./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1170607623
<...>
[ 118.970188][ T778] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.118' (ED25519) to the list of known hosts.
execve("./syz-executor1170607623", ["./syz-executor1170607623"], 0x7ffcc305f070 /* 10 vars */) = 0
brk(NULL) = 0x5555570e0000
brk(0x5555570e0d00) = 0x5555570e0d00
arch_prctl(ARCH_SET_FS, 0x5555570e0380) = 0
set_tid_address(0x5555570e0650) = 5046
set_robust_list(0x5555570e0660, 24) = 0
rseq(0x5555570e0ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1170607623", 4096) = 28
getrandom("\x83\xa3\x01\x4d\xd5\x12\x7f\x47", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555570e0d00
brk(0x555557101d00) = 0x555557101d00
brk(0x555557102000) = 0x555557102000
mprotect(0x7f349e303000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3495e34000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f3495e34000, 2097152) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 119.984370][ T5046] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5046 'syz-executor117'
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 120.031287][ T5046] loop0: detected capacity change from 0 to 4096
[ 120.045181][ T5046] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[ 120.056756][ T5046] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
[ 120.065845][ T5046] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk.
[ 120.078962][ T5046] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk.
[ 120.100750][ T5046] ntfs: volume version 3.1.
[ 120.107675][ T5046] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup.
[ 120.117785][ T5046] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
mount("/dev/loop0", "./file0", "ntfs", MS_NOSUID, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
openat(AT_FDCWD, ".", O_RDONLY) = 4
[ 120.129297][ T5046] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk.
[ 120.151188][ T5046] ==================================================================
[ 120.159309][ T5046] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x1455/0x2b00
[ 120.166994][ T5046] Read of size 1 at addr ffff888023349c71 by task syz-executor117/5046
[ 120.175257][ T5046]
[ 120.177614][ T5046] CPU: 1 PID: 5046 Comm: syz-executor117 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
[ 120.187543][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 120.197627][ T5046] Call Trace:
[ 120.200925][ T5046]
[ 120.203873][ T5046] dump_stack_lvl+0xd9/0x1b0
[ 120.208542][ T5046] print_report+0xc4/0x620
[ 120.213189][ T5046] ? __virt_addr_valid+0x5e/0x2d0
[ 120.218286][ T5046] ? __phys_addr+0xc6/0x140
[ 120.222855][ T5046] kasan_report+0xda/0x110
[ 120.227356][ T5046] ? ntfs_readdir+0x1455/0x2b00
[ 120.232235][ T5046] ? ntfs_readdir+0x1455/0x2b00
[ 120.237114][ T5046] ntfs_readdir+0x1455/0x2b00
[ 120.241814][ T5046] ? __mutex_lock+0x25b/0x1340
[ 120.246630][ T5046] ? preempt_count_sub+0x150/0x150
[ 120.251771][ T5046] ? lock_release+0x4bf/0x680
[ 120.256468][ T5046] ? ptrace_stop.part.0+0x4b4/0x8f0
[ 120.261800][ T5046] ? put_page+0x280/0x280
[ 120.266215][ T5046] ? down_read+0x470/0x470
[ 120.270704][ T5046] ? put_page+0x280/0x280
[ 120.275071][ T5046] wrap_directory_iterator+0xa5/0xe0
[ 120.280402][ T5046] iterate_dir+0x1e5/0x5f0
[ 120.284833][ T5046] __x64_sys_getdents64+0x14f/0x2e0
[ 120.290063][ T5046] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 120.295365][ T5046] ? fillonedir+0x400/0x400
[ 120.299895][ T5046] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 120.305897][ T5046] ? _raw_spin_unlock_irq+0x2e/0x50
[ 120.311128][ T5046] ? ptrace_notify+0xf4/0x130
[ 120.315823][ T5046] do_syscall_64+0x38/0xb0
[ 120.320299][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 120.326248][ T5046] RIP: 0033:0x7f349e2715f9
[ 120.330704][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 120.350333][ T5046] RSP: 002b:00007ffc528d4378 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 120.358848][ T5046] RAX: ffffffffffffffda RBX: 00007ffc528d4548 RCX: 00007f349e2715f9
[ 120.366855][ T5046] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[ 120.374923][ T5046] RBP: 00007f349e303610 R08: 0000000000000000 R09: 00007ffc528d4548
[ 120.382994][ T5046] R10: 000000000001f1b8 R11: 0000000000000246 R12: 0000000000000001
[ 120.390988][ T5046] R13: 00007ffc528d4538 R14: 0000000000000001 R15: 0000000000000001
[ 120.398992][ T5046]
[ 120.402019][ T5046]
[ 120.404345][ T5046] Allocated by task 5046:
[ 120.408774][ T5046] kasan_save_stack+0x33/0x50
[ 120.413557][ T5046] kasan_set_track+0x25/0x30
[ 120.418187][ T5046] __kasan_kmalloc+0xa2/0xb0
[ 120.422845][ T5046] __kmalloc+0x60/0x100
[ 120.427034][ T5046] ntfs_readdir+0x11a4/0x2b00
[ 120.431734][ T5046] wrap_directory_iterator+0xa5/0xe0
[ 120.437047][ T5046] iterate_dir+0x1e5/0x5f0
[ 120.441509][ T5046] __x64_sys_getdents64+0x14f/0x2e0
[ 120.446913][ T5046] do_syscall_64+0x38/0xb0
[ 120.451359][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 120.457280][ T5046]
[ 120.459607][ T5046] The buggy address belongs to the object at ffff888023349c00
[ 120.459607][ T5046] which belongs to the cache kmalloc-64 of size 64
[ 120.473505][ T5046] The buggy address is located 57 bytes to the right of
[ 120.473505][ T5046] allocated 56-byte region [ffff888023349c00, ffff888023349c38)
[ 120.488030][ T5046]
[ 120.490368][ T5046] The buggy address belongs to the physical page:
[ 120.496811][ T5046] page:ffffea00008cd240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23349
[ 120.506977][ T5046] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 120.514545][ T5046] page_type: 0xffffffff()
[ 120.519063][ T5046] raw: 00fff00000000200 ffff888012841640 ffffea0000a2a980 dead000000000004
[ 120.527747][ T5046] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 120.536358][ T5046] page dumped because: kasan: bad access detected
[ 120.542950][ T5046] page_owner tracks the page as allocated
[ 120.548665][ T5046] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 39614960743, free_ts 0
[ 120.565362][ T5046] post_alloc_hook+0x2d2/0x350
[ 120.570247][ T5046] get_page_from_freelist+0x10d7/0x31b0
[ 120.575825][ T5046] __alloc_pages+0x1d0/0x4a0
[ 120.580427][ T5046] alloc_page_interleave+0x1e/0x250
[ 120.585752][ T5046] alloc_pages+0x22a/0x270
[ 120.590283][ T5046] allocate_slab+0x24e/0x380
[ 120.594919][ T5046] ___slab_alloc+0x8bc/0x1570
[ 120.599625][ T5046] __slab_alloc.constprop.0+0x56/0xa0
[ 120.605068][ T5046] __kmem_cache_alloc_node+0x137/0x350
[ 120.610559][ T5046] kmalloc_node_trace+0x22/0xd0
[ 120.615479][ T5046] __get_vm_area_node+0xe1/0x3d0
[ 120.620449][ T5046] __vmalloc_node_range+0x27a/0x1540
[ 120.625765][ T5046] vzalloc+0x6b/0x80
[ 120.629682][ T5046] tpg_alloc+0x2f3/0x590
[ 120.633935][ T5046] vivid_probe+0x1888/0x9f60
[ 120.638548][ T5046] platform_probe+0xff/0x1e0
[ 120.643165][ T5046] page_owner free stack trace missing
[ 120.648533][ T5046]
[ 120.650873][ T5046] Memory state around the buggy address:
[ 120.656517][ T5046] ffff888023349b00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 120.664606][ T5046] ffff888023349b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 120.672764][ T5046] >ffff888023349c00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 120.680831][ T5046] ^
[ 120.688550][ T5046] ffff888023349c80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 120.696623][ T5046] ffff888023349d00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 120.704775][ T5046] ==================================================================
[ 120.713230][ T5046] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 120.720465][ T5046] CPU: 0 PID: 5046 Comm: syz-executor117 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0
[ 120.730382][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 120.740554][ T5046] Call Trace:
[ 120.743868][ T5046]
[ 120.746819][ T5046] dump_stack_lvl+0xd9/0x1b0
[ 120.751454][ T5046] panic+0x6a6/0x750
[ 120.755379][ T5046] ? panic_smp_self_stop+0xa0/0xa0
[ 120.760524][ T5046] ? preempt_schedule_thunk+0x1a/0x30
[ 120.765943][ T5046] ? preempt_schedule_common+0x45/0xc0
[ 120.771439][ T5046] check_panic_on_warn+0xab/0xb0
[ 120.776408][ T5046] end_report+0x108/0x150
[ 120.780780][ T5046] kasan_report+0xea/0x110
[ 120.785238][ T5046] ? ntfs_readdir+0x1455/0x2b00
[ 120.790250][ T5046] ? ntfs_readdir+0x1455/0x2b00
[ 120.795132][ T5046] ntfs_readdir+0x1455/0x2b00
[ 120.799855][ T5046] ? __mutex_lock+0x25b/0x1340
[ 120.804656][ T5046] ? preempt_count_sub+0x150/0x150
[ 120.809809][ T5046] ? lock_release+0x4bf/0x680
[ 120.814544][ T5046] ? ptrace_stop.part.0+0x4b4/0x8f0
[ 120.819876][ T5046] ? put_page+0x280/0x280
[ 120.824237][ T5046] ? down_read+0x470/0x470
[ 120.828683][ T5046] ? put_page+0x280/0x280
[ 120.833039][ T5046] wrap_directory_iterator+0xa5/0xe0
[ 120.838459][ T5046] iterate_dir+0x1e5/0x5f0
[ 120.842923][ T5046] __x64_sys_getdents64+0x14f/0x2e0
[ 120.848177][ T5046] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 120.853582][ T5046] ? fillonedir+0x400/0x400
[ 120.858133][ T5046] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 120.864141][ T5046] ? _raw_spin_unlock_irq+0x2e/0x50
[ 120.869399][ T5046] ? ptrace_notify+0xf4/0x130
[ 120.874119][ T5046] do_syscall_64+0x38/0xb0
[ 120.878667][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 120.884626][ T5046] RIP: 0033:0x7f349e2715f9
[ 120.889059][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 120.908694][ T5046] RSP: 002b:00007ffc528d4378 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 120.917216][ T5046] RAX: ffffffffffffffda RBX: 00007ffc528d4548 RCX: 00007f349e2715f9
[ 120.925235][ T5046] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[ 120.933316][ T5046] RBP: 00007f349e303610 R08: 0000000000000000 R09: 00007ffc528d4548
[ 120.941396][ T5046] R10: 000000000001f1b8 R11: 0000000000000246 R12: 0000000000000001
[ 120.949398][ T5046] R13: 00007ffc528d4538 R14: 0000000000000001 R15: 0000000000000001
[ 120.957416][ T5046]
[ 120.960783][ T5046] Kernel Offset: disabled
[ 120.965147][ T5046] Rebooting in 86400 seconds..