./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3538281852 <...> DUID 00:04:d6:b0:09:ff:72:32:c6:5d:c0:56:b1:2d:70:06:fa:56 forked to background, child pid 4660 [ 39.042661][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.061727][ T4661] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.101' (ECDSA) to the list of known hosts. execve("./syz-executor3538281852", ["./syz-executor3538281852"], 0x7ffd9210fed0 /* 10 vars */) = 0 brk(NULL) = 0x5555570a2000 brk(0x5555570a2c40) = 0x5555570a2c40 arch_prctl(ARCH_SET_FS, 0x5555570a2300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3538281852", 4096) = 28 brk(0x5555570c3c40) = 0x5555570c3c40 brk(0x5555570c4000) = 0x5555570c4000 mprotect(0x7f8886a49000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f887e58f000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f887e58f000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", 0, "\x74\x79\x70\x65\x3d\xc5\x0c\xb8\xcf\x2c\x67\x69\x64\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x6e\x6c\x73\x3d\x64\x65\x66\x61\x75\x6c\x74\x2c") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 syzkaller login: [ 67.559167][ T4995] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4995 'syz-executor353' [ 67.578824][ T4995] loop0: detected capacity change from 0 to 1024 [ 67.608865][ T4995] ------------[ cut here ]------------ [ 67.614515][ T4995] kernel BUG at fs/hfsplus/xattr.c:175! [ 67.620498][ T4995] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 67.626672][ T4995] CPU: 0 PID: 4995 Comm: syz-executor353 Not tainted 6.3.0-syzkaller-13449-g994e2419f1e7 #0 [ 67.636785][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 67.646859][ T4995] RIP: 0010:__hfsplus_setxattr+0x22c1/0x22d0 [ 67.652868][ T4995] Code: e8 ff ff e8 41 b7 4b 08 e8 5c 7f 28 ff 4c 89 ff 48 c7 c6 20 c3 ff 8a e8 6d 2f 68 ff 0f 0b e8 46 7f 28 ff 0f 0b e8 3f 7f 28 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 53 89 f5 48 89 fb [ 67.672499][ T4995] RSP: 0018:ffffc90003a0f4e0 EFLAGS: 00010293 [ 67.678656][ T4995] RAX: ffffffff8262e801 RBX: 0000000000010000 RCX: ffff8880287e3b80 [ 67.686720][ T4995] RDX: 0000000000000000 RSI: 0000000000010000 RDI: 0000000000000000 [ 67.694689][ T4995] RBP: ffffc90003a0f978 R08: ffffffff8262cf23 R09: ffffed100ee62558 [ 67.702657][ T4995] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888077312370 [ 67.710642][ T4995] R13: dffffc0000000000 R14: ffff888077312a30 R15: 0000000000000000 [ 67.718630][ T4995] FS: 00005555570a2300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 67.727568][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.734148][ T4995] CR2: 0000563143b14040 CR3: 0000000074c3f000 CR4: 00000000003506f0 [ 67.742115][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.750077][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.758043][ T4995] Call Trace: [ 67.761315][ T4995] [ 67.764248][ T4995] ? hfsplus_delete_all_attrs+0x3c0/0x3c0 [ 67.769969][ T4995] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 67.775867][ T4995] ? lockdep_hardirqs_on+0x98/0x140 [ 67.781065][ T4995] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 67.786957][ T4995] ? stack_trace_snprint+0xf0/0xf0 [ 67.792096][ T4995] hfsplus_setxattr+0xb0/0xe0 [ 67.796771][ T4995] hfsplus_trusted_setxattr+0x40/0x50 [ 67.802146][ T4995] ? hfsplus_trusted_getxattr+0x50/0x50 [ 67.807714][ T4995] __vfs_setxattr+0x460/0x4a0 [ 67.812393][ T4995] __vfs_setxattr_noperm+0x12e/0x5e0 [ 67.817677][ T4995] vfs_setxattr+0x221/0x420 [ 67.822186][ T4995] ? xattr_permission+0x430/0x430 [ 67.827227][ T4995] ? __check_object_size+0x8e/0xa40 [ 67.832457][ T4995] ? __might_fault+0xba/0x120 [ 67.837159][ T4995] ? strncpy_from_user+0x1a5/0x2e0 [ 67.842267][ T4995] setxattr+0x25d/0x2f0 [ 67.846427][ T4995] ? path_setxattr+0x2a0/0x2a0 [ 67.851195][ T4995] ? __mnt_want_write+0x22d/0x2b0 [ 67.856236][ T4995] path_setxattr+0x1c0/0x2a0 [ 67.860853][ T4995] ? simple_xattrs_free+0x90/0x90 [ 67.865885][ T4995] ? syscall_enter_from_user_mode+0x32/0x230 [ 67.871866][ T4995] __x64_sys_lsetxattr+0xb8/0xd0 [ 67.876812][ T4995] do_syscall_64+0x41/0xc0 [ 67.881239][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.887478][ T4995] RIP: 0033:0x7f88869dbb09 [ 67.891900][ T4995] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 67.911534][ T4995] RSP: 002b:00007ffe285fae18 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 67.920000][ T4995] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f88869dbb09 [ 67.928003][ T4995] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000020000000 [ 67.935995][ T4995] RBP: 00007f888699b110 R08: 0000000000000003 R09: 0000000000000000 [ 67.944080][ T4995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f888699b1a0 [ 67.952138][ T4995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 67.960129][ T4995] [ 67.963156][ T4995] Modules linked in: [ 67.968278][ T4995] ---[ end trace 0000000000000000 ]--- [ 67.973791][ T4995] RIP: 0010:__hfsplus_setxattr+0x22c1/0x22d0 [ 67.980098][ T4995] Code: e8 ff ff e8 41 b7 4b 08 e8 5c 7f 28 ff 4c 89 ff 48 c7 c6 20 c3 ff 8a e8 6d 2f 68 ff 0f 0b e8 46 7f 28 ff 0f 0b e8 3f 7f 28 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 53 89 f5 48 89 fb [ 67.999811][ T4995] RSP: 0018:ffffc90003a0f4e0 EFLAGS: 00010293 [ 68.005915][ T4995] RAX: ffffffff8262e801 RBX: 0000000000010000 RCX: ffff8880287e3b80 [ 68.013947][ T4995] RDX: 0000000000000000 RSI: 0000000000010000 RDI: 0000000000000000 [ 68.021979][ T4995] RBP: ffffc90003a0f978 R08: ffffffff8262cf23 R09: ffffed100ee62558 [ 68.030020][ T4995] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888077312370 [ 68.038058][ T4995] R13: dffffc0000000000 R14: ffff888077312a30 R15: 0000000000000000 [ 68.046052][ T4995] FS: 00005555570a2300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 68.055020][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.061651][ T4995] CR2: 0000563143b14040 CR3: 0000000074c3f000 CR4: 00000000003506f0 [ 68.069689][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.077847][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.085861][ T4995] Kernel panic - not syncing: Fatal exception [ 68.092172][ T4995] Kernel Offset: disabled [ 68.096503][ T4995] Rebooting in 86400 seconds..