./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor995550443 <...> [ 102.599737][ T7] cfg80211: failed to load regulatory.db [ 105.140874][ T27] audit: type=1400 audit(1702578414.229:83): avc: denied { append } for pid=4491 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 105.163346][ T27] audit: type=1400 audit(1702578414.229:84): avc: denied { open } for pid=4491 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 105.186329][ T27] audit: type=1400 audit(1702578414.229:85): avc: denied { getattr } for pid=4491 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '10.128.0.115' (ED25519) to the list of known hosts. execve("./syz-executor995550443", ["./syz-executor995550443"], 0x7ffd690a6610 /* 10 vars */) = 0 brk(NULL) = 0x55555707d000 brk(0x55555707dd00) = 0x55555707dd00 arch_prctl(ARCH_SET_FS, 0x55555707d380) = 0 set_tid_address(0x55555707d650) = 5063 set_robust_list(0x55555707d660, 24) = 0 rseq(0x55555707dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor995550443", 4096) = 27 getrandom("\x09\x7f\x2c\xba\xee\xd0\xc7\xfc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555707dd00 brk(0x55555709ed00) = 0x55555709ed00 brk(0x55555709f000) = 0x55555709f000 mprotect(0x7fafa7801000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faf9f350000 write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\xff\xff\xff\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xf3\x0f\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x0c\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 97703) = 97703 munmap(0x7faf9f350000, 138412032) = 0 [ 106.014745][ T27] audit: type=1400 audit(1702578415.099:86): avc: denied { execmem } for pid=5063 comm="syz-executor995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 106.045407][ T27] audit: type=1400 audit(1702578415.129:87): avc: denied { read write } for pid=5063 comm="syz-executor995" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 106.061304][ T5063] loop0: detected capacity change from 0 to 190 [ 106.070732][ T27] audit: type=1400 audit(1702578415.129:88): avc: denied { open } for pid=5063 comm="syz-executor995" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 106.101334][ T27] audit: type=1400 audit(1702578415.129:89): avc: denied { ioctl } for pid=5063 comm="syz-executor995" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 106.111675][ T5063] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 106.127222][ T27] audit: type=1400 audit(1702578415.189:90): avc: denied { mounton } for pid=5063 comm="syz-executor995" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 106.163649][ T5063] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 106.174655][ T5063] ------------[ cut here ]------------ [ 106.180241][ T5063] kernel BUG at fs/ntfs/malloc.h:31! [ 106.185584][ T5063] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 106.191682][ T5063] CPU: 1 PID: 5063 Comm: syz-executor995 Not tainted 6.7.0-rc5-syzkaller-00047-g5bd7ef53ffe5 #0 [ 106.202148][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 106.212243][ T5063] RIP: 0010:ntfs_read_locked_inode+0x4065/0x5860 [ 106.218620][ T5063] Code: 02 00 0f 85 bd 0e 00 00 48 8b 73 28 48 c7 c2 c0 be 02 8b 48 c7 c7 c0 ef 02 8b e8 66 35 fe ff e9 ca d0 ff ff e8 cc 3f cd fe 90 <0f> 0b e8 c4 3f cd fe 48 8d bb a8 fe ff ff b8 ff ff 37 00 48 89 fa [ 106.238277][ T5063] RSP: 0018:ffffc9000348f9a0 EFLAGS: 00010293 [ 106.244359][ T5063] RAX: 0000000000000000 RBX: ffff888074b48420 RCX: ffffffff82b9165f [ 106.252348][ T5063] RDX: ffff888078b521c0 RSI: ffffffff82b940e4 RDI: 0000000000000007 [ 106.260597][ T5063] RBP: ffff8880bfedd000 R08: 0000000000000007 R09: 0000000000000000 [ 106.268595][ T5063] R10: 0000000000000000 R11: ffffffff81dc42a1 R12: ffff88807abcc800 [ 106.276595][ T5063] R13: ffff8880bfedd110 R14: 0000000000000000 R15: 0000000000000000 [ 106.284604][ T5063] FS: 000055555707d380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 106.293639][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.300325][ T5063] CR2: 00005591f49d47b8 CR3: 000000001f524000 CR4: 00000000003506f0 [ 106.308318][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 106.316299][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 106.324318][ T5063] Call Trace: [ 106.327610][ T5063] [ 106.330562][ T5063] ? show_regs+0x8f/0xa0 [ 106.334843][ T5063] ? die+0x36/0xa0 [ 106.338620][ T5063] ? do_trap+0x22b/0x420 [ 106.342924][ T5063] ? ntfs_read_locked_inode+0x4065/0x5860 [ 106.348766][ T5063] ? ntfs_read_locked_inode+0x4065/0x5860 [ 106.354527][ T5063] ? do_error_trap+0xf4/0x230 [ 106.359270][ T5063] ? ntfs_read_locked_inode+0x4065/0x5860 [ 106.365099][ T5063] ? handle_invalid_op+0x34/0x40 [ 106.370088][ T5063] ? ntfs_read_locked_inode+0x4065/0x5860 [ 106.375870][ T5063] ? exc_invalid_op+0x2e/0x40 [ 106.380685][ T5063] ? asm_exc_invalid_op+0x1a/0x20 [ 106.385779][ T5063] ? __kasan_slab_alloc+0x81/0x90 [ 106.390849][ T5063] ? ntfs_read_locked_inode+0x15df/0x5860 [ 106.396610][ T5063] ? ntfs_read_locked_inode+0x4064/0x5860 [ 106.402376][ T5063] ? ntfs_read_locked_inode+0x4065/0x5860 [ 106.408128][ T5063] ? iget5_locked+0x44/0xe0 [ 106.412655][ T5063] ntfs_iget+0x130/0x180 [ 106.416974][ T5063] ? ntfs_read_locked_inode+0x5860/0x5860 [ 106.422751][ T5063] ? lockdep_init_map_type+0x16d/0x7d0 [ 106.428298][ T5063] ntfs_fill_super+0x2825/0x9100 [ 106.433288][ T5063] ? up_write+0x510/0x510 [ 106.437639][ T5063] ? parse_options+0x1db0/0x1db0 [ 106.442603][ T5063] ? lock_sync+0x190/0x190 [ 106.447045][ T5063] ? parse_options+0x1db0/0x1db0 [ 106.452030][ T5063] ? preempt_count_sub+0x160/0x160 [ 106.457176][ T5063] ? sb_set_blocksize+0xf6/0x120 [ 106.462145][ T5063] ? parse_options+0x1db0/0x1db0 [ 106.467105][ T5063] mount_bdev+0x1f3/0x2e0 [ 106.471476][ T5063] ? sget+0x640/0x640 [ 106.475503][ T5063] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 106.481348][ T5063] ? cap_capable+0x1d8/0x240 [ 106.485972][ T5063] ? ntfs_rl_punch_nolock+0x15d0/0x15d0 [ 106.491572][ T5063] legacy_get_tree+0x109/0x220 [ 106.496372][ T5063] vfs_get_tree+0x8c/0x370 [ 106.500863][ T5063] path_mount+0x1492/0x1ed0 [ 106.505423][ T5063] ? lockdep_hardirqs_on+0x7d/0x110 [ 106.510665][ T5063] ? finish_automount+0xa40/0xa40 [ 106.515731][ T5063] ? putname+0x12e/0x170 [ 106.520023][ T5063] __x64_sys_mount+0x293/0x310 [ 106.525120][ T5063] ? copy_mnt_ns+0xb60/0xb60 [ 106.529754][ T5063] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 106.536046][ T5063] do_syscall_64+0x40/0x110 [ 106.540590][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 106.546521][ T5063] RIP: 0033:0x7fafa778e8ba [ 106.550972][ T5063] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 106.570685][ T5063] RSP: 002b:00007ffcde5d0b48 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 106.579121][ T5063] RAX: ffffffffffffffda RBX: 00007ffcde5d0b60 RCX: 00007fafa778e8ba [ 106.587382][ T5063] RDX: 000000002001f1c0 RSI: 000000002001f200 RDI: 00007ffcde5d0b60 [ 106.595407][ T5063] RBP: 0000000000000004 R08: 00007ffcde5d0ba0 R09: 0000000000000987 [ 106.603439][ T5063] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 106.611447][ T5063] R13: 00007ffcde5d0ba0 R14: 0000000000000003 R15: 0000000000017da7 [ 106.620321][ T5063] [ 106.623378][ T5063] Modules linked in: [ 106.627554][ T5063] ---[ end trace 0000000000000000 ]--- [ 106.633145][ T5063] RIP: 0010:ntfs_read_locked_inode+0x4065/0x5860 [ 106.642643][ T5063] Code: 02 00 0f 85 bd 0e 00 00 48 8b 73 28 48 c7 c2 c0 be 02 8b 48 c7 c7 c0 ef 02 8b e8 66 35 fe ff e9 ca d0 ff ff e8 cc 3f cd fe 90 <0f> 0b e8 c4 3f cd fe 48 8d bb a8 fe ff ff b8 ff ff 37 00 48 89 fa [ 106.662590][ T5063] RSP: 0018:ffffc9000348f9a0 EFLAGS: 00010293 [ 106.668744][ T5063] RAX: 0000000000000000 RBX: ffff888074b48420 RCX: ffffffff82b9165f [ 106.676888][ T5063] RDX: ffff888078b521c0 RSI: ffffffff82b940e4 RDI: 0000000000000007 [ 106.684970][ T5063] RBP: ffff8880bfedd000 R08: 0000000000000007 R09: 0000000000000000 [ 106.693377][ T5063] R10: 0000000000000000 R11: ffffffff81dc42a1 R12: ffff88807abcc800 [ 106.701520][ T5063] R13: ffff8880bfedd110 R14: 0000000000000000 R15: 0000000000000000 [ 106.709549][ T5063] FS: 000055555707d380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 106.718552][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.725167][ T5063] CR2: 00005591f49d47b8 CR3: 000000001f524000 CR4: 00000000003506f0 [ 106.733198][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 106.741276][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 106.749431][ T5063] Kernel panic - not syncing: Fatal exception [ 106.756021][ T5063] Kernel Offset: disabled [ 106.760400][ T5063] Rebooting in 86400 seconds..