./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor985555317
<...>
Warning: Permanently added '10.128.0.87' (ED25519) to the list of known hosts.
execve("./syz-executor985555317", ["./syz-executor985555317"], 0x7ffc2b9615e0 /* 10 vars */) = 0
brk(NULL) = 0x555556595000
brk(0x555556595d00) = 0x555556595d00
arch_prctl(ARCH_SET_FS, 0x555556595380) = 0
set_tid_address(0x555556595650) = 5041
set_robust_list(0x555556595660, 24) = 0
rseq(0x555556595ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor985555317", 4096) = 27
getrandom("\xf3\x8c\xde\xeb\x3f\xf5\x12\xad", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556595d00
brk(0x5555565b6d00) = 0x5555565b6d00
brk(0x5555565b7000) = 0x5555565b7000
mprotect(0x7f9f33f4e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f2ba7f000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f9f2ba7f000, 2097152) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 90.008803][ T5041] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5041 'syz-executor985'
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 90.056039][ T5041] loop0: detected capacity change from 0 to 4096
[ 90.069283][ T5041] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[ 90.080903][ T5041] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
[ 90.089951][ T5041] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk.
[ 90.103101][ T5041] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk.
[ 90.124890][ T5041] ntfs: volume version 3.1.
[ 90.131815][ T5041] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup.
[ 90.141917][ T5041] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
mount("/dev/loop0", "./file0", "ntfs", MS_NOSUID, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
openat(AT_FDCWD, ".", O_RDONLY) = 4
[ 90.153288][ T5041] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk.
[ 90.172447][ T5041] ==================================================================
[ 90.180571][ T5041] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x1455/0x2b00
[ 90.188179][ T5041] Read of size 1 at addr ffff888020c73871 by task syz-executor985/5041
[ 90.196465][ T5041]
[ 90.198818][ T5041] CPU: 1 PID: 5041 Comm: syz-executor985 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
[ 90.208757][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 90.218856][ T5041] Call Trace:
[ 90.222188][ T5041]
[ 90.225170][ T5041] dump_stack_lvl+0xd9/0x1b0
[ 90.229805][ T5041] print_report+0xc4/0x620
[ 90.234263][ T5041] ? __virt_addr_valid+0x5e/0x2d0
[ 90.239318][ T5041] ? __phys_addr+0xc6/0x140
[ 90.243847][ T5041] kasan_report+0xda/0x110
[ 90.248307][ T5041] ? ntfs_readdir+0x1455/0x2b00
[ 90.253184][ T5041] ? ntfs_readdir+0x1455/0x2b00
[ 90.258065][ T5041] ntfs_readdir+0x1455/0x2b00
[ 90.262773][ T5041] ? __mutex_lock+0x25b/0x1340
[ 90.267562][ T5041] ? preempt_count_sub+0x150/0x150
[ 90.272709][ T5041] ? lock_release+0x4bf/0x680
[ 90.277420][ T5041] ? ptrace_stop.part.0+0x4b4/0x8f0
[ 90.282645][ T5041] ? put_page+0x280/0x280
[ 90.287000][ T5041] ? down_read+0x470/0x470
[ 90.291451][ T5041] ? put_page+0x280/0x280
[ 90.295802][ T5041] wrap_directory_iterator+0xa5/0xe0
[ 90.301130][ T5041] iterate_dir+0x1e5/0x5f0
[ 90.305569][ T5041] __x64_sys_getdents64+0x14f/0x2e0
[ 90.310795][ T5041] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 90.316101][ T5041] ? fillonedir+0x400/0x400
[ 90.320634][ T5041] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 90.326667][ T5041] ? _raw_spin_unlock_irq+0x2e/0x50
[ 90.331896][ T5041] ? ptrace_notify+0xf4/0x130
[ 90.336596][ T5041] do_syscall_64+0x38/0xb0
[ 90.341054][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.346985][ T5041] RIP: 0033:0x7f9f33ebc5f9
[ 90.351422][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.371053][ T5041] RSP: 002b:00007fff18c18568 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 90.379664][ T5041] RAX: ffffffffffffffda RBX: 00007fff18c18738 RCX: 00007f9f33ebc5f9
[ 90.387666][ T5041] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[ 90.395656][ T5041] RBP: 00007f9f33f4e610 R08: 0000000000000000 R09: 00007fff18c18738
[ 90.403640][ T5041] R10: 000000000001f1b8 R11: 0000000000000246 R12: 0000000000000001
[ 90.411717][ T5041] R13: 00007fff18c18728 R14: 0000000000000001 R15: 0000000000000001
[ 90.419722][ T5041]
[ 90.422757][ T5041]
[ 90.425105][ T5041] Allocated by task 5041:
[ 90.429464][ T5041] kasan_save_stack+0x33/0x50
[ 90.434188][ T5041] kasan_set_track+0x25/0x30
[ 90.438810][ T5041] __kasan_kmalloc+0xa2/0xb0
[ 90.443430][ T5041] __kmalloc+0x60/0x100
[ 90.447626][ T5041] ntfs_readdir+0x11a4/0x2b00
[ 90.452325][ T5041] wrap_directory_iterator+0xa5/0xe0
[ 90.457644][ T5041] iterate_dir+0x1e5/0x5f0
[ 90.462419][ T5041] __x64_sys_getdents64+0x14f/0x2e0
[ 90.467634][ T5041] do_syscall_64+0x38/0xb0
[ 90.472082][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.478025][ T5041]
[ 90.480446][ T5041] The buggy address belongs to the object at ffff888020c73800
[ 90.480446][ T5041] which belongs to the cache kmalloc-64 of size 64
[ 90.494348][ T5041] The buggy address is located 57 bytes to the right of
[ 90.494348][ T5041] allocated 56-byte region [ffff888020c73800, ffff888020c73838)
[ 90.509037][ T5041]
[ 90.511365][ T5041] The buggy address belongs to the physical page:
[ 90.517780][ T5041] page:ffffea0000831cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20c73
[ 90.527965][ T5041] anon flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 90.536306][ T5041] page_type: 0xffffffff()
[ 90.540737][ T5041] raw: 00fff00000000200 ffff888012841640 0000000000000000 dead000000000001
[ 90.549340][ T5041] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 90.557928][ T5041] page dumped because: kasan: bad access detected
[ 90.564882][ T5041] page_owner tracks the page as allocated
[ 90.570642][ T5041] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 59, tgid 59 (kworker/u4:4), ts 22560166873, free_ts 22553861986
[ 90.588652][ T5041] post_alloc_hook+0x2d2/0x350
[ 90.593465][ T5041] get_page_from_freelist+0x10d7/0x31b0
[ 90.599046][ T5041] __alloc_pages+0x1d0/0x4a0
[ 90.603647][ T5041] alloc_pages+0x1a9/0x270
[ 90.608089][ T5041] allocate_slab+0x24e/0x380
[ 90.612708][ T5041] ___slab_alloc+0x8bc/0x1570
[ 90.617415][ T5041] __slab_alloc.constprop.0+0x56/0xa0
[ 90.622813][ T5041] __kmem_cache_alloc_node+0x137/0x350
[ 90.628298][ T5041] __kmalloc+0x4f/0x100
[ 90.632482][ T5041] security_task_alloc+0x1d4/0x270
[ 90.637613][ T5041] copy_process+0x24d7/0x7400
[ 90.642308][ T5041] kernel_clone+0xfd/0x930
[ 90.646743][ T5041] user_mode_thread+0xb4/0xf0
[ 90.651445][ T5041] call_usermodehelper_exec_work+0xcb/0x170
[ 90.657353][ T5041] process_one_work+0x887/0x15d0
[ 90.662311][ T5041] worker_thread+0x8bb/0x1290
[ 90.667012][ T5041] page last free stack trace:
[ 90.671687][ T5041] free_unref_page_prepare+0x508/0xb90
[ 90.677174][ T5041] free_unref_page+0x33/0x3b0
[ 90.681883][ T5041] __mmdrop+0xd7/0x490
[ 90.685968][ T5041] __mmput+0x409/0x4d0
[ 90.690050][ T5041] mmput+0x62/0x70
[ 90.693791][ T5041] free_bprm+0x144/0x3f0
[ 90.698051][ T5041] kernel_execve+0x3e7/0x4e0
[ 90.702660][ T5041] call_usermodehelper_exec_async+0x256/0x4c0
[ 90.708742][ T5041] ret_from_fork+0x45/0x80
[ 90.713190][ T5041] ret_from_fork_asm+0x11/0x20
[ 90.717983][ T5041]
[ 90.720309][ T5041] Memory state around the buggy address:
[ 90.725943][ T5041] ffff888020c73700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 90.734029][ T5041] ffff888020c73780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 90.742099][ T5041] >ffff888020c73800: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 90.750166][ T5041] ^
[ 90.757885][ T5041] ffff888020c73880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 90.765998][ T5041] ffff888020c73900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 90.774065][ T5041] ==================================================================
[ 90.783874][ T5041] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.791103][ T5041] CPU: 1 PID: 5041 Comm: syz-executor985 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
[ 90.801122][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 90.811204][ T5041] Call Trace:
[ 90.814489][ T5041]
[ 90.817424][ T5041] dump_stack_lvl+0xd9/0x1b0
[ 90.822043][ T5041] panic+0x6a6/0x750
[ 90.825958][ T5041] ? panic_smp_self_stop+0xa0/0xa0
[ 90.831088][ T5041] ? preempt_schedule_thunk+0x1a/0x30
[ 90.836481][ T5041] ? preempt_schedule_common+0x45/0xc0
[ 90.841958][ T5041] check_panic_on_warn+0xab/0xb0
[ 90.846913][ T5041] end_report+0x108/0x150
[ 90.851264][ T5041] kasan_report+0xea/0x110
[ 90.855705][ T5041] ? ntfs_readdir+0x1455/0x2b00
[ 90.860592][ T5041] ? ntfs_readdir+0x1455/0x2b00
[ 90.865460][ T5041] ntfs_readdir+0x1455/0x2b00
[ 90.870164][ T5041] ? __mutex_lock+0x25b/0x1340
[ 90.874942][ T5041] ? preempt_count_sub+0x150/0x150
[ 90.880074][ T5041] ? lock_release+0x4bf/0x680
[ 90.884769][ T5041] ? ptrace_stop.part.0+0x4b4/0x8f0
[ 90.890153][ T5041] ? put_page+0x280/0x280
[ 90.894588][ T5041] ? down_read+0x470/0x470
[ 90.899024][ T5041] ? put_page+0x280/0x280
[ 90.903367][ T5041] wrap_directory_iterator+0xa5/0xe0
[ 90.908678][ T5041] iterate_dir+0x1e5/0x5f0
[ 90.913101][ T5041] __x64_sys_getdents64+0x14f/0x2e0
[ 90.918334][ T5041] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 90.923632][ T5041] ? fillonedir+0x400/0x400
[ 90.928163][ T5041] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 90.934161][ T5041] ? _raw_spin_unlock_irq+0x2e/0x50
[ 90.939396][ T5041] ? ptrace_notify+0xf4/0x130
[ 90.944085][ T5041] do_syscall_64+0x38/0xb0
[ 90.948522][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.954537][ T5041] RIP: 0033:0x7f9f33ebc5f9
[ 90.958956][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.978672][ T5041] RSP: 002b:00007fff18c18568 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 90.987094][ T5041] RAX: ffffffffffffffda RBX: 00007fff18c18738 RCX: 00007f9f33ebc5f9
[ 90.995072][ T5041] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[ 91.003057][ T5041] RBP: 00007f9f33f4e610 R08: 0000000000000000 R09: 00007fff18c18738
[ 91.011034][ T5041] R10: 000000000001f1b8 R11: 0000000000000246 R12: 0000000000000001
[ 91.019025][ T5041] R13: 00007fff18c18728 R14: 0000000000000001 R15: 0000000000000001
[ 91.027011][ T5041]
[ 91.030291][ T5041] Kernel Offset: disabled
[ 91.034620][ T5041] Rebooting in 86400 seconds..