./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2150943213
<...>
Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts.
execve("./syz-executor2150943213", ["./syz-executor2150943213"], 0x7fff701b6390 /* 10 vars */) = 0
brk(NULL) = 0x555557361000
brk(0x555557361d00) = 0x555557361d00
arch_prctl(ARCH_SET_FS, 0x555557361380) = 0
set_tid_address(0x555557361650) = 5061
set_robust_list(0x555557361660, 24) = 0
rseq(0x555557361ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2150943213", 4096) = 28
getrandom("\xe2\x6b\x12\x03\x09\x25\xe3\x75", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557361d00
brk(0x555557382d00) = 0x555557382d00
brk(0x555557383000) = 0x555557383000
mprotect(0x7f742baf1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7423622000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7f7423622000, 138412032) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file2", 0777) = 0
[ 60.338807][ T5061] loop0: detected capacity change from 0 to 4096
[ 60.362203][ T5061] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
mount("/dev/loop0", "./file2", "ntfs3", MS_SYNCHRONOUS|MS_STRICTATIME, "") = 0
openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3
chdir("./file2") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 60.385847][ T5061] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[ 60.430685][ T5061] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[ 60.442240][ T5061] ==================================================================
[ 60.450334][ T5061] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x3b6/0x5b0
[ 60.457901][ T5061] Read of size 48 at addr ffff88801c865e30 by task syz-executor215/5061
[ 60.466666][ T5061]
[ 60.468973][ T5061] CPU: 0 PID: 5061 Comm: syz-executor215 Not tainted 6.6.0-syzkaller-16176-g1b907d050735 #0
[ 60.479041][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 60.489081][ T5061] Call Trace:
[ 60.492434][ T5061]
[ 60.495439][ T5061] dump_stack_lvl+0x1e7/0x2d0
[ 60.500114][ T5061] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.506254][ T5061] ? panic+0x850/0x850
[ 60.510374][ T5061] ? _printk+0xd5/0x120
[ 60.514576][ T5061] print_report+0x163/0x540
[ 60.519066][ T5061] ? __asan_memset+0x23/0x40
[ 60.523819][ T5061] ? __virt_addr_valid+0x22f/0x2e0
[ 60.529267][ T5061] ? __phys_addr+0xba/0x170
[ 60.533756][ T5061] ? ntfs_listxattr+0x3b6/0x5b0
[ 60.538614][ T5061] kasan_report+0x142/0x170
[ 60.543129][ T5061] ? ntfs_listxattr+0x3b6/0x5b0
[ 60.548097][ T5061] kasan_check_range+0x27e/0x290
[ 60.553047][ T5061] ? ntfs_listxattr+0x3b6/0x5b0
[ 60.557903][ T5061] __asan_memcpy+0x29/0x70
[ 60.562335][ T5061] ntfs_listxattr+0x3b6/0x5b0
[ 60.567022][ T5061] ? ntfs_acl_chmod+0x130/0x130
[ 60.571955][ T5061] ? rcu_is_watching+0x15/0xb0
[ 60.576712][ T5061] ? __kmalloc_node+0xe8/0x230
[ 60.581625][ T5061] ? bpf_lsm_inode_listxattr+0x9/0x10
[ 60.587367][ T5061] ? ntfs_acl_chmod+0x130/0x130
[ 60.592228][ T5061] listxattr+0x103/0x280
[ 60.597366][ T5061] __x64_sys_listxattr+0x176/0x230
[ 60.602496][ T5061] ? __ia32_sys_fgetxattr+0xb0/0xb0
[ 60.607814][ T5061] ? syscall_enter_from_user_mode+0x32/0x230
[ 60.613802][ T5061] ? syscall_enter_from_user_mode+0x8c/0x230
[ 60.620326][ T5061] do_syscall_64+0x44/0x110
[ 60.624822][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 60.630712][ T5061] RIP: 0033:0x7f742ba5f5b9
[ 60.635203][ T5061] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.654968][ T5061] RSP: 002b:00007ffff4e73db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2
[ 60.663547][ T5061] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f742ba5f5b9
[ 60.671593][ T5061] RDX: 0000000000000098 RSI: 0000000020000100 RDI: 0000000020000040
[ 60.679723][ T5061] RBP: 00007f742baf1610 R08: 000000000001f1b1 R09: 0000000000000000
[ 60.687680][ T5061] R10: 00007ffff4e73c80 R11: 0000000000000246 R12: 0000000000000001
[ 60.695646][ T5061] R13: 00007ffff4e73f88 R14: 0000000000000001 R15: 0000000000000001
[ 60.703722][ T5061]
[ 60.706747][ T5061]
[ 60.709063][ T5061] Allocated by task 5061:
[ 60.713547][ T5061] kasan_set_track+0x4f/0x70
[ 60.718134][ T5061] __kasan_kmalloc+0x98/0xb0
[ 60.722712][ T5061] __kmalloc+0xb9/0x230
[ 60.726856][ T5061] ntfs_read_ea+0x48e/0xa10
[ 60.731528][ T5061] ntfs_listxattr+0x17d/0x5b0
[ 60.736231][ T5061] listxattr+0x103/0x280
[ 60.740634][ T5061] __x64_sys_listxattr+0x176/0x230
[ 60.745747][ T5061] do_syscall_64+0x44/0x110
[ 60.750277][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 60.756185][ T5061]
[ 60.758503][ T5061] The buggy address belongs to the object at ffff88801c865e00
[ 60.758503][ T5061] which belongs to the cache kmalloc-64 of size 64
[ 60.772375][ T5061] The buggy address is located 48 bytes inside of
[ 60.772375][ T5061] allocated 60-byte region [ffff88801c865e00, ffff88801c865e3c)
[ 60.787061][ T5061]
[ 60.789394][ T5061] The buggy address belongs to the physical page:
[ 60.795893][ T5061] page:ffffea0000721940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c865
[ 60.806054][ T5061] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 60.814116][ T5061] page_type: 0xffffffff()
[ 60.818709][ T5061] raw: 00fff00000000800 ffff888012c41640 ffffea0000a43b80 dead000000000005
[ 60.827371][ T5061] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 60.836037][ T5061] page dumped because: kasan: bad access detected
[ 60.842625][ T5061] page_owner tracks the page as allocated
[ 60.848330][ T5061] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4517, tgid 4517 (udevadm), ts 19228779552, free_ts 14013421357
[ 60.866500][ T5061] post_alloc_hook+0x1e6/0x210
[ 60.871352][ T5061] get_page_from_freelist+0x339a/0x3530
[ 60.876976][ T5061] __alloc_pages+0x255/0x670
[ 60.881557][ T5061] alloc_pages_mpol+0x3de/0x640
[ 60.886418][ T5061] alloc_slab_page+0x6a/0x160
[ 60.891188][ T5061] new_slab+0x84/0x2f0
[ 60.895244][ T5061] ___slab_alloc+0xc85/0x1310
[ 60.899997][ T5061] __kmem_cache_alloc_node+0x21d/0x300
[ 60.906237][ T5061] __kmalloc+0xa8/0x230
[ 60.910389][ T5061] tomoyo_supervisor+0xe06/0x11f0
[ 60.915422][ T5061] tomoyo_path_permission+0x243/0x360
[ 60.920869][ T5061] tomoyo_path_perm+0x480/0x730
[ 60.925708][ T5061] security_inode_getattr+0xd3/0x120
[ 60.930982][ T5061] vfs_getattr+0x2a/0x3a0
[ 60.935311][ T5061] vfs_statx+0x198/0x4c0
[ 60.939976][ T5061] vfs_fstatat+0x135/0x190
[ 60.944392][ T5061] page last free stack trace:
[ 60.949087][ T5061] free_unref_page_prepare+0x92a/0xa50
[ 60.954646][ T5061] free_unref_page+0x37/0x3f0
[ 60.959490][ T5061] kasan_depopulate_vmalloc_pte+0x74/0x90
[ 60.965287][ T5061] __apply_to_page_range+0x8e2/0xe00
[ 60.970558][ T5061] kasan_release_vmalloc+0x9a/0xb0
[ 60.975659][ T5061] __purge_vmap_area_lazy+0xc0f/0x19c0
[ 60.981109][ T5061] drain_vmap_area_work+0x40/0xd0
[ 60.986213][ T5061] process_scheduled_works+0x90f/0x1400
[ 60.991755][ T5061] worker_thread+0xa5f/0xff0
[ 60.996346][ T5061] kthread+0x2d3/0x370
[ 61.000405][ T5061] ret_from_fork+0x48/0x80
[ 61.004991][ T5061] ret_from_fork_asm+0x11/0x20
[ 61.009748][ T5061]
[ 61.012061][ T5061] Memory state around the buggy address:
[ 61.018023][ T5061] ffff88801c865d00: 00 00 00 00 00 00 00 07 fc fc fc fc fc fc fc fc
[ 61.026172][ T5061] ffff88801c865d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 61.034571][ T5061] >ffff88801c865e00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc
[ 61.042633][ T5061] ^
[ 61.048508][ T5061] ffff88801c865e80: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc
[ 61.056823][ T5061] ffff88801c865f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 61.064867][ T5061] ==================================================================
[ 61.073969][ T5061] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 61.081358][ T5061] CPU: 1 PID: 5061 Comm: syz-executor215 Not tainted 6.6.0-syzkaller-16176-g1b907d050735 #0
[ 61.091426][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 61.101490][ T5061] Call Trace:
[ 61.104843][ T5061]
[ 61.107755][ T5061] dump_stack_lvl+0x1e7/0x2d0
[ 61.112423][ T5061] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.117866][ T5061] ? panic+0x850/0x850
[ 61.121920][ T5061] ? vscnprintf+0x5d/0x80
[ 61.126242][ T5061] panic+0x349/0x850
[ 61.130117][ T5061] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 61.136258][ T5061] ? check_panic_on_warn+0x21/0xa0
[ 61.141350][ T5061] ? __memcpy_flushcache+0x2b0/0x2b0
[ 61.146621][ T5061] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 61.152669][ T5061] ? _raw_spin_unlock+0x40/0x40
[ 61.157518][ T5061] ? print_report+0x4fb/0x540
[ 61.162267][ T5061] check_panic_on_warn+0x82/0xa0
[ 61.167193][ T5061] ? ntfs_listxattr+0x3b6/0x5b0
[ 61.172254][ T5061] end_report+0x6e/0x130
[ 61.176652][ T5061] kasan_report+0x153/0x170
[ 61.181157][ T5061] ? ntfs_listxattr+0x3b6/0x5b0
[ 61.186014][ T5061] kasan_check_range+0x27e/0x290
[ 61.190947][ T5061] ? ntfs_listxattr+0x3b6/0x5b0
[ 61.195798][ T5061] __asan_memcpy+0x29/0x70
[ 61.200217][ T5061] ntfs_listxattr+0x3b6/0x5b0
[ 61.204908][ T5061] ? ntfs_acl_chmod+0x130/0x130
[ 61.209770][ T5061] ? rcu_is_watching+0x15/0xb0
[ 61.214625][ T5061] ? __kmalloc_node+0xe8/0x230
[ 61.219387][ T5061] ? bpf_lsm_inode_listxattr+0x9/0x10
[ 61.224755][ T5061] ? ntfs_acl_chmod+0x130/0x130
[ 61.229609][ T5061] listxattr+0x103/0x280
[ 61.233847][ T5061] __x64_sys_listxattr+0x176/0x230
[ 61.238951][ T5061] ? __ia32_sys_fgetxattr+0xb0/0xb0
[ 61.244227][ T5061] ? syscall_enter_from_user_mode+0x32/0x230
[ 61.250281][ T5061] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.256278][ T5061] do_syscall_64+0x44/0x110
[ 61.260791][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 61.266700][ T5061] RIP: 0033:0x7f742ba5f5b9
[ 61.271110][ T5061] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.290704][ T5061] RSP: 002b:00007ffff4e73db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2
[ 61.299213][ T5061] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f742ba5f5b9
[ 61.307614][ T5061] RDX: 0000000000000098 RSI: 0000000020000100 RDI: 0000000020000040
[ 61.315573][ T5061] RBP: 00007f742baf1610 R08: 000000000001f1b1 R09: 0000000000000000
[ 61.323528][ T5061] R10: 00007ffff4e73c80 R11: 0000000000000246 R12: 0000000000000001
[ 61.331487][ T5061] R13: 00007ffff4e73f88 R14: 0000000000000001 R15: 0000000000000001
[ 61.339464][ T5061]
[ 61.342759][ T5061] Kernel Offset: disabled
[ 61.347245][ T5061] Rebooting in 86400 seconds..