./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1654259543 <...> no interfaces have a carrier [ 28.413585][ T4878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.423246][ T4878] eql: remember to turn off Van-Jacobson compression on your slave devices [ 28.696525][ T4962] ssh-keygen (4962) used greatest stack depth: 22672 bytes left Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. execve("./syz-executor1654259543", ["./syz-executor1654259543"], 0x7ffc9b1c55e0 /* 10 vars */) = 0 brk(NULL) = 0x555556136000 brk(0x555556136c40) = 0x555556136c40 arch_prctl(ARCH_SET_FS, 0x555556136300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1654259543", 4096) = 28 brk(0x555556157c40) = 0x555556157c40 brk(0x555556158000) = 0x555556158000 mprotect(0x7fbeed811000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5298 mkdir("./syzkaller.mBnFiQ", 0700) = 0 chmod("./syzkaller.mBnFiQ", 0777) = 0 chdir("./syzkaller.mBnFiQ") = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee5338000 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7fbee5338000, 2097152) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 syzkaller login: [ 53.654437][ T5298] loop0: detected capacity change from 0 to 4096 [ 53.664498][ T5298] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 53.686964][ T5298] ================================================================== [ 53.695113][ T5298] BUG: KASAN: slab-out-of-bounds in memcmp+0x1a4/0x1c0 [ 53.701968][ T5298] Read of size 1 at addr ffff888017c71e20 by task syz-executor165/5298 [ 53.710178][ T5298] [ 53.712478][ T5298] CPU: 1 PID: 5298 Comm: syz-executor165 Not tainted 6.1.0-syzkaller-09941-ge2ca6ba6ba01 #0 [ 53.722515][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.732545][ T5298] Call Trace: [ 53.735800][ T5298] [ 53.738710][ T5298] dump_stack_lvl+0xd1/0x138 [ 53.743285][ T5298] print_report+0x15e/0x45d [ 53.747775][ T5298] ? __phys_addr+0xc8/0x140 [ 53.752260][ T5298] ? memcmp+0x1a4/0x1c0 [ 53.756395][ T5298] kasan_report+0xbf/0x1f0 [ 53.760788][ T5298] ? memcmp+0x1a4/0x1c0 [ 53.764923][ T5298] memcmp+0x1a4/0x1c0 [ 53.768883][ T5298] ? mi_enum_attr+0x353/0x640 [ 53.773566][ T5298] mi_find_attr+0x153/0x240 [ 53.778049][ T5298] ni_find_attr+0x309/0x630 [ 53.782534][ T5298] ? ni_load_mi+0x100/0x100 [ 53.787364][ T5298] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.793241][ T5298] ntfs_objid_init+0xc3/0x220 [ 53.797903][ T5298] ? ntfs_reparse_init+0x220/0x220 [ 53.802998][ T5298] ntfs_fill_super+0x31fd/0x3860 [ 53.807921][ T5298] ? put_ntfs+0x330/0x330 [ 53.812231][ T5298] ? set_blocksize+0x2c9/0x370 [ 53.816976][ T5298] get_tree_bdev+0x444/0x760 [ 53.821547][ T5298] ? put_ntfs+0x330/0x330 [ 53.825856][ T5298] vfs_get_tree+0x8d/0x2f0 [ 53.830252][ T5298] path_mount+0x132a/0x1e20 [ 53.834758][ T5298] ? kmem_cache_free+0xee/0x5c0 [ 53.839585][ T5298] ? finish_automount+0x960/0x960 [ 53.844592][ T5298] ? putname+0x102/0x140 [ 53.848991][ T5298] __x64_sys_mount+0x283/0x300 [ 53.853762][ T5298] ? copy_mnt_ns+0xb30/0xb30 [ 53.858331][ T5298] ? lockdep_hardirqs_on+0x7d/0x100 [ 53.863534][ T5298] ? _raw_spin_unlock_irq+0x2e/0x50 [ 53.868727][ T5298] ? ptrace_notify+0xfe/0x140 [ 53.873389][ T5298] do_syscall_64+0x39/0xb0 [ 53.877786][ T5298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.883661][ T5298] RIP: 0033:0x7fbeed785bba [ 53.888055][ T5298] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.907638][ T5298] RSP: 002b:00007ffcfc3614c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 53.916025][ T5298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbeed785bba [ 53.923975][ T5298] RDX: 000000002001f340 RSI: 000000002001f380 RDI: 00007ffcfc3614e0 [ 53.931921][ T5298] RBP: 00007ffcfc3614e0 R08: 00007ffcfc361520 R09: 000000000001f365 [ 53.939868][ T5298] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 53.947814][ T5298] R13: 00005555561362c0 R14: 0000000000000000 R15: 00007ffcfc361520 [ 53.955765][ T5298] [ 53.958759][ T5298] [ 53.961057][ T5298] Allocated by task 4878: [ 53.965358][ T5298] kasan_save_stack+0x22/0x40 [ 53.970036][ T5298] kasan_set_track+0x25/0x30 [ 53.974616][ T5298] __kasan_kmalloc+0xa5/0xb0 [ 53.979182][ T5298] rtnl_newlink+0x4a/0xa0 [ 53.983490][ T5298] rtnetlink_rcv_msg+0x43e/0xca0 [ 53.988407][ T5298] netlink_rcv_skb+0x165/0x440 [ 53.993153][ T5298] netlink_unicast+0x547/0x7f0 [ 53.997896][ T5298] netlink_sendmsg+0x91b/0xe10 [ 54.002639][ T5298] sock_sendmsg+0xd3/0x120 [ 54.007032][ T5298] ____sys_sendmsg+0x712/0x8c0 [ 54.011777][ T5298] ___sys_sendmsg+0x110/0x1b0 [ 54.016433][ T5298] __sys_sendmsg+0xf7/0x1c0 [ 54.020915][ T5298] do_syscall_64+0x39/0xb0 [ 54.025313][ T5298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.031193][ T5298] [ 54.033508][ T5298] The buggy address belongs to the object at ffff888017c71000 [ 54.033508][ T5298] which belongs to the cache kmalloc-2k of size 2048 [ 54.047532][ T5298] The buggy address is located 1568 bytes to the right of [ 54.047532][ T5298] 2048-byte region [ffff888017c71000, ffff888017c71800) [ 54.061480][ T5298] [ 54.063781][ T5298] The buggy address belongs to the physical page: [ 54.070168][ T5298] page:ffffea00005f1c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888017c76000 pfn:0x17c70 [ 54.081599][ T5298] head:ffffea00005f1c00 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 [ 54.091632][ T5298] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 54.099589][ T5298] raw: 00fff00000010200 ffff888012442000 ffffea00005e9600 dead000000000002 [ 54.108148][ T5298] raw: ffff888017c76000 0000000080080004 00000001ffffffff 0000000000000000 [ 54.116700][ T5298] page dumped because: kasan: bad access detected [ 54.123083][ T5298] page_owner tracks the page as allocated [ 54.128785][ T5298] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2110375920, free_ts 0 [ 54.148475][ T5298] get_page_from_freelist+0x119c/0x2ce0 [ 54.154181][ T5298] __alloc_pages+0x1cb/0x5b0 [ 54.158756][ T5298] alloc_page_interleave+0x1e/0x200 [ 54.163928][ T5298] alloc_pages+0x233/0x270 [ 54.168320][ T5298] allocate_slab+0x25f/0x350 [ 54.172890][ T5298] ___slab_alloc+0xa91/0x1400 [ 54.177549][ T5298] __slab_alloc.constprop.0+0x56/0xa0 [ 54.182901][ T5298] __kmem_cache_alloc_node+0x1a4/0x430 [ 54.188334][ T5298] kmalloc_trace+0x26/0x60 [ 54.192730][ T5298] acpi_ds_create_walk_state+0x8c/0x203 [ 54.198261][ T5298] acpi_ps_execute_method+0x1a1/0x620 [ 54.203614][ T5298] acpi_ns_evaluate+0x6d4/0x973 [ 54.208459][ T5298] acpi_ut_evaluate_object+0xf5/0x3fa [ 54.213811][ T5298] acpi_ut_execute_STA+0x86/0x17f [ 54.218814][ T5298] acpi_ns_get_device_callback+0x123/0x415 [ 54.224616][ T5298] acpi_ns_walk_namespace+0x250/0x432 [ 54.229985][ T5298] page_owner free stack trace missing [ 54.235324][ T5298] [ 54.237622][ T5298] Memory state around the buggy address: [ 54.243222][ T5298] ffff888017c71d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.251256][ T5298] ffff888017c71d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.259291][ T5298] >ffff888017c71e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.267324][ T5298] ^ [ 54.272404][ T5298] ffff888017c71e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.280454][ T5298] ffff888017c71f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.288486][ T5298] ================================================================== [ 54.296735][ T5298] Kernel panic - not syncing: panic_on_warn set ... [ 54.303319][ T5298] CPU: 1 PID: 5298 Comm: syz-executor165 Not tainted 6.1.0-syzkaller-09941-ge2ca6ba6ba01 #0 [ 54.313374][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.323413][ T5298] Call Trace: [ 54.326673][ T5298] [ 54.329587][ T5298] dump_stack_lvl+0xd1/0x138 [ 54.334172][ T5298] panic+0x2cc/0x626 [ 54.338055][ T5298] ? panic_print_sys_info.part.0+0x110/0x110 [ 54.344024][ T5298] ? preempt_schedule_common+0x59/0xc0 [ 54.349475][ T5298] ? preempt_schedule_thunk+0x1a/0x1c [ 54.354841][ T5298] end_report.part.0+0x3f/0x7c [ 54.359598][ T5298] ? memcmp+0x1a4/0x1c0 [ 54.363741][ T5298] kasan_report.cold+0xa/0xf [ 54.368321][ T5298] ? memcmp+0x1a4/0x1c0 [ 54.372468][ T5298] memcmp+0x1a4/0x1c0 [ 54.376436][ T5298] ? mi_enum_attr+0x353/0x640 [ 54.381102][ T5298] mi_find_attr+0x153/0x240 [ 54.385596][ T5298] ni_find_attr+0x309/0x630 [ 54.390091][ T5298] ? ni_load_mi+0x100/0x100 [ 54.394587][ T5298] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 54.400477][ T5298] ntfs_objid_init+0xc3/0x220 [ 54.405145][ T5298] ? ntfs_reparse_init+0x220/0x220 [ 54.410269][ T5298] ntfs_fill_super+0x31fd/0x3860 [ 54.415202][ T5298] ? put_ntfs+0x330/0x330 [ 54.419527][ T5298] ? set_blocksize+0x2c9/0x370 [ 54.424284][ T5298] get_tree_bdev+0x444/0x760 [ 54.428863][ T5298] ? put_ntfs+0x330/0x330 [ 54.433183][ T5298] vfs_get_tree+0x8d/0x2f0 [ 54.437589][ T5298] path_mount+0x132a/0x1e20 [ 54.442171][ T5298] ? kmem_cache_free+0xee/0x5c0 [ 54.447005][ T5298] ? finish_automount+0x960/0x960 [ 54.452041][ T5298] ? putname+0x102/0x140 [ 54.456279][ T5298] __x64_sys_mount+0x283/0x300 [ 54.461062][ T5298] ? copy_mnt_ns+0xb30/0xb30 [ 54.465640][ T5298] ? lockdep_hardirqs_on+0x7d/0x100 [ 54.470830][ T5298] ? _raw_spin_unlock_irq+0x2e/0x50 [ 54.476011][ T5298] ? ptrace_notify+0xfe/0x140 [ 54.480673][ T5298] do_syscall_64+0x39/0xb0 [ 54.485077][ T5298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.490961][ T5298] RIP: 0033:0x7fbeed785bba [ 54.495359][ T5298] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.514951][ T5298] RSP: 002b:00007ffcfc3614c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 54.523350][ T5298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbeed785bba [ 54.531303][ T5298] RDX: 000000002001f340 RSI: 000000002001f380 RDI: 00007ffcfc3614e0 [ 54.539258][ T5298] RBP: 00007ffcfc3614e0 R08: 00007ffcfc361520 R09: 000000000001f365 [ 54.547234][ T5298] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 54.555191][ T5298] R13: 00005555561362c0 R14: 0000000000000000 R15: 00007ffcfc361520 [ 54.563179][ T5298] [ 54.567023][ T5298] Kernel Offset: disabled [ 54.571333][ T5298] Rebooting in 86400 seconds..