./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1898956866 <...> DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57 forked to background, child pid 4646 [ 34.860176][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.882441][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. execve("./syz-executor1898956866", ["./syz-executor1898956866"], 0x7ffd2ea07d70 /* 10 vars */) = 0 brk(NULL) = 0x55555681e000 brk(0x55555681ed00) = 0x55555681ed00 arch_prctl(ARCH_SET_FS, 0x55555681e3c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1898956866", 4096) = 28 brk(0x55555683fd00) = 0x55555683fd00 brk(0x555556840000) = 0x555556840000 mprotect(0x7f6957dcf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f6957d01290, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f6957d022e0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f6957d01290, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f6957d022e0}, NULL, 8) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 129) = 129 mmap(0x20000000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 3, 0) = 0x20000000 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200001c0} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000246} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000258} --- memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694f8f7000 write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7f694f8f7000, 2097152) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 ioctl(5, LOOP_SET_FD, 4) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 syzkaller login: [ 60.315731][ T5070] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5070 'syz-executor189' [ 60.351554][ T5070] loop0: detected capacity change from 0 to 4096 [ 60.363451][ T5070] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 60.380970][ T5070] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 60.392701][ T5070] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 60.401093][ T5070] CPU: 0 PID: 5070 Comm: syz-executor189 Not tainted 6.1.0-next-20221220-syzkaller #0 [ 60.410623][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.420662][ T5070] RIP: 0010:ntfs_security_init+0x26e/0xad0 [ 60.426479][ T5070] Code: 44 24 08 83 f8 1f 0f 86 a4 06 00 00 e8 1b 52 d1 fe 49 01 ec e8 13 52 d1 fe 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 0f [ 60.446085][ T5070] RSP: 0018:ffffc90003b9fa78 EFLAGS: 00010246 [ 60.452147][ T5070] RAX: dffffc0000000000 RBX: ffff88807612a000 RCX: 0000000000000000 [ 60.460125][ T5070] RDX: 0000000000000000 RSI: ffffffff82b002cd RDI: 0000000000000005 [ 60.468082][ T5070] RBP: ffff8880791aa160 R08: 0000000000000005 R09: 000000000000001f [ 60.476067][ T5070] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 60.484052][ T5070] R13: ffff8880735744b0 R14: ffffc90003b9fad0 R15: ffff88807612a460 [ 60.492014][ T5070] FS: 000055555681e3c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 60.500938][ T5070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.507511][ T5070] CR2: 00000000200001c0 CR3: 000000007cd11000 CR4: 00000000003506f0 [ 60.515471][ T5070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.523428][ T5070] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.531385][ T5070] Call Trace: [ 60.534649][ T5070] [ 60.537565][ T5070] ? __call_rcu_common.constprop.0+0x30e/0x780 [ 60.543713][ T5070] ? is_sd_valid+0x4c0/0x4c0 [ 60.548288][ T5070] ? __destroy_inode+0x2de/0x700 [ 60.553218][ T5070] ? ntfs_sync_fs+0x410/0x410 [ 60.557888][ T5070] ? destroy_inode+0x129/0x1b0 [ 60.562644][ T5070] ? iput+0x52b/0x8c0 [ 60.566618][ T5070] ntfs_fill_super+0x3398/0x3ab0 [ 60.571555][ T5070] ? put_ntfs+0x330/0x330 [ 60.575877][ T5070] ? vsprintf+0x30/0x30 [ 60.580035][ T5070] ? set_blocksize+0x2c9/0x370 [ 60.584790][ T5070] get_tree_bdev+0x444/0x760 [ 60.589375][ T5070] ? put_ntfs+0x330/0x330 [ 60.593697][ T5070] vfs_get_tree+0x8d/0x2f0 [ 60.598105][ T5070] path_mount+0x132a/0x1e20 [ 60.602599][ T5070] ? kmem_cache_free+0xee/0x5c0 [ 60.607435][ T5070] ? finish_automount+0x960/0x960 [ 60.612465][ T5070] ? putname+0x102/0x140 [ 60.616702][ T5070] __x64_sys_mount+0x283/0x300 [ 60.621460][ T5070] ? copy_mnt_ns+0xb30/0xb30 [ 60.626045][ T5070] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.631233][ T5070] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.636424][ T5070] ? ptrace_notify+0xfe/0x140 [ 60.641091][ T5070] do_syscall_64+0x39/0xb0 [ 60.645498][ T5070] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.651379][ T5070] RIP: 0033:0x7f6957d4530a [ 60.655802][ T5070] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 60.675393][ T5070] RSP: 002b:00007ffc02858c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 60.683791][ T5070] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f6957d4530a [ 60.691747][ T5070] RDX: 000000002001f180 RSI: 000000002001f1c0 RDI: 00007ffc02858cb0 [ 60.699702][ T5070] RBP: 00007ffc02858cb0 R08: 00007ffc02858cf0 R09: 000000000001f164 [ 60.707656][ T5070] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000005 [ 60.715607][ T5070] R13: 000055555681e380 R14: 0000000000000000 R15: 00007ffc02858cf0 [ 60.723565][ T5070] [ 60.726567][ T5070] Modules linked in: [ 60.730819][ T5070] ---[ end trace 0000000000000000 ]--- [ 60.736299][ T5070] RIP: 0010:ntfs_security_init+0x26e/0xad0 [ 60.742131][ T5070] Code: 44 24 08 83 f8 1f 0f 86 a4 06 00 00 e8 1b 52 d1 fe 49 01 ec e8 13 52 d1 fe 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 0f [ 60.761780][ T5070] RSP: 0018:ffffc90003b9fa78 EFLAGS: 00010246 [ 60.767836][ T5070] RAX: dffffc0000000000 RBX: ffff88807612a000 RCX: 0000000000000000 [ 60.775873][ T5070] RDX: 0000000000000000 RSI: ffffffff82b002cd RDI: 0000000000000005 [ 60.783891][ T5070] RBP: ffff8880791aa160 R08: 0000000000000005 R09: 000000000000001f [ 60.792059][ T5070] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 60.800070][ T5070] R13: ffff8880735744b0 R14: ffffc90003b9fad0 R15: ffff88807612a460 [ 60.808079][ T5070] FS: 000055555681e3c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 60.817040][ T5070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.823658][ T5070] CR2: 00000000200001c0 CR3: 000000007cd11000 CR4: 00000000003506f0 [ 60.831776][ T5070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.839759][ T5070] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.847963][ T5070] Kernel panic - not syncing: Fatal exception [ 60.854290][ T5070] Kernel Offset: disabled [ 60.858605][ T5070] Rebooting in 86400 seconds..