./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3858510130 <...> Warning: Permanently added '10.128.10.11' (ED25519) to the list of known hosts. execve("./syz-executor3858510130", ["./syz-executor3858510130"], 0x7ffebab1e440 /* 10 vars */) = 0 brk(NULL) = 0x555556cf8000 brk(0x555556cf8e00) = 0x555556cf8e00 arch_prctl(ARCH_SET_FS, 0x555556cf8480) = 0 set_tid_address(0x555556cf8750) = 5064 set_robust_list(0x555556cf8760, 24) = 0 rseq(0x555556cf8da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3858510130", 4096) = 28 getrandom("\x27\x99\x3e\x9c\x78\x2b\x91\x6c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556cf8e00 brk(0x555556d19e00) = 0x555556d19e00 brk(0x555556d1a000) = 0x555556d1a000 mprotect(0x7fb43cf9a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fb43cef2250, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb43cefa2a0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fb43cef2250, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb43cefa2a0}, NULL, 8) = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb434ae8000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7fb434ae8000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file2", 0777) = 0 [ 55.342122][ T5064] loop0: detected capacity change from 0 to 512 mount("/dev/loop0", "./file2", "ext4", MS_NOSUID|MS_SILENT|MS_LAZYTIME, ",errors=continue") = 0 openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 chdir("./file2") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 55.388414][ T5064] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.400992][ T5064] ext4 filesystem being mounted at /root/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.456026][ T5064] EXT4-fs error (device loop0): ext4_do_update_inode:5105: inode #2: comm syz-executor385: corrupted inode contents [ 55.469399][ T5064] EXT4-fs error (device loop0): ext4_dirty_inode:5965: inode #2: comm syz-executor385: mark_inode_dirty error [ 55.482853][ T5064] EXT4-fs error (device loop0): ext4_do_update_inode:5105: inode #2: comm syz-executor385: corrupted inode contents mkdir("./file2", 0777) = -1 EUCLEAN (Structure needs cleaning) --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- mkdir("./file1", 000) = 0 creat("./bus", 0522) = 4 mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 chdir(0x20000080) = 0 memfd_create("syzkaller", 0) = 6 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb434ae8000 write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 munmap(0x7fb434ae8000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) ioctl(7, LOOP_CLR_FD) = 0 ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) close(7) = 0 close(6) = 0 [ 55.495790][ T5064] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz-executor385: mark_inode_dirty error open(0x20000300, O_RDONLY) = 6 ioctl(6, FS_IOC_SETFLAGS, 0x200001c0) = -1 EOPNOTSUPP (Operation not supported) [ 55.550018][ T5064] general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN [ 55.561753][ T5064] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 55.570147][ T5064] CPU: 0 PID: 5064 Comm: syz-executor385 Not tainted 6.7.0-rc6-syzkaller-00078-ga4aebe936554 #0 [ 55.580544][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 55.590587][ T5064] RIP: 0010:utf8nlookup+0x3a/0x890 [ 55.595711][ T5064] Code: 89 fb 48 83 ec 20 48 89 54 24 10 4c 89 44 24 08 e8 8b 76 f2 fe 48 8d 7b 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8e 07 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b [ 55.615317][ T5064] RSP: 0018:ffffc900039cf958 EFLAGS: 00010216 [ 55.621367][ T5064] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88807ee5a4d8 [ 55.629320][ T5064] RDX: 0000000000000003 RSI: ffffffff8294fb45 RDI: 0000000000000018 [ 55.637301][ T5064] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000080 [ 55.645254][ T5064] R10: 0000000000000040 R11: ffffffff81ddf493 R12: 0000000000000000 [ 55.653207][ T5064] R13: ffff88807ee5a4d8 R14: ffffc900039cfa70 R15: ffffc900039cfa70 [ 55.661160][ T5064] FS: 0000555556cf8480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 55.670167][ T5064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.676738][ T5064] CR2: 0000559d589bb000 CR3: 00000000774da000 CR4: 0000000000350ef0 [ 55.684698][ T5064] Call Trace: [ 55.687960][ T5064] [ 55.690874][ T5064] ? show_regs+0x8f/0xa0 [ 55.695100][ T5064] ? die_addr+0x4f/0xd0 [ 55.699237][ T5064] ? exc_general_protection+0x155/0x230 [ 55.704786][ T5064] ? asm_exc_general_protection+0x26/0x30 [ 55.710491][ T5064] ? kasan_save_stack+0x33/0x50 [ 55.715326][ T5064] ? utf8nlookup+0x25/0x890 [ 55.719815][ T5064] ? utf8nlookup+0x3a/0x890 [ 55.724300][ T5064] ? utf8nlookup+0x25/0x890 [ 55.728788][ T5064] utf8byte+0x1ca/0x1390 [ 55.733014][ T5064] utf8_casefold+0x16c/0x230 [ 55.737606][ T5064] ? utf8_strncasecmp_folded+0x240/0x240 [ 55.743226][ T5064] ext4_fname_setup_ci_filename+0x18b/0x490 [ 55.749110][ T5064] ext4_fname_prepare_lookup+0x168/0x350 [ 55.754736][ T5064] ? ext4_fname_setup_filename+0x250/0x250 [ 55.760618][ T5064] ? lock_acquire+0x1ae/0x520 [ 55.765287][ T5064] ext4_lookup+0x147/0x740 [ 55.769726][ T5064] ? ext4_resetent+0x260/0x260 [ 55.774475][ T5064] ? reacquire_held_locks+0x4c0/0x4c0 [ 55.779837][ T5064] ? do_raw_spin_lock+0x12e/0x2b0 [ 55.784848][ T5064] ? do_raw_spin_unlock+0x173/0x230 [ 55.790024][ T5064] ? _raw_spin_unlock+0x28/0x40 [ 55.794852][ T5064] ? d_alloc+0x1b7/0x220 [ 55.799071][ T5064] lookup_one_qstr_excl+0x116/0x180 [ 55.804248][ T5064] filename_create+0x1ed/0x530 [ 55.808995][ T5064] ? vfs_path_parent_lookup+0x50/0x50 [ 55.814347][ T5064] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.820223][ T5064] ? __virt_addr_valid+0x5e/0x2d0 [ 55.825228][ T5064] do_mkdirat+0xab/0x3a0 [ 55.829474][ T5064] ? __ia32_sys_mknod+0xb0/0xb0 [ 55.834315][ T5064] ? getname_flags.part.0+0x1e2/0x4e0 [ 55.839667][ T5064] __x64_sys_mkdir+0xf2/0x140 [ 55.844330][ T5064] do_syscall_64+0x40/0x110 [ 55.848823][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.854705][ T5064] RIP: 0033:0x7fb43cf25557 [ 55.859098][ T5064] Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.878691][ T5064] RSP: 002b:00007ffe7913d128 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 [ 55.887087][ T5064] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fb43cf25557 [ 55.895041][ T5064] RDX: 0000000000000040 RSI: 00000000000001ff RDI: 0000000020000540 [ 55.902989][ T5064] RBP: 00007ffe7913d1c0 R08: 00000000000000fd R09: 0000000000000000 [ 55.910950][ T5064] R10: 0000000000000249 R11: 0000000000000286 R12: 0000000020000540 [ 55.919087][ T5064] R13: 00000000200000c0 R14: 0000000000000000 R15: 0000000000000000 [ 55.927046][ T5064] [ 55.930045][ T5064] Modules linked in: [ 55.934570][ T5064] ---[ end trace 0000000000000000 ]--- [ 55.940150][ T5064] RIP: 0010:utf8nlookup+0x3a/0x890 [ 55.945416][ T5064] Code: 89 fb 48 83 ec 20 48 89 54 24 10 4c 89 44 24 08 e8 8b 76 f2 fe 48 8d 7b 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8e 07 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b [ 55.965066][ T5064] RSP: 0018:ffffc900039cf958 EFLAGS: 00010216 [ 55.971168][ T5064] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88807ee5a4d8 [ 55.979175][ T5064] RDX: 0000000000000003 RSI: ffffffff8294fb45 RDI: 0000000000000018 [ 55.987191][ T5064] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000080 [ 55.995189][ T5064] R10: 0000000000000040 R11: ffffffff81ddf493 R12: 0000000000000000 [ 56.003190][ T5064] R13: ffff88807ee5a4d8 R14: ffffc900039cfa70 R15: ffffc900039cfa70 [ 56.011145][ T5064] FS: 0000555556cf8480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.020136][ T5064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.026739][ T5064] CR2: 0000559d589bb000 CR3: 00000000774da000 CR4: 0000000000350ef0 [ 56.034727][ T5064] Kernel panic - not syncing: Fatal exception [ 56.041032][ T5064] Kernel Offset: disabled [ 56.045338][ T5064] Rebooting in 86400 seconds..