./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1613551680 <...> Warning: Permanently added '10.128.1.68' (ED25519) to the list of known hosts. execve("./syz-executor1613551680", ["./syz-executor1613551680"], 0x7ffc59d2c730 /* 10 vars */) = 0 brk(NULL) = 0x55555673f000 brk(0x55555673fd00) = 0x55555673fd00 arch_prctl(ARCH_SET_FS, 0x55555673f380) = 0 set_tid_address(0x55555673f650) = 5058 set_robust_list(0x55555673f660, 24) = 0 rseq(0x55555673fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1613551680", 4096) = 28 getrandom("\x20\x62\xe9\xb0\xa8\x79\x03\x87", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555673fd00 brk(0x555556760d00) = 0x555556760d00 brk(0x555556761000) = 0x555556761000 mprotect(0x7fb90f741000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb907272000 [ 73.122644][ T27] audit: type=1400 audit(1703779680.519:83): avc: denied { execmem } for pid=5058 comm="syz-executor161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf5\x00\x00\x00\x01\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7fb907272000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 73.208545][ T27] audit: type=1400 audit(1703779680.599:84): avc: denied { read write } for pid=5058 comm="syz-executor161" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 73.232972][ T27] audit: type=1400 audit(1703779680.599:85): avc: denied { open } for pid=5058 comm="syz-executor161" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 73.235293][ T5058] loop0: detected capacity change from 0 to 4096 [ 73.258907][ T27] audit: type=1400 audit(1703779680.629:86): avc: denied { ioctl } for pid=5058 comm="syz-executor161" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 73.314330][ T27] audit: type=1400 audit(1703779680.709:87): avc: denied { mounton } for pid=5058 comm="syz-executor161" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 73.339397][ T5058] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 73.347884][ T5058] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 73.357372][ T5058] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 73.370393][ T5058] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 73.383535][ T5058] ================================================================================ [ 73.392909][ T5058] UBSAN: shift-out-of-bounds in fs/ntfs/inode.c:1080:43 [ 73.399858][ T5058] shift exponent 44 is too large for 32-bit type 'unsigned int' [ 73.407580][ T5058] CPU: 0 PID: 5058 Comm: syz-executor161 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 [ 73.417993][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 73.428041][ T5058] Call Trace: [ 73.431315][ T5058] [ 73.434241][ T5058] dump_stack_lvl+0x125/0x1b0 [ 73.438987][ T5058] __ubsan_handle_shift_out_of_bounds+0x2a6/0x480 [ 73.445436][ T5058] ntfs_read_locked_inode.cold+0x37/0x5b [ 73.451078][ T5058] ? ntfs_init_locked_inode+0x4a0/0x4a0 [ 73.456622][ T5058] ? write_mft_record+0x380/0x380 [ 73.461646][ T5058] ? iget5_locked+0x44/0xe0 [ 73.466145][ T5058] ntfs_iget+0x130/0x180 [ 73.470822][ T5058] ? ntfs_read_locked_inode+0x5860/0x5860 [ 73.476548][ T5058] ? lockdep_init_map_type+0x16d/0x7d0 [ 73.482013][ T5058] ntfs_fill_super+0x2825/0x9100 [ 73.486952][ T5058] ? up_write+0x510/0x510 [ 73.491280][ T5058] ? parse_options+0x1db0/0x1db0 [ 73.496220][ T5058] ? lock_sync+0x190/0x190 [ 73.500639][ T5058] ? parse_options+0x1db0/0x1db0 [ 73.505578][ T5058] ? preempt_count_sub+0x160/0x160 [ 73.510684][ T5058] ? sb_set_blocksize+0xf6/0x120 [ 73.515625][ T5058] ? parse_options+0x1db0/0x1db0 [ 73.520563][ T5058] mount_bdev+0x1f3/0x2e0 [ 73.524896][ T5058] ? sget+0x640/0x640 [ 73.528881][ T5058] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 73.534515][ T5058] ? cap_capable+0x1cf/0x230 [ 73.539109][ T5058] ? ntfs_rl_punch_nolock+0x15d0/0x15d0 [ 73.544654][ T5058] legacy_get_tree+0x109/0x220 [ 73.549415][ T5058] vfs_get_tree+0x8c/0x370 [ 73.553836][ T5058] path_mount+0x1492/0x1ed0 [ 73.558342][ T5058] ? lockdep_hardirqs_on+0x7d/0x110 [ 73.563554][ T5058] ? finish_automount+0xa40/0xa40 [ 73.568579][ T5058] ? putname+0x12e/0x170 [ 73.572822][ T5058] __x64_sys_mount+0x293/0x310 [ 73.577600][ T5058] ? copy_mnt_ns+0xb60/0xb60 [ 73.582195][ T5058] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 73.588436][ T5058] do_syscall_64+0x40/0x110 [ 73.592946][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 73.598844][ T5058] RIP: 0033:0x7fb90f6b08ba [ 73.603254][ T5058] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.622867][ T5058] RSP: 002b:00007ffd72cf9568 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 73.631284][ T5058] RAX: ffffffffffffffda RBX: 00007ffd72cf9580 RCX: 00007fb90f6b08ba [ 73.639252][ T5058] RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffd72cf9580 [ 73.647221][ T5058] RBP: 0000000000000004 R08: 00007ffd72cf95c0 R09: 000000000001ee62 [ 73.655191][ T5058] R10: 0000000000000010 R11: 0000000000000286 R12: 0000000000000010 [ 73.663160][ T5058] R13: 00007ffd72cf95c0 R14: 0000000000000003 R15: 0000000000200000 [ 73.671135][ T5058] [ 73.674290][ T5058] ================================================================================ [ 73.675930][ T27] audit: type=1400 audit(1703779681.069:88): avc: denied { append } for pid=4491 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 73.683746][ T5058] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 73.683756][ T5058] CPU: 0 PID: 5058 Comm: syz-executor161 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 [ 73.683780][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 73.683792][ T5058] Call Trace: [ 73.683798][ T5058] [ 73.683804][ T5058] dump_stack_lvl+0xd9/0x1b0 [ 73.683835][ T5058] panic+0x6dc/0x790 [ 73.683859][ T5058] ? mark_held_locks+0x9f/0xe0 [ 73.683887][ T5058] ? panic_smp_self_stop+0xa0/0xa0 [ 73.683913][ T5058] ? kmsg_dump_get_line+0x350/0x350 [ 73.683943][ T5058] ? check_panic_on_warn+0x1f/0xb0 [ 73.683969][ T5058] check_panic_on_warn+0xab/0xb0 [ 73.683994][ T5058] __ubsan_handle_shift_out_of_bounds+0x2ce/0x480 [ 73.684026][ T5058] ntfs_read_locked_inode.cold+0x37/0x5b [ 73.684057][ T5058] ? ntfs_init_locked_inode+0x4a0/0x4a0 [ 73.684080][ T5058] ? write_mft_record+0x380/0x380 [ 73.684102][ T5058] ? iget5_locked+0x44/0xe0 [ 73.684121][ T5058] ntfs_iget+0x130/0x180 [ 73.684143][ T5058] ? ntfs_read_locked_inode+0x5860/0x5860 [ 73.684168][ T5058] ? lockdep_init_map_type+0x16d/0x7d0 [ 73.684197][ T5058] ntfs_fill_super+0x2825/0x9100 [ 73.684225][ T5058] ? up_write+0x510/0x510 [ 73.684248][ T5058] ? parse_options+0x1db0/0x1db0 [ 73.684273][ T5058] ? lock_sync+0x190/0x190 [ 73.684301][ T5058] ? parse_options+0x1db0/0x1db0 [ 73.684325][ T5058] ? preempt_count_sub+0x160/0x160 [ 73.684352][ T5058] ? sb_set_blocksize+0xf6/0x120 [ 73.684384][ T5058] ? parse_options+0x1db0/0x1db0 [ 73.684408][ T5058] mount_bdev+0x1f3/0x2e0 [ 73.684436][ T5058] ? sget+0x640/0x640 [ 73.684463][ T5058] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 73.684488][ T5058] ? cap_capable+0x1cf/0x230 [ 73.684517][ T5058] ? ntfs_rl_punch_nolock+0x15d0/0x15d0 [ 73.684543][ T5058] legacy_get_tree+0x109/0x220 [ 73.684564][ T5058] vfs_get_tree+0x8c/0x370 [ 73.684593][ T5058] path_mount+0x1492/0x1ed0 [ 73.684621][ T5058] ? lockdep_hardirqs_on+0x7d/0x110 [ 73.684653][ T5058] ? finish_automount+0xa40/0xa40 [ 73.684681][ T5058] ? putname+0x12e/0x170 [ 73.684706][ T5058] __x64_sys_mount+0x293/0x310 [ 73.684735][ T5058] ? copy_mnt_ns+0xb60/0xb60 [ 73.684763][ T5058] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 73.684790][ T5058] do_syscall_64+0x40/0x110 [ 73.684814][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 73.684848][ T5058] RIP: 0033:0x7fb90f6b08ba [ 73.684863][ T5058] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.684882][ T5058] RSP: 002b:00007ffd72cf9568 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 73.684903][ T5058] RAX: ffffffffffffffda RBX: 00007ffd72cf9580 RCX: 00007fb90f6b08ba [ 73.684917][ T5058] RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffd72cf9580 [ 73.684931][ T5058] RBP: 0000000000000004 R08: 00007ffd72cf95c0 R09: 000000000001ee62 [ 73.684944][ T5058] R10: 0000000000000010 R11: 0000000000000286 R12: 0000000000000010 [ 73.684957][ T5058] R13: 00007ffd72cf95c0 R14: 0000000000000003 R15: 0000000000200000 [ 73.684974][ T5058] [ 73.705868][ T5058] Kernel Offset: disabled