./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3571249771
<...>
no interfaces have a carrier
[ 27.952592][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0
[ 27.966552][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: [ 28.457280][ T3300] sshd (3300) used greatest stack depth: 22376 bytes left
OK
syzkaller
Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts.
execve("./syz-executor3571249771", ["./syz-executor3571249771"], 0x7fff9747fcb0 /* 10 vars */) = 0
brk(NULL) = 0x555555c65000
brk(0x555555c65c40) = 0x555555c65c40
arch_prctl(ARCH_SET_FS, 0x555555c65300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3571249771", 4096) = 28
brk(0x555555c86c40) = 0x555555c86c40
brk(0x555555c87000) = 0x555555c87000
mprotect(0x7fbc2927c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c655d0) = 3630
./strace-static-x86_64: Process 3630 attached
[pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3630] setpgid(0, 0) = 0
[pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3630] write(3, "1000", 4) = 4
[pid 3630] close(3) = 0
[pid 3630] memfd_create("syzkaller", 0) = 3
[pid 3630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc20da1000
[pid 3630] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x20\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf4\x00\x00\x00\xf4\x00\x00\x00\x92\x9d\x3e\x59\x8b\x7e\x69\x31\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 4194304) = 4194304
[pid 3630] munmap(0x7fbc20da1000, 4194304) = 0
[pid 3630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3630] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3630] close(3) = 0
[pid 3630] mkdir("./file0", 0777) = 0
syzkaller login: [ 70.117994][ T3630] loop0: detected capacity change from 0 to 8192
[ 70.131119][ T3630] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[ 70.141948][ T3630] ==================================================================
[ 70.149995][ T3630] BUG: KASAN: use-after-free in mi_enum_attr+0x605/0x640
[ 70.157098][ T3630] Read of size 4 at addr ffff888173f0e047 by task syz-executor357/3630
[ 70.165310][ T3630]
[ 70.167608][ T3630] CPU: 1 PID: 3630 Comm: syz-executor357 Not tainted 6.1.0-syzkaller #0
[ 70.175924][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 70.186047][ T3630] Call Trace:
[ 70.189328][ T3630]
[ 70.192244][ T3630] dump_stack_lvl+0xd1/0x138
[ 70.196823][ T3630] print_report+0x15e/0x45d
[ 70.201336][ T3630] ? __phys_addr+0xc8/0x140
[ 70.205837][ T3630] ? mi_enum_attr+0x605/0x640
[ 70.210515][ T3630] kasan_report+0xbf/0x1f0
[ 70.214934][ T3630] ? mi_enum_attr+0x605/0x640
[ 70.219597][ T3630] mi_enum_attr+0x605/0x640
[ 70.224088][ T3630] ni_enum_attr_ex+0x31d/0x400
[ 70.228842][ T3630] ? ntfs_read_bh+0x52/0xb0
[ 70.233321][ T3630] ? ni_fname_type.part.0+0x1e0/0x1e0
[ 70.238687][ T3630] ? mi_read+0x283/0x5b0
[ 70.242917][ T3630] ntfs_iget5+0xac0/0x3280
[ 70.247321][ T3630] ? ntfs_write_end+0x800/0x800
[ 70.252166][ T3630] ntfs_loadlog_and_replay+0x128/0x5d0
[ 70.257618][ T3630] ? ntfs_write_end+0x800/0x800
[ 70.262464][ T3630] ? ntfs_bio_fill_1+0xa10/0xa10
[ 70.267407][ T3630] ? destroy_inode+0xc4/0x1b0
[ 70.272087][ T3630] ntfs_fill_super+0x1f03/0x37f0
[ 70.277031][ T3630] ? put_ntfs+0x330/0x330
[ 70.281363][ T3630] ? set_blocksize+0x2e9/0x380
[ 70.286128][ T3630] get_tree_bdev+0x444/0x760
[ 70.290721][ T3630] ? put_ntfs+0x330/0x330
[ 70.295054][ T3630] vfs_get_tree+0x8d/0x2f0
[ 70.299471][ T3630] path_mount+0x132a/0x1e20
[ 70.303978][ T3630] ? kmem_cache_free+0xee/0x5c0
[ 70.308823][ T3630] ? finish_automount+0x960/0x960
[ 70.313851][ T3630] ? putname+0x102/0x140
[ 70.318100][ T3630] __x64_sys_mount+0x283/0x300
[ 70.323031][ T3630] ? copy_mnt_ns+0xae0/0xae0
[ 70.327620][ T3630] ? lockdep_hardirqs_on+0x7d/0x100
[ 70.332824][ T3630] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.338102][ T3630] ? ptrace_notify+0xfe/0x140
[ 70.342782][ T3630] do_syscall_64+0x39/0xb0
[ 70.347197][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.353191][ T3630] RIP: 0033:0x7fbc291ef92a
[ 70.357594][ T3630] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.377207][ T3630] RSP: 002b:00007ffe1cdba4a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 70.385619][ T3630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbc291ef92a
[ 70.394118][ T3630] RDX: 0000000020020bc0 RSI: 0000000020020c00 RDI: 00007ffe1cdba4c0
[ 70.402103][ T3630] RBP: 00007ffe1cdba4c0 R08: 00007ffe1cdba500 R09: 0000000000000000
[ 70.410080][ T3630] R10: 0000000000018882 R11: 0000000000000286 R12: 0000000000000004
[ 70.418060][ T3630] R13: 0000555555c652c0 R14: 0000000000018882 R15: 00007ffe1cdba500
[ 70.426032][ T3630]
[ 70.429057][ T3630]
[ 70.431373][ T3630] The buggy address belongs to the physical page:
[ 70.437782][ T3630] page:ffffea0005cfc380 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x173f0e
[ 70.448309][ T3630] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[ 70.455503][ T3630] raw: 057ff00000000000 ffffea0005cfc388 ffffea0005cfc388 0000000000000000
[ 70.464073][ T3630] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 70.472656][ T3630] page dumped because: kasan: bad access detected
[ 70.479074][ T3630] page_owner info is not present (never set?)
[ 70.485137][ T3630]
[ 70.487446][ T3630] Memory state around the buggy address:
[ 70.493056][ T3630] ffff888173f0df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 70.501105][ T3630] ffff888173f0df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 70.509152][ T3630] >ffff888173f0e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 70.517194][ T3630] ^
[ 70.523336][ T3630] ffff888173f0e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 70.531378][ T3630] ffff888173f0e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 70.539417][ T3630] ==================================================================
[ 70.548786][ T3630] Kernel panic - not syncing: panic_on_warn set ...
[ 70.555376][ T3630] CPU: 1 PID: 3630 Comm: syz-executor357 Not tainted 6.1.0-syzkaller #0
[ 70.563691][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 70.573735][ T3630] Call Trace:
[ 70.577002][ T3630]
[ 70.580284][ T3630] dump_stack_lvl+0xd1/0x138
[ 70.584874][ T3630] panic+0x2cc/0x626
[ 70.588780][ T3630] ? panic_print_sys_info.part.0+0x110/0x110
[ 70.594760][ T3630] ? preempt_schedule_common+0x59/0xc0
[ 70.600237][ T3630] ? preempt_schedule_thunk+0x1a/0x1c
[ 70.605630][ T3630] end_report.part.0+0x3f/0x7c
[ 70.610387][ T3630] ? mi_enum_attr+0x605/0x640
[ 70.615090][ T3630] kasan_report.cold+0xa/0xf
[ 70.619676][ T3630] ? mi_enum_attr+0x605/0x640
[ 70.624357][ T3630] mi_enum_attr+0x605/0x640
[ 70.628854][ T3630] ni_enum_attr_ex+0x31d/0x400
[ 70.633608][ T3630] ? ntfs_read_bh+0x52/0xb0
[ 70.638096][ T3630] ? ni_fname_type.part.0+0x1e0/0x1e0
[ 70.643455][ T3630] ? mi_read+0x283/0x5b0
[ 70.647693][ T3630] ntfs_iget5+0xac0/0x3280
[ 70.652125][ T3630] ? ntfs_write_end+0x800/0x800
[ 70.656987][ T3630] ntfs_loadlog_and_replay+0x128/0x5d0
[ 70.662436][ T3630] ? ntfs_write_end+0x800/0x800
[ 70.667367][ T3630] ? ntfs_bio_fill_1+0xa10/0xa10
[ 70.672293][ T3630] ? destroy_inode+0xc4/0x1b0
[ 70.676959][ T3630] ntfs_fill_super+0x1f03/0x37f0
[ 70.681898][ T3630] ? put_ntfs+0x330/0x330
[ 70.686230][ T3630] ? set_blocksize+0x2e9/0x380
[ 70.690992][ T3630] get_tree_bdev+0x444/0x760
[ 70.695583][ T3630] ? put_ntfs+0x330/0x330
[ 70.699909][ T3630] vfs_get_tree+0x8d/0x2f0
[ 70.704324][ T3630] path_mount+0x132a/0x1e20
[ 70.708929][ T3630] ? kmem_cache_free+0xee/0x5c0
[ 70.713770][ T3630] ? finish_automount+0x960/0x960
[ 70.718793][ T3630] ? putname+0x102/0x140
[ 70.723036][ T3630] __x64_sys_mount+0x283/0x300
[ 70.727804][ T3630] ? copy_mnt_ns+0xae0/0xae0
[ 70.732393][ T3630] ? lockdep_hardirqs_on+0x7d/0x100
[ 70.737585][ T3630] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.742778][ T3630] ? ptrace_notify+0xfe/0x140
[ 70.747455][ T3630] do_syscall_64+0x39/0xb0
[ 70.751868][ T3630] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.757756][ T3630] RIP: 0033:0x7fbc291ef92a
[ 70.762158][ T3630] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.781778][ T3630] RSP: 002b:00007ffe1cdba4a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 70.790186][ T3630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbc291ef92a
[ 70.798151][ T3630] RDX: 0000000020020bc0 RSI: 0000000020020c00 RDI: 00007ffe1cdba4c0
[ 70.806118][ T3630] RBP: 00007ffe1cdba4c0 R08: 00007ffe1cdba500 R09: 0000000000000000
[ 70.814081][ T3630] R10: 0000000000018882 R11: 0000000000000286 R12: 0000000000000004
[ 70.822043][ T3630] R13: 0000555555c652c0 R14: 0000000000018882 R15: 00007ffe1cdba500
[ 70.830009][ T3630]
[ 70.833799][ T3630] Kernel Offset: disabled
[ 70.838119][ T3630] Rebooting in 86400 seconds..