./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1880686669

<...>
Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts.
execve("./syz-executor1880686669", ["./syz-executor1880686669"], 0x7ffd1830bef0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555cbc000
brk(0x555555cbcd00)                     = 0x555555cbcd00
arch_prctl(ARCH_SET_FS, 0x555555cbc380) = 0
set_tid_address(0x555555cbc650)         = 5065
set_robust_list(0x555555cbc660, 24)     = 0
rseq(0x555555cbcca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1880686669", 4096) = 28
getrandom("\xb7\x56\x38\x5e\x7f\xe0\xbe\xd9", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555cbcd00
brk(0x555555cddd00)                     = 0x555555cddd00
brk(0x555555cde000)                     = 0x555555cde000
mprotect(0x7f00b3ec0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f00ab800000
[   73.724585][   T27] audit: type=1400 audit(1704578171.268:83): avc:  denied  { execmem } for  pid=5065 comm="syz-executor188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   73.752398][   T27] audit: type=1400 audit(1704578171.298:84): avc:  denied  { append } for  pid=4493 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f00ab800000, 138412032)       = 0
[   73.774542][   T27] audit: type=1400 audit(1704578171.298:85): avc:  denied  { open } for  pid=4493 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   73.797486][   T27] audit: type=1400 audit(1704578171.298:86): avc:  denied  { getattr } for  pid=4493 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   73.821466][   T27] audit: type=1400 audit(1704578171.368:87): avc:  denied  { read write } for  pid=5065 comm="syz-executor188" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   73.824478][ T5065] loop0: detected capacity change from 0 to 4096
[   73.845909][   T27] audit: type=1400 audit(1704578171.368:88): avc:  denied  { open } for  pid=5065 comm="syz-executor188" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   73.877560][   T27] audit: type=1400 audit(1704578171.368:89): avc:  denied  { ioctl } for  pid=5065 comm="syz-executor188" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   73.879559][ T5065] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[   73.914714][ T5065] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
mount("/dev/loop0", "./file0", "ntfs", MS_NOSUID, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
[   73.915360][   T27] audit: type=1400 audit(1704578171.398:90): avc:  denied  { mounton } for  pid=5065 comm="syz-executor188" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   73.954229][ T5065] ntfs: volume version 3.1.
close(4)                                = 0
openat(AT_FDCWD, ".", O_RDONLY)         = 4
[   73.988938][ T5065] ==================================================================
[   73.997021][ T5065] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x15a0/0x2e40
[   74.004610][ T5065] Read of size 1 at addr ffff88801ee7fff1 by task syz-executor188/5065
[   74.012854][ T5065] 
[   74.015181][ T5065] CPU: 0 PID: 5065 Comm: syz-executor188 Not tainted 6.7.0-rc8-syzkaller-00174-g95c8a35f1c01 #0
[   74.025600][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   74.035657][ T5065] Call Trace:
[   74.038936][ T5065]  <TASK>
[   74.041870][ T5065]  dump_stack_lvl+0xd9/0x1b0
[   74.046482][ T5065]  print_report+0xc4/0x620
[   74.050911][ T5065]  ? __virt_addr_valid+0x5e/0x2d0
[   74.055953][ T5065]  ? __phys_addr+0xc6/0x140
[   74.060475][ T5065]  kasan_report+0xda/0x110
[   74.064902][ T5065]  ? ntfs_readdir+0x15a0/0x2e40
[   74.069751][ T5065]  ? ntfs_readdir+0x15a0/0x2e40
[   74.074595][ T5065]  ntfs_readdir+0x15a0/0x2e40
[   74.079265][ T5065]  ? lock_sync+0x190/0x190
[   74.083681][ T5065]  ? folio_flags.constprop.0+0x150/0x150
[   74.089305][ T5065]  ? down_read_killable+0xcc/0x380
[   74.094409][ T5065]  ? folio_flags.constprop.0+0x150/0x150
[   74.100040][ T5065]  wrap_directory_iterator+0xa5/0xe0
[   74.105321][ T5065]  iterate_dir+0x1e5/0x5b0
[   74.109732][ T5065]  __x64_sys_getdents64+0x14f/0x2e0
[   74.114927][ T5065]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   74.120208][ T5065]  ? fillonedir+0x400/0x400
[   74.124703][ T5065]  ? _raw_spin_unlock_irq+0x2e/0x50
[   74.129895][ T5065]  ? ptrace_notify+0xf4/0x130
[   74.134565][ T5065]  ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[   74.140803][ T5065]  do_syscall_64+0x40/0x110
[   74.145303][ T5065]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   74.151199][ T5065] RIP: 0033:0x7f00b3e2e5f9
[   74.155605][ T5065] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.175204][ T5065] RSP: 002b:00007fffca876478 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   74.183611][ T5065] RAX: ffffffffffffffda RBX: 00007fffca876648 RCX: 00007f00b3e2e5f9
[   74.191570][ T5065] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   74.199530][ T5065] RBP: 00007f00b3ec0610 R08: 0000000000000000 R09: 00007fffca876648
[   74.207492][ T5065] R10: 000000000001f1b8 R11: 0000000000000246 R12: 0000000000000001
[   74.215455][ T5065] R13: 00007fffca876638 R14: 0000000000000001 R15: 0000000000000001
[   74.223424][ T5065]  </TASK>
[   74.226431][ T5065] 
[   74.228740][ T5065] Allocated by task 5065:
[   74.233052][ T5065]  kasan_save_stack+0x33/0x50
[   74.237719][ T5065]  kasan_set_track+0x25/0x30
[   74.242298][ T5065]  __kasan_kmalloc+0xa3/0xb0
[   74.246875][ T5065]  __kmalloc+0x59/0x90
[   74.250935][ T5065]  ntfs_readdir+0x12ef/0x2e40
[   74.255602][ T5065]  wrap_directory_iterator+0xa5/0xe0
[   74.260891][ T5065]  iterate_dir+0x1e5/0x5b0
[   74.265305][ T5065]  __x64_sys_getdents64+0x14f/0x2e0
[   74.270496][ T5065]  do_syscall_64+0x40/0x110
[   74.274995][ T5065]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   74.280901][ T5065] 
[   74.283213][ T5065] The buggy address belongs to the object at ffff88801ee7ff80
[   74.283213][ T5065]  which belongs to the cache kmalloc-64 of size 64
[   74.297076][ T5065] The buggy address is located 57 bytes to the right of
[   74.297076][ T5065]  allocated 56-byte region [ffff88801ee7ff80, ffff88801ee7ffb8)
[   74.311555][ T5065] 
[   74.313867][ T5065] The buggy address belongs to the physical page:
[   74.320257][ T5065] page:ffffea00007b9fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801ee7f800 pfn:0x1ee7f
[   74.331697][ T5065] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   74.339227][ T5065] page_type: 0x19()
[   74.343023][ T5065] raw: 00fff00000000800 ffff888013040200 ffffea0000760210 ffffea0000719c50
[   74.351596][ T5065] raw: ffff88801ee7f800 ffff88801ee7f000 0000000100000019 0000000000000000
[   74.360161][ T5065] page dumped because: kasan: bad access detected
[   74.366556][ T5065] page_owner tracks the page as allocated
[   74.372253][ T5065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 47, tgid 47 (kworker/u4:3), ts 9199549064, free_ts 0
[   74.390996][ T5065]  post_alloc_hook+0x2d0/0x350
[   74.395751][ T5065]  get_page_from_freelist+0xa25/0x36d0
[   74.401202][ T5065]  __alloc_pages+0x22e/0x2420
[   74.405871][ T5065]  cache_grow_begin+0x99/0x3a0
[   74.410635][ T5065]  cache_alloc_refill+0x295/0x3b0
[   74.415654][ T5065]  __kmem_cache_alloc_node+0x3ba/0x460
[   74.421110][ T5065]  __kmalloc_node+0x4c/0x90
[   74.425603][ T5065]  __vmalloc_node_range+0x3e9/0x1540
[   74.430891][ T5065]  copy_process+0x138b/0x73f0
[   74.435563][ T5065]  kernel_clone+0xfd/0x930
[   74.439972][ T5065]  user_mode_thread+0xb4/0xf0
[   74.444639][ T5065]  call_usermodehelper_exec_work+0xcb/0x170
[   74.450525][ T5065]  process_one_work+0x886/0x15d0
[   74.455456][ T5065]  worker_thread+0x8b9/0x1290
[   74.460127][ T5065]  kthread+0x2c6/0x3a0
[   74.464191][ T5065]  ret_from_fork+0x45/0x80
[   74.468603][ T5065] page_owner free stack trace missing
[   74.473951][ T5065] 
[   74.476260][ T5065] Memory state around the buggy address:
[   74.481873][ T5065]  ffff88801ee7fe80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   74.489919][ T5065]  ffff88801ee7ff00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   74.497967][ T5065] >ffff88801ee7ff80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   74.506021][ T5065]                                                              ^
[   74.513727][ T5065]  ffff88801ee80000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.521780][ T5065]  ffff88801ee80080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.529828][ T5065] ==================================================================
[   74.538405][ T5065] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.545604][ T5065] CPU: 1 PID: 5065 Comm: syz-executor188 Not tainted 6.7.0-rc8-syzkaller-00174-g95c8a35f1c01 #0
[   74.556023][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   74.566071][ T5065] Call Trace:
[   74.569351][ T5065]  <TASK>
[   74.572276][ T5065]  dump_stack_lvl+0xd9/0x1b0
[   74.576873][ T5065]  panic+0x6dc/0x790
[   74.580766][ T5065]  ? panic_smp_self_stop+0xa0/0xa0
[   74.585878][ T5065]  ? preempt_schedule_thunk+0x1a/0x30
[   74.591255][ T5065]  ? preempt_schedule_common+0x45/0xc0
[   74.596714][ T5065]  ? check_panic_on_warn+0x1f/0xb0
[   74.601821][ T5065]  check_panic_on_warn+0xab/0xb0
[   74.606756][ T5065]  end_report+0x108/0x150
[   74.611080][ T5065]  kasan_report+0xea/0x110
[   74.615488][ T5065]  ? ntfs_readdir+0x15a0/0x2e40
[   74.620337][ T5065]  ? ntfs_readdir+0x15a0/0x2e40
[   74.625191][ T5065]  ntfs_readdir+0x15a0/0x2e40
[   74.629867][ T5065]  ? lock_sync+0x190/0x190
[   74.634296][ T5065]  ? folio_flags.constprop.0+0x150/0x150
[   74.639940][ T5065]  ? down_read_killable+0xcc/0x380
[   74.645061][ T5065]  ? folio_flags.constprop.0+0x150/0x150
[   74.650698][ T5065]  wrap_directory_iterator+0xa5/0xe0
[   74.655980][ T5065]  iterate_dir+0x1e5/0x5b0
[   74.660391][ T5065]  __x64_sys_getdents64+0x14f/0x2e0
[   74.665594][ T5065]  ? __ia32_sys_getdents+0x2d0/0x2d0
[   74.670878][ T5065]  ? fillonedir+0x400/0x400
[   74.675373][ T5065]  ? _raw_spin_unlock_irq+0x2e/0x50
[   74.680567][ T5065]  ? ptrace_notify+0xf4/0x130
[   74.685238][ T5065]  ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[   74.691475][ T5065]  do_syscall_64+0x40/0x110
[   74.695983][ T5065]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   74.701892][ T5065] RIP: 0033:0x7f00b3e2e5f9
[   74.706298][ T5065] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.725899][ T5065] RSP: 002b:00007fffca876478 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   74.734305][ T5065] RAX: ffffffffffffffda RBX: 00007fffca876648 RCX: 00007f00b3e2e5f9
[   74.742270][ T5065] RDX: 00000000000000ab RSI: 0000000020000080 RDI: 0000000000000004
[   74.750238][ T5065] RBP: 00007f00b3ec0610 R08: 0000000000000000 R09: 00007fffca876648
[   74.758202][ T5065] R10: 000000000001f1b8 R11: 0000000000000246 R12: 0000000000000001
[   74.766166][ T5065] R13: 00007fffca876638 R14: 0000000000000001 R15: 0000000000000001
[   74.774221][ T5065]  </TASK>
[   74.777422][ T5065] Kernel Offset: disabled
[   74.781731][ T5065] Rebooting in 86400 seconds..