./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1067515446 <...> Warning: Permanently added '10.128.0.219' (ED25519) to the list of known hosts. execve("./syz-executor1067515446", ["./syz-executor1067515446"], 0x7ffeefa54e80 /* 10 vars */) = 0 brk(NULL) = 0x555556a69000 brk(0x555556a69d00) = 0x555556a69d00 arch_prctl(ARCH_SET_FS, 0x555556a69380) = 0 set_tid_address(0x555556a69650) = 5063 set_robust_list(0x555556a69660, 24) = 0 rseq(0x555556a69ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1067515446", 4096) = 28 getrandom("\x51\x43\x0b\x0f\xa7\x84\x7a\xe8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556a69d00 brk(0x555556a8ad00) = 0x555556a8ad00 brk(0x555556a8b000) = 0x555556a8b000 mprotect(0x7f675e5cf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6756000000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f6756000000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 58.054948][ T5063] loop0: detected capacity change from 0 to 1024 [ 58.080625][ T5063] ======================================================= [ 58.080625][ T5063] WARNING: The mand mount option has been deprecated and [ 58.080625][ T5063] and is ignored by this kernel. Remove the mand mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "hfsplus", MS_RDONLY|MS_NOEXEC|MS_MANDLOCK|MS_NODIRATIME|MS_SILENT|MS_RELATIME|MS_STRICTATIME, "force,nls=maccyrillic,nodecompose,part=0x0000000000000003,barrier,part=0x00000000000000ff,uid=0x0000"...) = 0 openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) mkdir(".", 0777) = -1 EEXIST (File exists) mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\x14\x27\x0e\x2d\x25\xcc\xcf\xf0\x78\xb9\x14\x0e\x8a\x1e\x19\xf3\xb4\xc3\xbd\x09\x96\x8d\xd1\x91\x1a\xce\xf2\x43\x21\xd7\x64\xd9\xe1\x17\xda\x79\x06\x3a\x62\xe3\xa5\x92\xfb\x42\xf7\xd9\xdd\xb2\x68\x2b\x4c\x2f\xf5\x80\xe2\x5f\xa8\xef\xfb\xd5\x3a\xcf\xb0\xf8\x70\xbc\x1e\x49\xd0\x1a\x5b\x7f\xf5\x51\x50\xd2\xbf\x3b\x04\x28\x58\xc5\x32\x5c\x2b\x56\x9b\x32\x0c\xd4\x4e\x49\xe2\x46\xcc\x1e\x41\xf0\x4d\x2e"...) = 0 openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 chdir(".") = 0 creat("./bus", 000) = 5 [ 58.080625][ T5063] option from the mount to silence this warning. [ 58.080625][ T5063] ======================================================= [ 58.145409][ T5063] general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN [ 58.157192][ T5063] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 58.165597][ T5063] CPU: 0 PID: 5063 Comm: syz-executor106 Not tainted 6.7.0-syzkaller-11091-g296455ade1fd #0 [ 58.175644][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 58.185688][ T5063] RIP: 0010:hfsplus_rename_cat+0x55f/0x1230 [ 58.191623][ T5063] Code: 84 24 60 01 00 00 66 89 44 24 42 48 8b 44 24 60 48 83 c0 40 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e4 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b [ 58.211231][ T5063] RSP: 0018:ffffc9000393f858 EFLAGS: 00010212 [ 58.217293][ T5063] RAX: dffffc0000000000 RBX: 00000000fffffffb RCX: ffffffff825c70ba [ 58.225256][ T5063] RDX: 0000000000000008 RSI: ffffffff825bfb23 RDI: 0000000000000005 [ 58.233215][ T5063] RBP: ffffc9000393fc90 R08: 0000000000000005 R09: 0000000000000000 [ 58.241182][ T5063] R10: 0000000000000000 R11: d5c1cfe1d5c1cfe1 R12: ffff888022cc9cb0 [ 58.249148][ T5063] R13: ffffc9000393f8f8 R14: ffff888023146000 R15: 1ffff92000727f19 [ 58.257110][ T5063] FS: 0000555556a69380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.266028][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.272590][ T5063] CR2: 00007fff06475000 CR3: 000000007e5a3000 CR4: 0000000000350ef0 [ 58.280538][ T5063] Call Trace: [ 58.283801][ T5063] [ 58.286727][ T5063] ? show_regs+0x8f/0xa0 [ 58.290957][ T5063] ? die_addr+0x4f/0xd0 [ 58.295092][ T5063] ? exc_general_protection+0x155/0x230 [ 58.300617][ T5063] ? asm_exc_general_protection+0x26/0x30 [ 58.306335][ T5063] ? hfsplus_bnode_read+0x10a/0x250 [ 58.311527][ T5063] ? hfsplus_rename_cat+0x533/0x1230 [ 58.316793][ T5063] ? hfsplus_rename_cat+0x55f/0x1230 [ 58.322056][ T5063] ? hfsplus_rename_cat+0x533/0x1230 [ 58.327339][ T5063] ? hfsplus_delete_cat+0xdd0/0xdd0 [ 58.332529][ T5063] ? put_dec+0x2e/0xc0 [ 58.336575][ T5063] ? put_dec_trunc8+0x28b/0x370 [ 58.341411][ T5063] ? sprintf+0xcd/0x100 [ 58.345553][ T5063] ? snprintf+0x100/0x100 [ 58.349869][ T5063] ? __down_write_common+0x17a/0x1400 [ 58.355231][ T5063] ? privileged_wrt_inode_uidgid+0xca/0x1d0 [ 58.361111][ T5063] hfsplus_unlink+0x48e/0x7f0 [ 58.365791][ T5063] ? hfsplus_symlink+0x2b0/0x2b0 [ 58.370724][ T5063] ? preempt_count_sub+0x160/0x160 [ 58.375817][ T5063] vfs_unlink+0x2f1/0x900 [ 58.380140][ T5063] ? bpf_lsm_path_unlink+0x9/0x10 [ 58.385156][ T5063] do_unlinkat+0x5bc/0x740 [ 58.389560][ T5063] ? __ia32_sys_rmdir+0x110/0x110 [ 58.394559][ T5063] ? __check_object_size+0x323/0x730 [ 58.399839][ T5063] ? getname_flags.part.0+0x1e2/0x4e0 [ 58.405212][ T5063] __x64_sys_unlink+0xc8/0x110 [ 58.409963][ T5063] do_syscall_64+0xd3/0x250 [ 58.414466][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.420359][ T5063] RIP: 0033:0x7f675e55bc39 [ 58.424767][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.444379][ T5063] RSP: 002b:00007fff06474188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 58.452786][ T5063] RAX: ffffffffffffffda RBX: 00007f675e5a404b RCX: 00007f675e55bc39 [ 58.460745][ T5063] RDX: 00007f675e55bc39 RSI: 00007f675e55afb7 RDI: 00000000200000c0 [ 58.468703][ T5063] RBP: 00007f675e5a4055 R08: 0000000020000000 R09: 0000000020000000 [ 58.476655][ T5063] R10: 0000000000000073 R11: 0000000000000246 R12: 0000000000000001 [ 58.484608][ T5063] R13: 00007fff06474368 R14: 0000000000000001 R15: 0000000000000001 [ 58.492567][ T5063] [ 58.495563][ T5063] Modules linked in: [ 58.499683][ T5063] ---[ end trace 0000000000000000 ]--- [ 58.505211][ T5063] RIP: 0010:hfsplus_rename_cat+0x55f/0x1230 [ 58.511156][ T5063] Code: 84 24 60 01 00 00 66 89 44 24 42 48 8b 44 24 60 48 83 c0 40 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e4 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b [ 58.530836][ T5063] RSP: 0018:ffffc9000393f858 EFLAGS: 00010212 [ 58.537022][ T5063] RAX: dffffc0000000000 RBX: 00000000fffffffb RCX: ffffffff825c70ba [ 58.545088][ T5063] RDX: 0000000000000008 RSI: ffffffff825bfb23 RDI: 0000000000000005 [ 58.553133][ T5063] RBP: ffffc9000393fc90 R08: 0000000000000005 R09: 0000000000000000 [ 58.561176][ T5063] R10: 0000000000000000 R11: d5c1cfe1d5c1cfe1 R12: ffff888022cc9cb0 [ 58.569234][ T5063] R13: ffffc9000393f8f8 R14: ffff888023146000 R15: 1ffff92000727f19 [ 58.577268][ T5063] FS: 0000555556a69380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.586269][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.592883][ T5063] CR2: 00007fff06475000 CR3: 000000007e5a3000 CR4: 0000000000350ef0 [ 58.600933][ T5063] Kernel panic - not syncing: Fatal exception [ 58.607461][ T5063] Kernel Offset: disabled [ 58.611799][ T5063] Rebooting in 86400 seconds..