88.914396][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.914414][ T5838] RIP: 0033:0x7f83487e2ad9
[   88.914430][ T5838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.914445][ T5838] RSP: 002b:00007ffe7c44e788 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   88.914464][ T5838] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f83487e2ad9
[   88.914477][ T5838] RDX: 00000000000000cb RSI: 0000200000000540 RDI: 0000000000000004
[   88.914489][ T5838] RBP: 00007f83488565f0 R08: 000055557ab264c0 R09: 000055557ab264c0
[   88.914502][ T5838] R10: 0000000000000673 R11: 0000000000000246 R12: 00007ffe7c44e7b0
[   88.914514][ T5838] R13: 00007ffe7c44e9d8 R14: 431bde82d7b634db R15: 00007f834882b03b
[   88.914535][ T5838]  </TASK>
[   88.914542][ T5838] 
[   89.196024][ T5838] Allocated by task 5838:
[   89.200366][ T5838]  kasan_save_track+0x3f/0x80
[   89.205060][ T5838]  __kasan_kmalloc+0x9d/0xb0
[   89.209655][ T5838]  __kmalloc_noprof+0x28e/0x4d0
[   89.214511][ T5838]  hfsplus_find_init+0x87/0x1d0
[   89.219463][ T5838]  hfsplus_readdir+0x211/0x1350
[   89.224311][ T5838]  iterate_dir+0x5ab/0x760
[   89.228725][ T5838]  __se_sys_getdents64+0x1e4/0x4c0
[   89.233842][ T5838]  do_syscall_64+0xf3/0x230
[   89.238461][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.244353][ T5838] 
[   89.246669][ T5838] The buggy address belongs to the object at ffff888144b4b000
[   89.246669][ T5838]  which belongs to the cache kmalloc-2k of size 2048
[   89.260733][ T5838] The buggy address is located 0 bytes to the right of
[   89.260733][ T5838]  allocated 1036-byte region [ffff888144b4b000, ffff888144b4b40c)
[   89.275641][ T5838] 
[   89.277965][ T5838] The buggy address belongs to the physical page:
[   89.284372][ T5838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x144b48
[   89.293222][ T5838] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   89.301721][ T5838] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   89.309353][ T5838] page_type: f5(slab)
[   89.313338][ T5838] raw: 057ff00000000040 ffff88801b042000 dead000000000100 dead000000000122
[   89.321925][ T5838] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   89.330521][ T5838] head: 057ff00000000040 ffff88801b042000 dead000000000100 dead000000000122
[   89.339197][ T5838] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   89.347898][ T5838] head: 057ff00000000003 ffffea000512d201 00000000ffffffff 00000000ffffffff
[   89.356584][ T5838] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   89.365270][ T5838] page dumped because: kasan: bad access detected
[   89.371681][ T5838] page_owner tracks the page as allocated
[   89.377384][ T5838] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10305054818, free_ts 0
[   89.397105][ T5838]  post_alloc_hook+0x1f4/0x240
[   89.401890][ T5838]  get_page_from_freelist+0x352b/0x36c0
[   89.407439][ T5838]  __alloc_frozen_pages_noprof+0x211/0x5b0
[   89.413244][ T5838]  alloc_pages_mpol+0x339/0x690
[   89.418101][ T5838]  allocate_slab+0x8f/0x3a0
[   89.422605][ T5838]  ___slab_alloc+0xc3b/0x1500
[   89.427280][ T5838]  __slab_alloc+0x58/0xa0
[   89.431606][ T5838]  __kmalloc_cache_noprof+0x26a/0x370
[   89.436986][ T5838]  workqueue_sysfs_register+0x9a/0x3c0
[   89.442444][ T5838]  __alloc_workqueue+0x1804/0x1bc0
[   89.447565][ T5838]  alloc_workqueue+0xd8/0x210
[   89.452252][ T5838]  scsi_host_alloc+0xa2f/0xf20
[   89.457021][ T5838]  virtscsi_probe+0x250/0xf80
[   89.461698][ T5838]  virtio_dev_probe+0x933/0xc80
[   89.466543][ T5838]  really_probe+0x2bb/0xad0
[   89.471050][ T5838]  __driver_probe_device+0x1a2/0x390
[   89.476355][ T5838] page_owner free stack trace missing
[   89.481709][ T5838] 
[   89.484023][ T5838] Memory state around the buggy address:
[   89.489642][ T5838]  ffff888144b4b300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.498136][ T5838]  ffff888144b4b380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.506192][ T5838] >ffff888144b4b400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.514240][ T5838]                       ^
[   89.518553][ T5838]  ffff888144b4b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.526608][ T5838]  ffff888144b4b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.534659][ T5838] ==================================================================
[   89.543424][ T5838] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.550669][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor186 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[   89.561348][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   89.571414][ T5838] Call Trace:
[   89.574696][ T5838]  <TASK>
[   89.577620][ T5838]  dump_stack_lvl+0x241/0x360
[   89.582313][ T5838]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.587525][ T5838]  ? __pfx__printk+0x10/0x10
[   89.592122][ T5838]  ? vprintk_emit+0x81f/0xa40
[   89.596813][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.602449][ T5838]  ? vscnprintf+0x5d/0x90
[   89.606795][ T5838]  panic+0x349/0x880
[   89.610702][ T5838]  ? check_panic_on_warn+0x21/0xb0
[   89.616083][ T5838]  ? __pfx_panic+0x10/0x10
[   89.620506][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.626231][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.631893][ T5838]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[   89.637894][ T5838]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.644230][ T5838]  check_panic_on_warn+0x86/0xb0
[   89.649179][ T5838]  ? hfsplus_uni2asc+0x588/0x1220
[   89.654217][ T5838]  end_report+0x77/0x160
[   89.658485][ T5838]  kasan_report+0x154/0x180
[   89.663009][ T5838]  ? hfsplus_uni2asc+0x588/0x1220
[   89.668051][ T5838]  hfsplus_uni2asc+0x588/0x1220
[   89.672921][ T5838]  ? __asan_memcpy+0x40/0x70
[   89.677517][ T5838]  hfsplus_readdir+0x94e/0x1350
[   89.682396][ T5838]  ? __pfx_hfsplus_readdir+0x10/0x10
[   89.687735][ T5838]  ? iterate_dir+0x4a6/0x760
[   89.692337][ T5838]  ? __pfx_down_read_killable+0x10/0x10
[   89.698003][ T5838]  ? _raw_spin_lock_irq+0xdf/0x120
[   89.703124][ T5838]  ? __pfx___mutex_lock+0x10/0x10
[   89.708160][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.713806][ T5838]  ? common_file_perm+0x1a6/0x210
[   89.718855][ T5838]  iterate_dir+0x5ab/0x760
[   89.723284][ T5838]  __se_sys_getdents64+0x1e4/0x4c0
[   89.728417][ T5838]  ? __pfx___se_sys_getdents64+0x10/0x10
[   89.734057][ T5838]  ? __pfx_filldir64+0x10/0x10
[   89.738832][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[   89.744480][ T5838]  do_syscall_64+0xf3/0x230
[   89.748991][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.754889][ T5838] RIP: 0033:0x7f83487e2ad9
[   89.759304][ T5838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.779006][ T5838] RSP: 002b:00007ffe7c44e788 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   89.787432][ T5838] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f83487e2ad9
[   89.795429][ T5838] RDX: 00000000000000cb RSI: 0000200000000540 RDI: 0000000000000004
[   89.803416][ T5838] RBP: 00007f83488565f0 R08: 000055557ab264c0 R09: 000055557ab264c0
[   89.811392][ T5838] R10: 0000000000000673 R11: 0000000000000246 R12: 00007ffe7c44e7b0
[   89.819366][ T5838] R13: 00007ffe7c44e9d8 R14: 431bde82d7b634db R15: 00007f834882b03b
[   89.827437][ T5838]  </TASK>
[   89.830709][ T5838] Kernel Offset: disabled
[   89.835033][ T5838] Rebooting in 86400 seconds..