./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2663819618
<...>
Warning: Permanently added '10.128.1.89' (ED25519) to the list of known hosts.
execve("./syz-executor2663819618", ["./syz-executor2663819618"], 0x7ffd5546e440 /* 10 vars */) = 0
brk(NULL) = 0x55555754e000
brk(0x55555754ed00) = 0x55555754ed00
arch_prctl(ARCH_SET_FS, 0x55555754e380) = 0
set_tid_address(0x55555754e650) = 5037
set_robust_list(0x55555754e660, 24) = 0
rseq(0x55555754eca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2663819618", 4096) = 28
getrandom("\xf4\x8a\xab\xbc\x49\x7d\x97\x56", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555754ed00
brk(0x55555756fd00) = 0x55555756fd00
brk(0x555557570000) = 0x555557570000
mprotect(0x7fe16f333000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555754e650) = 5038
./strace-static-x86_64: Process 5038 attached
[pid 5038] set_robust_list(0x55555754e660, 24) = 0
[pid 5038] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setsid() = 1
[pid 5038] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5038] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5038] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5038] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5038] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5038] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5038] unshare(CLONE_NEWNS) = 0
[pid 5038] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5038] unshare(CLONE_NEWIPC) = 0
[pid 5038] unshare(CLONE_NEWCGROUP) = 0
[pid 5038] unshare(CLONE_NEWUTS) = 0
[pid 5038] unshare(CLONE_SYSVSEM) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "16777216", 8) = 8
[pid 5038] close(3) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "536870912", 9) = 9
[pid 5038] close(3) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1024", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "8192", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1024", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1024", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5038] close(3) = 0
[pid 5038] getpid() = 1
[pid 5038] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5038] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5038] unshare(CLONE_NEWNET) = 0
[pid 5038] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "0 65535", 7) = 7
[pid 5038] close(3) = 0
[pid 5038] mkdir("/dev/binderfs", 0777) = 0
[pid 5038] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5038] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5038] memfd_create("syzkaller", 0) = 3
[pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe166e81000
[pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5038] munmap(0x7fe166e81000, 32768) = 0
[pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5038] close(3) = 0
[pid 5038] mkdir("./bus", 0777) = 0
[pid 5038] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "\x74\x79\x70\x65\x3d\xec\x5d\x74\xa9\x2c\x66\x69\x6c\x65\x5f\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x37\x2c") = 0
[pid 5038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5038] chdir("./bus") = 0
[pid 5038] ioctl(4, LOOP_CLR_FD) = 0
[pid 5038] close(4) = 0
[pid 5038] openat(AT_FDCWD, "./file0", O_RDONLY) = 4
[pid 5038] mknodat(4, "./file1", 000) = -1 EEXIST (File exists)
[pid 5038] mknodat(AT_FDCWD, "./bus", 000) = 0
[pid 5038] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5038] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5038] exit_group(1) = ?
[ 52.504950][ T5038] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5038 'syz-executor266'
[ 52.517592][ T5038] loop0: detected capacity change from 0 to 64
[ 52.541258][ T11] ------------[ cut here ]------------
[ 52.546761][ T11] kernel BUG at fs/hfs/inode.c:446!
[ 52.552343][ T11] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 52.558441][ T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.5.0-rc4-next-20230804-syzkaller #0
[ 52.567902][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 52.577974][ T11] Workqueue: writeback wb_workfn (flush-7:0)
[ 52.583986][ T11] RIP: 0010:hfs_write_inode+0x362/0x9f0
[ 52.589553][ T11] Code: 89 87 8a 4c 89 f7 e8 fd 32 2d ff 49 83 fe 03 0f 84 ca 02 00 00 49 83 fe 04 74 11 49 83 fe 02 0f 84 b2 fd ff ff e8 2e 37 2d ff <0f> 0b e8 27 37 2d ff 48 8d 7d 28 48 b8 00 00 00 00 00 fc ff df 48
[ 52.609377][ T11] RSP: 0018:ffffc90000107658 EFLAGS: 00010293
[ 52.615540][ T11] RAX: 0000000000000000 RBX: 1ffff92000020ecd RCX: 0000000000000000
[ 52.623828][ T11] RDX: ffff888015273b80 RSI: ffffffff82598b72 RDI: 0000000000000007
[ 52.631896][ T11] RBP: ffff888025ac9b58 R08: 0000000000000007 R09: 0000000000000004
[ 52.639871][ T11] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
[ 52.647845][ T11] R13: ffffc90000107698 R14: 0000000000000005 R15: ffffc900001076f8
[ 52.655832][ T11] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 52.665211][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.671803][ T11] CR2: 00007fd7ed7f7095 CR3: 000000001e58c000 CR4: 00000000003506f0
[ 52.679784][ T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.687803][ T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.695910][ T11] Call Trace:
[ 52.699209][ T11] <TASK>
[ 52.702142][ T11] ? die+0x31/0x80
[ 52.705877][ T11] ? do_trap+0x1ab/0x3b0
[ 52.710136][ T11] ? hfs_write_inode+0x362/0x9f0
[ 52.715085][ T11] ? do_error_trap+0x9e/0x160
[ 52.719894][ T11] ? hfs_write_inode+0x362/0x9f0
[ 52.724873][ T11] ? handle_invalid_op+0x2c/0x30
[ 52.729839][ T11] ? hfs_write_inode+0x362/0x9f0
[ 52.734892][ T11] ? exc_invalid_op+0x2d/0x40
[ 52.739689][ T11] ? asm_exc_invalid_op+0x1a/0x20
[ 52.744758][ T11] ? hfs_write_inode+0x362/0x9f0
[ 52.749820][ T11] ? hfs_write_inode+0x362/0x9f0
[ 52.754818][ T11] ? hfs_write_inode+0x362/0x9f0
[ 52.759793][ T11] ? hfs_inode_write_fork+0x1c0/0x1c0
[ 52.765188][ T11] ? rcu_is_watching+0x12/0xb0
[ 52.769962][ T11] ? spin_bug+0x1d0/0x1d0
[ 52.774308][ T11] ? reacquire_held_locks+0x4b0/0x4b0
[ 52.779701][ T11] __writeback_single_inode+0xa81/0xe70
[ 52.785276][ T11] ? __mark_inode_dirty+0xd50/0xd50
[ 52.790684][ T11] ? _raw_spin_unlock+0x28/0x40
[ 52.795596][ T11] ? wbc_attach_and_unlock_inode+0x568/0x910
[ 52.801630][ T11] writeback_sb_inodes+0x599/0x1010
[ 52.806854][ T11] ? sync_inode_metadata+0xe0/0xe0
[ 52.811981][ T11] ? rcu_is_watching+0x12/0xb0
[ 52.816870][ T11] ? queue_io+0x3ed/0x4e0
[ 52.821221][ T11] wb_writeback+0x2a5/0xa90
[ 52.825904][ T11] ? __writeback_inodes_wb+0x2d0/0x2d0
[ 52.831369][ T11] ? reacquire_held_locks+0x4b0/0x4b0
[ 52.836762][ T11] ? spin_bug+0x1d0/0x1d0
[ 52.841112][ T11] ? rcu_is_watching+0x12/0xb0
[ 52.845889][ T11] wb_workfn+0x29c/0xfd0
[ 52.850141][ T11] ? spin_bug+0x1a1/0x1d0
[ 52.854487][ T11] ? lock_release+0x4bf/0x680
[ 52.859208][ T11] ? inode_wait_for_writeback+0x30/0x30
[ 52.864763][ T11] ? do_raw_spin_unlock+0x173/0x230
[ 52.870004][ T11] ? rcu_is_watching+0x12/0xb0
[ 52.874804][ T11] ? lock_acquire+0x464/0x510
[ 52.879515][ T11] ? lock_sync+0x190/0x190
[ 52.883961][ T11] ? reacquire_held_locks+0x4b0/0x4b0
[ 52.889348][ T11] ? __schedule+0xee9/0x59f0
[ 52.893970][ T11] ? spin_bug+0x1d0/0x1d0
[ 52.898334][ T11] ? rcu_is_watching+0x12/0xb0
[ 52.903204][ T11] process_one_work+0xaa2/0x16f0
[ 52.908172][ T11] ? lock_sync+0x190/0x190
[ 52.912634][ T11] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 52.918135][ T11] ? spin_bug+0x1d0/0x1d0
[ 52.922577][ T11] worker_thread+0x687/0x1110
[ 52.927379][ T11] ? process_one_work+0x16f0/0x16f0
[ 52.932600][ T11] kthread+0x33a/0x430
[ 52.936680][ T11] ? kthread_complete_and_exit+0x40/0x40
[ 52.942326][ T11] ret_from_fork+0x2c/0x70
[ 52.946754][ T11] ? kthread_complete_and_exit+0x40/0x40
[ 52.952400][ T11] ret_from_fork_asm+0x11/0x20
[ 52.957298][ T11] </TASK>
[ 52.960576][ T11] Modules linked in:
[ 52.965337][ T11] ---[ end trace 0000000000000000 ]---
[ 52.971352][ T11] RIP: 0010:hfs_write_inode+0x362/0x9f0
[ 52.977117][ T11] Code: 89 87 8a 4c 89 f7 e8 fd 32 2d ff 49 83 fe 03 0f 84 ca 02 00 00 49 83 fe 04 74 11 49 83 fe 02 0f 84 b2 fd ff ff e8 2e 37 2d ff <0f> 0b e8 27 37 2d ff 48 8d 7d 28 48 b8 00 00 00 00 00 fc ff df 48
[ 52.997175][ T11] RSP: 0018:ffffc90000107658 EFLAGS: 00010293
[ 53.003726][ T11] RAX: 0000000000000000 RBX: 1ffff92000020ecd RCX: 0000000000000000
[ 53.011966][ T11] RDX: ffff888015273b80 RSI: ffffffff82598b72 RDI: 0000000000000007
[ 53.020082][ T11] RBP: ffff888025ac9b58 R08: 0000000000000007 R09: 0000000000000004
[ 53.028311][ T11] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
[ 53.036278][ T11] R13: ffffc90000107698 R14: 0000000000000005 R15: ffffc900001076f8
[ 53.044447][ T11] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 53.053442][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.060205][ T11] CR2: 00007fd7ed395ed8 CR3: 000000000c776000 CR4: 00000000003506e0
[ 53.068326][ T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.076377][ T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.084557][ T11] Kernel panic - not syncing: Fatal exception
[ 53.090830][ T11] Kernel Offset: disabled
[ 53.095230][ T11] Rebooting in 86400 seconds..