./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1462920973 <...> forked to background, child pid 3208 [ 29.911480][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.922902][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 30.299474][ T3299] sshd (3299) used greatest stack depth: 15792 bytes left OK syzkaller Warning: Permanently added '10.128.1.114' (ECDSA) to the list of known hosts. execve("./syz-executor1462920973", ["./syz-executor1462920973"], 0x7ffde1e0d1c0 /* 10 vars */) = 0 brk(NULL) = 0x5555573c1000 brk(0x5555573c1c40) = 0x5555573c1c40 arch_prctl(ARCH_SET_FS, 0x5555573c1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1462920973", 4096) = 28 brk(0x5555573e2c40) = 0x5555573e2c40 brk(0x5555573e3000) = 0x5555573e3000 mprotect(0x7f1cbad61000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1cb2800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f1cb2800000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 syzkaller login: [ 51.902679][ T3630] loop0: detected capacity change from 0 to 1024 [ 51.916284][ T3630] ------------[ cut here ]------------ [ 51.921885][ T3630] WARNING: CPU: 1 PID: 3630 at fs/hfsplus/inode.c:534 hfsplus_cat_read_inode+0xa7c/0xec0 [ 51.931776][ T3630] Modules linked in: [ 51.935679][ T3630] CPU: 1 PID: 3630 Comm: syz-executor146 Not tainted 6.1.0-rc7-syzkaller-00102-g04aa64375f48 #0 [ 51.946123][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.956219][ T3630] RIP: 0010:hfsplus_cat_read_inode+0xa7c/0xec0 [ 51.962426][ T3630] Code: 4c 35 08 b8 fb ff ff ff 49 bf 00 00 00 00 00 fc ff df 4c 8b 74 24 18 eb 80 e8 70 a8 2f ff 0f 0b e9 01 f7 ff ff e8 64 a8 2f ff <0f> 0b e9 46 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 44 f6 ff [ 51.982176][ T3630] RSP: 0018:ffffc90003abf3a0 EFLAGS: 00010293 [ 51.988237][ T3630] RAX: ffffffff825aef8c RBX: 0000000000000058 RCX: ffff888023be8000 [ 51.996591][ T3630] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000000000f8 [ 52.004598][ T3630] RBP: ffffc90003abf6f0 R08: ffffffff825ae9c8 R09: ffffffff825ae635 [ 52.012647][ T3630] R10: 0000000000000002 R11: ffff888023be8000 R12: ffff888077b01b00 [ 52.020876][ T3630] R13: ffff888077b01cb0 R14: ffffc90003abf790 R15: dffffc0000000000 [ 52.028849][ T3630] FS: 00005555573c1300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 52.037854][ T3630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.044647][ T3630] CR2: 00000000005d84c8 CR3: 000000007a8ec000 CR4: 00000000003506e0 [ 52.053009][ T3630] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.061035][ T3630] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.069001][ T3630] Call Trace: [ 52.072342][ T3630] [ 52.075281][ T3630] ? hfsplus_inode_write_fork+0x160/0x160 [ 52.081060][ T3630] ? rcu_read_lock_sched_held+0x87/0x110 [ 52.086702][ T3630] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.092728][ T3630] ? trace_raw_output_contention_end+0xd0/0xd0 [ 52.098900][ T3630] ? trace_contention_end+0x72/0x1d0 [ 52.104244][ T3630] ? __mutex_lock_common+0x45f/0x26e0 [ 52.109679][ T3630] ? hfsplus_find_init+0x143/0x1b0 [ 52.114786][ T3630] ? rcu_read_lock_sched_held+0x87/0x110 [ 52.120455][ T3630] ? mutex_lock_io_nested+0x60/0x60 [ 52.125667][ T3630] ? hfsplus_find_init+0x80/0x1b0 [ 52.130972][ T3630] ? trace_kmalloc+0x30/0xf0 [ 52.135570][ T3630] ? __kmalloc+0xcc/0x1a0 [ 52.139951][ T3630] ? mutex_lock_nested+0x17/0x20 [ 52.144912][ T3630] ? hfsplus_find_init+0x143/0x1b0 [ 52.150091][ T3630] hfsplus_iget+0x576/0x630 [ 52.154613][ T3630] ? zisofs_uncompress_block+0x1140/0x1140 [ 52.160522][ T3630] hfsplus_fill_super+0xc6a/0x1b50 [ 52.165656][ T3630] ? __lock_acquire+0x1292/0x1f60 [ 52.170777][ T3630] ? widen_string+0x3a/0x2b0 [ 52.175379][ T3630] ? hfsplus_mount+0x40/0x40 [ 52.180027][ T3630] ? bdev_name+0x2ce/0x3f0 [ 52.184452][ T3630] ? pointer+0x148/0xfa0 [ 52.188686][ T3630] ? string+0x2d0/0x2d0 [ 52.193053][ T3630] ? vsnprintf+0x1ce0/0x1ce0 [ 52.197680][ T3630] ? mount_bdev+0xf3/0x3a0 [ 52.202152][ T3630] ? vsnprintf+0x1c02/0x1ce0 [ 52.207021][ T3630] ? mount_bdev+0xf3/0x3a0 [ 52.211483][ T3630] ? ptr_to_hashval+0x70/0x70 [ 52.216177][ T3630] ? snprintf+0xc0/0x110 [ 52.220663][ T3630] ? vscnprintf+0x80/0x80 [ 52.225010][ T3630] ? set_blocksize+0x1d5/0x360 [ 52.229971][ T3630] mount_bdev+0x26c/0x3a0 [ 52.234321][ T3630] ? hfsplus_mount+0x40/0x40 [ 52.238932][ T3630] legacy_get_tree+0xea/0x180 [ 52.243672][ T3630] ? hfsplus_mark_mdb_dirty+0x1b0/0x1b0 [ 52.249254][ T3630] vfs_get_tree+0x88/0x270 [ 52.253780][ T3630] do_new_mount+0x289/0xad0 [ 52.258275][ T3630] ? do_move_mount_old+0x150/0x150 [ 52.263615][ T3630] ? user_path_at_empty+0x149/0x1a0 [ 52.268825][ T3630] __se_sys_mount+0x2d3/0x3c0 [ 52.273583][ T3630] ? __x64_sys_mount+0xc0/0xc0 [ 52.278354][ T3630] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 52.284622][ T3630] ? __x64_sys_mount+0x1c/0xc0 [ 52.289476][ T3630] do_syscall_64+0x3d/0xb0 [ 52.293906][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.299858][ T3630] RIP: 0033:0x7f1cbacf5aea [ 52.304285][ T3630] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.323959][ T3630] RSP: 002b:00007ffc56229558 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 52.332414][ T3630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1cbacf5aea [ 52.340466][ T3630] RDX: 0000000020000180 RSI: 0000000020000640 RDI: 00007ffc56229570 [ 52.348444][ T3630] RBP: 00007ffc56229570 R08: 00007ffc562295b0 R09: 00000000000005d1 [ 52.356469][ T3630] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 52.364547][ T3630] R13: 00005555573c12c0 R14: 0000000000000000 R15: 00007ffc562295b0 [ 52.372575][ T3630] [ 52.375597][ T3630] Kernel panic - not syncing: panic_on_warn set ... [ 52.382169][ T3630] CPU: 0 PID: 3630 Comm: syz-executor146 Not tainted 6.1.0-rc7-syzkaller-00102-g04aa64375f48 #0 [ 52.392566][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 52.402628][ T3630] Call Trace: [ 52.405900][ T3630] [ 52.408818][ T3630] dump_stack_lvl+0x1b1/0x28e [ 52.413486][ T3630] ? nf_tcp_handle_invalid+0x62e/0x62e [ 52.418933][ T3630] ? panic+0x710/0x710 [ 52.423010][ T3630] ? vscnprintf+0x59/0x80 [ 52.427324][ T3630] ? hfsplus_cat_read_inode+0x9f0/0xec0 [ 52.432858][ T3630] panic+0x2d6/0x710 [ 52.436743][ T3630] ? __warn+0x131/0x220 [ 52.440892][ T3630] ? memcpy_page_flushcache+0xfc/0xfc [ 52.446256][ T3630] ? hfsplus_cat_read_inode+0xa7c/0xec0 [ 52.451789][ T3630] __warn+0x1fa/0x220 [ 52.455757][ T3630] ? hfsplus_cat_read_inode+0xa7c/0xec0 [ 52.461291][ T3630] report_bug+0x1b3/0x2d0 [ 52.465617][ T3630] handle_bug+0x3d/0x70 [ 52.469758][ T3630] exc_invalid_op+0x16/0x40 [ 52.474247][ T3630] asm_exc_invalid_op+0x16/0x20 [ 52.479086][ T3630] RIP: 0010:hfsplus_cat_read_inode+0xa7c/0xec0 [ 52.485226][ T3630] Code: 4c 35 08 b8 fb ff ff ff 49 bf 00 00 00 00 00 fc ff df 4c 8b 74 24 18 eb 80 e8 70 a8 2f ff 0f 0b e9 01 f7 ff ff e8 64 a8 2f ff <0f> 0b e9 46 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 44 f6 ff [ 52.504842][ T3630] RSP: 0018:ffffc90003abf3a0 EFLAGS: 00010293 [ 52.510897][ T3630] RAX: ffffffff825aef8c RBX: 0000000000000058 RCX: ffff888023be8000 [ 52.518854][ T3630] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000000000f8 [ 52.527073][ T3630] RBP: ffffc90003abf6f0 R08: ffffffff825ae9c8 R09: ffffffff825ae635 [ 52.535048][ T3630] R10: 0000000000000002 R11: ffff888023be8000 R12: ffff888077b01b00 [ 52.543004][ T3630] R13: ffff888077b01cb0 R14: ffffc90003abf790 R15: dffffc0000000000 [ 52.550990][ T3630] ? hfsplus_cat_read_inode+0x125/0xec0 [ 52.556552][ T3630] ? hfsplus_cat_read_inode+0x4b8/0xec0 [ 52.562115][ T3630] ? hfsplus_cat_read_inode+0xa7c/0xec0 [ 52.567666][ T3630] ? hfsplus_inode_write_fork+0x160/0x160 [ 52.573379][ T3630] ? rcu_read_lock_sched_held+0x87/0x110 [ 52.578996][ T3630] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.584961][ T3630] ? trace_raw_output_contention_end+0xd0/0xd0 [ 52.591123][ T3630] ? trace_contention_end+0x72/0x1d0 [ 52.596394][ T3630] ? __mutex_lock_common+0x45f/0x26e0 [ 52.601764][ T3630] ? hfsplus_find_init+0x143/0x1b0 [ 52.606868][ T3630] ? rcu_read_lock_sched_held+0x87/0x110 [ 52.612508][ T3630] ? mutex_lock_io_nested+0x60/0x60 [ 52.617708][ T3630] ? hfsplus_find_init+0x80/0x1b0 [ 52.622754][ T3630] ? trace_kmalloc+0x30/0xf0 [ 52.627356][ T3630] ? __kmalloc+0xcc/0x1a0 [ 52.631703][ T3630] ? mutex_lock_nested+0x17/0x20 [ 52.636644][ T3630] ? hfsplus_find_init+0x143/0x1b0 [ 52.641761][ T3630] hfsplus_iget+0x576/0x630 [ 52.646279][ T3630] ? zisofs_uncompress_block+0x1140/0x1140 [ 52.652111][ T3630] hfsplus_fill_super+0xc6a/0x1b50 [ 52.657240][ T3630] ? __lock_acquire+0x1292/0x1f60 [ 52.662274][ T3630] ? widen_string+0x3a/0x2b0 [ 52.666864][ T3630] ? hfsplus_mount+0x40/0x40 [ 52.671450][ T3630] ? bdev_name+0x2ce/0x3f0 [ 52.675875][ T3630] ? pointer+0x148/0xfa0 [ 52.680130][ T3630] ? string+0x2d0/0x2d0 [ 52.684285][ T3630] ? vsnprintf+0x1ce0/0x1ce0 [ 52.688877][ T3630] ? mount_bdev+0xf3/0x3a0 [ 52.693309][ T3630] ? vsnprintf+0x1c02/0x1ce0 [ 52.697889][ T3630] ? mount_bdev+0xf3/0x3a0 [ 52.702296][ T3630] ? ptr_to_hashval+0x70/0x70 [ 52.706972][ T3630] ? snprintf+0xc0/0x110 [ 52.711290][ T3630] ? vscnprintf+0x80/0x80 [ 52.715605][ T3630] ? set_blocksize+0x1d5/0x360 [ 52.720357][ T3630] mount_bdev+0x26c/0x3a0 [ 52.724676][ T3630] ? hfsplus_mount+0x40/0x40 [ 52.729254][ T3630] legacy_get_tree+0xea/0x180 [ 52.733933][ T3630] ? hfsplus_mark_mdb_dirty+0x1b0/0x1b0 [ 52.739467][ T3630] vfs_get_tree+0x88/0x270 [ 52.743872][ T3630] do_new_mount+0x289/0xad0 [ 52.748364][ T3630] ? do_move_mount_old+0x150/0x150 [ 52.753465][ T3630] ? user_path_at_empty+0x149/0x1a0 [ 52.758653][ T3630] __se_sys_mount+0x2d3/0x3c0 [ 52.763320][ T3630] ? __x64_sys_mount+0xc0/0xc0 [ 52.768078][ T3630] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 52.774049][ T3630] ? __x64_sys_mount+0x1c/0xc0 [ 52.778800][ T3630] do_syscall_64+0x3d/0xb0 [ 52.783202][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.789080][ T3630] RIP: 0033:0x7f1cbacf5aea [ 52.793491][ T3630] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.813089][ T3630] RSP: 002b:00007ffc56229558 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 52.821525][ T3630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1cbacf5aea [ 52.829482][ T3630] RDX: 0000000020000180 RSI: 0000000020000640 RDI: 00007ffc56229570 [ 52.837444][ T3630] RBP: 00007ffc56229570 R08: 00007ffc562295b0 R09: 00000000000005d1 [ 52.845401][ T3630] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 52.853360][ T3630] R13: 00005555573c12c0 R14: 0000000000000000 R15: 00007ffc562295b0 [ 52.861328][ T3630] [ 52.864504][ T3630] Kernel Offset: disabled [ 52.868892][ T3630] Rebooting in 86400 seconds..