./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1511937737

<...>
Warning: Permanently added '10.128.0.99' (ECDSA) to the list of known hosts.
execve("./syz-executor1511937737", ["./syz-executor1511937737"], 0x7ffe3707cec0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555893000
brk(0x555555893c40)                     = 0x555555893c40
arch_prctl(ARCH_SET_FS, 0x555555893300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1511937737", 4096) = 28
brk(0x5555558b4c40)                     = 0x5555558b4c40
brk(0x5555558b5000)                     = 0x5555558b5000
mprotect(0x7f3ecc1df000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558935d0) = 5006
./strace-static-x86_64: Process 5006 attached
[pid  5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5006] setpgid(0, 0)               = 0
[pid  5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5006] write(3, "1000", 4)         = 4
[pid  5006] close(3)                    = 0
[pid  5006] memfd_create("syzkaller", 0) = 3
[pid  5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3ec3d05000
[pid  5006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid  5006] munmap(0x7f3ec3d05000, 2097152) = 0
[pid  5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   73.250508][ T5006] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5006 'syz-executor151'
[pid  5006] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5006] close(3)                    = 0
[pid  5006] mkdir("./file0", 0777)      = 0
[   73.306478][ T5006] loop0: detected capacity change from 0 to 4096
[   73.321950][ T5006] syz-executor151: attempt to access beyond end of device
[   73.321950][ T5006] loop0: rw=0, sector=32768, nr_sectors = 2 limit=4096
[   73.335856][ T5006] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4000.
[   73.346201][ T5006] syz-executor151: attempt to access beyond end of device
[   73.346201][ T5006] loop0: rw=0, sector=32770, nr_sectors = 2 limit=4096
[   73.360098][ T5006] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4001.
[   73.370418][ T5006] syz-executor151: attempt to access beyond end of device
[   73.370418][ T5006] loop0: rw=0, sector=32772, nr_sectors = 2 limit=4096
[   73.384306][ T5006] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4002.
[   73.394633][ T5006] syz-executor151: attempt to access beyond end of device
[   73.394633][ T5006] loop0: rw=0, sector=32774, nr_sectors = 2 limit=4096
[   73.408524][ T5006] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4003.
[   73.419037][ T5006] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr.
[   73.427172][ T5006] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[   73.441896][ T5006] ==================================================================
[   73.449959][ T5006] BUG: KASAN: use-after-free in ntfs_attr_find+0xa5e/0xba0
[   73.457185][ T5006] Read of size 2 at addr ffff888072c2f152 by task syz-executor151/5006
[   73.465443][ T5006] 
[   73.467876][ T5006] CPU: 0 PID: 5006 Comm: syz-executor151 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[   73.477770][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   73.487827][ T5006] Call Trace:
[   73.491112][ T5006]  <TASK>
[   73.494051][ T5006]  dump_stack_lvl+0xd9/0x150
[   73.498685][ T5006]  print_address_description.constprop.0+0x2c/0x3c0
[   73.505295][ T5006]  ? ntfs_attr_find+0xa5e/0xba0
[   73.510187][ T5006]  kasan_report+0x11c/0x130
[   73.514705][ T5006]  ? ntfs_attr_find+0xa5e/0xba0
[   73.519583][ T5006]  ntfs_attr_find+0xa5e/0xba0
[   73.524294][ T5006]  ntfs_attr_lookup+0x105a/0x2070
[   73.529347][ T5006]  ? lock_release+0x4fb/0x670
[   73.534073][ T5006]  ? lock_downgrade+0x690/0x690
[   73.538945][ T5006]  ? lock_acquire+0x32/0xc0
[   73.543476][ T5006]  ? fs_reclaim_acquire+0xb6/0x160
[   73.548632][ T5006]  ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0
[   73.554635][ T5006]  ? kmem_cache_alloc+0x337/0x3b0
[   73.559714][ T5006]  ntfs_attr_iget+0x656/0x26f0
[   73.564504][ T5006]  ? __ntfs_warning+0x151/0x220
[   73.569389][ T5006]  ? __ntfs_init_inode+0x5d0/0x5d0
[   73.574548][ T5006]  ? do_read_cache_folio+0xcd/0x510
[   73.579793][ T5006]  ? ntfs_end_buffer_async_read+0x1740/0x1740
[   73.585903][ T5006]  ntfs_fill_super+0x28ab/0x93f0
[   73.590961][ T5006]  ? parse_options+0x1d70/0x1d70
[   73.595948][ T5006]  ? snprintf+0xbf/0x100
[   73.600241][ T5006]  ? vsprintf+0x30/0x30
[   73.604442][ T5006]  ? wait_for_completion_io_timeout+0x20/0x20
[   73.610576][ T5006]  ? set_blocksize+0x2d8/0x370
[   73.615403][ T5006]  mount_bdev+0x357/0x420
[   73.619770][ T5006]  ? parse_options+0x1d70/0x1d70
[   73.624751][ T5006]  ? ntfs_rl_punch_nolock+0x15c0/0x15c0
[   73.630327][ T5006]  legacy_get_tree+0x109/0x220
[   73.635139][ T5006]  vfs_get_tree+0x8d/0x350
[   73.639580][ T5006]  path_mount+0x134b/0x1e40
[   73.644114][ T5006]  ? kmem_cache_free+0xe9/0x480
[   73.649068][ T5006]  ? finish_automount+0x9b0/0x9b0
[   73.654138][ T5006]  ? putname+0x102/0x140
[   73.658407][ T5006]  __x64_sys_mount+0x283/0x300
[   73.663198][ T5006]  ? copy_mnt_ns+0xb30/0xb30
[   73.667832][ T5006]  ? lockdep_hardirqs_on+0x7d/0x100
[   73.673075][ T5006]  ? _raw_spin_unlock_irq+0x2e/0x50
[   73.678315][ T5006]  ? ptrace_notify+0xfe/0x140
[   73.683023][ T5006]  do_syscall_64+0x39/0xb0
[   73.687467][ T5006]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.693390][ T5006] RIP: 0033:0x7f3ecc1535da
[   73.697830][ T5006] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   73.717465][ T5006] RSP: 002b:00007ffdc5741b18 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   73.725921][ T5006] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3ecc1535da
[   73.733902][ T5006] RDX: 000000002001f6c0 RSI: 000000002001f640 RDI: 00007ffdc5741b20
[   73.741903][ T5006] RBP: 00007ffdc5741b20 R08: 00007ffdc5741b60 R09: 0000000000000000
[   73.749994][ T5006] R10: 0000000000008703 R11: 0000000000000286 R12: 0000000000000004
[   73.757976][ T5006] R13: 00005555558932c0 R14: 00007ffdc5741b60 R15: 0000000000000000
[   73.765986][ T5006]  </TASK>
[   73.769040][ T5006] 
[   73.771373][ T5006] The buggy address belongs to the physical page:
[   73.777791][ T5006] page:ffffea0001cb0bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72c2f
[   73.787984][ T5006] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   73.795131][ T5006] page_type: 0xffffffff()
[   73.799516][ T5006] raw: 00fff00000000000 ffffea0001ce64c8 ffffea0001cddd08 0000000000000000
[   73.808150][ T5006] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   73.816751][ T5006] page dumped because: kasan: bad access detected
[   73.823164][ T5006] page_owner tracks the page as freed
[   73.828545][ T5006] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4994, tgid 4994 (sshd), ts 66611364775, free_ts 66660293664
[   73.846575][ T5006]  post_alloc_hook+0x2db/0x350
[   73.851387][ T5006]  get_page_from_freelist+0xf67/0x2a80
[   73.856888][ T5006]  __alloc_pages+0x1cb/0x4a0
[   73.861507][ T5006]  __folio_alloc+0x16/0x40
[   73.865970][ T5006]  vma_alloc_folio+0x155/0x850
[   73.870782][ T5006]  __handle_mm_fault+0x2263/0x4170
[   73.875913][ T5006]  handle_mm_fault+0x2af/0x9f0
[   73.880711][ T5006]  do_user_addr_fault+0x2ca/0x1210
[   73.885839][ T5006]  exc_page_fault+0x98/0x170
[   73.890455][ T5006]  asm_exc_page_fault+0x26/0x30
[   73.895377][ T5006] page last free stack trace:
[   73.900055][ T5006]  free_unref_page_prepare+0x4dd/0xb90
[   73.905523][ T5006]  free_unref_page_list+0xe3/0xa70
[   73.910653][ T5006]  release_pages+0xcd8/0x1380
[   73.915379][ T5006]  tlb_batch_pages_flush+0xa8/0x1a0
[   73.920591][ T5006]  tlb_finish_mmu+0x14b/0x7e0
[   73.925293][ T5006]  unmap_region+0x23d/0x2d0
[   73.929813][ T5006]  do_vmi_align_munmap+0xe6c/0x1600
[   73.935037][ T5006]  do_vmi_munmap+0x26e/0x2c0
[   73.939667][ T5006]  __vm_munmap+0x133/0x3b0
[   73.944109][ T5006]  __x64_sys_munmap+0x62/0x80
[   73.948809][ T5006]  do_syscall_64+0x39/0xb0
[   73.953249][ T5006]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.959190][ T5006] 
[   73.961532][ T5006] Memory state around the buggy address:
[   73.967162][ T5006]  ffff888072c2f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.975414][ T5006]  ffff888072c2f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.983498][ T5006] >ffff888072c2f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.991601][ T5006]                                                  ^
[   73.998287][ T5006]  ffff888072c2f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.006374][ T5006]  ffff888072c2f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.014451][ T5006] ==================================================================
[   74.023115][ T5006] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.030343][ T5006] CPU: 0 PID: 5006 Comm: syz-executor151 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[   74.040266][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   74.050352][ T5006] Call Trace:
[   74.053651][ T5006]  <TASK>
[   74.056588][ T5006]  dump_stack_lvl+0xd9/0x150
[   74.061208][ T5006]  panic+0x686/0x730
[   74.065130][ T5006]  ? panic_smp_self_stop+0xa0/0xa0
[   74.070285][ T5006]  ? preempt_schedule_thunk+0x1a/0x20
[   74.075715][ T5006]  ? preempt_schedule_common+0x45/0xb0
[   74.081192][ T5006]  check_panic_on_warn+0xb1/0xc0
[   74.086163][ T5006]  end_report+0xe9/0x120
[   74.090446][ T5006]  ? ntfs_attr_find+0xa5e/0xba0
[   74.095375][ T5006]  kasan_report+0xf9/0x130
[   74.099801][ T5006]  ? ntfs_attr_find+0xa5e/0xba0
[   74.104701][ T5006]  ntfs_attr_find+0xa5e/0xba0
[   74.109431][ T5006]  ntfs_attr_lookup+0x105a/0x2070
[   74.114490][ T5006]  ? lock_release+0x4fb/0x670
[   74.119200][ T5006]  ? lock_downgrade+0x690/0x690
[   74.124085][ T5006]  ? lock_acquire+0x32/0xc0
[   74.128607][ T5006]  ? fs_reclaim_acquire+0xb6/0x160
[   74.133729][ T5006]  ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0
[   74.139729][ T5006]  ? kmem_cache_alloc+0x337/0x3b0
[   74.144789][ T5006]  ntfs_attr_iget+0x656/0x26f0
[   74.149612][ T5006]  ? __ntfs_warning+0x151/0x220
[   74.154484][ T5006]  ? __ntfs_init_inode+0x5d0/0x5d0
[   74.159620][ T5006]  ? do_read_cache_folio+0xcd/0x510
[   74.164873][ T5006]  ? ntfs_end_buffer_async_read+0x1740/0x1740
[   74.170997][ T5006]  ntfs_fill_super+0x28ab/0x93f0
[   74.175969][ T5006]  ? parse_options+0x1d70/0x1d70
[   74.180954][ T5006]  ? snprintf+0xbf/0x100
[   74.185219][ T5006]  ? vsprintf+0x30/0x30
[   74.189401][ T5006]  ? wait_for_completion_io_timeout+0x20/0x20
[   74.195495][ T5006]  ? set_blocksize+0x2d8/0x370
[   74.200275][ T5006]  mount_bdev+0x357/0x420
[   74.204641][ T5006]  ? parse_options+0x1d70/0x1d70
[   74.209633][ T5006]  ? ntfs_rl_punch_nolock+0x15c0/0x15c0
[   74.215199][ T5006]  legacy_get_tree+0x109/0x220
[   74.220074][ T5006]  vfs_get_tree+0x8d/0x350
[   74.224507][ T5006]  path_mount+0x134b/0x1e40
[   74.229068][ T5006]  ? kmem_cache_free+0xe9/0x480
[   74.233952][ T5006]  ? finish_automount+0x9b0/0x9b0
[   74.239020][ T5006]  ? putname+0x102/0x140
[   74.243312][ T5006]  __x64_sys_mount+0x283/0x300
[   74.248125][ T5006]  ? copy_mnt_ns+0xb30/0xb30
[   74.252733][ T5006]  ? lockdep_hardirqs_on+0x7d/0x100
[   74.258036][ T5006]  ? _raw_spin_unlock_irq+0x2e/0x50
[   74.263263][ T5006]  ? ptrace_notify+0xfe/0x140
[   74.267988][ T5006]  do_syscall_64+0x39/0xb0
[   74.272428][ T5006]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.278346][ T5006] RIP: 0033:0x7f3ecc1535da
[   74.282764][ T5006] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   74.302379][ T5006] RSP: 002b:00007ffdc5741b18 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   74.310800][ T5006] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3ecc1535da
[   74.318779][ T5006] RDX: 000000002001f6c0 RSI: 000000002001f640 RDI: 00007ffdc5741b20
[   74.326776][ T5006] RBP: 00007ffdc5741b20 R08: 00007ffdc5741b60 R09: 0000000000000000
[   74.334760][ T5006] R10: 0000000000008703 R11: 0000000000000286 R12: 0000000000000004
[   74.342748][ T5006] R13: 00005555558932c0 R14: 00007ffdc5741b60 R15: 0000000000000000
[   74.350752][ T5006]  </TASK>
[   74.354008][ T5006] Kernel Offset: disabled
[   74.358355][ T5006] Rebooting in 86400 seconds..