./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor494977859 <...> Warning: Permanently added '10.128.1.49' (ECDSA) to the list of known hosts. execve("./syz-executor494977859", ["./syz-executor494977859"], 0x7ffce3daf620 /* 10 vars */) = 0 brk(NULL) = 0x555556de6000 brk(0x555556de6c40) = 0x555556de6c40 arch_prctl(ARCH_SET_FS, 0x555556de6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor494977859", 4096) = 27 brk(0x555556e07c40) = 0x555556e07c40 brk(0x555556e08000) = 0x555556e08000 mprotect(0x7f3a80056000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3a77a00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 munmap(0x7f3a77a00000, 32768) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 58.981317][ T3630] loop0: detected capacity change from 0 to 64 [ 58.991695][ T3630] ======================================================= [ 58.991695][ T3630] WARNING: The mand mount option has been deprecated and [ 58.991695][ T3630] and is ignored by this kernel. Remove the mand [ 58.991695][ T3630] option from the mount to silence this warning. [ 58.991695][ T3630] ======================================================= [ 59.029315][ T3630] general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN [ 59.041032][ T3630] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 59.049424][ T3630] CPU: 1 PID: 3630 Comm: syz-executor494 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0 [ 59.059820][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.069859][ T3630] RIP: 0010:hfs_find_init+0x6e/0x1e0 [ 59.075180][ T3630] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 08 e1 80 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 8a 04 2f 84 c0 0f 85 0a 01 00 00 41 8b 06 8d 7c 00 04 be c0 0c [ 59.094770][ T3630] RSP: 0018:ffffc90003aef2e0 EFLAGS: 00010202 [ 59.100826][ T3630] RAX: 1ffff9200075de7f RBX: ffffc90003aef3f8 RCX: ffff88807942ba80 [ 59.108788][ T3630] RDX: 0000000000000000 RSI: ffffc90003aef3e0 RDI: ffffc90003aef3f0 [ 59.116748][ T3630] RBP: 0000000000000000 R08: ffffffff825eff97 R09: fffffbfff1cebe1e [ 59.124708][ T3630] R10: fffffbfff1cebe1e R11: 1ffffffff1cebe1d R12: ffffc90003aef3e0 [ 59.132756][ T3630] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 59.140715][ T3630] FS: 0000555556de6300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 59.149720][ T3630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.156307][ T3630] CR2: 000000000061ba0c CR3: 00000000747bf000 CR4: 00000000003506e0 [ 59.164271][ T3630] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.172230][ T3630] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.180192][ T3630] Call Trace: [ 59.184679][ T3630] [ 59.187603][ T3630] hfs_get_block+0x519/0xbb0 [ 59.192207][ T3630] ? hfs_free_extents+0x420/0x420 [ 59.197223][ T3630] ? do_raw_spin_unlock+0x134/0x8a0 [ 59.202864][ T3630] ? create_page_buffers+0x244/0x4b0 [ 59.208147][ T3630] block_read_full_folio+0x3b3/0xfa0 [ 59.213432][ T3630] ? hfs_free_extents+0x420/0x420 [ 59.218445][ T3630] ? block_is_partially_uptodate+0x620/0x620 [ 59.224426][ T3630] ? folio_add_lru+0x480/0x960 [ 59.229185][ T3630] filemap_read_folio+0x187/0x7d0 [ 59.234204][ T3630] ? hfs_writepage+0x30/0x30 [ 59.238788][ T3630] ? maybe_unlock_mmap_for_io+0x130/0x130 [ 59.244511][ T3630] ? filemap_alloc_folio+0x1ac/0x1c0 [ 59.249790][ T3630] do_read_cache_folio+0x2d3/0x790 [ 59.254908][ T3630] ? hfs_writepage+0x30/0x30 [ 59.259505][ T3630] read_cache_page+0x56/0x270 [ 59.264179][ T3630] hfs_btree_open+0x50c/0xf20 [ 59.268857][ T3630] ? hfs_mdb_get+0x1393/0x21a0 [ 59.273622][ T3630] hfs_mdb_get+0x1404/0x21a0 [ 59.278220][ T3630] ? hfs_xattr_set+0x5a0/0x5a0 [ 59.282982][ T3630] ? lockdep_softirqs_off+0x430/0x430 [ 59.288351][ T3630] ? do_raw_spin_unlock+0x134/0x8a0 [ 59.293560][ T3630] ? __raw_spin_lock_init+0x41/0x100 [ 59.298844][ T3630] hfs_fill_super+0xfc7/0x1690 [ 59.303617][ T3630] ? hfs_mount+0x40/0x40 [ 59.307853][ T3630] ? ptr_to_hashval+0x70/0x70 [ 59.312537][ T3630] ? snprintf+0xc0/0x110 [ 59.316785][ T3630] ? vscnprintf+0x80/0x80 [ 59.321115][ T3630] ? set_blocksize+0x1d5/0x360 [ 59.325872][ T3630] mount_bdev+0x26c/0x3a0 [ 59.330196][ T3630] ? hfs_mount+0x40/0x40 [ 59.334456][ T3630] legacy_get_tree+0xea/0x180 [ 59.339215][ T3630] ? hfs_mark_mdb_dirty+0x1b0/0x1b0 [ 59.344412][ T3630] vfs_get_tree+0x88/0x270 [ 59.348827][ T3630] do_new_mount+0x289/0xad0 [ 59.353323][ T3630] ? do_move_mount_old+0x150/0x150 [ 59.358427][ T3630] ? user_path_at_empty+0x149/0x1a0 [ 59.363619][ T3630] __se_sys_mount+0x2d3/0x3c0 [ 59.368289][ T3630] ? __x64_sys_mount+0xc0/0xc0 [ 59.373056][ T3630] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 59.379042][ T3630] ? __x64_sys_mount+0x1c/0xc0 [ 59.383797][ T3630] do_syscall_64+0x3d/0xb0 [ 59.388206][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.394089][ T3630] RIP: 0033:0x7f3a7ffeab0a [ 59.398503][ T3630] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 59.418098][ T3630] RSP: 002b:00007ffda965f9b8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 59.426513][ T3630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3a7ffeab0a [ 59.434472][ T3630] RDX: 0000000020000080 RSI: 0000000020000280 RDI: 00007ffda965f9c0 [ 59.442523][ T3630] RBP: 00007ffda965f9c0 R08: 00007ffda965fa00 R09: 0000000000000255 [ 59.450484][ T3630] R10: 00000000010184c9 R11: 0000000000000286 R12: 0000000000000004 [ 59.458466][ T3630] R13: 0000555556de62c0 R14: 00007ffda965fa00 R15: 0000000000000000 [ 59.466433][ T3630] [ 59.469442][ T3630] Modules linked in: [ 59.473575][ T3630] ---[ end trace 0000000000000000 ]--- [ 59.479039][ T3630] RIP: 0010:hfs_find_init+0x6e/0x1e0 [ 59.484535][ T3630] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 08 e1 80 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 8a 04 2f 84 c0 0f 85 0a 01 00 00 41 8b 06 8d 7c 00 04 be c0 0c [ 59.504425][ T3630] RSP: 0018:ffffc90003aef2e0 EFLAGS: 00010202 [ 59.510577][ T3630] RAX: 1ffff9200075de7f RBX: ffffc90003aef3f8 RCX: ffff88807942ba80 [ 59.518556][ T3630] RDX: 0000000000000000 RSI: ffffc90003aef3e0 RDI: ffffc90003aef3f0 [ 59.526647][ T3630] RBP: 0000000000000000 R08: ffffffff825eff97 R09: fffffbfff1cebe1e [ 59.534758][ T3630] R10: fffffbfff1cebe1e R11: 1ffffffff1cebe1d R12: ffffc90003aef3e0 [ 59.542773][ T3630] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 59.550770][ T3630] FS: 0000555556de6300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 59.559861][ T3630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.566482][ T3630] CR2: 00000000005d84c8 CR3: 00000000747bf000 CR4: 00000000003506f0 [ 59.574540][ T3630] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.582699][ T3630] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.590786][ T3630] Kernel panic - not syncing: Fatal exception [ 59.597046][ T3630] Kernel Offset: disabled [ 59.601374][ T3630] Rebooting in 86400 seconds..