./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor760957029

<...>
Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts.
execve("./syz-executor760957029", ["./syz-executor760957029"], 0x7ffd59a72000 /* 10 vars */) = 0
brk(NULL)                               = 0x555556481000
brk(0x555556481d00)                     = 0x555556481d00
arch_prctl(ARCH_SET_FS, 0x5555564813c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor760957029", 4096) = 27
brk(0x5555564a2d00)                     = 0x5555564a2d00
brk(0x5555564a3000)                     = 0x5555564a3000
mprotect(0x7f0109db1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f0109d02630, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0109d02ca0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f0109d02630, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0109d02ca0}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
ftruncate(3, 36800)                     = 0
pwrite64(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02", 69, 0) = 69
pwrite64(3, "\x46\x49\x4c\x45\x30\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x40\x00\x01\x00\xa0\x01\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x60\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\xdb\xc3\x2d\xdb\x00\x00\x48\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 347, 16384) = 347
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08", 31, 16864) = 31
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08", 31, 17376) = 31
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08", 31, 17888) = 31
pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08", 31, 18400) = 31
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   39.106244][ T3605] loop0: detected capacity change from 0 to 71
[   39.115991][ T3605] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[   39.125192][ T3605] ==================================================================
[   39.133239][ T3605] BUG: KASAN: use-after-free in ntfs_attr_find+0xb88/0xce0
[   39.140436][ T3605] Read of size 2 at addr ffff8880214210aa by task syz-executor760/3605
[   39.148651][ T3605] 
[   39.150978][ T3605] CPU: 0 PID: 3605 Comm: syz-executor760 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0
[   39.161365][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[   39.171399][ T3605] Call Trace:
[   39.174659][ T3605]  <TASK>
[   39.177570][ T3605]  dump_stack_lvl+0xcd/0x134
[   39.182160][ T3605]  print_report.cold+0x2ba/0x719
[   39.187083][ T3605]  ? ntfs_attr_find+0xb88/0xce0
[   39.191917][ T3605]  kasan_report+0xb1/0x1e0
[   39.196316][ T3605]  ? ntfs_attr_find+0xb88/0xce0
[   39.201145][ T3605]  ntfs_attr_find+0xb88/0xce0
[   39.205809][ T3605]  ntfs_attr_lookup+0x1056/0x2070
[   39.210814][ T3605]  ? ntfs_attr_get_search_ctx+0x41/0x200
[   39.216435][ T3605]  ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0
[   39.222403][ T3605]  ? rcu_read_lock_sched_held+0xd/0x70
[   39.227842][ T3605]  ? kmem_cache_alloc+0x31b/0x3b0
[   39.232849][ T3605]  ntfs_read_inode_mount+0x89a/0x2580
[   39.238202][ T3605]  ntfs_fill_super+0x17c7/0x9300
[   39.243123][ T3605]  ? lock_downgrade+0x6e0/0x6e0
[   39.247956][ T3605]  ? parse_options+0x1d70/0x1d70
[   39.252879][ T3605]  ? snprintf+0xbb/0xf0
[   39.257032][ T3605]  ? vsprintf+0x30/0x30
[   39.261177][ T3605]  ? wait_for_completion_io_timeout+0x20/0x20
[   39.267238][ T3605]  ? up_write+0x148/0x470
[   39.271559][ T3605]  ? set_blocksize+0x2e5/0x370
[   39.276314][ T3605]  mount_bdev+0x34d/0x410
[   39.280635][ T3605]  ? parse_options+0x1d70/0x1d70
[   39.285561][ T3605]  ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[   39.291097][ T3605]  legacy_get_tree+0x105/0x220
[   39.295854][ T3605]  vfs_get_tree+0x89/0x2f0
[   39.300262][ T3605]  path_mount+0x1326/0x1e20
[   39.304761][ T3605]  ? kmem_cache_free+0xeb/0x5b0
[   39.309602][ T3605]  ? finish_automount+0x960/0x960
[   39.314619][ T3605]  ? putname+0xfe/0x140
[   39.318767][ T3605]  __x64_sys_mount+0x27f/0x300
[   39.323526][ T3605]  ? copy_mnt_ns+0xae0/0xae0
[   39.328107][ T3605]  ? lockdep_hardirqs_on+0x79/0x100
[   39.333299][ T3605]  ? _raw_spin_unlock_irq+0x2a/0x40
[   39.338486][ T3605]  ? ptrace_notify+0xfa/0x140
[   39.343160][ T3605]  do_syscall_64+0x35/0xb0
[   39.347566][ T3605]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.353458][ T3605] RIP: 0033:0x7f0109d45ada
[   39.357863][ T3605] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   39.377546][ T3605] RSP: 002b:00007ffe7045fc28 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   39.386035][ T3605] RAX: ffffffffffffffda RBX: 00007ffe7045fc80 RCX: 00007f0109d45ada
[   39.393993][ T3605] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe7045fc40
[   39.401954][ T3605] RBP: 00007ffe7045fc40 R08: 00007ffe7045fc80 R09: 0000000000000000
[   39.410089][ T3605] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290
[   39.418053][ T3605] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006
[   39.426017][ T3605]  </TASK>
[   39.429022][ T3605] 
[   39.431329][ T3605] The buggy address belongs to the physical page:
[   39.437723][ T3605] page:ffffea0000850840 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21421
[   39.447898][ T3605] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   39.455075][ T3605] raw: 00fff00000000000 0000000000000000 ffffffff00850301 0000000000000000
[   39.463647][ T3605] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   39.472215][ T3605] page dumped because: kasan: bad access detected
[   39.478608][ T3605] page_owner tracks the page as freed
[   39.483966][ T3605] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3233, tgid 3233 (dhcpcd-run-hook), ts 21763000295, free_ts 38911923362
[   39.505662][ T3605]  get_page_from_freelist+0x109b/0x2ce0
[   39.511202][ T3605]  __alloc_pages+0x1c7/0x510
[   39.515955][ T3605]  alloc_pages+0x1a6/0x270
[   39.520357][ T3605]  allocate_slab+0x27e/0x3d0
[   39.524935][ T3605]  ___slab_alloc+0x7f1/0xe10
[   39.529509][ T3605]  __slab_alloc.constprop.0+0x4d/0xa0
[   39.534867][ T3605]  kmem_cache_alloc+0x38c/0x3b0
[   39.539704][ T3605]  getname_flags.part.0+0x50/0x4f0
[   39.544810][ T3605]  getname_flags+0x9a/0xe0
[   39.549219][ T3605]  vfs_fstatat+0x73/0xb0
[   39.553453][ T3605]  __do_sys_newfstatat+0x91/0x110
[   39.558464][ T3605]  do_syscall_64+0x35/0xb0
[   39.562926][ T3605]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.568807][ T3605] page last free stack trace:
[   39.573553][ T3605]  free_pcp_prepare+0x5e4/0xd20
[   39.578395][ T3605]  free_unref_page+0x19/0x4d0
[   39.583062][ T3605]  __unfreeze_partials+0x17c/0x1a0
[   39.588160][ T3605]  qlist_free_all+0x6a/0x170
[   39.592736][ T3605]  kasan_quarantine_reduce+0x180/0x200
[   39.598186][ T3605]  __kasan_slab_alloc+0xa2/0xc0
[   39.603025][ T3605]  kmem_cache_alloc+0x267/0x3b0
[   39.607861][ T3605]  getname_flags.part.0+0x50/0x4f0
[   39.612960][ T3605]  getname+0x8e/0xd0
[   39.616842][ T3605]  do_sys_openat2+0xf5/0x4c0
[   39.621418][ T3605]  __x64_sys_openat+0x13f/0x1f0
[   39.626291][ T3605]  do_syscall_64+0x35/0xb0
[   39.630700][ T3605]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.636583][ T3605] 
[   39.638893][ T3605] Memory state around the buggy address:
[   39.644506][ T3605]  ffff888021420f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.652555][ T3605]  ffff888021421000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.660603][ T3605] >ffff888021421080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.668648][ T3605]                                   ^
[   39.674086][ T3605]  ffff888021421100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.682129][ T3605]  ffff888021421180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.690171][ T3605] ==================================================================
[   39.698810][ T3605] Kernel panic - not syncing: panic_on_warn set ...
[   39.705420][ T3605] CPU: 1 PID: 3605 Comm: syz-executor760 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0
[   39.715837][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[   39.725967][ T3605] Call Trace:
[   39.729232][ T3605]  <TASK>
[   39.732153][ T3605]  dump_stack_lvl+0xcd/0x134
[   39.736738][ T3605]  panic+0x2c8/0x627
[   39.740627][ T3605]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   39.746687][ T3605]  ? preempt_schedule_common+0x59/0xc0
[   39.752140][ T3605]  ? preempt_schedule_thunk+0x16/0x18
[   39.757508][ T3605]  ? ntfs_attr_find+0xb88/0xce0
[   39.762353][ T3605]  end_report.part.0+0x3f/0x7c
[   39.767113][ T3605]  kasan_report.cold+0xa/0xf
[   39.771696][ T3605]  ? ntfs_attr_find+0xb88/0xce0
[   39.776540][ T3605]  ntfs_attr_find+0xb88/0xce0
[   39.781216][ T3605]  ntfs_attr_lookup+0x1056/0x2070
[   39.786233][ T3605]  ? ntfs_attr_get_search_ctx+0x41/0x200
[   39.791860][ T3605]  ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0
[   39.797835][ T3605]  ? rcu_read_lock_sched_held+0xd/0x70
[   39.803282][ T3605]  ? kmem_cache_alloc+0x31b/0x3b0
[   39.808299][ T3605]  ntfs_read_inode_mount+0x89a/0x2580
[   39.813664][ T3605]  ntfs_fill_super+0x17c7/0x9300
[   39.818596][ T3605]  ? lock_downgrade+0x6e0/0x6e0
[   39.823442][ T3605]  ? parse_options+0x1d70/0x1d70
[   39.828367][ T3605]  ? snprintf+0xbb/0xf0
[   39.832516][ T3605]  ? vsprintf+0x30/0x30
[   39.836663][ T3605]  ? wait_for_completion_io_timeout+0x20/0x20
[   39.842810][ T3605]  ? up_write+0x148/0x470
[   39.847133][ T3605]  ? set_blocksize+0x2e5/0x370
[   39.851887][ T3605]  mount_bdev+0x34d/0x410
[   39.856210][ T3605]  ? parse_options+0x1d70/0x1d70
[   39.861140][ T3605]  ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[   39.866674][ T3605]  legacy_get_tree+0x105/0x220
[   39.871439][ T3605]  vfs_get_tree+0x89/0x2f0
[   39.875847][ T3605]  path_mount+0x1326/0x1e20
[   39.880345][ T3605]  ? kmem_cache_free+0xeb/0x5b0
[   39.885188][ T3605]  ? finish_automount+0x960/0x960
[   39.890204][ T3605]  ? putname+0xfe/0x140
[   39.894354][ T3605]  __x64_sys_mount+0x27f/0x300
[   39.899108][ T3605]  ? copy_mnt_ns+0xae0/0xae0
[   39.903690][ T3605]  ? lockdep_hardirqs_on+0x79/0x100
[   39.908881][ T3605]  ? _raw_spin_unlock_irq+0x2a/0x40
[   39.914065][ T3605]  ? ptrace_notify+0xfa/0x140
[   39.918735][ T3605]  do_syscall_64+0x35/0xb0
[   39.923228][ T3605]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.929111][ T3605] RIP: 0033:0x7f0109d45ada
[   39.933515][ T3605] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   39.953114][ T3605] RSP: 002b:00007ffe7045fc28 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   39.961518][ T3605] RAX: ffffffffffffffda RBX: 00007ffe7045fc80 RCX: 00007f0109d45ada
[   39.969477][ T3605] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe7045fc40
[   39.977445][ T3605] RBP: 00007ffe7045fc40 R08: 00007ffe7045fc80 R09: 0000000000000000
[   39.985406][ T3605] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290
[   39.993369][ T3605] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006
[   40.001331][ T3605]  </TASK>
[   40.004905][ T3605] Kernel Offset: disabled
[   40.009313][ T3605] Rebooting in 86400 seconds..