./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3144244942

<...>
DUID 00:04:7b:a2:e0:73:6b:5f:a9:8e:d4:f6:53:82:b5:31:a7:5e
forked to background, child pid 3210
[   32.217938][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.254727][ T3211] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.108' (ECDSA) to the list of known hosts.
execve("./syz-executor3144244942", ["./syz-executor3144244942"], 0x7ffe0aea2540 /* 10 vars */) = 0
brk(NULL)                               = 0x555556ed2000
brk(0x555556ed2c40)                     = 0x555556ed2c40
arch_prctl(ARCH_SET_FS, 0x555556ed2300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3144244942", 4096) = 28
brk(0x555556ef3c40)                     = 0x555556ef3c40
brk(0x555556ef4000)                     = 0x555556ef4000
mprotect(0x7f5be75da000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bdf000000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f5bdf000000, 2097152)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   55.924317][ T3634] loop0: detected capacity change from 0 to 4096
[   55.936381][ T3634] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[   55.957181][ T3634] ==================================================================
[   55.965261][ T3634] BUG: KASAN: use-after-free in bcmp+0x1af/0x1e0
[   55.971592][ T3634] Read of size 1 at addr ffff888018871e20 by task syz-executor314/3634
[   55.979830][ T3634] 
[   55.982232][ T3634] CPU: 0 PID: 3634 Comm: syz-executor314 Not tainted 6.1.0-rc7-syzkaller #0
[   55.990997][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.001053][ T3634] Call Trace:
[   56.004349][ T3634]  <TASK>
[   56.007280][ T3634]  dump_stack_lvl+0x1b1/0x28e
[   56.011958][ T3634]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   56.017513][ T3634]  ? __wake_up_klogd+0xcd/0x100
[   56.022360][ T3634]  ? panic+0x710/0x710
[   56.026450][ T3634]  ? _printk+0xc0/0x100
[   56.030731][ T3634]  ? _raw_spin_lock_irqsave+0x8e/0x100
[   56.037512][ T3634]  print_address_description+0x74/0x340
[   56.043071][ T3634]  print_report+0x107/0x1f0
[   56.047598][ T3634]  ? __virt_addr_valid+0x21b/0x2d0
[   56.052737][ T3634]  ? __phys_addr+0xb5/0x160
[   56.057241][ T3634]  ? bcmp+0x1af/0x1e0
[   56.061300][ T3634]  kasan_report+0xcd/0x100
[   56.065813][ T3634]  ? bcmp+0x1af/0x1e0
[   56.070033][ T3634]  bcmp+0x1af/0x1e0
[   56.073872][ T3634]  mi_find_attr+0x124/0x2b0
[   56.078399][ T3634]  ni_find_attr+0x38d/0x8c0
[   56.082992][ T3634]  ? ni_load_mi+0x110/0x110
[   56.087580][ T3634]  ? __init_rwsem+0x11e/0x160
[   56.092249][ T3634]  ? indx_init+0x378/0x600
[   56.096659][ T3634]  ntfs_objid_init+0xd6/0x240
[   56.101334][ T3634]  ? ntfs_reparse_init+0x240/0x240
[   56.106434][ T3634]  ? evict+0x5d5/0x620
[   56.110499][ T3634]  ntfs_fill_super+0x40dd/0x42a0
[   56.115444][ T3634]  ? put_ntfs+0x2a0/0x2a0
[   56.119783][ T3634]  ? set_blocksize+0x1d5/0x360
[   56.124539][ T3634]  get_tree_bdev+0x400/0x620
[   56.129122][ T3634]  ? put_ntfs+0x2a0/0x2a0
[   56.133534][ T3634]  vfs_get_tree+0x88/0x270
[   56.138028][ T3634]  do_new_mount+0x289/0xad0
[   56.142532][ T3634]  ? do_move_mount_old+0x150/0x150
[   56.147720][ T3634]  ? user_path_at_empty+0x149/0x1a0
[   56.152995][ T3634]  __se_sys_mount+0x2d3/0x3c0
[   56.157665][ T3634]  ? __x64_sys_mount+0xc0/0xc0
[   56.162419][ T3634]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.168396][ T3634]  ? __x64_sys_mount+0x1c/0xc0
[   56.173151][ T3634]  do_syscall_64+0x3d/0xb0
[   56.177568][ T3634]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.183454][ T3634] RIP: 0033:0x7f5be754fb0a
[   56.187863][ T3634] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.207900][ T3634] RSP: 002b:00007fffe071d4b8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   56.216314][ T3634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5be754fb0a
[   56.224275][ T3634] RDX: 000000002001f340 RSI: 000000002001f380 RDI: 00007fffe071d4d0
[   56.232242][ T3634] RBP: 00007fffe071d4d0 R08: 00007fffe071d510 R09: 000000000001f365
[   56.240211][ T3634] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[   56.248184][ T3634] R13: 0000555556ed22c0 R14: 0000000000000000 R15: 00007fffe071d510
[   56.256153][ T3634]  </TASK>
[   56.259169][ T3634] 
[   56.261483][ T3634] The buggy address belongs to the physical page:
[   56.267884][ T3634] page:ffffea0000621c40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18871
[   56.278194][ T3634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   56.285339][ T3634] raw: 00fff00000000000 0000000000000000 ffffffff00620301 0000000000000000
[   56.293910][ T3634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   56.302476][ T3634] page dumped because: kasan: bad access detected
[   56.308874][ T3634] page_owner tracks the page as freed
[   56.314397][ T3634] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 41582050580, free_ts 43082184396
[   56.332880][ T3634]  get_page_from_freelist+0x742/0x7c0
[   56.338522][ T3634]  __alloc_pages+0x259/0x560
[   56.343194][ T3634]  skb_page_frag_refill+0x14c/0x2d0
[   56.348384][ T3634]  add_recvbuf_mergeable+0x1b4/0x720
[   56.353665][ T3634]  try_fill_recv+0xfe/0xc00
[   56.358158][ T3634]  virtnet_poll+0x888/0x1280
[   56.362749][ T3634]  __napi_poll+0xbe/0x4b0
[   56.367102][ T3634]  net_rx_action+0x75c/0x10d0
[   56.371782][ T3634]  __do_softirq+0x277/0x738
[   56.376648][ T3634] page last free stack trace:
[   56.381483][ T3634]  free_pcp_prepare+0x80c/0x8f0
[   56.386366][ T3634]  free_unref_page+0x7d/0x5f0
[   56.391073][ T3634]  skb_release_data+0x37a/0x6d0
[   56.395969][ T3634]  napi_consume_skb+0x11c/0x1c0
[   56.400963][ T3634]  net_rx_action+0x4ee/0x10d0
[   56.405645][ T3634]  __do_softirq+0x277/0x738
[   56.410147][ T3634] 
[   56.412464][ T3634] Memory state around the buggy address:
[   56.418174][ T3634]  ffff888018871d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.426349][ T3634]  ffff888018871d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.434487][ T3634] >ffff888018871e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.442535][ T3634]                                ^
[   56.447629][ T3634]  ffff888018871e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.455681][ T3634]  ffff888018871f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.463726][ T3634] ==================================================================
[   56.472142][ T3634] Kernel panic - not syncing: panic_on_warn set ...
[   56.479536][ T3634] CPU: 1 PID: 3634 Comm: syz-executor314 Not tainted 6.1.0-rc7-syzkaller #0
[   56.488238][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.498316][ T3634] Call Trace:
[   56.501600][ T3634]  <TASK>
[   56.504611][ T3634]  dump_stack_lvl+0x1b1/0x28e
[   56.509289][ T3634]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   56.514742][ T3634]  ? panic+0x710/0x710
[   56.518807][ T3634]  ? preempt_schedule_common+0xb7/0xe0
[   56.524259][ T3634]  ? vscnprintf+0x59/0x80
[   56.528589][ T3634]  panic+0x2d6/0x710
[   56.532527][ T3634]  ? memcpy_page_flushcache+0xfc/0xfc
[   56.537927][ T3634]  ? _raw_spin_unlock_irqrestore+0x110/0x120
[   56.544011][ T3634]  ? rcu_read_lock_sched_held+0x5d/0x110
[   56.549646][ T3634]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   56.555630][ T3634]  ? bcmp+0x1af/0x1e0
[   56.559691][ T3634]  end_report+0x91/0xa0
[   56.563837][ T3634]  kasan_report+0xda/0x100
[   56.568244][ T3634]  ? bcmp+0x1af/0x1e0
[   56.572315][ T3634]  bcmp+0x1af/0x1e0
[   56.576115][ T3634]  mi_find_attr+0x124/0x2b0
[   56.580703][ T3634]  ni_find_attr+0x38d/0x8c0
[   56.585202][ T3634]  ? ni_load_mi+0x110/0x110
[   56.589703][ T3634]  ? __init_rwsem+0x11e/0x160
[   56.594378][ T3634]  ? indx_init+0x378/0x600
[   56.598789][ T3634]  ntfs_objid_init+0xd6/0x240
[   56.603545][ T3634]  ? ntfs_reparse_init+0x240/0x240
[   56.608654][ T3634]  ? evict+0x5d5/0x620
[   56.612715][ T3634]  ntfs_fill_super+0x40dd/0x42a0
[   56.617659][ T3634]  ? put_ntfs+0x2a0/0x2a0
[   56.621983][ T3634]  ? set_blocksize+0x1d5/0x360
[   56.626752][ T3634]  get_tree_bdev+0x400/0x620
[   56.631447][ T3634]  ? put_ntfs+0x2a0/0x2a0
[   56.635773][ T3634]  vfs_get_tree+0x88/0x270
[   56.640192][ T3634]  do_new_mount+0x289/0xad0
[   56.644717][ T3634]  ? do_move_mount_old+0x150/0x150
[   56.650101][ T3634]  ? user_path_at_empty+0x149/0x1a0
[   56.655306][ T3634]  __se_sys_mount+0x2d3/0x3c0
[   56.659980][ T3634]  ? __x64_sys_mount+0xc0/0xc0
[   56.664736][ T3634]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.670714][ T3634]  ? __x64_sys_mount+0x1c/0xc0
[   56.675555][ T3634]  do_syscall_64+0x3d/0xb0
[   56.679969][ T3634]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.685855][ T3634] RIP: 0033:0x7f5be754fb0a
[   56.690260][ T3634] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.709886][ T3634] RSP: 002b:00007fffe071d4b8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   56.718305][ T3634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5be754fb0a
[   56.726271][ T3634] RDX: 000000002001f340 RSI: 000000002001f380 RDI: 00007fffe071d4d0
[   56.734235][ T3634] RBP: 00007fffe071d4d0 R08: 00007fffe071d510 R09: 000000000001f365
[   56.742224][ T3634] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[   56.750201][ T3634] R13: 0000555556ed22c0 R14: 0000000000000000 R15: 00007fffe071d510
[   56.758178][ T3634]  </TASK>
[   56.761343][ T3634] Kernel Offset: disabled
[   56.765690][ T3634] Rebooting in 86400 seconds..