./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor913831402

<...>
DUID 00:04:76:8b:f6:84:a4:3b:36:39:6c:68:e7:10:38:dd:b7:2c
forked to background, child pid 3210
[   30.848895][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.871307][ T3211] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
execve("./syz-executor913831402", ["./syz-executor913831402"], 0x7ffefa357930 /* 10 vars */) = 0
brk(NULL)                               = 0x5555555c0000
brk(0x5555555c0c40)                     = 0x5555555c0c40
arch_prctl(ARCH_SET_FS, 0x5555555c0300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor913831402", 4096) = 27
brk(0x5555555e1c40)                     = 0x5555555e1c40
brk(0x5555555e2000)                     = 0x5555555e2000
mprotect(0x7f6dfb68d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3637 attached
, child_tidptr=0x5555555c05d0) = 3637
[pid  3637] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3637] setsid()                    = 1
[pid  3637] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3637] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3637] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3637] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3637] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  3637] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3637] unshare(CLONE_NEWNS)        = 0
[pid  3637] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3637] unshare(CLONE_NEWIPC)       = 0
[pid  3637] unshare(CLONE_NEWCGROUP)    = 0
[pid  3637] unshare(CLONE_NEWUTS)       = 0
[pid  3637] unshare(CLONE_SYSVSEM)      = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "16777216", 8)     = 8
[pid  3637] close(3)                    = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "536870912", 9)    = 9
[pid  3637] close(3)                    = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "1024", 4)         = 4
[pid  3637] close(3)                    = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "8192", 4)         = 4
[pid  3637] close(3)                    = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "1024", 4)         = 4
[pid  3637] close(3)                    = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "1024", 4)         = 4
[pid  3637] close(3)                    = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3637] close(3)                    = 0
[pid  3637] getpid()                    = 1
[pid  3637] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3637] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3637] unshare(CLONE_NEWNET)       = 0
[pid  3637] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3637] write(3, "0 65535", 7)      = 7
[pid  3637] close(3)                    = 0
[pid  3637] mkdir("/dev/binderfs", 0777) = 0
[pid  3637] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3637] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3637] memfd_create("syzkaller", 0) = 3
[pid  3637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6df3000000
[pid  3637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3637] munmap(0x7f6df3000000, 32768) = 0
[pid  3637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3637] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3637] close(3)                    = 0
[pid  3637] mkdir("./bus", 0777)        = 0
[pid  3637] mount("/dev/loop0", "./bus", "hfs", MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "dir_umask=00000000000000000000401,codepage=iso8859-3,") = 0
[pid  3637] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  3637] chdir("./bus")              = 0
[pid  3637] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3637] close(4)                    = 0
[pid  3637] openat(AT_FDCWD, "blkio.bfq.io_wait_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  3637] exit_group(1)               = ?
syzkaller login: [   50.669383][ T3637] loop0: detected capacity change from 0 to 64
[   50.700640][    T9] ------------[ cut here ]------------
[   50.706906][    T9] kernel BUG at fs/hfs/inode.c:446!
[   50.712776][    T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   50.718867][    T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   50.728754][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   50.738889][    T9] Workqueue: writeback wb_workfn (flush-7:0)
[   50.745001][    T9] RIP: 0010:hfs_write_inode+0xb39/0xb40
[   50.750548][    T9] Code: 4c 24 10 80 e1 07 80 c1 03 38 c1 0f 8c 67 fc ff ff 48 8b 7c 24 10 e8 06 45 7f ff e9 58 fc ff ff e8 ec c8 32 08 e8 27 2c 2b ff <0f> 0b 0f 1f 44 00 00 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00
[   50.770147][    T9] RSP: 0018:ffffc900000e7340 EFLAGS: 00010293
[   50.776210][    T9] RAX: ffffffff825f6b89 RBX: 0000000000000000 RCX: ffff88813fee0000
[   50.784169][    T9] RDX: 0000000000000000 RSI: ffffffff8d315f40 RDI: 0000000000000000
[   50.792148][    T9] RBP: ffffc900000e74d0 R08: 0000000000000007 R09: ffffffff825f6135
[   50.800196][    T9] R10: 0000000000000003 R11: ffff88813fee0000 R12: 1ffff9200001ce6c
[   50.808157][    T9] R13: ffff888074c014d8 R14: dffffc0000000000 R15: ffff888074c014d8
[   50.816129][    T9] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   50.825053][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.831626][    T9] CR2: 00007f6dfb691140 CR3: 000000007d030000 CR4: 00000000003506e0
[   50.839764][    T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.847722][    T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.855682][    T9] Call Trace:
[   50.858950][    T9]  <TASK>
[   50.861884][    T9]  ? trace_lock_release+0x95/0x220
[   50.868649][    T9]  ? hfs_inode_write_fork+0x1b0/0x1b0
[   50.874050][    T9]  ? rcu_read_lock_sched_held+0x87/0x110
[   50.879967][    T9]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   50.885962][    T9]  ? do_raw_spin_unlock+0x134/0x8a0
[   50.891262][    T9]  __writeback_single_inode+0x4d6/0x670
[   50.896825][    T9]  writeback_sb_inodes+0xb3b/0x18f0
[   50.902025][    T9]  ? __lock_acquire+0x1f60/0x1f60
[   50.907046][    T9]  ? move_expired_inodes+0x889/0x8e0
[   50.912331][    T9]  ? queue_io+0x400/0x400
[   50.916747][    T9]  ? queue_io+0x382/0x400
[   50.921107][    T9]  ? trace_writeback_queue_io+0xe8/0x2d0
[   50.926846][    T9]  wb_writeback+0x41f/0x7b0
[   50.931382][    T9]  ? trace_writeback_exec+0x2c0/0x2c0
[   50.936777][    T9]  ? rcu_read_lock_sched_held+0x87/0x110
[   50.942513][    T9]  ? do_raw_spin_unlock+0x134/0x8a0
[   50.947744][    T9]  wb_workfn+0x3cb/0xef0
[   50.952004][    T9]  ? inode_wait_for_writeback+0x2c0/0x2c0
[   50.957811][    T9]  ? rcu_read_lock_sched_held+0x87/0x110
[   50.963473][    T9]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   50.969460][    T9]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   50.975666][    T9]  ? do_raw_spin_unlock+0x134/0x8a0
[   50.980974][    T9]  process_one_work+0x877/0xdb0
[   50.986551][    T9]  ? worker_detach_from_pool+0x260/0x260
[   50.992193][    T9]  ? _raw_spin_lock_irq+0xba/0xf0
[   50.997221][    T9]  ? _raw_spin_lock_irqsave+0x100/0x100
[   51.002766][    T9]  worker_thread+0xb14/0x1330
[   51.007449][    T9]  kthread+0x266/0x300
[   51.011508][    T9]  ? rcu_lock_release+0x20/0x20
[   51.016355][    T9]  ? kthread_blkcg+0xd0/0xd0
[   51.020937][    T9]  ret_from_fork+0x1f/0x30
[   51.025352][    T9]  </TASK>
[   51.028367][    T9] Modules linked in:
[   51.033205][    T9] ---[ end trace 0000000000000000 ]---
[   51.038828][    T9] RIP: 0010:hfs_write_inode+0xb39/0xb40
[   51.044586][    T9] Code: 4c 24 10 80 e1 07 80 c1 03 38 c1 0f 8c 67 fc ff ff 48 8b 7c 24 10 e8 06 45 7f ff e9 58 fc ff ff e8 ec c8 32 08 e8 27 2c 2b ff <0f> 0b 0f 1f 44 00 00 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00
[   51.066112][    T9] RSP: 0018:ffffc900000e7340 EFLAGS: 00010293
[   51.072274][    T9] RAX: ffffffff825f6b89 RBX: 0000000000000000 RCX: ffff88813fee0000
[   51.080537][    T9] RDX: 0000000000000000 RSI: ffffffff8d315f40 RDI: 0000000000000000
[   51.088526][    T9] RBP: ffffc900000e74d0 R08: 0000000000000007 R09: ffffffff825f6135
[   51.096633][    T9] R10: 0000000000000003 R11: ffff88813fee0000 R12: 1ffff9200001ce6c
[   51.104633][    T9] R13: ffff888074c014d8 R14: dffffc0000000000 R15: ffff888074c014d8
[   51.112707][    T9] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   51.121758][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.128329][    T9] CR2: 00005608ae00d488 CR3: 000000000ce8e000 CR4: 00000000003506f0
[   51.136331][    T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.144502][    T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.152750][    T9] Kernel panic - not syncing: Fatal exception
[   51.159118][    T9] Kernel Offset: disabled
[   51.163454][    T9] Rebooting in 86400 seconds..