./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2433152825 <...> Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts. execve("./syz-executor2433152825", ["./syz-executor2433152825"], 0x7fff1a2a37c0 /* 10 vars */) = 0 brk(NULL) = 0x555555b56000 brk(0x555555b56d00) = 0x555555b56d00 arch_prctl(ARCH_SET_FS, 0x555555b56380) = 0 set_tid_address(0x555555b56650) = 5040 set_robust_list(0x555555b56660, 24) = 0 rseq(0x555555b56ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2433152825", 4096) = 28 getrandom("\xe3\xce\x75\x4e\xf5\xc3\x38\x04", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555b56d00 brk(0x555555b77d00) = 0x555555b77d00 brk(0x555555b78000) = 0x555555b78000 mprotect(0x7fc101917000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc0f9466000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fc0f9466000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", 0, "\x74\x79\x70\x65\x3d\xc5\x0c\xb8\xcf\x2c\x67\x69\x64\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x6e\x6c\x73\x3d\x64\x65\x66\x61\x75\x6c\x74\x2c") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 96.800235][ T5040] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5040 'syz-executor243' [ 96.821112][ T5040] loop0: detected capacity change from 0 to 1024 [ 96.837329][ T5040] ------------[ cut here ]------------ [ 96.843028][ T5040] kernel BUG at fs/hfsplus/xattr.c:175! [ 96.850093][ T5040] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 96.856224][ T5040] CPU: 0 PID: 5040 Comm: syz-executor243 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0 [ 96.866158][ T5040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 96.876386][ T5040] RIP: 0010:__hfsplus_setxattr+0x2101/0x2200 [ 96.882461][ T5040] Code: 83 ff 4c 8b 54 24 50 4c 8b 44 24 38 e9 29 ea ff ff e8 23 cf 83 ff 4c 8b 54 24 50 4c 8b 44 24 38 e9 f3 e9 ff ff e8 0f 92 2e ff <0f> 0b 48 8b 7c 24 48 e8 03 cf 83 ff 4c 8b 54 24 50 4c 8b 44 24 38 [ 96.902111][ T5040] RSP: 0018:ffffc9000412f4d8 EFLAGS: 00010293 [ 96.908196][ T5040] RAX: 0000000000000000 RBX: 0000000000010000 RCX: 0000000000000000 [ 96.916268][ T5040] RDX: ffff88801c061dc0 RSI: ffffffff82593571 RDI: 0000000000000007 [ 96.924248][ T5040] RBP: ffffed10038a4107 R08: ffff888023106000 R09: 0000000000000000 [ 96.932229][ T5040] R10: ffff88801c520830 R11: 0000000000000000 R12: 0000000000000003 [ 96.940221][ T5040] R13: ffff88801c520800 R14: 1ffff92000825ead R15: ffffc9000412f598 [ 96.948307][ T5040] FS: 0000555555b56380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 96.957256][ T5040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.963853][ T5040] CR2: 0000000020001d00 CR3: 00000000744a3000 CR4: 00000000003506f0 [ 96.971834][ T5040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 96.979815][ T5040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 96.987794][ T5040] Call Trace: [ 96.991074][ T5040] [ 96.994009][ T5040] ? show_regs+0x8f/0xa0 [ 96.998474][ T5040] ? die+0x36/0xa0 [ 97.002317][ T5040] ? do_trap+0x22b/0x420 [ 97.006595][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.011990][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.017374][ T5040] ? do_error_trap+0xf4/0x230 [ 97.022088][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.027486][ T5040] ? handle_invalid_op+0x34/0x40 [ 97.032462][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.037855][ T5040] ? exc_invalid_op+0x2d/0x40 [ 97.042543][ T5040] ? asm_exc_invalid_op+0x1a/0x20 [ 97.047600][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.052989][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.058376][ T5040] ? __hfsplus_setxattr+0x2101/0x2200 [ 97.064388][ T5040] ? write_profile+0x450/0x450 [ 97.069189][ T5040] ? rcu_is_watching+0x12/0xb0 [ 97.073979][ T5040] ? copy_name+0xa0/0xa0 [ 97.078241][ T5040] ? rcu_is_watching+0x12/0xb0 [ 97.083038][ T5040] ? spin_bug+0x1d0/0x1d0 [ 97.087417][ T5040] ? rcu_is_watching+0x12/0xb0 [ 97.092198][ T5040] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 97.098245][ T5040] hfsplus_setxattr+0x10c/0x160 [ 97.103118][ T5040] ? hfsplus_init_security+0x40/0x40 [ 97.108416][ T5040] __vfs_setxattr+0x173/0x1d0 [ 97.113125][ T5040] ? __vfs_removexattr+0x1c0/0x1c0 [ 97.118262][ T5040] ? apparmor_capable+0x1da/0x4e0 [ 97.123312][ T5040] __vfs_setxattr_noperm+0x127/0x5e0 [ 97.128637][ T5040] __vfs_setxattr_locked+0x17e/0x250 [ 97.133952][ T5040] vfs_setxattr+0x146/0x350 [ 97.138484][ T5040] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 97.144582][ T5040] ? __vfs_setxattr_locked+0x250/0x250 [ 97.150078][ T5040] do_setxattr+0x142/0x170 [ 97.154525][ T5040] setxattr+0x159/0x170 [ 97.158799][ T5040] ? do_setxattr+0x170/0x170 [ 97.163455][ T5040] ? __mnt_want_write+0x217/0x300 [ 97.168510][ T5040] path_setxattr+0x1a3/0x1d0 [ 97.173131][ T5040] ? setxattr+0x170/0x170 [ 97.177483][ T5040] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 97.183492][ T5040] __x64_sys_setxattr+0xc4/0x160 [ 97.188569][ T5040] do_syscall_64+0x38/0xb0 [ 97.193024][ T5040] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 97.198945][ T5040] RIP: 0033:0x7fc1018a3939 [ 97.203369][ T5040] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.222992][ T5040] RSP: 002b:00007ffc97009e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 97.231419][ T5040] RAX: ffffffffffffffda RBX: 00007ffc9700a038 RCX: 00007fc1018a3939 [ 97.239414][ T5040] RDX: 0000000000000000 RSI: 0000000020001d40 RDI: 0000000020001d00 [ 97.247408][ T5040] RBP: 00007fc101917610 R08: 0000000000000001 R09: 0000000000000000 [ 97.255389][ T5040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.263368][ T5040] R13: 00007ffc9700a028 R14: 0000000000000001 R15: 0000000000000001 [ 97.271385][ T5040] [ 97.274418][ T5040] Modules linked in: [ 97.278533][ T5040] ---[ end trace 0000000000000000 ]--- [ 97.284314][ T5040] RIP: 0010:__hfsplus_setxattr+0x2101/0x2200 [ 97.291277][ T5040] Code: 83 ff 4c 8b 54 24 50 4c 8b 44 24 38 e9 29 ea ff ff e8 23 cf 83 ff 4c 8b 54 24 50 4c 8b 44 24 38 e9 f3 e9 ff ff e8 0f 92 2e ff <0f> 0b 48 8b 7c 24 48 e8 03 cf 83 ff 4c 8b 54 24 50 4c 8b 44 24 38 [ 97.312640][ T5040] RSP: 0018:ffffc9000412f4d8 EFLAGS: 00010293 [ 97.318880][ T5040] RAX: 0000000000000000 RBX: 0000000000010000 RCX: 0000000000000000 [ 97.326994][ T5040] RDX: ffff88801c061dc0 RSI: ffffffff82593571 RDI: 0000000000000007 [ 97.335000][ T5040] RBP: ffffed10038a4107 R08: ffff888023106000 R09: 0000000000000000 [ 97.343094][ T5040] R10: ffff88801c520830 R11: 0000000000000000 R12: 0000000000000003 [ 97.351154][ T5040] R13: ffff88801c520800 R14: 1ffff92000825ead R15: ffffc9000412f598 [ 97.360203][ T5040] FS: 0000555555b56380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 97.369231][ T5040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 97.376060][ T5040] CR2: 000055a115077868 CR3: 00000000744a3000 CR4: 00000000003506e0 [ 97.384048][ T5040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 97.392110][ T5040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 97.400161][ T5040] Kernel panic - not syncing: Fatal exception [ 97.406467][ T5040] Kernel Offset: disabled [ 97.410832][ T5040] Rebooting in 86400 seconds..