./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3734160752

<...>
DUID 00:04:b8:e6:73:7f:79:fd:ed:d3:a2:45:9d:0b:c9:97:07:5c
[   21.553604][ T4689] 8021q: adding VLAN 0 to HW filter on device bond0
forked to background, child pid 4688
[   21.570738][ T4689] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts.
execve("./syz-executor3734160752", ["./syz-executor3734160752"], 0x7ffc89d84020 /* 10 vars */) = 0
brk(NULL)                               = 0x555555c7e000
brk(0x555555c7ec40)                     = 0x555555c7ec40
arch_prctl(ARCH_SET_FS, 0x555555c7e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3734160752", 4096) = 28
brk(0x555555c9fc40)                     = 0x555555c9fc40
brk(0x555555ca0000)                     = 0x555555ca0000
mprotect(0x7f85fe31e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85f5e46000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f85f5e46000, 2097152)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   55.556191][ T5019] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5019 'syz-executor373'
[   55.584637][ T5019] loop0: detected capacity change from 0 to 4096
[   55.595751][ T5019] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[   55.607306][ T5019] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
[   55.616258][ T5019] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   55.629615][ T5019] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   55.646910][ T5019] ntfs: volume version 3.1.
mount("/dev/loop0", "./file0", "ntfs", MS_NOSUID, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, ".", O_RDONLY)         = 4
[   55.652709][ T5019] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory.  Aborting lookup.
[   55.662645][ T5019] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[   55.673946][ T5019] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[   55.693813][ T5019] ==================================================================
[   55.701918][ T5019] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x1455/0x29b0
[   55.709495][ T5019] Read of size 1 at addr ffff88802baf4971 by task syz-executor373/5019
[   55.717727][ T5019] 
[   55.720060][ T5019] CPU: 0 PID: 5019 Comm: syz-executor373 Not tainted 6.4.0-syzkaller-12069-gc17414a273b8 #0
[   55.730119][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   55.740156][ T5019] Call Trace:
[   55.743443][ T5019]  <TASK>
[   55.746354][ T5019]  dump_stack_lvl+0xd9/0x150
[   55.751043][ T5019]  print_address_description.constprop.0+0x2c/0x3c0
[   55.757620][ T5019]  kasan_report+0x11d/0x130
[   55.762103][ T5019]  ? ntfs_readdir+0x1455/0x29b0
[   55.766937][ T5019]  ntfs_readdir+0x1455/0x29b0
[   55.771601][ T5019]  ? put_page+0x280/0x280
[   55.775913][ T5019]  ? down_write_killable_nested+0x250/0x250
[   55.781786][ T5019]  iterate_dir+0x20c/0x750
[   55.786182][ T5019]  __x64_sys_getdents64+0x13e/0x2c0
[   55.791366][ T5019]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   55.796636][ T5019]  ? compat_fillonedir+0x470/0x470
[   55.801751][ T5019]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.806933][ T5019]  ? _raw_spin_unlock_irq+0x2e/0x50
[   55.812121][ T5019]  ? ptrace_notify+0xfe/0x140
[   55.816784][ T5019]  do_syscall_64+0x39/0xb0
[   55.821186][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.827065][ T5019] RIP: 0033:0x7f85fe2927a9
[   55.831459][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.851054][ T5019] RSP: 002b:00007ffd72a33b58 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   55.859447][ T5019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f85fe2927a9
[   55.867401][ T5019] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   55.875348][ T5019] RBP: 00007f85fe252040 R08: 0000000000000000 R09: 0000000000000000
[   55.883296][ T5019] R10: 000000000001f1b8 R11: 0000000000000246 R12: 00007f85fe2520d0
[   55.891249][ T5019] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.899207][ T5019]  </TASK>
[   55.902209][ T5019] 
[   55.904507][ T5019] Allocated by task 5019:
[   55.908820][ T5019]  kasan_save_stack+0x22/0x40
[   55.913479][ T5019]  kasan_set_track+0x25/0x30
[   55.918047][ T5019]  __kasan_kmalloc+0xa2/0xb0
[   55.922618][ T5019]  __kmalloc+0x5e/0x190
[   55.926753][ T5019]  ntfs_readdir+0x117f/0x29b0
[   55.931424][ T5019]  iterate_dir+0x20c/0x750
[   55.935816][ T5019]  __x64_sys_getdents64+0x13e/0x2c0
[   55.940992][ T5019]  do_syscall_64+0x39/0xb0
[   55.945390][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.951266][ T5019] 
[   55.953564][ T5019] The buggy address belongs to the object at ffff88802baf4900
[   55.953564][ T5019]  which belongs to the cache kmalloc-64 of size 64
[   55.967413][ T5019] The buggy address is located 57 bytes to the right of
[   55.967413][ T5019]  allocated 56-byte region [ffff88802baf4900, ffff88802baf4938)
[   55.981878][ T5019] 
[   55.984179][ T5019] The buggy address belongs to the physical page:
[   55.990655][ T5019] page:ffffea0000aebd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802baf4c80 pfn:0x2baf4
[   56.002516][ T5019] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   56.010038][ T5019] page_type: 0xffffffff()
[   56.014342][ T5019] raw: 00fff00000000200 ffff888012841640 ffffea0000aa7d40 dead000000000006
[   56.022904][ T5019] raw: ffff88802baf4c80 000000008020001d 00000001ffffffff 0000000000000000
[   56.031460][ T5019] page dumped because: kasan: bad access detected
[   56.037847][ T5019] page_owner tracks the page as allocated
[   56.043534][ T5019] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 38, tgid 38 (kworker/u4:2), ts 8915134478, free_ts 8903626038
[   56.061314][ T5019]  post_alloc_hook+0x2db/0x350
[   56.066065][ T5019]  get_page_from_freelist+0xfed/0x2d30
[   56.071507][ T5019]  __alloc_pages+0x1cb/0x4a0
[   56.076077][ T5019]  alloc_pages+0x1aa/0x270
[   56.080472][ T5019]  allocate_slab+0x25f/0x390
[   56.085042][ T5019]  ___slab_alloc+0xbc3/0x15d0
[   56.089715][ T5019]  __slab_alloc.constprop.0+0x56/0xa0
[   56.095068][ T5019]  __kmem_cache_alloc_node+0x143/0x350
[   56.100503][ T5019]  __kmalloc+0x4e/0x190
[   56.104636][ T5019]  security_task_alloc+0x10f/0x250
[   56.109730][ T5019]  copy_process+0x2531/0x75c0
[   56.114384][ T5019]  kernel_clone+0xeb/0x890
[   56.118779][ T5019]  user_mode_thread+0xb1/0xf0
[   56.123430][ T5019]  call_usermodehelper_exec_work+0xd0/0x180
[   56.129388][ T5019]  process_one_work+0xa34/0x16f0
[   56.134307][ T5019]  worker_thread+0x67d/0x10c0
[   56.138985][ T5019] page last free stack trace:
[   56.143630][ T5019]  free_unref_page_prepare+0x62e/0xcb0
[   56.149077][ T5019]  free_unref_page+0x33/0x370
[   56.153733][ T5019]  vfree+0x180/0x7b0
[   56.157606][ T5019]  delayed_vfree_work+0x57/0x70
[   56.162432][ T5019]  process_one_work+0xa34/0x16f0
[   56.167346][ T5019]  worker_thread+0x67d/0x10c0
[   56.171999][ T5019]  kthread+0x344/0x440
[   56.176041][ T5019]  ret_from_fork+0x1f/0x30
[   56.180548][ T5019] 
[   56.182847][ T5019] Memory state around the buggy address:
[   56.188543][ T5019]  ffff88802baf4800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   56.196579][ T5019]  ffff88802baf4880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   56.204629][ T5019] >ffff88802baf4900: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   56.212677][ T5019]                                                              ^
[   56.220459][ T5019]  ffff88802baf4980: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   56.228499][ T5019]  ffff88802baf4a00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   56.236529][ T5019] ==================================================================
[   56.244828][ T5019] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   56.252023][ T5019] CPU: 0 PID: 5019 Comm: syz-executor373 Not tainted 6.4.0-syzkaller-12069-gc17414a273b8 #0
[   56.262078][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   56.272134][ T5019] Call Trace:
[   56.275400][ T5019]  <TASK>
[   56.278318][ T5019]  dump_stack_lvl+0xd9/0x150
[   56.282910][ T5019]  panic+0x686/0x730
[   56.286796][ T5019]  ? panic_smp_self_stop+0xa0/0xa0
[   56.291899][ T5019]  ? preempt_schedule_thunk+0x1a/0x30
[   56.297266][ T5019]  ? preempt_schedule_common+0x45/0xb0
[   56.302719][ T5019]  check_panic_on_warn+0xb1/0xc0
[   56.307671][ T5019]  end_report+0x108/0x150
[   56.311993][ T5019]  kasan_report+0xfa/0x130
[   56.316401][ T5019]  ? ntfs_readdir+0x1455/0x29b0
[   56.321254][ T5019]  ntfs_readdir+0x1455/0x29b0
[   56.326025][ T5019]  ? put_page+0x280/0x280
[   56.330353][ T5019]  ? down_write_killable_nested+0x250/0x250
[   56.336246][ T5019]  iterate_dir+0x20c/0x750
[   56.340668][ T5019]  __x64_sys_getdents64+0x13e/0x2c0
[   56.345868][ T5019]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   56.351149][ T5019]  ? compat_fillonedir+0x470/0x470
[   56.356257][ T5019]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.361447][ T5019]  ? _raw_spin_unlock_irq+0x2e/0x50
[   56.366642][ T5019]  ? ptrace_notify+0xfe/0x140
[   56.371308][ T5019]  do_syscall_64+0x39/0xb0
[   56.375722][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.381611][ T5019] RIP: 0033:0x7f85fe2927a9
[   56.386013][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.405616][ T5019] RSP: 002b:00007ffd72a33b58 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   56.414020][ T5019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f85fe2927a9
[   56.421979][ T5019] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   56.429939][ T5019] RBP: 00007f85fe252040 R08: 0000000000000000 R09: 0000000000000000
[   56.437901][ T5019] R10: 000000000001f1b8 R11: 0000000000000246 R12: 00007f85fe2520d0
[   56.445856][ T5019] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.453826][ T5019]  </TASK>
[   56.457793][ T5019] Kernel Offset: disabled
[   56.462103][ T5019] Rebooting in 86400 seconds..