./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3875478060 <...> Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts. execve("./syz-executor3875478060", ["./syz-executor3875478060"], 0x7fffd29cd070 /* 10 vars */) = 0 brk(NULL) = 0x555556f34000 brk(0x555556f34d00) = 0x555556f34d00 arch_prctl(ARCH_SET_FS, 0x555556f34380) = 0 set_tid_address(0x555556f34650) = 5028 set_robust_list(0x555556f34660, 24) = 0 rseq(0x555556f34ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3875478060", 4096) = 28 getrandom("\xc7\x2a\xc7\x33\xb2\x57\x27\x74", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556f34d00 brk(0x555556f55d00) = 0x555556f55d00 brk(0x555556f56000) = 0x555556f56000 mprotect(0x7fb04efd1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb046b20000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fb046b20000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", 0, "\x74\x79\x70\x65\x3d\xc5\x0c\xb8\xcf\x2c\x67\x69\x64\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x6e\x6c\x73\x3d\x64\x65\x66\x61\x75\x6c\x74\x2c") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 58.144913][ T5028] syz-executor387[5028]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 58.166326][ T5028] loop0: detected capacity change from 0 to 1024 [ 58.186297][ T5028] ------------[ cut here ]------------ [ 58.191930][ T5028] kernel BUG at fs/hfsplus/xattr.c:175! [ 58.197560][ T5028] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 58.203636][ T5028] CPU: 0 PID: 5028 Comm: syz-executor387 Not tainted 6.6.0-syzkaller-00207-g14ab6d425e80 #0 [ 58.213712][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 58.223776][ T5028] RIP: 0010:__hfsplus_setxattr+0x22bc/0x22c0 [ 58.229804][ T5028] Code: e8 ff ff e8 f6 5b 63 08 e8 91 ac 24 ff 4c 89 ff 48 c7 c6 00 63 20 8b e8 e2 ae 66 ff 0f 0b e8 7b ac 24 ff 0f 0b e8 74 ac 24 ff <0f> 0b 66 90 55 53 89 f5 48 89 fb e8 64 ac 24 ff 48 8d 7b 90 be 08 [ 58.249609][ T5028] RSP: 0018:ffffc90003bbf4e0 EFLAGS: 00010293 [ 58.255666][ T5028] RAX: ffffffff8269700c RBX: 0000000000010000 RCX: ffff88807b1a5940 [ 58.263728][ T5028] RDX: 0000000000000000 RSI: 0000000000010000 RDI: 0000000000000000 [ 58.271714][ T5028] RBP: ffffc90003bbf978 R08: ffffffff82695733 R09: 1ffff1100377e11f [ 58.279680][ T5028] R10: dffffc0000000000 R11: ffffed100377e120 R12: ffff88801bbf01b0 [ 58.287648][ T5028] R13: dffffc0000000000 R14: ffff88801bbf0870 R15: 0000000000000000 [ 58.295604][ T5028] FS: 0000555556f34380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.304531][ T5028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.311095][ T5028] CR2: 0000000020001d00 CR3: 000000007304f000 CR4: 00000000003506f0 [ 58.319110][ T5028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.327162][ T5028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.335217][ T5028] Call Trace: [ 58.338481][ T5028] [ 58.341397][ T5028] ? __die_body+0x8b/0xe0 [ 58.345808][ T5028] ? die+0xa1/0xd0 [ 58.349531][ T5028] ? do_trap+0x153/0x380 [ 58.353768][ T5028] ? __hfsplus_setxattr+0x22bc/0x22c0 [ 58.359143][ T5028] ? do_error_trap+0x1dc/0x2c0 [ 58.364070][ T5028] ? __hfsplus_setxattr+0x22bc/0x22c0 [ 58.369477][ T5028] ? do_int3+0x50/0x50 [ 58.373559][ T5028] ? handle_invalid_op+0x34/0x40 [ 58.378493][ T5028] ? __hfsplus_setxattr+0x22bc/0x22c0 [ 58.383860][ T5028] ? exc_invalid_op+0x33/0x50 [ 58.388623][ T5028] ? asm_exc_invalid_op+0x1a/0x20 [ 58.393662][ T5028] ? __hfsplus_setxattr+0x9e3/0x22c0 [ 58.399040][ T5028] ? __hfsplus_setxattr+0x22bc/0x22c0 [ 58.404407][ T5028] ? __hfsplus_setxattr+0x22bc/0x22c0 [ 58.409782][ T5028] ? hfsplus_delete_all_attrs+0x3c0/0x3c0 [ 58.415490][ T5028] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 58.421369][ T5028] ? lockdep_hardirqs_on+0x98/0x140 [ 58.426553][ T5028] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.432430][ T5028] ? stack_trace_snprint+0xf0/0xf0 [ 58.437542][ T5028] hfsplus_setxattr+0xb0/0xe0 [ 58.442201][ T5028] hfsplus_trusted_setxattr+0x40/0x50 [ 58.447817][ T5028] ? hfsplus_trusted_getxattr+0x50/0x50 [ 58.453344][ T5028] __vfs_setxattr+0x460/0x4a0 [ 58.458100][ T5028] __vfs_setxattr_noperm+0x12e/0x5e0 [ 58.463459][ T5028] vfs_setxattr+0x221/0x420 [ 58.467967][ T5028] ? kmem_cache_free+0x292/0x500 [ 58.472916][ T5028] ? xattr_permission+0x430/0x430 [ 58.477948][ T5028] ? __check_object_size+0x8e/0xa00 [ 58.483163][ T5028] ? __might_fault+0xc1/0x120 [ 58.487840][ T5028] ? strncpy_from_user+0x1a5/0x2e0 [ 58.493378][ T5028] setxattr+0x25d/0x2f0 [ 58.497520][ T5028] ? path_setxattr+0x2a0/0x2a0 [ 58.502273][ T5028] ? mnt_get_write_access+0x226/0x2a0 [ 58.507646][ T5028] path_setxattr+0x1c0/0x2a0 [ 58.512244][ T5028] ? simple_xattrs_free+0x170/0x170 [ 58.517440][ T5028] ? syscall_enter_from_user_mode+0x32/0x230 [ 58.523425][ T5028] __x64_sys_setxattr+0xbb/0xd0 [ 58.528286][ T5028] do_syscall_64+0x41/0xc0 [ 58.532730][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.538623][ T5028] RIP: 0033:0x7fb04ef5d939 [ 58.543039][ T5028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.562655][ T5028] RSP: 002b:00007ffec4c47f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 58.571149][ T5028] RAX: ffffffffffffffda RBX: 00007ffec4c48168 RCX: 00007fb04ef5d939 [ 58.579107][ T5028] RDX: 0000000000000000 RSI: 0000000020001d40 RDI: 0000000020001d00 [ 58.587061][ T5028] RBP: 00007fb04efd1610 R08: 0000000000000001 R09: 0000000000000000 [ 58.595015][ T5028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.602998][ T5028] R13: 00007ffec4c48158 R14: 0000000000000001 R15: 0000000000000001 [ 58.611008][ T5028] [ 58.614126][ T5028] Modules linked in: [ 58.618219][ T5028] ---[ end trace 0000000000000000 ]--- [ 58.623688][ T5028] RIP: 0010:__hfsplus_setxattr+0x22bc/0x22c0 [ 58.629992][ T5028] Code: e8 ff ff e8 f6 5b 63 08 e8 91 ac 24 ff 4c 89 ff 48 c7 c6 00 63 20 8b e8 e2 ae 66 ff 0f 0b e8 7b ac 24 ff 0f 0b e8 74 ac 24 ff <0f> 0b 66 90 55 53 89 f5 48 89 fb e8 64 ac 24 ff 48 8d 7b 90 be 08 [ 58.649683][ T5028] RSP: 0018:ffffc90003bbf4e0 EFLAGS: 00010293 [ 58.655774][ T5028] RAX: ffffffff8269700c RBX: 0000000000010000 RCX: ffff88807b1a5940 [ 58.663860][ T5028] RDX: 0000000000000000 RSI: 0000000000010000 RDI: 0000000000000000 [ 58.672858][ T5028] RBP: ffffc90003bbf978 R08: ffffffff82695733 R09: 1ffff1100377e11f [ 58.681004][ T5028] R10: dffffc0000000000 R11: ffffed100377e120 R12: ffff88801bbf01b0 [ 58.689024][ T5028] R13: dffffc0000000000 R14: ffff88801bbf0870 R15: 0000000000000000 [ 58.697021][ T5028] FS: 0000555556f34380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.705976][ T5028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.712542][ T5028] CR2: 0000000020001d00 CR3: 000000007304f000 CR4: 00000000003506f0 [ 58.720618][ T5028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.728617][ T5028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.736623][ T5028] Kernel panic - not syncing: Fatal exception [ 58.742881][ T5028] Kernel Offset: disabled [ 58.747193][ T5028] Rebooting in 86400 seconds..