./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor134156554

<...>
Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts.
execve("./syz-executor134156554", ["./syz-executor134156554"], 0x7fff876e8990 /* 10 vars */) = 0
brk(NULL)                               = 0x555556df9000
brk(0x555556df9c40)                     = 0x555556df9c40
arch_prctl(ARCH_SET_FS, 0x555556df9300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor134156554", 4096) = 27
brk(0x555556e1ac40)                     = 0x555556e1ac40
brk(0x555556e1b000)                     = 0x555556e1b000
mprotect(0x7fd556471000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd54df99000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7fd54df99000, 2097152)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   52.204481][ T5018] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5018 'syz-executor134'
[   52.232164][ T5018] loop0: detected capacity change from 0 to 4096
[   52.243908][ T5018] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[   52.255425][ T5018] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
[   52.264310][ T5018] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   52.277284][ T5018] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   52.294599][ T5018] ntfs: volume version 3.1.
mount("/dev/loop0", "./file0", "ntfs", MS_NOSUID, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, ".", O_RDONLY)         = 4
[   52.300582][ T5018] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory.  Aborting lookup.
[   52.310550][ T5018] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[   52.321862][ T5018] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[   52.342639][ T5018] ==================================================================
[   52.350702][ T5018] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x1455/0x29b0
[   52.358280][ T5018] Read of size 1 at addr ffff88802951c471 by task syz-executor134/5018
[   52.366510][ T5018] 
[   52.368814][ T5018] CPU: 0 PID: 5018 Comm: syz-executor134 Not tainted 6.4.0-syzkaller-12069-gc17414a273b8 #0
[   52.378857][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   52.388890][ T5018] Call Trace:
[   52.392149][ T5018]  <TASK>
[   52.395062][ T5018]  dump_stack_lvl+0xd9/0x150
[   52.399661][ T5018]  print_address_description.constprop.0+0x2c/0x3c0
[   52.406231][ T5018]  kasan_report+0x11d/0x130
[   52.410722][ T5018]  ? ntfs_readdir+0x1455/0x29b0
[   52.415558][ T5018]  ntfs_readdir+0x1455/0x29b0
[   52.420218][ T5018]  ? put_page+0x280/0x280
[   52.424526][ T5018]  ? down_write_killable_nested+0x250/0x250
[   52.430398][ T5018]  iterate_dir+0x20c/0x750
[   52.434798][ T5018]  __x64_sys_getdents64+0x13e/0x2c0
[   52.439982][ T5018]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   52.445261][ T5018]  ? compat_fillonedir+0x470/0x470
[   52.450367][ T5018]  ? lockdep_hardirqs_on+0x7d/0x100
[   52.455567][ T5018]  ? _raw_spin_unlock_irq+0x2e/0x50
[   52.460758][ T5018]  ? ptrace_notify+0xfe/0x140
[   52.465422][ T5018]  do_syscall_64+0x39/0xb0
[   52.469839][ T5018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.475726][ T5018] RIP: 0033:0x7fd5563e57a9
[   52.480129][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.499725][ T5018] RSP: 002b:00007ffe126815a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   52.508122][ T5018] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd5563e57a9
[   52.516080][ T5018] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   52.524034][ T5018] RBP: 00007fd5563a5040 R08: 0000000000000000 R09: 0000000000000000
[   52.531988][ T5018] R10: 000000000001f1b8 R11: 0000000000000246 R12: 00007fd5563a50d0
[   52.539944][ T5018] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   52.547904][ T5018]  </TASK>
[   52.550906][ T5018] 
[   52.553211][ T5018] Allocated by task 5018:
[   52.557516][ T5018]  kasan_save_stack+0x22/0x40
[   52.562187][ T5018]  kasan_set_track+0x25/0x30
[   52.566765][ T5018]  __kasan_kmalloc+0xa2/0xb0
[   52.571348][ T5018]  __kmalloc+0x5e/0x190
[   52.575492][ T5018]  ntfs_readdir+0x117f/0x29b0
[   52.580162][ T5018]  iterate_dir+0x20c/0x750
[   52.584568][ T5018]  __x64_sys_getdents64+0x13e/0x2c0
[   52.589759][ T5018]  do_syscall_64+0x39/0xb0
[   52.594170][ T5018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.600058][ T5018] 
[   52.602367][ T5018] The buggy address belongs to the object at ffff88802951c400
[   52.602367][ T5018]  which belongs to the cache kmalloc-64 of size 64
[   52.616226][ T5018] The buggy address is located 57 bytes to the right of
[   52.616226][ T5018]  allocated 56-byte region [ffff88802951c400, ffff88802951c438)
[   52.630703][ T5018] 
[   52.633014][ T5018] The buggy address belongs to the physical page:
[   52.639405][ T5018] page:ffffea0000a54700 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802951c880 pfn:0x2951c
[   52.650843][ T5018] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   52.658458][ T5018] page_type: 0xffffffff()
[   52.662774][ T5018] raw: 00fff00000000200 ffff888012841640 ffffea0000ac0900 dead000000000006
[   52.671343][ T5018] raw: ffff88802951c880 000000008020001d 00000001ffffffff 0000000000000000
[   52.679906][ T5018] page dumped because: kasan: bad access detected
[   52.686301][ T5018] page_owner tracks the page as allocated
[   52.691995][ T5018] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2857, tgid 2857 (kworker/u4:5), ts 8990655734, free_ts 8789087803
[   52.710129][ T5018]  post_alloc_hook+0x2db/0x350
[   52.714887][ T5018]  get_page_from_freelist+0xfed/0x2d30
[   52.720338][ T5018]  __alloc_pages+0x1cb/0x4a0
[   52.724922][ T5018]  alloc_pages+0x1aa/0x270
[   52.729329][ T5018]  allocate_slab+0x25f/0x390
[   52.733910][ T5018]  ___slab_alloc+0xbc3/0x15d0
[   52.738604][ T5018]  __slab_alloc.constprop.0+0x56/0xa0
[   52.743963][ T5018]  __kmem_cache_alloc_node+0x143/0x350
[   52.749413][ T5018]  kmalloc_node_trace+0x21/0xd0
[   52.754258][ T5018]  __get_vm_area_node+0xed/0x3f0
[   52.759184][ T5018]  __vmalloc_node_range+0x252/0x14c0
[   52.764456][ T5018]  copy_process+0x13bb/0x75c0
[   52.769121][ T5018]  kernel_clone+0xeb/0x890
[   52.773526][ T5018]  user_mode_thread+0xb1/0xf0
[   52.778189][ T5018]  call_usermodehelper_exec_work+0xd0/0x180
[   52.784076][ T5018]  process_one_work+0xa34/0x16f0
[   52.789034][ T5018] page last free stack trace:
[   52.793691][ T5018]  free_unref_page_prepare+0x62e/0xcb0
[   52.799144][ T5018]  free_unref_page+0x33/0x370
[   52.803846][ T5018]  kasan_depopulate_vmalloc_pte+0x62/0x80
[   52.809649][ T5018]  __apply_to_page_range+0x5d2/0xe00
[   52.814928][ T5018]  kasan_release_vmalloc+0xab/0xc0
[   52.820061][ T5018]  __purge_vmap_area_lazy+0x886/0x1e60
[   52.825511][ T5018]  drain_vmap_area_work+0x54/0xd0
[   52.830525][ T5018]  process_one_work+0xa34/0x16f0
[   52.835538][ T5018]  worker_thread+0x67d/0x10c0
[   52.840202][ T5018]  kthread+0x344/0x440
[   52.844253][ T5018]  ret_from_fork+0x1f/0x30
[   52.848664][ T5018] 
[   52.850974][ T5018] Memory state around the buggy address:
[   52.856585][ T5018]  ffff88802951c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   52.864635][ T5018]  ffff88802951c380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   52.872680][ T5018] >ffff88802951c400: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   52.880720][ T5018]                                                              ^
[   52.888413][ T5018]  ffff88802951c480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   52.896460][ T5018]  ffff88802951c500: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
[   52.904503][ T5018] ==================================================================
[   52.913124][ T5018] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.920312][ T5018] CPU: 0 PID: 5018 Comm: syz-executor134 Not tainted 6.4.0-syzkaller-12069-gc17414a273b8 #0
[   52.930359][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   52.940397][ T5018] Call Trace:
[   52.943695][ T5018]  <TASK>
[   52.946613][ T5018]  dump_stack_lvl+0xd9/0x150
[   52.951468][ T5018]  panic+0x686/0x730
[   52.955355][ T5018]  ? panic_smp_self_stop+0xa0/0xa0
[   52.960459][ T5018]  ? preempt_schedule_thunk+0x1a/0x30
[   52.965830][ T5018]  ? preempt_schedule_common+0x45/0xb0
[   52.971280][ T5018]  check_panic_on_warn+0xb1/0xc0
[   52.976206][ T5018]  end_report+0x108/0x150
[   52.980539][ T5018]  kasan_report+0xfa/0x130
[   52.984954][ T5018]  ? ntfs_readdir+0x1455/0x29b0
[   52.989803][ T5018]  ntfs_readdir+0x1455/0x29b0
[   52.994482][ T5018]  ? put_page+0x280/0x280
[   52.998807][ T5018]  ? down_write_killable_nested+0x250/0x250
[   53.004692][ T5018]  iterate_dir+0x20c/0x750
[   53.009102][ T5018]  __x64_sys_getdents64+0x13e/0x2c0
[   53.014293][ T5018]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   53.019570][ T5018]  ? compat_fillonedir+0x470/0x470
[   53.024674][ T5018]  ? lockdep_hardirqs_on+0x7d/0x100
[   53.029949][ T5018]  ? _raw_spin_unlock_irq+0x2e/0x50
[   53.035226][ T5018]  ? ptrace_notify+0xfe/0x140
[   53.039892][ T5018]  do_syscall_64+0x39/0xb0
[   53.044307][ T5018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.050197][ T5018] RIP: 0033:0x7fd5563e57a9
[   53.054597][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.074221][ T5018] RSP: 002b:00007ffe126815a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   53.082620][ T5018] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd5563e57a9
[   53.090579][ T5018] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   53.098536][ T5018] RBP: 00007fd5563a5040 R08: 0000000000000000 R09: 0000000000000000
[   53.106492][ T5018] R10: 000000000001f1b8 R11: 0000000000000246 R12: 00007fd5563a50d0
[   53.114458][ T5018] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   53.122422][ T5018]  </TASK>
[   53.126268][ T5018] Kernel Offset: disabled
[   53.130576][ T5018] Rebooting in 86400 seconds..