./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1502811458
<...>
forked to background, child pid 3183
no interfaces have a carri[ 22.113357][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0
er
[ 22.123180][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.108' (ECDSA) to the list of known hosts.
execve("./syz-executor1502811458", ["./syz-executor1502811458"], 0x7ffdbfca8830 /* 10 vars */) = 0
brk(NULL) = 0x5555568f5000
brk(0x5555568f5c40) = 0x5555568f5c40
arch_prctl(ARCH_SET_FS, 0x5555568f5300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1502811458", 4096) = 28
brk(0x555556916c40) = 0x555556916c40
brk(0x555556917000) = 0x555556917000
mprotect(0x7f6608ef6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 3612
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3612", 4) = 4
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3612}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3) = 0
close(4) = 0
getpid() = 3612
mkdir("./syzkaller.Y0kk4j", 0700) = 0
chmod("./syzkaller.Y0kk4j", 0777) = 0
chdir("./syzkaller.Y0kk4j") = 0
memfd_create("syzkaller", 0) = 3
ftruncate(3, 286849) = 0
pwrite64(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02", 69, 0) = 69
pwrite64(3, "\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x40\x00\x01\x00\xa0\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x60\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x48\x00\x00\x00\x18\x00\x00\x00\x80\x18\x75\xc1\x34\x4f\xd8\x01\x80\x18\x75\xc1"..., 403, 16384) = 403
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x00\x00\x00\x48\x00\x00\x00\x01\x00\x40\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x11\x01\x04\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x03\x00\x46\x49\x4c\x45"..., 373, 18336) = 373
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x40\x00\x01\x00\x60\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 373, 20448) = 373
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x01\x00\x40\x00\x01\x00\xe8\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 493, 22496) = 493
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x01\x00\x40\x00\x01\x00\xc8\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 475, 24544) = 475
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x01\x00\x40\x00\x03\x00\x08\x02\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x05\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 373, 26592) = 373
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x01\x00\x40\x00\x01\x00\x58\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x06\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 363, 28640) = 363
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x01\x00\x40\x00\x01\x00\x80\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x08\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 403, 32736) = 403
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x01\x00\x40\x00\x09\x00\x08\x03\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x09\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 797, 34784) = 797
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x01\x00\x40\x00\x01\x00\xa0\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x0a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00"..., 363, 36832) = 363
pwrite64(3, "\x10", 1, 286848) = 1
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
mkdir("./file0", 0777) = 0
syzkaller login: [ 43.666732][ T3612] loop0: detected capacity change from 0 to 560
[ 43.679526][ T3612] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[ 43.688649][ T3612] ntfs3: loop0: RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only
[ 43.700731][ T3612] ==================================================================
[ 43.708960][ T3612] BUG: KASAN: use-after-free in run_unpack+0x8b7/0x970
[ 43.715806][ T3612] Read of size 1 at addr ffff88807f395110 by task syz-executor150/3612
[ 43.724456][ T3612]
[ 43.726759][ T3612] CPU: 1 PID: 3612 Comm: syz-executor150 Not tainted 6.0.0-syzkaller #0
[ 43.735149][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 43.745449][ T3612] Call Trace:
[ 43.748710][ T3612]
[ 43.751857][ T3612] dump_stack_lvl+0xcd/0x134
[ 43.756448][ T3612] print_report.cold+0x2ba/0x719
[ 43.762135][ T3612] ? run_unpack+0x8b7/0x970
[ 43.766622][ T3612] kasan_report+0xb1/0x1e0
[ 43.771021][ T3612] ? run_unpack+0x8b7/0x970
[ 43.775504][ T3612] run_unpack+0x8b7/0x970
[ 43.779876][ T3612] ? run_pack+0x1100/0x1100
[ 43.784359][ T3612] ? ntfs_bread_run+0x310/0x310
[ 43.789192][ T3612] run_unpack_ex+0xb0/0x7c0
[ 43.793678][ T3612] ? mi_enum_attr+0x34f/0x630
[ 43.798507][ T3612] ? ni_enum_attr_ex+0x281/0x400
[ 43.803426][ T3612] ? run_unpack+0x970/0x970
[ 43.807907][ T3612] ? ni_fname_type.part.0+0x1e0/0x1e0
[ 43.813257][ T3612] ? mi_read+0x27f/0x5b0
[ 43.817479][ T3612] ntfs_iget5+0xc20/0x3280
[ 43.821873][ T3612] ? ntfs_write_end+0x800/0x800
[ 43.826698][ T3612] ? ntfs_sync_fs+0x400/0x400
[ 43.831369][ T3612] ? destroy_inode+0xc4/0x1b0
[ 43.836027][ T3612] ? iput.part.0+0x55d/0x810
[ 43.840600][ T3612] ntfs_fill_super+0x1ecc/0x37f0
[ 43.845626][ T3612] ? put_ntfs+0x330/0x330
[ 43.849955][ T3612] ? set_blocksize+0x2e5/0x370
[ 43.854701][ T3612] get_tree_bdev+0x440/0x760
[ 43.859278][ T3612] ? put_ntfs+0x330/0x330
[ 43.863589][ T3612] vfs_get_tree+0x89/0x2f0
[ 43.867989][ T3612] path_mount+0x1326/0x1e20
[ 43.872478][ T3612] ? kmem_cache_free+0xeb/0x5b0
[ 43.877329][ T3612] ? finish_automount+0x960/0x960
[ 43.882337][ T3612] ? putname+0xfe/0x140
[ 43.886495][ T3612] __x64_sys_mount+0x27f/0x300
[ 43.891245][ T3612] ? copy_mnt_ns+0xae0/0xae0
[ 43.895817][ T3612] ? lockdep_hardirqs_on+0x79/0x100
[ 43.900999][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40
[ 43.906177][ T3612] ? ptrace_notify+0xfa/0x140
[ 43.911101][ T3612] do_syscall_64+0x35/0xb0
[ 43.915675][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.921551][ T3612] RIP: 0033:0x7f6608e8e89a
[ 43.925971][ T3612] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.945819][ T3612] RSP: 002b:00007fff69b2dab8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 43.954214][ T3612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6608e8e89a
[ 43.962257][ T3612] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff69b2dad0
[ 43.970214][ T3612] RBP: 00007fff69b2dad0 R08: 00007fff69b2db10 R09: 00005555568f52c0
[ 43.978170][ T3612] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 43.986119][ T3612] R13: 00007fff69b2db10 R14: 000000000000000c R15: 0000000020000320
[ 43.994248][ T3612]
[ 43.997247][ T3612]
[ 43.999567][ T3612] Allocated by task 2971:
[ 44.003970][ T3612] kasan_save_stack+0x1e/0x40
[ 44.008629][ T3612] __kasan_kmalloc+0xa9/0xd0
[ 44.013201][ T3612] sk_prot_alloc+0x143/0x290
[ 44.017784][ T3612] sk_alloc+0x36/0x770
[ 44.021833][ T3612] __netlink_create+0x63/0x380
[ 44.026595][ T3612] netlink_create+0x3ad/0x5e0
[ 44.031263][ T3612] __sock_create+0x355/0x790
[ 44.035833][ T3612] __sys_socket+0x12f/0x240
[ 44.040490][ T3612] __x64_sys_socket+0x6f/0xb0
[ 44.045144][ T3612] do_syscall_64+0x35/0xb0
[ 44.049545][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.055481][ T3612]
[ 44.057805][ T3612] Freed by task 22:
[ 44.061588][ T3612] kasan_save_stack+0x1e/0x40
[ 44.066247][ T3612] kasan_set_track+0x21/0x30
[ 44.070814][ T3612] kasan_set_free_info+0x20/0x30
[ 44.075732][ T3612] ____kasan_slab_free+0x166/0x1c0
[ 44.080822][ T3612] slab_free_freelist_hook+0x8b/0x1c0
[ 44.086172][ T3612] kfree+0xe2/0x580
[ 44.090041][ T3612] __sk_destruct+0x5e0/0x710
[ 44.094722][ T3612] __sk_free+0x175/0x460
[ 44.098943][ T3612] sk_free+0x78/0xa0
[ 44.102816][ T3612] deferred_put_nlk_sk+0x151/0x2f0
[ 44.107909][ T3612] rcu_core+0x7b5/0x1890
[ 44.112132][ T3612] __do_softirq+0x1d3/0x9c6
[ 44.116619][ T3612]
[ 44.118922][ T3612] Last potentially related work creation:
[ 44.124611][ T3612] kasan_save_stack+0x1e/0x40
[ 44.129442][ T3612] __kasan_record_aux_stack+0xbe/0xd0
[ 44.134794][ T3612] call_rcu+0x99/0x790
[ 44.138842][ T3612] netlink_release+0xeff/0x1db0
[ 44.143689][ T3612] __sock_release+0xcd/0x280
[ 44.148258][ T3612] sock_close+0x18/0x20
[ 44.152393][ T3612] __fput+0x277/0x9d0
[ 44.156439][ T3612] task_work_run+0xdd/0x1a0
[ 44.160923][ T3612] do_exit+0xad5/0x29b0
[ 44.165056][ T3612] do_group_exit+0xd2/0x2f0
[ 44.169852][ T3612] __x64_sys_exit_group+0x3a/0x50
[ 44.174856][ T3612] do_syscall_64+0x35/0xb0
[ 44.179250][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.185126][ T3612]
[ 44.187444][ T3612] The buggy address belongs to the object at ffff88807f395000
[ 44.187444][ T3612] which belongs to the cache kmalloc-2k of size 2048
[ 44.202123][ T3612] The buggy address is located 272 bytes inside of
[ 44.202123][ T3612] 2048-byte region [ffff88807f395000, ffff88807f395800)
[ 44.215642][ T3612]
[ 44.217948][ T3612] The buggy address belongs to the physical page:
[ 44.224335][ T3612] page:ffffea0001fce400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f390
[ 44.234466][ T3612] head:ffffea0001fce400 order:3 compound_mapcount:0 compound_pincount:0
[ 44.242914][ T3612] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 44.250879][ T3612] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888011842000
[ 44.259527][ T3612] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 44.268084][ T3612] page dumped because: kasan: bad access detected
[ 44.274558][ T3612] page_owner tracks the page as allocated
[ 44.280243][ T3612] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2956, tgid 2956 (acpid), ts 11123423947, free_ts 10139579660
[ 44.300972][ T3612] get_page_from_freelist+0x109b/0x2ce0
[ 44.306587][ T3612] __alloc_pages+0x1c7/0x510
[ 44.311209][ T3612] alloc_pages+0x1a6/0x270
[ 44.315662][ T3612] allocate_slab+0x27e/0x3d0
[ 44.320228][ T3612] ___slab_alloc+0x7f1/0xe10
[ 44.324795][ T3612] __slab_alloc.constprop.0+0x4d/0xa0
[ 44.330144][ T3612] __kmalloc_node+0x2e2/0x380
[ 44.334883][ T3612] kvmalloc_node+0x3f/0x1b0
[ 44.339453][ T3612] evdev_open+0x117/0x6a0
[ 44.343863][ T3612] chrdev_open+0x266/0x770
[ 44.348264][ T3612] do_dentry_open+0x4a4/0x13a0
[ 44.353014][ T3612] path_openat+0x1c92/0x28f0
[ 44.357587][ T3612] do_filp_open+0x1b6/0x400
[ 44.362071][ T3612] do_sys_openat2+0x16d/0x4c0
[ 44.366723][ T3612] __x64_sys_openat+0x13f/0x1f0
[ 44.371551][ T3612] do_syscall_64+0x35/0xb0
[ 44.375962][ T3612] page last free stack trace:
[ 44.380619][ T3612] free_pcp_prepare+0x5e4/0xd20
[ 44.385628][ T3612] free_unref_page+0x19/0x4d0
[ 44.390380][ T3612] free_contig_range+0xb1/0x180
[ 44.395213][ T3612] destroy_args+0xa8/0x646
[ 44.399610][ T3612] debug_vm_pgtable+0x2945/0x29d6
[ 44.404614][ T3612] do_one_initcall+0xfe/0x650
[ 44.409272][ T3612] kernel_init_freeable+0x6b1/0x73a
[ 44.414460][ T3612] kernel_init+0x1a/0x1d0
[ 44.418773][ T3612] ret_from_fork+0x1f/0x30
[ 44.423172][ T3612]
[ 44.425470][ T3612] Memory state around the buggy address:
[ 44.431073][ T3612] ffff88807f395000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.439110][ T3612] ffff88807f395080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.447144][ T3612] >ffff88807f395100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.455184][ T3612] ^
[ 44.459746][ T3612] ffff88807f395180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.467791][ T3612] ffff88807f395200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.475839][ T3612] ==================================================================
[ 44.484130][ T3612] Kernel panic - not syncing: panic_on_warn set ...
[ 44.490721][ T3612] CPU: 1 PID: 3612 Comm: syz-executor150 Not tainted 6.0.0-syzkaller #0
[ 44.499040][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 44.509172][ T3612] Call Trace:
[ 44.512440][ T3612]
[ 44.515359][ T3612] dump_stack_lvl+0xcd/0x134
[ 44.519950][ T3612] panic+0x2c8/0x627
[ 44.523837][ T3612] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 44.529808][ T3612] ? preempt_schedule_common+0x59/0xc0
[ 44.535256][ T3612] ? preempt_schedule_thunk+0x16/0x18
[ 44.540621][ T3612] ? run_unpack+0x8b7/0x970
[ 44.545113][ T3612] end_report.part.0+0x3f/0x7c
[ 44.549869][ T3612] kasan_report.cold+0xa/0xf
[ 44.554451][ T3612] ? run_unpack+0x8b7/0x970
[ 44.558942][ T3612] run_unpack+0x8b7/0x970
[ 44.563260][ T3612] ? run_pack+0x1100/0x1100
[ 44.567752][ T3612] ? ntfs_bread_run+0x310/0x310
[ 44.572593][ T3612] run_unpack_ex+0xb0/0x7c0
[ 44.577085][ T3612] ? mi_enum_attr+0x34f/0x630
[ 44.581748][ T3612] ? ni_enum_attr_ex+0x281/0x400
[ 44.586675][ T3612] ? run_unpack+0x970/0x970
[ 44.591169][ T3612] ? ni_fname_type.part.0+0x1e0/0x1e0
[ 44.596533][ T3612] ? mi_read+0x27f/0x5b0
[ 44.600763][ T3612] ntfs_iget5+0xc20/0x3280
[ 44.605186][ T3612] ? ntfs_write_end+0x800/0x800
[ 44.610022][ T3612] ? ntfs_sync_fs+0x400/0x400
[ 44.614684][ T3612] ? destroy_inode+0xc4/0x1b0
[ 44.619350][ T3612] ? iput.part.0+0x55d/0x810
[ 44.623933][ T3612] ntfs_fill_super+0x1ecc/0x37f0
[ 44.628865][ T3612] ? put_ntfs+0x330/0x330
[ 44.633187][ T3612] ? set_blocksize+0x2e5/0x370
[ 44.637942][ T3612] get_tree_bdev+0x440/0x760
[ 44.642611][ T3612] ? put_ntfs+0x330/0x330
[ 44.646930][ T3612] vfs_get_tree+0x89/0x2f0
[ 44.651336][ T3612] path_mount+0x1326/0x1e20
[ 44.655832][ T3612] ? kmem_cache_free+0xeb/0x5b0
[ 44.660674][ T3612] ? finish_automount+0x960/0x960
[ 44.665689][ T3612] ? putname+0xfe/0x140
[ 44.669833][ T3612] __x64_sys_mount+0x27f/0x300
[ 44.674672][ T3612] ? copy_mnt_ns+0xae0/0xae0
[ 44.679250][ T3612] ? lockdep_hardirqs_on+0x79/0x100
[ 44.684459][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40
[ 44.689741][ T3612] ? ptrace_notify+0xfa/0x140
[ 44.694500][ T3612] do_syscall_64+0x35/0xb0
[ 44.698998][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.704976][ T3612] RIP: 0033:0x7f6608e8e89a
[ 44.709384][ T3612] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.729068][ T3612] RSP: 002b:00007fff69b2dab8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 44.737468][ T3612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6608e8e89a
[ 44.745424][ T3612] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff69b2dad0
[ 44.753381][ T3612] RBP: 00007fff69b2dad0 R08: 00007fff69b2db10 R09: 00005555568f52c0
[ 44.761342][ T3612] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 44.769300][ T3612] R13: 00007fff69b2db10 R14: 000000000000000c R15: 0000000020000320
[ 44.777264][ T3612]
[ 44.780977][ T3612] Kernel Offset: disabled
[ 44.785288][ T3612] Rebooting in 86400 seconds..