./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor996001979 <...> Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. execve("./syz-executor996001979", ["./syz-executor996001979"], 0x7ffc5db98d90 /* 10 vars */) = 0 brk(NULL) = 0x555556dfe000 brk(0x555556dfed00) = 0x555556dfed00 arch_prctl(ARCH_SET_FS, 0x555556dfe380) = 0 set_tid_address(0x555556dfe650) = 5018 set_robust_list(0x555556dfe660, 24) = 0 rseq(0x555556dfeca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor996001979", 4096) = 27 getrandom("\xa8\xf6\xdc\x12\xf2\x9a\xf2\xc2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556dfed00 brk(0x555556e1fd00) = 0x555556e1fd00 brk(0x555556e20000) = 0x555556e20000 mprotect(0x7fe4f9c34000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe4f1765000 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 munmap(0x7fe4f1765000, 2097152) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "ntfs3", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_I_VERSION, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 chdir("./file0") = 0 openat(AT_FDCWD, "./file1", O_RDONLY) = 4 [ 39.239339][ T5018] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5018 'syz-executor996' [ 39.266241][ T5018] loop0: detected capacity change from 0 to 4096 [ 39.275943][ T5018] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 39.305999][ T5018] general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN [ 39.317714][ T5018] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 39.326100][ T5018] CPU: 1 PID: 5018 Comm: syz-executor996 Not tainted 6.5.0-rc2-syzkaller-00019-g74f1456c4a5f #0 [ 39.336483][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 39.346514][ T5018] RIP: 0010:attr_data_read_resident+0xa0/0x6d0 [ 39.352667][ T5018] Code: 89 e6 e8 53 d5 cc fe 45 84 e4 0f 85 ca 04 00 00 e8 15 da cc fe 48 8d 7b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c0 05 00 00 48 8d 7d 10 4c 8b 63 20 48 b8 00 00 [ 39.372251][ T5018] RSP: 0018:ffffc90003b0fa28 EFLAGS: 00010212 [ 39.378290][ T5018] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 39.386243][ T5018] RDX: 0000000000000004 RSI: ffffffff82b9976b RDI: 0000000000000020 [ 39.394188][ T5018] RBP: ffff88807d72c108 R08: 0000000000000001 R09: 0000000000000000 [ 39.402240][ T5018] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 39.410185][ T5018] R13: 000000000000000c R14: ffff888079bae000 R15: 0000000000000080 [ 39.418134][ T5018] FS: 0000555556dfe380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 39.427037][ T5018] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.433593][ T5018] CR2: 00000000005fdeb8 CR3: 00000000230ba000 CR4: 0000000000350ee0 [ 39.441540][ T5018] Call Trace: [ 39.444806][ T5018] [ 39.447712][ T5018] ? die_addr+0x3b/0xa0 [ 39.451848][ T5018] ? exc_general_protection+0x154/0x230 [ 39.457378][ T5018] ? asm_exc_general_protection+0x26/0x30 [ 39.463070][ T5018] ? attr_data_read_resident+0x8b/0x6d0 [ 39.468680][ T5018] ? attr_data_read_resident+0xa0/0x6d0 [ 39.474200][ T5018] ? attr_data_read_resident+0x8b/0x6d0 [ 39.479721][ T5018] ntfs_get_block_vbo+0x6b7/0xed0 [ 39.484732][ T5018] ? __lock_acquire+0x182f/0x5de0 [ 39.489741][ T5018] ? folio_flags.constprop.0+0x150/0x150 [ 39.495353][ T5018] ? ntfs_get_block_direct_IO_W+0xa0/0xa0 [ 39.501044][ T5018] generic_block_bmap+0x123/0x1a0 [ 39.506047][ T5018] ? zero_user_segments+0x360/0x360 [ 39.511220][ T5018] ? tomoyo_path_number_perm+0x273/0x590 [ 39.516850][ T5018] ? reacquire_held_locks+0x4b0/0x4b0 [ 39.522235][ T5018] ? preempt_count_sub+0x150/0x150 [ 39.527330][ T5018] ? ntfs_direct_IO+0x470/0x470 [ 39.532162][ T5018] bmap+0xae/0x120 [ 39.535863][ T5018] ? __might_fault+0x156/0x190 [ 39.540639][ T5018] do_vfs_ioctl+0xaf3/0x1910 [ 39.545206][ T5018] ? vfs_fileattr_set+0xbf0/0xbf0 [ 39.550209][ T5018] ? find_held_lock+0x2d/0x110 [ 39.554953][ T5018] ? bpf_lsm_file_ioctl+0x9/0x10 [ 39.559868][ T5018] __x64_sys_ioctl+0x112/0x210 [ 39.564610][ T5018] do_syscall_64+0x38/0xb0 [ 39.569003][ T5018] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.574876][ T5018] RIP: 0033:0x7fe4f9ba2ab9 [ 39.579267][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 39.598849][ T5018] RSP: 002b:00007fff8335e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.607235][ T5018] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fe4f9ba2ab9 [ 39.615180][ T5018] RDX: 0000000020000100 RSI: 0000000000000001 RDI: 0000000000000004 [ 39.623124][ T5018] RBP: 00007fe4f9c34610 R08: 0000000000000000 R09: 00007fff8335e6d8 [ 39.631070][ T5018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.639019][ T5018] R13: 00007fff8335e6c8 R14: 0000000000000001 R15: 0000000000000001 [ 39.646971][ T5018] [ 39.649972][ T5018] Modules linked in: [ 39.654135][ T5018] ---[ end trace 0000000000000000 ]--- [ 39.659622][ T5018] RIP: 0010:attr_data_read_resident+0xa0/0x6d0 [ 39.665789][ T5018] Code: 89 e6 e8 53 d5 cc fe 45 84 e4 0f 85 ca 04 00 00 e8 15 da cc fe 48 8d 7b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c0 05 00 00 48 8d 7d 10 4c 8b 63 20 48 b8 00 00 [ 39.685439][ T5018] RSP: 0018:ffffc90003b0fa28 EFLAGS: 00010212 [ 39.691515][ T5018] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 39.699488][ T5018] RDX: 0000000000000004 RSI: ffffffff82b9976b RDI: 0000000000000020 [ 39.707468][ T5018] RBP: ffff88807d72c108 R08: 0000000000000001 R09: 0000000000000000 [ 39.715415][ T5018] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 39.723396][ T5018] R13: 000000000000000c R14: ffff888079bae000 R15: 0000000000000080 [ 39.731378][ T5018] FS: 0000555556dfe380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 39.740313][ T5018] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.746904][ T5018] CR2: 00000000005fdeb8 CR3: 00000000230ba000 CR4: 0000000000350ee0 [ 39.754853][ T5018] Kernel panic - not syncing: Fatal exception [ 39.761527][ T5018] Kernel Offset: disabled [ 39.765826][ T5018] Rebooting in 86400 seconds..