./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3523851574

<...>
forked to background, child pid 4670
[   48.922515][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.937160][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices
[   49.192321][ T4747] ssh-keygen (4747) used greatest stack depth: 22568 bytes left
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts.
execve("./syz-executor3523851574", ["./syz-executor3523851574"], 0x7fffd73f5420 /* 10 vars */) = 0
brk(NULL)                               = 0x555555d44000
brk(0x555555d44c40)                     = 0x555555d44c40
arch_prctl(ARCH_SET_FS, 0x555555d44300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3523851574", 4096) = 28
brk(0x555555d65c40)                     = 0x555555d65c40
brk(0x555555d66000)                     = 0x555555d66000
mprotect(0x7f91e26e2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d445d0) = 5007
./strace-static-x86_64: Process 5007 attached
[pid  5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5007] setpgid(0, 0)               = 0
[pid  5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5007] write(3, "1000", 4)         = 4
[pid  5007] close(3)                    = 0
[pid  5007] memfd_create("syzkaller", 0) = 3
[pid  5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f91da208000
[pid  5007] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid  5007] munmap(0x7f91da208000, 2097152) = 0
[pid  5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
syzkaller login: [   78.538401][ T5007] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5007 'syz-executor352'
[pid  5007] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5007] close(3)                    = 0
[pid  5007] mkdir("./file0", 0777)      = 0
[   78.598255][ T5007] loop0: detected capacity change from 0 to 4096
[   78.613114][ T5007] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[   78.622718][ T5007] ntfs3: loop0: RAW NTFS volume: Filesystem size 16384.00 Gb > volume size 0.00 Gb. Mount in read-only.
[   78.634007][ T5007] ntfs3: loop0: NTFS 16384.00 Gb is too big to use 32 bits per cluster.
[   78.643585][ T5007] ==================================================================
[   78.651669][ T5007] BUG: KASAN: use-after-free in memcmp+0x173/0x1c0
[   78.658197][ T5007] Read of size 8 at addr ffff88807288f002 by task syz-executor352/5007
[   78.666542][ T5007] 
[   78.668879][ T5007] CPU: 0 PID: 5007 Comm: syz-executor352 Not tainted 6.4.0-rc1-next-20230510-syzkaller #0
[   78.678863][ T5007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   78.688947][ T5007] Call Trace:
[   78.692240][ T5007]  <TASK>
[   78.695206][ T5007]  dump_stack_lvl+0xd9/0x150
[   78.699840][ T5007]  print_address_description.constprop.0+0x2c/0x3c0
[   78.706454][ T5007]  ? memcmp+0x173/0x1c0
[   78.710629][ T5007]  kasan_report+0x11c/0x130
[   78.715156][ T5007]  ? memcmp+0x173/0x1c0
[   78.719335][ T5007]  memcmp+0x173/0x1c0
[   78.723343][ T5007]  ? __bread_gfp+0x81/0x330
[   78.727874][ T5007]  ntfs_fill_super+0x7fc/0x4240
[   78.732763][ T5007]  ? put_ntfs+0x330/0x330
[   78.737115][ T5007]  ? vsprintf+0x30/0x30
[   78.741293][ T5007]  ? wait_for_completion_io_timeout+0x20/0x20
[   78.747388][ T5007]  ? set_blocksize+0x2d8/0x370
[   78.752198][ T5007]  get_tree_bdev+0x44a/0x770
[   78.756821][ T5007]  ? put_ntfs+0x330/0x330
[   78.761180][ T5007]  vfs_get_tree+0x8d/0x350
[   78.765626][ T5007]  path_mount+0x134b/0x1e40
[   78.770162][ T5007]  ? kmem_cache_free+0xe9/0x480
[   78.775050][ T5007]  ? finish_automount+0x9b0/0x9b0
[   78.780110][ T5007]  ? putname+0x102/0x140
[   78.784382][ T5007]  __x64_sys_mount+0x283/0x300
[   78.789194][ T5007]  ? copy_mnt_ns+0xb30/0xb30
[   78.793843][ T5007]  ? lockdep_hardirqs_on+0x7d/0x100
[   78.799067][ T5007]  ? _raw_spin_unlock_irq+0x2e/0x50
[   78.804310][ T5007]  ? ptrace_notify+0xfe/0x140
[   78.809017][ T5007]  do_syscall_64+0x39/0xb0
[   78.813478][ T5007]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   78.819403][ T5007] RIP: 0033:0x7f91e26568ba
[   78.823851][ T5007] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   78.843479][ T5007] RSP: 002b:00007ffe0ce14c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   78.851909][ T5007] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f91e26568ba
[   78.859896][ T5007] RDX: 000000002001f180 RSI: 000000002001f1c0 RDI: 00007ffe0ce14cb0
[   78.867898][ T5007] RBP: 00007ffe0ce14cb0 R08: 00007ffe0ce14cf0 R09: 0000000000000000
[   78.876000][ T5007] R10: 000000000000000e R11: 0000000000000286 R12: 0000000000000004
[   78.883984][ T5007] R13: 0000555555d442c0 R14: 000000000000000e R15: 00007ffe0ce14cf0
[   78.891997][ T5007]  </TASK>
[   78.895036][ T5007] 
[   78.897377][ T5007] The buggy address belongs to the physical page:
[   78.903797][ T5007] page:ffffea0001ca23c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7288f
[   78.913969][ T5007] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   78.921085][ T5007] page_type: 0xffffffff()
[   78.925429][ T5007] raw: 00fff00000000000 ffffea0001ca2408 ffff8880b9843660 0000000000000000
[   78.934123][ T5007] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   78.942734][ T5007] page dumped because: kasan: bad access detected
[   78.949159][ T5007] page_owner tracks the page as freed
[   78.954532][ T5007] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5007, tgid 5007 (syz-executor352), ts 78552844800, free_ts 78595088235
[   78.973517][ T5007]  post_alloc_hook+0x2db/0x350
[   78.978302][ T5007]  get_page_from_freelist+0xf7c/0x2aa0
[   78.983788][ T5007]  __alloc_pages+0x1cb/0x4a0
[   78.988394][ T5007]  __folio_alloc+0x16/0x40
[   78.992827][ T5007]  vma_alloc_folio+0x155/0x850
[   78.997624][ T5007]  __handle_mm_fault+0x2263/0x4170
[   79.002845][ T5007]  handle_mm_fault+0x2af/0x9f0
[   79.007647][ T5007]  do_user_addr_fault+0x2ca/0x1210
[   79.012787][ T5007]  exc_page_fault+0x98/0x170
[   79.017419][ T5007]  asm_exc_page_fault+0x26/0x30
[   79.022388][ T5007] page last free stack trace:
[   79.027062][ T5007]  free_unref_page_prepare+0x4dd/0xb90
[   79.032533][ T5007]  free_unref_page_list+0xe3/0xa70
[   79.037665][ T5007]  release_pages+0xcd8/0x1380
[   79.042371][ T5007]  tlb_batch_pages_flush+0xa8/0x1a0
[   79.047587][ T5007]  tlb_finish_mmu+0x14b/0x7e0
[   79.052291][ T5007]  unmap_region+0x23d/0x2d0
[   79.056834][ T5007]  do_vmi_align_munmap+0xe6c/0x1600
[   79.062064][ T5007]  do_vmi_munmap+0x26e/0x2c0
[   79.066700][ T5007]  __vm_munmap+0x133/0x3b0
[   79.071147][ T5007]  __x64_sys_munmap+0x62/0x80
[   79.075858][ T5007]  do_syscall_64+0x39/0xb0
[   79.080361][ T5007]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   79.086314][ T5007] 
[   79.088660][ T5007] Memory state around the buggy address:
[   79.094316][ T5007]  ffff88807288ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.102408][ T5007]  ffff88807288ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.110484][ T5007] >ffff88807288f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.118567][ T5007]                    ^
[   79.122732][ T5007]  ffff88807288f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.130812][ T5007]  ffff88807288f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.138889][ T5007] ==================================================================
[   79.147430][ T5007] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   79.154669][ T5007] CPU: 0 PID: 5007 Comm: syz-executor352 Not tainted 6.4.0-rc1-next-20230510-syzkaller #0
[   79.164596][ T5007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   79.174664][ T5007] Call Trace:
[   79.177952][ T5007]  <TASK>
[   79.180893][ T5007]  dump_stack_lvl+0xd9/0x150
[   79.185522][ T5007]  panic+0x686/0x730
[   79.189451][ T5007]  ? panic_smp_self_stop+0xa0/0xa0
[   79.194604][ T5007]  ? preempt_schedule_thunk+0x1a/0x20
[   79.200006][ T5007]  ? preempt_schedule_common+0x45/0xb0
[   79.205497][ T5007]  check_panic_on_warn+0xb1/0xc0
[   79.210465][ T5007]  end_report+0xe9/0x120
[   79.214727][ T5007]  ? memcmp+0x173/0x1c0
[   79.218911][ T5007]  kasan_report+0xf9/0x130
[   79.223346][ T5007]  ? memcmp+0x173/0x1c0
[   79.227520][ T5007]  memcmp+0x173/0x1c0
[   79.231550][ T5007]  ? __bread_gfp+0x81/0x330
[   79.236164][ T5007]  ntfs_fill_super+0x7fc/0x4240
[   79.241047][ T5007]  ? put_ntfs+0x330/0x330
[   79.245403][ T5007]  ? vsprintf+0x30/0x30
[   79.249580][ T5007]  ? wait_for_completion_io_timeout+0x20/0x20
[   79.255672][ T5007]  ? set_blocksize+0x2d8/0x370
[   79.260463][ T5007]  get_tree_bdev+0x44a/0x770
[   79.265084][ T5007]  ? put_ntfs+0x330/0x330
[   79.269435][ T5007]  vfs_get_tree+0x8d/0x350
[   79.273972][ T5007]  path_mount+0x134b/0x1e40
[   79.278506][ T5007]  ? kmem_cache_free+0xe9/0x480
[   79.283426][ T5007]  ? finish_automount+0x9b0/0x9b0
[   79.288494][ T5007]  ? putname+0x102/0x140
[   79.292760][ T5007]  __x64_sys_mount+0x283/0x300
[   79.297558][ T5007]  ? copy_mnt_ns+0xb30/0xb30
[   79.302194][ T5007]  ? lockdep_hardirqs_on+0x7d/0x100
[   79.307432][ T5007]  ? _raw_spin_unlock_irq+0x2e/0x50
[   79.312668][ T5007]  ? ptrace_notify+0xfe/0x140
[   79.317375][ T5007]  do_syscall_64+0x39/0xb0
[   79.321833][ T5007]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   79.327759][ T5007] RIP: 0033:0x7f91e26568ba
[   79.332220][ T5007] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   79.351846][ T5007] RSP: 002b:00007ffe0ce14c98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   79.360278][ T5007] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f91e26568ba
[   79.368270][ T5007] RDX: 000000002001f180 RSI: 000000002001f1c0 RDI: 00007ffe0ce14cb0
[   79.376342][ T5007] RBP: 00007ffe0ce14cb0 R08: 00007ffe0ce14cf0 R09: 0000000000000000
[   79.384331][ T5007] R10: 000000000000000e R11: 0000000000000286 R12: 0000000000000004
[   79.392314][ T5007] R13: 0000555555d442c0 R14: 000000000000000e R15: 00007ffe0ce14cf0
[   79.400329][ T5007]  </TASK>
[   79.403634][ T5007] Kernel Offset: disabled
[   79.408007][ T5007] Rebooting in 86400 seconds..