./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3114404121
<...>
Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts.
execve("./syz-executor3114404121", ["./syz-executor3114404121"], 0x7ffea98daa80 /* 10 vars */) = 0
brk(NULL) = 0x5555571a0000
brk(0x5555571a0c40) = 0x5555571a0c40
arch_prctl(ARCH_SET_FS, 0x5555571a0300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3114404121", 4096) = 28
brk(0x5555571c1c40) = 0x5555571c1c40
brk(0x5555571c2000) = 0x5555571c2000
mprotect(0x7f7b712dc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571a05d0) = 3638
./strace-static-x86_64: Process 3638 attached
[pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3638] setpgid(0, 0) = 0
[pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3638] write(3, "1000", 4) = 4
[pid 3638] close(3) = 0
[pid 3638] memfd_create("syzkaller", 0) = 3
[pid 3638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7b68e00000
[pid 3638] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x20\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf4\x00\x00\x00\xf4\x00\x00\x00\x92\x9d\x3e\x59\x8b\x7e\x69\x31\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 4194304) = 4194304
[pid 3638] munmap(0x7f7b68e00000, 4194304) = 0
[pid 3638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3638] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3638] close(3) = 0
[pid 3638] mkdir("./file0", 0777) = 0
[ 53.959814][ T3638] loop0: detected capacity change from 0 to 8192
[ 53.972529][ T3638] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[ 53.984107][ T3638] ==================================================================
[ 53.992185][ T3638] BUG: KASAN: use-after-free in mi_enum_attr+0x583/0x6a0
[ 53.999208][ T3638] Read of size 4 at addr ffff888178a6204b by task syz-executor311/3638
[ 54.007423][ T3638]
[ 54.009731][ T3638] CPU: 0 PID: 3638 Comm: syz-executor311 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 54.020114][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.030145][ T3638] Call Trace:
[ 54.033407][ T3638]
[ 54.036322][ T3638] dump_stack_lvl+0x1b1/0x28e
[ 54.040991][ T3638] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 54.046427][ T3638] ? __wake_up_klogd+0xcd/0x100
[ 54.051257][ T3638] ? panic+0x710/0x710
[ 54.055307][ T3638] ? _printk+0xc0/0x100
[ 54.059441][ T3638] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 54.064882][ T3638] print_address_description+0x74/0x340
[ 54.070414][ T3638] print_report+0x107/0x1f0
[ 54.074908][ T3638] ? __virt_addr_valid+0x21b/0x2d0
[ 54.080011][ T3638] ? __phys_addr+0xb5/0x160
[ 54.084507][ T3638] ? mi_enum_attr+0x583/0x6a0
[ 54.089177][ T3638] kasan_report+0xcd/0x100
[ 54.093589][ T3638] ? mi_enum_attr+0x583/0x6a0
[ 54.098264][ T3638] mi_enum_attr+0x583/0x6a0
[ 54.102761][ T3638] ni_enum_attr_ex+0x2f6/0x6d0
[ 54.107516][ T3638] ? ni_find_attr+0x8c0/0x8c0
[ 54.112184][ T3638] ? mi_read+0x260/0x510
[ 54.116419][ T3638] ntfs_iget5+0x1d3e/0x36f0
[ 54.120915][ T3638] ? do_raw_spin_unlock+0x134/0x8a0
[ 54.126112][ T3638] ? check_index_root+0x680/0x680
[ 54.131148][ T3638] ntfs_loadlog_and_replay+0x1ac/0x5c0
[ 54.136609][ T3638] ? ntfs_extend_init+0x5a0/0x5a0
[ 54.141627][ T3638] ? evict+0x5d5/0x620
[ 54.145688][ T3638] ntfs_fill_super+0x2333/0x42a0
[ 54.150626][ T3638] ? put_ntfs+0x2a0/0x2a0
[ 54.154950][ T3638] ? vscnprintf+0x80/0x80
[ 54.159274][ T3638] ? set_blocksize+0x1d5/0x360
[ 54.164028][ T3638] get_tree_bdev+0x400/0x620
[ 54.168607][ T3638] ? put_ntfs+0x2a0/0x2a0
[ 54.172928][ T3638] vfs_get_tree+0x88/0x270
[ 54.177338][ T3638] do_new_mount+0x289/0xad0
[ 54.181833][ T3638] ? do_move_mount_old+0x150/0x150
[ 54.186936][ T3638] ? user_path_at_empty+0x149/0x1a0
[ 54.192122][ T3638] __se_sys_mount+0x2d3/0x3c0
[ 54.196789][ T3638] ? __x64_sys_mount+0xc0/0xc0
[ 54.201541][ T3638] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 54.207513][ T3638] ? __x64_sys_mount+0x1c/0xc0
[ 54.212266][ T3638] do_syscall_64+0x3d/0xb0
[ 54.216671][ T3638] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.222554][ T3638] RIP: 0033:0x7f7b7124f92a
[ 54.226960][ T3638] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.246556][ T3638] RSP: 002b:00007ffc98428db8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 54.254957][ T3638] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7b7124f92a
[ 54.262918][ T3638] RDX: 0000000020020bc0 RSI: 0000000020020c00 RDI: 00007ffc98428dd0
[ 54.270876][ T3638] RBP: 00007ffc98428dd0 R08: 00007ffc98428e10 R09: 0000000000000000
[ 54.278837][ T3638] R10: 0000000000018882 R11: 0000000000000286 R12: 0000000000000004
[ 54.286794][ T3638] R13: 00005555571a02c0 R14: 0000000000018882 R15: 00007ffc98428e10
[ 54.294758][ T3638]
[ 54.297767][ T3638]
[ 54.300076][ T3638] The buggy address belongs to the physical page:
[ 54.306471][ T3638] page:ffffea0005e29880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178a62
[ 54.316692][ T3638] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[ 54.323878][ T3638] raw: 057ff00000000000 ffffea0005e29888 ffffea0005e29888 0000000000000000
[ 54.332445][ T3638] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 54.341008][ T3638] page dumped because: kasan: bad access detected
[ 54.347410][ T3638] page_owner info is not present (never set?)
[ 54.353453][ T3638]
[ 54.355764][ T3638] Memory state around the buggy address:
[ 54.361377][ T3638] ffff888178a61f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.369426][ T3638] ffff888178a61f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.377469][ T3638] >ffff888178a62000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.385510][ T3638] ^
[ 54.391905][ T3638] ffff888178a62080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.399948][ T3638] ffff888178a62100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.407999][ T3638] ==================================================================
[ 54.416294][ T3638] Kernel panic - not syncing: panic_on_warn set ...
[ 54.422882][ T3638] CPU: 0 PID: 3638 Comm: syz-executor311 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 54.433278][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.443319][ T3638] Call Trace:
[ 54.446584][ T3638]
[ 54.449504][ T3638] dump_stack_lvl+0x1b1/0x28e
[ 54.454175][ T3638] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 54.459622][ T3638] ? panic+0x710/0x710
[ 54.463681][ T3638] ? preempt_schedule_common+0xb7/0xe0
[ 54.469129][ T3638] ? vscnprintf+0x59/0x80
[ 54.473455][ T3638] panic+0x2d6/0x710
[ 54.477427][ T3638] ? memcpy_page_flushcache+0xfc/0xfc
[ 54.482788][ T3638] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 54.488763][ T3638] ? print_report+0x1b4/0x1f0
[ 54.493431][ T3638] ? mi_enum_attr+0x583/0x6a0
[ 54.498103][ T3638] end_report+0x91/0xa0
[ 54.502249][ T3638] kasan_report+0xda/0x100
[ 54.506656][ T3638] ? mi_enum_attr+0x583/0x6a0
[ 54.511327][ T3638] mi_enum_attr+0x583/0x6a0
[ 54.515823][ T3638] ni_enum_attr_ex+0x2f6/0x6d0
[ 54.520575][ T3638] ? ni_find_attr+0x8c0/0x8c0
[ 54.525238][ T3638] ? mi_read+0x260/0x510
[ 54.529473][ T3638] ntfs_iget5+0x1d3e/0x36f0
[ 54.533971][ T3638] ? do_raw_spin_unlock+0x134/0x8a0
[ 54.539172][ T3638] ? check_index_root+0x680/0x680
[ 54.544195][ T3638] ntfs_loadlog_and_replay+0x1ac/0x5c0
[ 54.549671][ T3638] ? ntfs_extend_init+0x5a0/0x5a0
[ 54.554704][ T3638] ? evict+0x5d5/0x620
[ 54.558773][ T3638] ntfs_fill_super+0x2333/0x42a0
[ 54.563725][ T3638] ? put_ntfs+0x2a0/0x2a0
[ 54.568053][ T3638] ? vscnprintf+0x80/0x80
[ 54.572375][ T3638] ? set_blocksize+0x1d5/0x360
[ 54.577130][ T3638] get_tree_bdev+0x400/0x620
[ 54.581728][ T3638] ? put_ntfs+0x2a0/0x2a0
[ 54.586167][ T3638] vfs_get_tree+0x88/0x270
[ 54.590593][ T3638] do_new_mount+0x289/0xad0
[ 54.595098][ T3638] ? do_move_mount_old+0x150/0x150
[ 54.600203][ T3638] ? user_path_at_empty+0x149/0x1a0
[ 54.605394][ T3638] __se_sys_mount+0x2d3/0x3c0
[ 54.610170][ T3638] ? __x64_sys_mount+0xc0/0xc0
[ 54.614953][ T3638] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 54.620942][ T3638] ? __x64_sys_mount+0x1c/0xc0
[ 54.625704][ T3638] do_syscall_64+0x3d/0xb0
[ 54.630114][ T3638] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.636000][ T3638] RIP: 0033:0x7f7b7124f92a
[ 54.640407][ T3638] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.660008][ T3638] RSP: 002b:00007ffc98428db8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 54.668411][ T3638] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7b7124f92a
[ 54.676545][ T3638] RDX: 0000000020020bc0 RSI: 0000000020020c00 RDI: 00007ffc98428dd0
[ 54.684505][ T3638] RBP: 00007ffc98428dd0 R08: 00007ffc98428e10 R09: 0000000000000000
[ 54.692470][ T3638] R10: 0000000000018882 R11: 0000000000000286 R12: 0000000000000004
[ 54.700428][ T3638] R13: 00005555571a02c0 R14: 0000000000018882 R15: 00007ffc98428e10
[ 54.708394][ T3638]
[ 54.711597][ T3638] Kernel Offset: disabled
[ 54.715911][ T3638] Rebooting in 86400 seconds..