./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor807082514 <...> DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57 forked to background, child pid 3188 [ 27.753201][ T3189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.763313][ T3189] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. execve("./syz-executor807082514", ["./syz-executor807082514"], 0x7ffc882eee60 /* 10 vars */) = 0 brk(NULL) = 0x55555688e000 brk(0x55555688ec40) = 0x55555688ec40 arch_prctl(ARCH_SET_FS, 0x55555688e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor807082514", 4096) = 27 brk(0x5555568afc40) = 0x5555568afc40 brk(0x5555568b0000) = 0x5555568b0000 mprotect(0x7fcec35f1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 32768) = 0 pwrite64(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\xf7", 14, 0) = 14 pwrite64(3, NULL, 0, 16384) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 syzkaller login: [ 50.379717][ T3617] loop0: detected capacity change from 0 to 64 [ 50.391313][ T3617] ================================================================================ [ 50.400771][ T3617] UBSAN: shift-out-of-bounds in fs/ntfs3/super.c:675:13 [ 50.407855][ T3617] shift exponent -247 is negative [ 50.412942][ T3617] CPU: 0 PID: 3617 Comm: syz-executor807 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.422968][ T3617] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 50.432329][ T3617] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3617, name: syz-executor807 [ 50.441775][ T3617] preempt_count: 0, expected: 0 [ 50.446607][ T3617] RCU nest depth: 0, expected: 0 [ 50.451534][ T3617] 1 lock held by syz-executor807/3617: [ 50.456994][ T3617] #0: ffff888022d380e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x22e/0xb60 [ 50.467118][ T3617] irq event stamp: 4810 [ 50.471261][ T3617] hardirqs last enabled at (4809): [] __up_console_sem+0xae/0xc0 [ 50.480632][ T3617] hardirqs last disabled at (4810): [] dump_stack_lvl+0x2e/0x134 [ 50.489952][ T3617] softirqs last enabled at (4804): [] __irq_exit_rcu+0x123/0x180 [ 50.499336][ T3617] softirqs last disabled at (4789): [] __irq_exit_rcu+0x123/0x180 [ 50.508723][ T3617] CPU: 0 PID: 3617 Comm: syz-executor807 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.518718][ T3617] syz-executor807[3617] cmdline: ./syz-executor807082514 [ 50.525757][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.535914][ T3617] Call Trace: [ 50.539197][ T3617] [ 50.542132][ T3617] dump_stack_lvl+0xcd/0x134 [ 50.546747][ T3617] __might_resched.cold+0x222/0x26b [ 50.551960][ T3617] down_read_killable+0x75/0x490 [ 50.556936][ T3617] ? down_read+0x450/0x450 [ 50.561381][ T3617] __access_remote_vm+0xac/0x6f0 [ 50.566364][ T3617] ? follow_phys+0x2c0/0x2c0 [ 50.570966][ T3617] ? do_raw_spin_lock+0x120/0x2a0 [ 50.576013][ T3617] ? rwlock_bug.part.0+0x90/0x90 [ 50.580963][ T3617] ? __up_console_sem+0x47/0xc0 [ 50.585829][ T3617] get_mm_cmdline.part.0+0x217/0x620 [ 50.591132][ T3617] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 50.596874][ T3617] ? llist_reverse_order+0x60/0x60 [ 50.602021][ T3617] get_task_cmdline_kernel+0x1d9/0x220 [ 50.607507][ T3617] dump_stack_print_cmdline.part.0+0x82/0x150 [ 50.613593][ T3617] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 50.619711][ T3617] ? dump_stack_print_info+0xc6/0x190 [ 50.625106][ T3617] dump_stack_print_info+0x185/0x190 [ 50.630416][ T3617] dump_stack_lvl+0xc1/0x134 [ 50.635034][ T3617] ubsan_epilogue+0xb/0x50 [ 50.639470][ T3617] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 50.646262][ T3617] ? __bread_gfp+0x84/0x390 [ 50.650780][ T3617] ntfs_fill_super.cold+0x147/0x56c [ 50.656011][ T3617] ? snprintf+0xbb/0xf0 [ 50.660186][ T3617] ? put_ntfs+0x330/0x330 [ 50.664534][ T3617] ? set_blocksize+0x2e5/0x370 [ 50.669316][ T3617] get_tree_bdev+0x440/0x760 [ 50.673931][ T3617] ? put_ntfs+0x330/0x330 [ 50.678274][ T3617] vfs_get_tree+0x89/0x2f0 [ 50.682708][ T3617] path_mount+0x1326/0x1e20 [ 50.687247][ T3617] ? kmem_cache_free+0xeb/0x5b0 [ 50.692113][ T3617] ? finish_automount+0x960/0x960 [ 50.697161][ T3617] ? putname+0xfe/0x140 [ 50.701345][ T3617] __x64_sys_mount+0x27f/0x300 [ 50.706132][ T3617] ? copy_mnt_ns+0xae0/0xae0 [ 50.710740][ T3617] ? lockdep_hardirqs_on+0x79/0x100 [ 50.715957][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.721162][ T3617] ? ptrace_notify+0xfa/0x140 [ 50.725858][ T3617] do_syscall_64+0x35/0xb0 [ 50.730289][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.736191][ T3617] RIP: 0033:0x7fcec358610a [ 50.740614][ T3617] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.760239][ T3617] RSP: 002b:00007ffd5a5afbf8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 50.768658][ T3617] RAX: ffffffffffffffda RBX: 00007ffd5a5afc50 RCX: 00007fcec358610a [ 50.776635][ T3617] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd5a5afc10 [ 50.784620][ T3617] RBP: 00007ffd5a5afc10 R08: 00007ffd5a5afc50 R09: 0000000000000000 [ 50.792592][ T3617] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000230 [ 50.800568][ T3617] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000002 [ 50.808560][ T3617] [ 50.811599][ T3617] syz-executor807[3617] cmdline: ./syz-executor807082514 [ 50.818617][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.828672][ T3617] Call Trace: [ 50.831953][ T3617] [ 50.834888][ T3617] dump_stack_lvl+0xcd/0x134 [ 50.839501][ T3617] ubsan_epilogue+0xb/0x50 [ 50.843936][ T3617] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 50.850733][ T3617] ? __bread_gfp+0x84/0x390 [ 50.855249][ T3617] ntfs_fill_super.cold+0x147/0x56c [ 50.860477][ T3617] ? snprintf+0xbb/0xf0 [ 50.864651][ T3617] ? put_ntfs+0x330/0x330 [ 50.869001][ T3617] ? set_blocksize+0x2e5/0x370 [ 50.873783][ T3617] get_tree_bdev+0x440/0x760 [ 50.878393][ T3617] ? put_ntfs+0x330/0x330 [ 50.882737][ T3617] vfs_get_tree+0x89/0x2f0 [ 50.887173][ T3617] path_mount+0x1326/0x1e20 [ 50.891699][ T3617] ? kmem_cache_free+0xeb/0x5b0 [ 50.896564][ T3617] ? finish_automount+0x960/0x960 [ 50.901610][ T3617] ? putname+0xfe/0x140 [ 50.905794][ T3617] __x64_sys_mount+0x27f/0x300 [ 50.910579][ T3617] ? copy_mnt_ns+0xae0/0xae0 [ 50.915185][ T3617] ? lockdep_hardirqs_on+0x79/0x100 [ 50.920547][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.925755][ T3617] ? ptrace_notify+0xfa/0x140 [ 50.930456][ T3617] do_syscall_64+0x35/0xb0 [ 50.934893][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.940800][ T3617] RIP: 0033:0x7fcec358610a [ 50.945309][ T3617] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.964941][ T3617] RSP: 002b:00007ffd5a5afbf8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 50.973380][ T3617] RAX: ffffffffffffffda RBX: 00007ffd5a5afc50 RCX: 00007fcec358610a [ 50.981356][ T3617] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd5a5afc10 [ 50.989338][ T3617] RBP: 00007ffd5a5afc10 R08: 00007ffd5a5afc50 R09: 0000000000000000 [ 50.997420][ T3617] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000230 [ 51.005396][ T3617] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000002 [ 51.013407][ T3617] [ 51.016791][ T3617] ================================================================================ [ 51.026168][ T3617] Kernel panic - not syncing: panic_on_warn set ... [ 51.032764][ T3617] CPU: 0 PID: 3617 Comm: syz-executor807 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.044165][ T3617] syz-executor807[3617] cmdline: ./syz-executor807082514 [ 51.051185][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.061255][ T3617] Call Trace: [ 51.064535][ T3617] [ 51.067470][ T3617] dump_stack_lvl+0xcd/0x134 [ 51.072087][ T3617] panic+0x2c8/0x627 [ 51.076015][ T3617] ? panic_print_sys_info.part.0+0x10b/0x10b [ 51.082067][ T3617] ? ubsan_epilogue+0x3e/0x50 [ 51.086784][ T3617] ubsan_epilogue+0x4a/0x50 [ 51.091305][ T3617] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 [ 51.098098][ T3617] ? __bread_gfp+0x84/0x390 [ 51.102616][ T3617] ntfs_fill_super.cold+0x147/0x56c [ 51.107845][ T3617] ? snprintf+0xbb/0xf0 [ 51.112024][ T3617] ? put_ntfs+0x330/0x330 [ 51.116374][ T3617] ? set_blocksize+0x2e5/0x370 [ 51.121161][ T3617] get_tree_bdev+0x440/0x760 [ 51.125788][ T3617] ? put_ntfs+0x330/0x330 [ 51.130173][ T3617] vfs_get_tree+0x89/0x2f0 [ 51.134618][ T3617] path_mount+0x1326/0x1e20 [ 51.139169][ T3617] ? kmem_cache_free+0xeb/0x5b0 [ 51.144052][ T3617] ? finish_automount+0x960/0x960 [ 51.149120][ T3617] ? putname+0xfe/0x140 [ 51.153301][ T3617] __x64_sys_mount+0x27f/0x300 [ 51.158109][ T3617] ? copy_mnt_ns+0xae0/0xae0 [ 51.162728][ T3617] ? lockdep_hardirqs_on+0x79/0x100 [ 51.167958][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.173170][ T3617] ? ptrace_notify+0xfa/0x140 [ 51.177866][ T3617] do_syscall_64+0x35/0xb0 [ 51.182300][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.188206][ T3617] RIP: 0033:0x7fcec358610a [ 51.192626][ T3617] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.212336][ T3617] RSP: 002b:00007ffd5a5afbf8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 51.220785][ T3617] RAX: ffffffffffffffda RBX: 00007ffd5a5afc50 RCX: 00007fcec358610a [ 51.228782][ T3617] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd5a5afc10 [ 51.236756][ T3617] RBP: 00007ffd5a5afc10 R08: 00007ffd5a5afc50 R09: 0000000000000000 [ 51.244733][ T3617] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000230 [ 51.252709][ T3617] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000002 [ 51.260706][ T3617] [ 51.263926][ T3617] Kernel Offset: disabled [ 51.268338][ T3617] Rebooting in 86400 seconds..