./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor518090890 <...> [ 29.180786][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.202921][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 39.839580][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 39.839595][ T26] audit: type=1400 audit(1663604698.759:73): avc: denied { transition } for pid=3394 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.869795][ T26] audit: type=1400 audit(1663604698.769:74): avc: denied { write } for pid=3394 comm="sh" path="pipe:[28081]" dev="pipefs" ino=28081 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts. execve("./syz-executor518090890", ["./syz-executor518090890"], 0x7ffcaad49f90 /* 10 vars */) = 0 brk(NULL) = 0x555556b82000 brk(0x555556b82c40) = 0x555556b82c40 arch_prctl(ARCH_SET_FS, 0x555556b82300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor518090890", 4096) = 27 brk(0x555556ba3c40) = 0x555556ba3c40 brk(0x555556ba4000) = 0x555556ba4000 mprotect(0x7f0219e28000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 266176) = 0 pwrite64(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\xa3\xb8\xb2\x0f\xcf\x7a\xa8\x36\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 224, 0) = 224 pwrite64(3, NULL, 0, 480) = 0 pwrite64(3, NULL, 0, 65536) = 0 pwrite64(3, "\x46\x49\x4c\x45\x30\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x38\x00\x01\x00\x98\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x60\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x48\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 312, 131072) = 312 pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08", 31, 131552) = 31 pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x46\x49\x4c\x45\x30\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x38\x00\x01\x00\x58\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x60\x00\x00\x00\x00\x00\x18\x00"..., 363, 132064) = 363 pwrite64(3, NULL, 0, 132576) = 0 pwrite64(3, NULL, 0, 133088) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 [ 51.469496][ T26] audit: type=1400 audit(1663604710.389:75): avc: denied { execmem } for pid=3607 comm="syz-executor518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 51.476010][ T3607] loop0: detected capacity change from 0 to 519 [ 51.490276][ T26] audit: type=1400 audit(1663604710.399:76): avc: denied { read write } for pid=3607 comm="syz-executor518" name="loop0" dev="devtmpfs" ino=644 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 51.503358][ T3607] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 51.520202][ T26] audit: type=1400 audit(1663604710.399:77): avc: denied { open } for pid=3607 comm="syz-executor518" path="/dev/loop0" dev="devtmpfs" ino=644 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 51.553253][ T26] audit: type=1400 audit(1663604710.399:78): avc: denied { ioctl } for pid=3607 comm="syz-executor518" path="/dev/loop0" dev="devtmpfs" ino=644 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 51.579255][ T26] audit: type=1400 audit(1663604710.419:79): avc: denied { mounton } for pid=3607 comm="syz-executor518" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 51.602737][ T3607] ------------[ cut here ]------------ [ 51.608185][ T3607] kernel BUG at fs/ntfs/aops.c:186! [ 51.613593][ T3607] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 51.619663][ T3607] CPU: 0 PID: 3607 Comm: syz-executor518 Not tainted 6.0.0-rc6-syzkaller #0 [ 51.628317][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 51.638354][ T3607] RIP: 0010:ntfs_read_folio+0x2346/0x2e10 [ 51.644064][ T3607] Code: 00 48 8b 44 24 50 31 ff 48 8b 98 30 fd ff ff 48 c1 eb 03 83 e3 01 89 de e8 f7 c4 e1 fe 84 db 0f 85 59 eb ff ff e8 6a c8 e1 fe <0f> 0b e8 63 c8 e1 fe 48 c7 c6 a0 e7 20 8a 4c 89 f7 e8 74 95 17 ff [ 51.663658][ T3607] RSP: 0018:ffffc90002f97728 EFLAGS: 00010293 [ 51.669722][ T3607] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 51.677701][ T3607] RDX: ffff888072630100 RSI: ffffffff82996fb6 RDI: 0000000000000001 [ 51.685677][ T3607] RBP: ffff88806d07c090 R08: 0000000000000001 R09: 0000000000000000 [ 51.693634][ T3607] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88806d07c090 [ 51.701587][ T3607] R13: ffffea0001b51418 R14: ffffea0001b51400 R15: ffffea0001b51420 [ 51.709542][ T3607] FS: 0000555556b82300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 51.718475][ T3607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.725042][ T3607] CR2: 00005610700306a8 CR3: 000000007c9e3000 CR4: 00000000003506f0 [ 51.732999][ T3607] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.741033][ T3607] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.749012][ T3607] Call Trace: [ 51.752289][ T3607] [ 51.755208][ T3607] ? folio_flags.constprop.0+0x53/0x150 [ 51.760751][ T3607] ? ntfs_end_buffer_async_read+0x1720/0x1720 [ 51.766809][ T3607] ? folio_add_lru+0x377/0x680 [ 51.771561][ T3607] ? filemap_add_folio+0x138/0x1d0 [ 51.776661][ T3607] ? __filemap_add_folio+0x1620/0x1620 [ 51.782107][ T3607] ? folio_alloc+0x3f/0x70 [ 51.786511][ T3607] ? ntfs_end_buffer_async_read+0x1720/0x1720 [ 51.792564][ T3607] filemap_read_folio+0x3c/0x1d0 [ 51.797492][ T3607] do_read_cache_folio+0x1df/0x510 [ 51.802777][ T3607] ? ntfs_end_buffer_async_read+0x1720/0x1720 [ 51.808831][ T3607] read_cache_page+0x59/0x2b0 [ 51.813511][ T3607] map_mft_record+0x1db/0x6b0 [ 51.818176][ T3607] ntfs_read_locked_inode+0x19c/0x5ae0 [ 51.823625][ T3607] ntfs_read_inode_mount+0xd72/0x2580 [ 51.829002][ T3607] ntfs_fill_super+0x17c7/0x9300 [ 51.833936][ T3607] ? lock_downgrade+0x6e0/0x6e0 [ 51.838781][ T3607] ? parse_options+0x1d70/0x1d70 [ 51.843729][ T3607] ? snprintf+0xbb/0xf0 [ 51.847941][ T3607] ? vsprintf+0x30/0x30 [ 51.852094][ T3607] ? wait_for_completion_io_timeout+0x20/0x20 [ 51.858154][ T3607] ? up_write+0x148/0x470 [ 51.862470][ T3607] ? set_blocksize+0x2e5/0x370 [ 51.867222][ T3607] mount_bdev+0x34d/0x410 [ 51.871538][ T3607] ? parse_options+0x1d70/0x1d70 [ 51.876464][ T3607] ? ntfs_rl_punch_nolock+0x15b0/0x15b0 [ 51.882002][ T3607] legacy_get_tree+0x105/0x220 [ 51.886768][ T3607] vfs_get_tree+0x89/0x2f0 [ 51.891169][ T3607] path_mount+0x1326/0x1e20 [ 51.895660][ T3607] ? kmem_cache_free.part.0+0x1d3/0x2e0 [ 51.901191][ T3607] ? putname+0xfe/0x140 [ 51.905332][ T3607] ? finish_automount+0x960/0x960 [ 51.910337][ T3607] ? putname+0xfe/0x140 [ 51.914476][ T3607] __x64_sys_mount+0x27f/0x300 [ 51.919223][ T3607] ? copy_mnt_ns+0xae0/0xae0 [ 51.923797][ T3607] ? lockdep_hardirqs_on+0x79/0x100 [ 51.928977][ T3607] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.934182][ T3607] ? ptrace_notify+0xfa/0x140 [ 51.938846][ T3607] do_syscall_64+0x35/0xb0 [ 51.943248][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.949125][ T3607] RIP: 0033:0x7f0219dbd33a [ 51.953524][ T3607] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.973118][ T3607] RSP: 002b:00007fffd09ac558 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 51.981512][ T3607] RAX: ffffffffffffffda RBX: 00007fffd09ac5b0 RCX: 00007f0219dbd33a [ 51.989466][ T3607] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffd09ac570 [ 51.997420][ T3607] RBP: 00007fffd09ac570 R08: 00007fffd09ac5b0 R09: 0000000000000000 [ 52.005376][ T3607] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002c0 [ 52.013329][ T3607] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000008 [ 52.021285][ T3607] [ 52.024286][ T3607] Modules linked in: [ 52.028382][ T3607] ---[ end trace 0000000000000000 ]--- [ 52.033906][ T3607] RIP: 0010:ntfs_read_folio+0x2346/0x2e10 [ 52.039639][ T3607] Code: 00 48 8b 44 24 50 31 ff 48 8b 98 30 fd ff ff 48 c1 eb 03 83 e3 01 89 de e8 f7 c4 e1 fe 84 db 0f 85 59 eb ff ff e8 6a c8 e1 fe <0f> 0b e8 63 c8 e1 fe 48 c7 c6 a0 e7 20 8a 4c 89 f7 e8 74 95 17 ff [ 52.059473][ T3607] RSP: 0018:ffffc90002f97728 EFLAGS: 00010293 [ 52.065630][ T3607] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 52.073654][ T3607] RDX: ffff888072630100 RSI: ffffffff82996fb6 RDI: 0000000000000001 [ 52.081654][ T3607] RBP: ffff88806d07c090 R08: 0000000000000001 R09: 0000000000000000 [ 52.089608][ T3607] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88806d07c090 [ 52.097616][ T3607] R13: ffffea0001b51418 R14: ffffea0001b51400 R15: ffffea0001b51420 [ 52.105611][ T3607] FS: 0000555556b82300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 52.114577][ T3607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.121195][ T3607] CR2: 000055895c90c0e8 CR3: 000000007c9e3000 CR4: 00000000003506e0 [ 52.129163][ T3607] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.137157][ T3607] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.145168][ T3607] Kernel panic - not syncing: Fatal exception [ 52.151378][ T3607] Kernel Offset: disabled [ 52.155695][ T3607] Rebooting in 86400 seconds..