./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2073586630

<...>
Warning: Permanently added '10.128.1.40' (ED25519) to the list of known hosts.
execve("./syz-executor2073586630", ["./syz-executor2073586630"], 0x7ffca4697e80 /* 10 vars */) = 0
brk(NULL)                               = 0x5555570b6000
brk(0x5555570b6d00)                     = 0x5555570b6d00
arch_prctl(ARCH_SET_FS, 0x5555570b6380) = 0
set_tid_address(0x5555570b6650)         = 5014
set_robust_list(0x5555570b6660, 24)     = 0
rseq(0x5555570b6ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2073586630", 4096) = 28
getrandom("\x9c\xdb\xcd\xf3\x67\x87\xaf\xef", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555570b6d00
brk(0x5555570d7d00)                     = 0x5555570d7d00
brk(0x5555570d8000)                     = 0x5555570d8000
mprotect(0x7fa2aeaee000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
[   69.391805][   T26] audit: type=1400 audit(1691297530.585:83): avc:  denied  { write } for  pid=5011 comm="strace-static-x" path="pipe:[30171]" dev="pipefs" ino=30171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   69.417915][   T26] audit: type=1400 audit(1691297530.605:84): avc:  denied  { execmem } for  pid=5014 comm="syz-executor207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa2a661f000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x04\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7fa2a661f000, 2097152)         = 0
[   69.421627][ T5014] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5014 'syz-executor207'
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   69.471606][   T26] audit: type=1400 audit(1691297530.665:85): avc:  denied  { read write } for  pid=5014 comm="syz-executor207" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   69.474055][ T5014] loop0: detected capacity change from 0 to 4096
[   69.497261][   T26] audit: type=1400 audit(1691297530.665:86): avc:  denied  { open } for  pid=5014 comm="syz-executor207" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   69.527299][   T26] audit: type=1400 audit(1691297530.665:87): avc:  denied  { ioctl } for  pid=5014 comm="syz-executor207" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   69.553830][   T26] audit: type=1400 audit(1691297530.695:88): avc:  denied  { mounton } for  pid=5014 comm="syz-executor207" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   69.555871][ T5014] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[   69.588235][ T5014] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   69.601514][ T5014] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
mount("/dev/loop0", "./file0", "ntfs", MS_RDONLY|MS_NODEV, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, ".", O_RDONLY)         = 4
[   69.625223][ T5014] ntfs: volume version 3.1.
[   69.629843][ T5014] ntfs: (device loop0): ntfs_check_logfile(): $LogFile is too small.
[   69.651354][ T5014] ==================================================================
[   69.659452][ T5014] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x1455/0x2b00
[   69.667019][ T5014] Read of size 1 at addr ffff88801a7b25f1 by task syz-executor207/5014
[   69.675251][ T5014] 
[   69.677563][ T5014] CPU: 0 PID: 5014 Comm: syz-executor207 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[   69.687961][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   69.698010][ T5014] Call Trace:
[   69.701385][ T5014]  <TASK>
[   69.704342][ T5014]  dump_stack_lvl+0xd9/0x1b0
[   69.708979][ T5014]  print_report+0xc4/0x620
[   69.713437][ T5014]  ? __virt_addr_valid+0x5e/0x2d0
[   69.718496][ T5014]  ? __phys_addr+0xc6/0x140
[   69.723035][ T5014]  kasan_report+0xda/0x110
[   69.727497][ T5014]  ? ntfs_readdir+0x1455/0x2b00
[   69.732389][ T5014]  ? ntfs_readdir+0x1455/0x2b00
[   69.737360][ T5014]  ntfs_readdir+0x1455/0x2b00
[   69.742072][ T5014]  ? preempt_count_sub+0x150/0x150
[   69.747210][ T5014]  ? preempt_count_sub+0x150/0x150
[   69.752415][ T5014]  ? put_page+0x280/0x280
[   69.756741][ T5014]  iterate_dir+0x201/0x740
[   69.761240][ T5014]  __x64_sys_getdents64+0x14f/0x2e0
[   69.766454][ T5014]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   69.771842][ T5014]  ? fillonedir+0x400/0x400
[   69.776457][ T5014]  ? lockdep_hardirqs_on+0x7d/0x100
[   69.781662][ T5014]  ? _raw_spin_unlock_irq+0x2e/0x50
[   69.786861][ T5014]  ? ptrace_notify+0xf4/0x130
[   69.791533][ T5014]  do_syscall_64+0x38/0xb0
[   69.795941][ T5014]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   69.801828][ T5014] RIP: 0033:0x7fa2aea5c5f9
[   69.806229][ T5014] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   69.825830][ T5014] RSP: 002b:00007ffeee4d6d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   69.834231][ T5014] RAX: ffffffffffffffda RBX: 00007ffeee4d6f38 RCX: 00007fa2aea5c5f9
[   69.842193][ T5014] RDX: 0000000000000098 RSI: 0000000020000080 RDI: 0000000000000004
[   69.850154][ T5014] RBP: 00007fa2aeaee610 R08: 0000000000000000 R09: 00007ffeee4d6f38
[   69.858163][ T5014] R10: 000000000001e706 R11: 0000000000000246 R12: 0000000000000001
[   69.866129][ T5014] R13: 00007ffeee4d6f28 R14: 0000000000000001 R15: 0000000000000001
[   69.874101][ T5014]  </TASK>
[   69.877117][ T5014] 
[   69.879433][ T5014] Allocated by task 5014:
[   69.883777][ T5014]  kasan_save_stack+0x33/0x50
[   69.888655][ T5014]  kasan_set_track+0x25/0x30
[   69.893265][ T5014]  __kasan_kmalloc+0xa3/0xb0
[   69.897851][ T5014]  __kmalloc+0x5d/0x100
[   69.902000][ T5014]  ntfs_readdir+0x11a4/0x2b00
[   69.906665][ T5014]  iterate_dir+0x201/0x740
[   69.911080][ T5014]  __x64_sys_getdents64+0x14f/0x2e0
[   69.916277][ T5014]  do_syscall_64+0x38/0xb0
[   69.920681][ T5014]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   69.926560][ T5014] 
[   69.928867][ T5014] The buggy address belongs to the object at ffff88801a7b2580
[   69.928867][ T5014]  which belongs to the cache kmalloc-64 of size 64
[   69.942731][ T5014] The buggy address is located 57 bytes to the right of
[   69.942731][ T5014]  allocated 56-byte region [ffff88801a7b2580, ffff88801a7b25b8)
[   69.957213][ T5014] 
[   69.959549][ T5014] The buggy address belongs to the physical page:
[   69.966210][ T5014] page:ffffea000069ec80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801a7b2b00 pfn:0x1a7b2
[   69.977657][ T5014] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   69.985188][ T5014] page_type: 0x1e()
[   69.988986][ T5014] raw: 00fff00000000200 ffff888012840200 ffffea0000b08750 ffffea0000b41990
[   69.997563][ T5014] raw: ffff88801a7b2b00 ffff88801a7b2000 000000010000001e 0000000000000000
[   70.006135][ T5014] page dumped because: kasan: bad access detected
[   70.012619][ T5014] page_owner tracks the page as allocated
[   70.018574][ T5014] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 74, tgid 74 (kworker/u4:4), ts 8624806373, free_ts 0
[   70.037403][ T5014]  post_alloc_hook+0x2d2/0x350
[   70.042169][ T5014]  get_page_from_freelist+0x10a9/0x31e0
[   70.047706][ T5014]  __alloc_pages+0x1d0/0x4a0
[   70.052285][ T5014]  cache_grow_begin+0x99/0x3a0
[   70.057065][ T5014]  cache_alloc_refill+0x294/0x3a0
[   70.062172][ T5014]  __kmem_cache_alloc_node+0x3c9/0x470
[   70.067650][ T5014]  kmalloc_node_trace+0x22/0xd0
[   70.072582][ T5014]  __get_vm_area_node+0xe1/0x3d0
[   70.077605][ T5014]  __vmalloc_node_range+0x27a/0x1540
[   70.082905][ T5014]  copy_process+0x13f1/0x7400
[   70.087600][ T5014]  kernel_clone+0xfd/0x8f0
[   70.092030][ T5014]  user_mode_thread+0xb4/0xf0
[   70.096703][ T5014]  call_usermodehelper_exec_work+0xcb/0x170
[   70.102611][ T5014]  process_one_work+0xaa2/0x16f0
[   70.107540][ T5014]  worker_thread+0x687/0x1110
[   70.112203][ T5014]  kthread+0x33a/0x430
[   70.116261][ T5014] page_owner free stack trace missing
[   70.121611][ T5014] 
[   70.123917][ T5014] Memory state around the buggy address:
[   70.129529][ T5014]  ffff88801a7b2480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   70.137574][ T5014]  ffff88801a7b2500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   70.145643][ T5014] >ffff88801a7b2580: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   70.153782][ T5014]                                                              ^
[   70.161578][ T5014]  ffff88801a7b2600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   70.169630][ T5014]  ffff88801a7b2680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   70.177674][ T5014] ==================================================================
[   70.186116][ T5014] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   70.193335][ T5014] CPU: 1 PID: 5014 Comm: syz-executor207 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[   70.203854][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   70.213914][ T5014] Call Trace:
[   70.217190][ T5014]  <TASK>
[   70.220123][ T5014]  dump_stack_lvl+0xd9/0x1b0
[   70.224841][ T5014]  panic+0x6a4/0x750
[   70.228746][ T5014]  ? panic_smp_self_stop+0xa0/0xa0
[   70.233868][ T5014]  ? preempt_schedule_thunk+0x1a/0x30
[   70.239440][ T5014]  ? preempt_schedule_common+0x45/0xc0
[   70.244912][ T5014]  check_panic_on_warn+0xab/0xb0
[   70.249863][ T5014]  end_report+0x108/0x150
[   70.254212][ T5014]  kasan_report+0xea/0x110
[   70.258651][ T5014]  ? ntfs_readdir+0x1455/0x2b00
[   70.263510][ T5014]  ? ntfs_readdir+0x1455/0x2b00
[   70.268372][ T5014]  ntfs_readdir+0x1455/0x2b00
[   70.273068][ T5014]  ? preempt_count_sub+0x150/0x150
[   70.278199][ T5014]  ? preempt_count_sub+0x150/0x150
[   70.283331][ T5014]  ? put_page+0x280/0x280
[   70.287673][ T5014]  iterate_dir+0x201/0x740
[   70.292209][ T5014]  __x64_sys_getdents64+0x14f/0x2e0
[   70.297432][ T5014]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   70.302741][ T5014]  ? fillonedir+0x400/0x400
[   70.307261][ T5014]  ? lockdep_hardirqs_on+0x7d/0x100
[   70.312473][ T5014]  ? _raw_spin_unlock_irq+0x2e/0x50
[   70.317690][ T5014]  ? ptrace_notify+0xf4/0x130
[   70.322384][ T5014]  do_syscall_64+0x38/0xb0
[   70.326809][ T5014]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.332718][ T5014] RIP: 0033:0x7fa2aea5c5f9
[   70.337222][ T5014] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.356840][ T5014] RSP: 002b:00007ffeee4d6d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   70.365266][ T5014] RAX: ffffffffffffffda RBX: 00007ffeee4d6f38 RCX: 00007fa2aea5c5f9
[   70.373279][ T5014] RDX: 0000000000000098 RSI: 0000000020000080 RDI: 0000000000000004
[   70.381353][ T5014] RBP: 00007fa2aeaee610 R08: 0000000000000000 R09: 00007ffeee4d6f38
[   70.389525][ T5014] R10: 000000000001e706 R11: 0000000000000246 R12: 0000000000000001
[   70.397524][ T5014] R13: 00007ffeee4d6f28 R14: 0000000000000001 R15: 0000000000000001
[   70.405541][ T5014]  </TASK>
[   70.408802][ T5014] Kernel Offset: disabled
[   70.413158][ T5014] Rebooting in 86400 seconds..