./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4150990607

<...>
Warning: Permanently added '10.128.0.166' (ED25519) to the list of known hosts.
execve("./syz-executor4150990607", ["./syz-executor4150990607"], 0x7ffd5f60f4f0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555573e4000
brk(0x5555573e4d00)                     = 0x5555573e4d00
arch_prctl(ARCH_SET_FS, 0x5555573e4380) = 0
set_tid_address(0x5555573e4650)         = 5037
set_robust_list(0x5555573e4660, 24)     = 0
rseq(0x5555573e4ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4150990607", 4096) = 28
getrandom("\xb1\x2d\x39\xb9\xd2\xb6\x0f\x0f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555573e4d00
brk(0x555557405d00)                     = 0x555557405d00
brk(0x555557406000)                     = 0x555557406000
mprotect(0x7f8360d45000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573e4650) = 5038
./strace-static-x86_64: Process 5038 attached
[pid  5038] set_robust_list(0x5555573e4660, 24) = 0
[pid  5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5038] setpgid(0, 0)               = 0
[pid  5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5038] write(3, "1000", 4)         = 4
[pid  5038] close(3)                    = 0
[pid  5038] memfd_create("syzkaller", 0) = 3
[pid  5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8358875000
[pid  5038] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid  5038] munmap(0x7f8358875000, 2097152) = 0
[pid  5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   70.390435][ T5038] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5038 'syz-executor415'
[pid  5038] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5038] close(3)                    = 0
[pid  5038] mkdir("./file0", 0777)      = 0
[   70.435771][ T5038] loop0: detected capacity change from 0 to 4096
[   70.447846][ T5038] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[   70.459684][ T5038] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
[   70.468794][ T5038] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   70.482180][ T5038] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   70.502093][ T5038] ntfs: volume version 3.1.
[   70.508506][ T5038] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory.  Aborting lookup.
[   70.518544][ T5038] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[pid  5038] mount("/dev/loop0", "./file0", "ntfs", MS_NOSUID, "") = 0
[pid  5038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5038] chdir("./file0")            = 0
[pid  5038] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5038] close(4)                    = 0
[pid  5038] openat(AT_FDCWD, ".", O_RDONLY) = 4
[   70.530123][ T5038] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[   70.550699][ T5038] ==================================================================
[   70.558806][ T5038] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x1455/0x2b00
[   70.566570][ T5038] Read of size 1 at addr ffff88802317c471 by task syz-executor415/5038
[   70.574919][ T5038] 
[   70.577240][ T5038] CPU: 0 PID: 5038 Comm: syz-executor415 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
[   70.587210][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   70.597266][ T5038] Call Trace:
[   70.600621][ T5038]  <TASK>
[   70.603550][ T5038]  dump_stack_lvl+0xd9/0x1b0
[   70.608142][ T5038]  print_report+0xc4/0x620
[   70.612655][ T5038]  ? __virt_addr_valid+0x5e/0x2d0
[   70.617794][ T5038]  ? __phys_addr+0xc6/0x140
[   70.622316][ T5038]  kasan_report+0xda/0x110
[   70.626850][ T5038]  ? ntfs_readdir+0x1455/0x2b00
[   70.631716][ T5038]  ? ntfs_readdir+0x1455/0x2b00
[   70.636583][ T5038]  ntfs_readdir+0x1455/0x2b00
[   70.641453][ T5038]  ? __mutex_lock+0x25b/0x1340
[   70.646328][ T5038]  ? preempt_count_sub+0x150/0x150
[   70.651466][ T5038]  ? lock_release+0x4bf/0x680
[   70.656245][ T5038]  ? ptrace_stop.part.0+0x4b4/0x8f0
[   70.661456][ T5038]  ? put_page+0x280/0x280
[   70.665902][ T5038]  ? down_read+0x470/0x470
[   70.670334][ T5038]  ? put_page+0x280/0x280
[   70.674679][ T5038]  wrap_directory_iterator+0xa5/0xe0
[   70.679989][ T5038]  iterate_dir+0x1e5/0x5f0
[   70.684414][ T5038]  __x64_sys_getdents64+0x14f/0x2e0
[   70.689624][ T5038]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   70.694915][ T5038]  ? handle_mm_fault+0x4f1/0xa00
[   70.699867][ T5038]  ? fillonedir+0x400/0x400
[   70.704376][ T5038]  ? trace_irq_enable.constprop.0+0xd0/0x100
[   70.710371][ T5038]  ? _raw_spin_unlock_irq+0x2e/0x50
[   70.715657][ T5038]  ? ptrace_notify+0xf4/0x130
[   70.720350][ T5038]  do_syscall_64+0x38/0xb0
[   70.724791][ T5038]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.730801][ T5038] RIP: 0033:0x7f8360cb3a59
[   70.735228][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.755190][ T5038] RSP: 002b:00007fffd89db508 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   70.763639][ T5038] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8360cb3a59
[   70.771703][ T5038] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   70.779675][ T5038] RBP: 00007f8360d455f0 R08: 00005555573e54c0 R09: 00005555573e54c0
[   70.787650][ T5038] R10: 000000000001f1b8 R11: 0000000000000246 R12: 00007fffd89db530
[   70.795757][ T5038] R13: 00007fffd89db758 R14: 431bde82d7b634db R15: 00007f8360cfc03b
[   70.803742][ T5038]  </TASK>
[   70.806852][ T5038] 
[   70.809256][ T5038] Allocated by task 5038:
[   70.813589][ T5038]  kasan_save_stack+0x33/0x50
[   70.818378][ T5038]  kasan_set_track+0x25/0x30
[   70.822981][ T5038]  __kasan_kmalloc+0xa2/0xb0
[   70.827595][ T5038]  __kmalloc+0x60/0x100
[   70.831767][ T5038]  ntfs_readdir+0x11a4/0x2b00
[   70.836454][ T5038]  wrap_directory_iterator+0xa5/0xe0
[   70.841760][ T5038]  iterate_dir+0x1e5/0x5f0
[   70.846175][ T5038]  __x64_sys_getdents64+0x14f/0x2e0
[   70.851378][ T5038]  do_syscall_64+0x38/0xb0
[   70.855900][ T5038]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.861822][ T5038] 
[   70.864143][ T5038] The buggy address belongs to the object at ffff88802317c400
[   70.864143][ T5038]  which belongs to the cache kmalloc-64 of size 64
[   70.878111][ T5038] The buggy address is located 57 bytes to the right of
[   70.878111][ T5038]  allocated 56-byte region [ffff88802317c400, ffff88802317c438)
[   70.892606][ T5038] 
[   70.894926][ T5038] The buggy address belongs to the physical page:
[   70.901336][ T5038] page:ffffea00008c5f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2317c
[   70.911494][ T5038] anon flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   70.919476][ T5038] page_type: 0xffffffff()
[   70.923810][ T5038] raw: 00fff00000000200 ffff888012841640 0000000000000000 0000000000000001
[   70.932488][ T5038] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   70.941086][ T5038] page dumped because: kasan: bad access detected
[   70.947499][ T5038] page_owner tracks the page as allocated
[   70.953209][ T5038] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 48, tgid 48 (kworker/u4:3), ts 18733436964, free_ts 18726454427
[   70.971281][ T5038]  post_alloc_hook+0x2d2/0x350
[   70.976072][ T5038]  get_page_from_freelist+0x10d7/0x31b0
[   70.981636][ T5038]  __alloc_pages+0x1d0/0x4a0
[   70.986227][ T5038]  alloc_pages+0x1a9/0x270
[   70.990655][ T5038]  allocate_slab+0x24e/0x380
[   70.995255][ T5038]  ___slab_alloc+0x8bc/0x1570
[   70.999957][ T5038]  __slab_alloc.constprop.0+0x56/0xa0
[   71.005364][ T5038]  __kmem_cache_alloc_node+0x137/0x350
[   71.010846][ T5038]  __kmalloc+0x4f/0x100
[   71.015021][ T5038]  security_task_alloc+0x1d4/0x270
[   71.020232][ T5038]  copy_process+0x24d7/0x7400
[   71.024923][ T5038]  kernel_clone+0xfd/0x930
[   71.029354][ T5038]  user_mode_thread+0xb4/0xf0
[   71.034041][ T5038]  call_usermodehelper_exec_work+0xcb/0x170
[   71.039939][ T5038]  process_one_work+0x887/0x15d0
[   71.044885][ T5038]  worker_thread+0x8bb/0x1290
[   71.049571][ T5038] page last free stack trace:
[   71.054236][ T5038]  free_unref_page_prepare+0x508/0xb90
[   71.059719][ T5038]  free_unref_page+0x33/0x3b0
[   71.064415][ T5038]  __mmdrop+0xd7/0x490
[   71.068494][ T5038]  __mmput+0x409/0x4d0
[   71.072570][ T5038]  mmput+0x62/0x70
[   71.076291][ T5038]  free_bprm+0x144/0x3f0
[   71.080536][ T5038]  kernel_execve+0x3e7/0x4e0
[   71.085130][ T5038]  call_usermodehelper_exec_async+0x256/0x4c0
[   71.091202][ T5038]  ret_from_fork+0x45/0x80
[   71.095712][ T5038]  ret_from_fork_asm+0x11/0x20
[   71.100490][ T5038] 
[   71.102816][ T5038] Memory state around the buggy address:
[   71.108442][ T5038]  ffff88802317c300: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   71.116511][ T5038]  ffff88802317c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   71.124578][ T5038] >ffff88802317c400: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   71.132721][ T5038]                                                              ^
[   71.140432][ T5038]  ffff88802317c480: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   71.148492][ T5038]  ffff88802317c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   71.156898][ T5038] ==================================================================
[   71.179272][ T5038] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.186504][ T5038] CPU: 1 PID: 5038 Comm: syz-executor415 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
[   71.196395][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   71.206534][ T5038] Call Trace:
[   71.209818][ T5038]  <TASK>
[   71.212755][ T5038]  dump_stack_lvl+0xd9/0x1b0
[   71.217353][ T5038]  panic+0x6a6/0x750
[   71.221244][ T5038]  ? panic_smp_self_stop+0xa0/0xa0
[   71.226351][ T5038]  ? preempt_schedule_thunk+0x1a/0x30
[   71.232946][ T5038]  ? preempt_schedule_common+0x45/0xc0
[   71.238404][ T5038]  check_panic_on_warn+0xab/0xb0
[   71.243348][ T5038]  end_report+0x108/0x150
[   71.247710][ T5038]  kasan_report+0xea/0x110
[   71.252215][ T5038]  ? ntfs_readdir+0x1455/0x2b00
[   71.257072][ T5038]  ? ntfs_readdir+0x1455/0x2b00
[   71.261933][ T5038]  ntfs_readdir+0x1455/0x2b00
[   71.266624][ T5038]  ? __mutex_lock+0x25b/0x1340
[   71.271383][ T5038]  ? preempt_count_sub+0x150/0x150
[   71.276494][ T5038]  ? lock_release+0x4bf/0x680
[   71.281166][ T5038]  ? ptrace_stop.part.0+0x4b4/0x8f0
[   71.286357][ T5038]  ? put_page+0x280/0x280
[   71.290776][ T5038]  ? down_read+0x470/0x470
[   71.295220][ T5038]  ? put_page+0x280/0x280
[   71.299561][ T5038]  wrap_directory_iterator+0xa5/0xe0
[   71.304882][ T5038]  iterate_dir+0x1e5/0x5f0
[   71.309316][ T5038]  __x64_sys_getdents64+0x14f/0x2e0
[   71.314525][ T5038]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   71.319825][ T5038]  ? handle_mm_fault+0x4f1/0xa00
[   71.324758][ T5038]  ? fillonedir+0x400/0x400
[   71.329338][ T5038]  ? trace_irq_enable.constprop.0+0xd0/0x100
[   71.335321][ T5038]  ? _raw_spin_unlock_irq+0x2e/0x50
[   71.340518][ T5038]  ? ptrace_notify+0xf4/0x130
[   71.345365][ T5038]  do_syscall_64+0x38/0xb0
[   71.349783][ T5038]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.355685][ T5038] RIP: 0033:0x7f8360cb3a59
[   71.360120][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.379723][ T5038] RSP: 002b:00007fffd89db508 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   71.388393][ T5038] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8360cb3a59
[   71.396384][ T5038] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   71.404351][ T5038] RBP: 00007f8360d455f0 R08: 00005555573e54c0 R09: 00005555573e54c0
[   71.412318][ T5038] R10: 000000000001f1b8 R11: 0000000000000246 R12: 00007fffd89db530
[   71.420281][ T5038] R13: 00007fffd89db758 R14: 431bde82d7b634db R15: 00007f8360cfc03b
[   71.428339][ T5038]  </TASK>
[   71.431559][ T5038] Kernel Offset: disabled
[   71.435876][ T5038] Rebooting in 86400 seconds..