./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1654259543
<...>
no interfaces have a carrier
[ 28.413585][ T4878] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.423246][ T4878] eql: remember to turn off Van-Jacobson compression on your slave devices
[ 28.696525][ T4962] ssh-keygen (4962) used greatest stack depth: 22672 bytes left
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts.
execve("./syz-executor1654259543", ["./syz-executor1654259543"], 0x7ffc9b1c55e0 /* 10 vars */) = 0
brk(NULL) = 0x555556136000
brk(0x555556136c40) = 0x555556136c40
arch_prctl(ARCH_SET_FS, 0x555556136300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1654259543", 4096) = 28
brk(0x555556157c40) = 0x555556157c40
brk(0x555556158000) = 0x555556158000
mprotect(0x7fbeed811000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5298
mkdir("./syzkaller.mBnFiQ", 0700) = 0
chmod("./syzkaller.mBnFiQ", 0777) = 0
chdir("./syzkaller.mBnFiQ") = 0
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee5338000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7fbee5338000, 2097152) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
syzkaller login: [ 53.654437][ T5298] loop0: detected capacity change from 0 to 4096
[ 53.664498][ T5298] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[ 53.686964][ T5298] ==================================================================
[ 53.695113][ T5298] BUG: KASAN: slab-out-of-bounds in memcmp+0x1a4/0x1c0
[ 53.701968][ T5298] Read of size 1 at addr ffff888017c71e20 by task syz-executor165/5298
[ 53.710178][ T5298]
[ 53.712478][ T5298] CPU: 1 PID: 5298 Comm: syz-executor165 Not tainted 6.1.0-syzkaller-09941-ge2ca6ba6ba01 #0
[ 53.722515][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.732545][ T5298] Call Trace:
[ 53.735800][ T5298]
[ 53.738710][ T5298] dump_stack_lvl+0xd1/0x138
[ 53.743285][ T5298] print_report+0x15e/0x45d
[ 53.747775][ T5298] ? __phys_addr+0xc8/0x140
[ 53.752260][ T5298] ? memcmp+0x1a4/0x1c0
[ 53.756395][ T5298] kasan_report+0xbf/0x1f0
[ 53.760788][ T5298] ? memcmp+0x1a4/0x1c0
[ 53.764923][ T5298] memcmp+0x1a4/0x1c0
[ 53.768883][ T5298] ? mi_enum_attr+0x353/0x640
[ 53.773566][ T5298] mi_find_attr+0x153/0x240
[ 53.778049][ T5298] ni_find_attr+0x309/0x630
[ 53.782534][ T5298] ? ni_load_mi+0x100/0x100
[ 53.787364][ T5298] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 53.793241][ T5298] ntfs_objid_init+0xc3/0x220
[ 53.797903][ T5298] ? ntfs_reparse_init+0x220/0x220
[ 53.802998][ T5298] ntfs_fill_super+0x31fd/0x3860
[ 53.807921][ T5298] ? put_ntfs+0x330/0x330
[ 53.812231][ T5298] ? set_blocksize+0x2c9/0x370
[ 53.816976][ T5298] get_tree_bdev+0x444/0x760
[ 53.821547][ T5298] ? put_ntfs+0x330/0x330
[ 53.825856][ T5298] vfs_get_tree+0x8d/0x2f0
[ 53.830252][ T5298] path_mount+0x132a/0x1e20
[ 53.834758][ T5298] ? kmem_cache_free+0xee/0x5c0
[ 53.839585][ T5298] ? finish_automount+0x960/0x960
[ 53.844592][ T5298] ? putname+0x102/0x140
[ 53.848991][ T5298] __x64_sys_mount+0x283/0x300
[ 53.853762][ T5298] ? copy_mnt_ns+0xb30/0xb30
[ 53.858331][ T5298] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.863534][ T5298] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.868727][ T5298] ? ptrace_notify+0xfe/0x140
[ 53.873389][ T5298] do_syscall_64+0x39/0xb0
[ 53.877786][ T5298] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.883661][ T5298] RIP: 0033:0x7fbeed785bba
[ 53.888055][ T5298] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.907638][ T5298] RSP: 002b:00007ffcfc3614c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 53.916025][ T5298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbeed785bba
[ 53.923975][ T5298] RDX: 000000002001f340 RSI: 000000002001f380 RDI: 00007ffcfc3614e0
[ 53.931921][ T5298] RBP: 00007ffcfc3614e0 R08: 00007ffcfc361520 R09: 000000000001f365
[ 53.939868][ T5298] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 53.947814][ T5298] R13: 00005555561362c0 R14: 0000000000000000 R15: 00007ffcfc361520
[ 53.955765][ T5298]
[ 53.958759][ T5298]
[ 53.961057][ T5298] Allocated by task 4878:
[ 53.965358][ T5298] kasan_save_stack+0x22/0x40
[ 53.970036][ T5298] kasan_set_track+0x25/0x30
[ 53.974616][ T5298] __kasan_kmalloc+0xa5/0xb0
[ 53.979182][ T5298] rtnl_newlink+0x4a/0xa0
[ 53.983490][ T5298] rtnetlink_rcv_msg+0x43e/0xca0
[ 53.988407][ T5298] netlink_rcv_skb+0x165/0x440
[ 53.993153][ T5298] netlink_unicast+0x547/0x7f0
[ 53.997896][ T5298] netlink_sendmsg+0x91b/0xe10
[ 54.002639][ T5298] sock_sendmsg+0xd3/0x120
[ 54.007032][ T5298] ____sys_sendmsg+0x712/0x8c0
[ 54.011777][ T5298] ___sys_sendmsg+0x110/0x1b0
[ 54.016433][ T5298] __sys_sendmsg+0xf7/0x1c0
[ 54.020915][ T5298] do_syscall_64+0x39/0xb0
[ 54.025313][ T5298] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.031193][ T5298]
[ 54.033508][ T5298] The buggy address belongs to the object at ffff888017c71000
[ 54.033508][ T5298] which belongs to the cache kmalloc-2k of size 2048
[ 54.047532][ T5298] The buggy address is located 1568 bytes to the right of
[ 54.047532][ T5298] 2048-byte region [ffff888017c71000, ffff888017c71800)
[ 54.061480][ T5298]
[ 54.063781][ T5298] The buggy address belongs to the physical page:
[ 54.070168][ T5298] page:ffffea00005f1c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888017c76000 pfn:0x17c70
[ 54.081599][ T5298] head:ffffea00005f1c00 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[ 54.091632][ T5298] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 54.099589][ T5298] raw: 00fff00000010200 ffff888012442000 ffffea00005e9600 dead000000000002
[ 54.108148][ T5298] raw: ffff888017c76000 0000000080080004 00000001ffffffff 0000000000000000
[ 54.116700][ T5298] page dumped because: kasan: bad access detected
[ 54.123083][ T5298] page_owner tracks the page as allocated
[ 54.128785][ T5298] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2110375920, free_ts 0
[ 54.148475][ T5298] get_page_from_freelist+0x119c/0x2ce0
[ 54.154181][ T5298] __alloc_pages+0x1cb/0x5b0
[ 54.158756][ T5298] alloc_page_interleave+0x1e/0x200
[ 54.163928][ T5298] alloc_pages+0x233/0x270
[ 54.168320][ T5298] allocate_slab+0x25f/0x350
[ 54.172890][ T5298] ___slab_alloc+0xa91/0x1400
[ 54.177549][ T5298] __slab_alloc.constprop.0+0x56/0xa0
[ 54.182901][ T5298] __kmem_cache_alloc_node+0x1a4/0x430
[ 54.188334][ T5298] kmalloc_trace+0x26/0x60
[ 54.192730][ T5298] acpi_ds_create_walk_state+0x8c/0x203
[ 54.198261][ T5298] acpi_ps_execute_method+0x1a1/0x620
[ 54.203614][ T5298] acpi_ns_evaluate+0x6d4/0x973
[ 54.208459][ T5298] acpi_ut_evaluate_object+0xf5/0x3fa
[ 54.213811][ T5298] acpi_ut_execute_STA+0x86/0x17f
[ 54.218814][ T5298] acpi_ns_get_device_callback+0x123/0x415
[ 54.224616][ T5298] acpi_ns_walk_namespace+0x250/0x432
[ 54.229985][ T5298] page_owner free stack trace missing
[ 54.235324][ T5298]
[ 54.237622][ T5298] Memory state around the buggy address:
[ 54.243222][ T5298] ffff888017c71d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.251256][ T5298] ffff888017c71d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.259291][ T5298] >ffff888017c71e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.267324][ T5298] ^
[ 54.272404][ T5298] ffff888017c71e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.280454][ T5298] ffff888017c71f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.288486][ T5298] ==================================================================
[ 54.296735][ T5298] Kernel panic - not syncing: panic_on_warn set ...
[ 54.303319][ T5298] CPU: 1 PID: 5298 Comm: syz-executor165 Not tainted 6.1.0-syzkaller-09941-ge2ca6ba6ba01 #0
[ 54.313374][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.323413][ T5298] Call Trace:
[ 54.326673][ T5298]
[ 54.329587][ T5298] dump_stack_lvl+0xd1/0x138
[ 54.334172][ T5298] panic+0x2cc/0x626
[ 54.338055][ T5298] ? panic_print_sys_info.part.0+0x110/0x110
[ 54.344024][ T5298] ? preempt_schedule_common+0x59/0xc0
[ 54.349475][ T5298] ? preempt_schedule_thunk+0x1a/0x1c
[ 54.354841][ T5298] end_report.part.0+0x3f/0x7c
[ 54.359598][ T5298] ? memcmp+0x1a4/0x1c0
[ 54.363741][ T5298] kasan_report.cold+0xa/0xf
[ 54.368321][ T5298] ? memcmp+0x1a4/0x1c0
[ 54.372468][ T5298] memcmp+0x1a4/0x1c0
[ 54.376436][ T5298] ? mi_enum_attr+0x353/0x640
[ 54.381102][ T5298] mi_find_attr+0x153/0x240
[ 54.385596][ T5298] ni_find_attr+0x309/0x630
[ 54.390091][ T5298] ? ni_load_mi+0x100/0x100
[ 54.394587][ T5298] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 54.400477][ T5298] ntfs_objid_init+0xc3/0x220
[ 54.405145][ T5298] ? ntfs_reparse_init+0x220/0x220
[ 54.410269][ T5298] ntfs_fill_super+0x31fd/0x3860
[ 54.415202][ T5298] ? put_ntfs+0x330/0x330
[ 54.419527][ T5298] ? set_blocksize+0x2c9/0x370
[ 54.424284][ T5298] get_tree_bdev+0x444/0x760
[ 54.428863][ T5298] ? put_ntfs+0x330/0x330
[ 54.433183][ T5298] vfs_get_tree+0x8d/0x2f0
[ 54.437589][ T5298] path_mount+0x132a/0x1e20
[ 54.442171][ T5298] ? kmem_cache_free+0xee/0x5c0
[ 54.447005][ T5298] ? finish_automount+0x960/0x960
[ 54.452041][ T5298] ? putname+0x102/0x140
[ 54.456279][ T5298] __x64_sys_mount+0x283/0x300
[ 54.461062][ T5298] ? copy_mnt_ns+0xb30/0xb30
[ 54.465640][ T5298] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.470830][ T5298] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.476011][ T5298] ? ptrace_notify+0xfe/0x140
[ 54.480673][ T5298] do_syscall_64+0x39/0xb0
[ 54.485077][ T5298] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.490961][ T5298] RIP: 0033:0x7fbeed785bba
[ 54.495359][ T5298] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.514951][ T5298] RSP: 002b:00007ffcfc3614c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 54.523350][ T5298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbeed785bba
[ 54.531303][ T5298] RDX: 000000002001f340 RSI: 000000002001f380 RDI: 00007ffcfc3614e0
[ 54.539258][ T5298] RBP: 00007ffcfc3614e0 R08: 00007ffcfc361520 R09: 000000000001f365
[ 54.547234][ T5298] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 54.555191][ T5298] R13: 00005555561362c0 R14: 0000000000000000 R15: 00007ffcfc361520
[ 54.563179][ T5298]
[ 54.567023][ T5298] Kernel Offset: disabled
[ 54.571333][ T5298] Rebooting in 86400 seconds..