./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor934835009
<...>
Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts.
execve("./syz-executor934835009", ["./syz-executor934835009"], 0x7ffc355f4bf0 /* 10 vars */) = 0
brk(NULL) = 0x555556a01000
brk(0x555556a01c40) = 0x555556a01c40
arch_prctl(ARCH_SET_FS, 0x555556a01300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor934835009", 4096) = 27
brk(0x555556a22c40) = 0x555556a22c40
brk(0x555556a23000) = 0x555556a23000
mprotect(0x7fb16d875000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb16539d000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7fb16539d000, 2097152) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file1", 0777) = 0
mount("/dev/loop0", "./file1", "ntfs3", MS_NOATIME, "") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
chdir("./file1") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
syzkaller login: [ 52.199062][ T3631] loop0: detected capacity change from 0 to 4096
[ 52.210572][ T3631] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[ 52.248088][ T3631] ==================================================================
[ 52.256194][ T3631] BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150
[ 52.263590][ T3631] Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631
[ 52.272416][ T3631]
[ 52.274724][ T3631] CPU: 0 PID: 3631 Comm: syz-executor934 Not tainted 6.1.0-rc8-syzkaller #0
[ 52.283376][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.293500][ T3631] Call Trace:
[ 52.296764][ T3631]
[ 52.299680][ T3631] dump_stack_lvl+0x1b1/0x28e
[ 52.304364][ T3631] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 52.309921][ T3631] ? __wake_up_klogd+0xcd/0x100
[ 52.314771][ T3631] ? panic+0x710/0x710
[ 52.318832][ T3631] ? _printk+0xc0/0x100
[ 52.322978][ T3631] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 52.328434][ T3631] print_address_description+0x74/0x340
[ 52.333973][ T3631] print_report+0x107/0x1f0
[ 52.338477][ T3631] ? __virt_addr_valid+0x21b/0x2d0
[ 52.343583][ T3631] ? __phys_addr+0xb5/0x160
[ 52.348081][ T3631] ? hdr_delete_de+0xe0/0x150
[ 52.352753][ T3631] kasan_report+0xcd/0x100
[ 52.357161][ T3631] ? hdr_delete_de+0xe0/0x150
[ 52.361836][ T3631] kasan_check_range+0x2a7/0x2e0
[ 52.366765][ T3631] ? hdr_delete_de+0xe0/0x150
[ 52.371436][ T3631] memmove+0x25/0x60
[ 52.375323][ T3631] hdr_delete_de+0xe0/0x150
[ 52.379840][ T3631] indx_delete_entry+0x74f/0x3670
[ 52.384866][ T3631] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.390057][ T3631] ? _raw_spin_unlock_irq+0x1f/0x40
[ 52.395253][ T3631] ? indx_insert_into_buffer+0x13b0/0x13b0
[ 52.401054][ T3631] ? ntfs_set_state+0x50e/0x680
[ 52.405904][ T3631] ? ni_remove_name+0x1ff/0x980
[ 52.410745][ T3631] ni_remove_name+0x27a/0x980
[ 52.415423][ T3631] ? ntfs_unlink_inode+0x2d1/0x720
[ 52.420534][ T3631] ? ni_write_frame+0xbf0/0xbf0
[ 52.425466][ T3631] ? fill_name_de+0x126/0x330
[ 52.430139][ T3631] ntfs_unlink_inode+0x3d4/0x720
[ 52.435071][ T3631] ? ntfs_link_inode+0x170/0x170
[ 52.440002][ T3631] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.445196][ T3631] ntfs_rename+0x41a/0xcb0
[ 52.449619][ T3631] ? ntfs_mknod+0x60/0x60
[ 52.453942][ T3631] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.459132][ T3631] ? memcpy+0x3c/0x60
[ 52.463108][ T3631] vfs_rename+0xd53/0x1130
[ 52.467540][ T3631] ? __ia32_sys_link+0x90/0x90
[ 52.472294][ T3631] ? _raw_spin_unlock+0x24/0x40
[ 52.477228][ T3631] ? security_path_rename+0x1ab/0x230
[ 52.482595][ T3631] do_renameat2+0xb53/0x1370
[ 52.487189][ T3631] ? fsnotify_move+0x4e0/0x4e0
[ 52.491946][ T3631] ? check_heap_object+0x244/0x810
[ 52.497053][ T3631] ? __phys_addr_symbol+0x2b/0x70
[ 52.502074][ T3631] ? strncpy_from_user+0x1d6/0x330
[ 52.507180][ T3631] ? getname_flags+0x1ea/0x4e0
[ 52.511941][ T3631] __x64_sys_rename+0x82/0x90
[ 52.516614][ T3631] do_syscall_64+0x3d/0xb0
[ 52.521020][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.526905][ T3631] RIP: 0033:0x7fb16d7e97c9
[ 52.531310][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.550997][ T3631] RSP: 002b:00007ffdc864b578 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 52.559419][ T3631] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fb16d7e97c9
[ 52.567379][ T3631] RDX: 0000000000000030 RSI: 0000000020000080 RDI: 0000000020000040
[ 52.575362][ T3631] RBP: 00007fb16d7a9060 R08: 000000000001f376 R09: 0000000000000000
[ 52.583337][ T3631] R10: 00007ffdc864b440 R11: 0000000000000246 R12: 00007fb16d7a90f0
[ 52.591567][ T3631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.599559][ T3631]
[ 52.602595][ T3631]
[ 52.604911][ T3631] Allocated by task 3631:
[ 52.609224][ T3631] kasan_set_track+0x3d/0x60
[ 52.613814][ T3631] __kasan_kmalloc+0x97/0xb0
[ 52.618391][ T3631] __kmalloc+0xaf/0x1a0
[ 52.622541][ T3631] indx_read+0x29a/0x880
[ 52.626778][ T3631] indx_find+0x491/0xb20
[ 52.631010][ T3631] indx_delete_entry+0x460/0x3670
[ 52.636022][ T3631] ni_remove_name+0x27a/0x980
[ 52.640685][ T3631] ntfs_unlink_inode+0x3d4/0x720
[ 52.645614][ T3631] ntfs_rename+0x41a/0xcb0
[ 52.650021][ T3631] vfs_rename+0xd53/0x1130
[ 52.654424][ T3631] do_renameat2+0xb53/0x1370
[ 52.659001][ T3631] __x64_sys_rename+0x82/0x90
[ 52.663671][ T3631] do_syscall_64+0x3d/0xb0
[ 52.668075][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.673956][ T3631]
[ 52.676269][ T3631] The buggy address belongs to the object at ffff888079cc0000
[ 52.676269][ T3631] which belongs to the cache kmalloc-4k of size 4096
[ 52.690306][ T3631] The buggy address is located 1536 bytes inside of
[ 52.690306][ T3631] 4096-byte region [ffff888079cc0000, ffff888079cc1000)
[ 52.703739][ T3631]
[ 52.706079][ T3631] The buggy address belongs to the physical page:
[ 52.712473][ T3631] page:ffffea0001e73000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79cc0
[ 52.722614][ T3631] head:ffffea0001e73000 order:3 compound_mapcount:0 compound_pincount:0
[ 52.730925][ T3631] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 52.738899][ T3631] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888012842140
[ 52.747469][ T3631] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 52.756561][ T3631] page dumped because: kasan: bad access detected
[ 52.762979][ T3631] page_owner tracks the page as allocated
[ 52.768676][ T3631] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2999, tgid 2999 (udevd), ts 25263182361, free_ts 19241901550
[ 52.788742][ T3631] get_page_from_freelist+0x742/0x7c0
[ 52.794126][ T3631] __alloc_pages+0x259/0x560
[ 52.798707][ T3631] alloc_slab_page+0xbd/0x190
[ 52.803403][ T3631] allocate_slab+0x5e/0x4b0
[ 52.807899][ T3631] ___slab_alloc+0x782/0xe20
[ 52.812482][ T3631] __kmem_cache_alloc_node+0x252/0x310
[ 52.817934][ T3631] __kmalloc+0x9e/0x1a0
[ 52.822079][ T3631] tomoyo_realpath_from_path+0xcd/0x5f0
[ 52.827619][ T3631] tomoyo_path_perm+0x227/0x670
[ 52.832460][ T3631] security_inode_getattr+0xc0/0x140
[ 52.837737][ T3631] vfs_statx+0x188/0x4a0
[ 52.841975][ T3631] __se_sys_newfstatat+0xed/0x7d0
[ 52.846988][ T3631] do_syscall_64+0x3d/0xb0
[ 52.851393][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.857272][ T3631] page last free stack trace:
[ 52.861932][ T3631] free_pcp_prepare+0x80c/0x8f0
[ 52.866772][ T3631] free_unref_page+0x7d/0x5f0
[ 52.871441][ T3631] __unfreeze_partials+0x1ab/0x200
[ 52.876544][ T3631] put_cpu_partial+0x106/0x170
[ 52.881299][ T3631] qlist_free_all+0x2b/0x70
[ 52.885796][ T3631] kasan_quarantine_reduce+0x169/0x180
[ 52.891244][ T3631] __kasan_slab_alloc+0x1f/0x70
[ 52.896093][ T3631] kmem_cache_alloc+0x1cc/0x300
[ 52.900931][ T3631] vm_area_alloc+0x20/0xe0
[ 52.905333][ T3631] mmap_region+0xd38/0x1e20
[ 52.909826][ T3631] do_mmap+0x8d9/0xf30
[ 52.913884][ T3631] vm_mmap_pgoff+0x19e/0x2b0
[ 52.918465][ T3631] ksys_mmap_pgoff+0x48c/0x6d0
[ 52.923217][ T3631] do_syscall_64+0x3d/0xb0
[ 52.927620][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.933501][ T3631]
[ 52.935810][ T3631] Memory state around the buggy address:
[ 52.941422][ T3631] ffff888079cc0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.949473][ T3631] ffff888079cc0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.957518][ T3631] >ffff888079cc1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.965561][ T3631] ^
[ 52.969612][ T3631] ffff888079cc1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.977661][ T3631] ffff888079cc1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.985703][ T3631] ==================================================================
[ 53.006572][ T3631] Kernel panic - not syncing: panic_on_warn set ...
[ 53.013190][ T3631] CPU: 1 PID: 3631 Comm: syz-executor934 Not tainted 6.1.0-rc8-syzkaller #0
[ 53.021843][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.031881][ T3631] Call Trace:
[ 53.035143][ T3631]
[ 53.038058][ T3631] dump_stack_lvl+0x1b1/0x28e
[ 53.042724][ T3631] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 53.048161][ T3631] ? panic+0x710/0x710
[ 53.052210][ T3631] ? preempt_schedule_common+0xb7/0xe0
[ 53.057657][ T3631] ? vscnprintf+0x59/0x80
[ 53.062000][ T3631] panic+0x2d6/0x710
[ 53.065882][ T3631] ? memcpy_page_flushcache+0xfc/0xfc
[ 53.071330][ T3631] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 53.077314][ T3631] ? print_report+0x1b4/0x1f0
[ 53.081971][ T3631] ? hdr_delete_de+0xe0/0x150
[ 53.086631][ T3631] end_report+0x91/0xa0
[ 53.090810][ T3631] kasan_report+0xda/0x100
[ 53.095206][ T3631] ? hdr_delete_de+0xe0/0x150
[ 53.099874][ T3631] kasan_check_range+0x2a7/0x2e0
[ 53.104792][ T3631] ? hdr_delete_de+0xe0/0x150
[ 53.109449][ T3631] memmove+0x25/0x60
[ 53.113325][ T3631] hdr_delete_de+0xe0/0x150
[ 53.117810][ T3631] indx_delete_entry+0x74f/0x3670
[ 53.122821][ T3631] ? do_raw_spin_unlock+0x134/0x8a0
[ 53.128001][ T3631] ? _raw_spin_unlock_irq+0x1f/0x40
[ 53.133182][ T3631] ? indx_insert_into_buffer+0x13b0/0x13b0
[ 53.138969][ T3631] ? ntfs_set_state+0x50e/0x680
[ 53.143809][ T3631] ? ni_remove_name+0x1ff/0x980
[ 53.148644][ T3631] ni_remove_name+0x27a/0x980
[ 53.153301][ T3631] ? ntfs_unlink_inode+0x2d1/0x720
[ 53.158397][ T3631] ? ni_write_frame+0xbf0/0xbf0
[ 53.163234][ T3631] ? fill_name_de+0x126/0x330
[ 53.167899][ T3631] ntfs_unlink_inode+0x3d4/0x720
[ 53.172821][ T3631] ? ntfs_link_inode+0x170/0x170
[ 53.177740][ T3631] ? do_raw_spin_unlock+0x134/0x8a0
[ 53.182923][ T3631] ntfs_rename+0x41a/0xcb0
[ 53.187328][ T3631] ? ntfs_mknod+0x60/0x60
[ 53.191638][ T3631] ? do_raw_spin_unlock+0x134/0x8a0
[ 53.196817][ T3631] ? memcpy+0x3c/0x60
[ 53.200791][ T3631] vfs_rename+0xd53/0x1130
[ 53.205192][ T3631] ? __ia32_sys_link+0x90/0x90
[ 53.209937][ T3631] ? _raw_spin_unlock+0x24/0x40
[ 53.214773][ T3631] ? security_path_rename+0x1ab/0x230
[ 53.220127][ T3631] do_renameat2+0xb53/0x1370
[ 53.224703][ T3631] ? fsnotify_move+0x4e0/0x4e0
[ 53.229448][ T3631] ? check_heap_object+0x244/0x810
[ 53.234544][ T3631] ? __phys_addr_symbol+0x2b/0x70
[ 53.239553][ T3631] ? strncpy_from_user+0x1d6/0x330
[ 53.244647][ T3631] ? getname_flags+0x1ea/0x4e0
[ 53.249394][ T3631] __x64_sys_rename+0x82/0x90
[ 53.254051][ T3631] do_syscall_64+0x3d/0xb0
[ 53.258461][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.264420][ T3631] RIP: 0033:0x7fb16d7e97c9
[ 53.268815][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.288405][ T3631] RSP: 002b:00007ffdc864b578 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 53.296797][ T3631] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fb16d7e97c9
[ 53.304836][ T3631] RDX: 0000000000000030 RSI: 0000000020000080 RDI: 0000000020000040
[ 53.312787][ T3631] RBP: 00007fb16d7a9060 R08: 000000000001f376 R09: 0000000000000000
[ 53.320743][ T3631] R10: 00007ffdc864b440 R11: 0000000000000246 R12: 00007fb16d7a90f0
[ 53.328698][ T3631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 53.336660][ T3631]
[ 53.339864][ T3631] Kernel Offset: disabled
[ 53.344176][ T3631] Rebooting in 86400 seconds..