./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2841424317

<...>
DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89
forked to background, child pid 3209
[   29.512836][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.522250][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts.
execve("./syz-executor2841424317", ["./syz-executor2841424317"], 0x7ffeceb90af0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555563e6000
brk(0x5555563e6d00)                     = 0x5555563e6d00
arch_prctl(ARCH_SET_FS, 0x5555563e63c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2841424317", 4096) = 28
brk(0x555556407d00)                     = 0x555556407d00
brk(0x555556408000)                     = 0x555556408000
mprotect(0x7f0a24bf1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f0a24b41670, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0a24b42790}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f0a24b41670, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0a24b42790}, NULL, 8) = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a1c737000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
munmap(0x7f0a1c737000, 1048576)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
mount("/dev/loop0", "./file0", "udf", 0, "fileset=00000000000000065537,volume=00000000000000024210,noadinicb,nostrict,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
write(4, "\x0e\x1d\xc4\x6f\x48\x16\xa6\x1a\x8e\x6a\xe8\xf5\xb9\xab\x06\x2e\xe7\x01\xf4\xbe\xca\x3a\x61\x5d\x1a\xa3\x69\x48\xb8\x17\x28\x16\xae\xaa\xf1\x30\x8a\xf8\xb9\x1f\xc0\xbd\xff\x9e\xe4\x18\x7a\x48\x7d\x4e\x6a\x5d\x40\xd9\x8b\x3d\xae\xd6\x81\x91\xd2\x1e\x03\x81\x85\xde\x3f\xb1\x74\x52\xf5\x28\x76\xca\xc7\xae\x75\x66\x00\xda\x26\x39\x47\xcc\x23\x0b\x5f\xbf\xb4\x70\x58\xd8\x36\x93\x1a\x7a\x13\x1b\x1f\x89"..., 65191) = 65191
mmap(0x20000000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000100} ---
syzkaller login: [   50.366124][ T3637] loop0: detected capacity change from 0 to 2048
[   50.379145][ T3637] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   50.412046][ T3637] ==================================================================
[   50.420148][ T3637] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x62d/0x7e0
[   50.427730][ T3637] Write of size 4 at addr ffff88807bfa47f0 by task syz-executor284/3637
[   50.436037][ T3637] 
[   50.438344][ T3637] CPU: 0 PID: 3637 Comm: syz-executor284 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   50.448737][ T3637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   50.458774][ T3637] Call Trace:
[   50.462046][ T3637]  <TASK>
[   50.464980][ T3637]  dump_stack_lvl+0x1b1/0x28e
[   50.469656][ T3637]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   50.475095][ T3637]  ? __wake_up_klogd+0xcd/0x100
[   50.479926][ T3637]  ? panic+0x710/0x710
[   50.483976][ T3637]  ? _printk+0xc0/0x100
[   50.488114][ T3637]  print_address_description+0x74/0x340
[   50.493640][ T3637]  print_report+0x107/0x1f0
[   50.498122][ T3637]  ? _raw_spin_lock+0x40/0x40
[   50.502784][ T3637]  ? udf_current_aext+0x5d0/0xa80
[   50.507791][ T3637]  ? __virt_addr_valid+0x21b/0x2d0
[   50.512981][ T3637]  ? __phys_addr+0xb5/0x160
[   50.517466][ T3637]  ? udf_write_aext+0x62d/0x7e0
[   50.522297][ T3637]  kasan_report+0xcd/0x100
[   50.526701][ T3637]  ? udf_write_aext+0x62d/0x7e0
[   50.531541][ T3637]  udf_write_aext+0x62d/0x7e0
[   50.536202][ T3637]  udf_add_entry+0x1712/0x3300
[   50.540955][ T3637]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   50.546919][ T3637]  ? __mark_inode_dirty+0x593/0x600
[   50.552102][ T3637]  ? udf_add_nondir+0x580/0x580
[   50.556947][ T3637]  ? udf_new_inode+0xb04/0xf30
[   50.561697][ T3637]  ? d_alloc+0x193/0x1d0
[   50.565925][ T3637]  udf_mkdir+0x13c/0x980
[   50.570153][ T3637]  ? udf_symlink+0x1680/0x1680
[   50.574897][ T3637]  ? from_kgid+0x193/0x6b0
[   50.579293][ T3637]  ? make_kgid+0x710/0x710
[   50.583691][ T3637]  ? __lookup_hash+0x123/0x240
[   50.588440][ T3637]  ? apparmor_path_mkdir+0x461/0x520
[   50.593707][ T3637]  ? generic_permission+0x214/0x4e0
[   50.598891][ T3637]  ? inode_permission+0xf5/0x450
[   50.603811][ T3637]  ? bpf_lsm_inode_mkdir+0x5/0x10
[   50.608819][ T3637]  ? security_inode_mkdir+0xdd/0x120
[   50.614094][ T3637]  vfs_mkdir+0x3b3/0x590
[   50.618318][ T3637]  do_mkdirat+0x279/0x550
[   50.622630][ T3637]  ? 0xffffffff81000000
[   50.626765][ T3637]  ? __check_object_size+0x15a/0x210
[   50.632039][ T3637]  ? vfs_mkdir+0x590/0x590
[   50.636434][ T3637]  ? getname_flags+0x1ea/0x4e0
[   50.641182][ T3637]  __x64_sys_mkdir+0x6a/0x80
[   50.645751][ T3637]  do_syscall_64+0x3d/0xb0
[   50.650152][ T3637]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.656028][ T3637] RIP: 0033:0x7f0a24b836a7
[   50.660429][ T3637] Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 c7 c0 c0 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.680030][ T3637] RSP: 002b:00007ffcfb2d6378 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[   50.688516][ T3637] RAX: ffffffffffffffda RBX: 00005555563e6380 RCX: 00007f0a24b836a7
[   50.696470][ T3637] RDX: 1100000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[   50.704420][ T3637] RBP: 00007ffcfb2d6410 R08: 0000000000000000 R09: 0000000000000000
[   50.712372][ T3637] R10: 0000000000010012 R11: 0000000000000286 R12: 00000000ffffffff
[   50.720325][ T3637] R13: 0000000020000100 R14: 0000000020000000 R15: 0000000000000000
[   50.728283][ T3637]  </TASK>
[   50.731282][ T3637] 
[   50.733590][ T3637] Allocated by task 3350:
[   50.737893][ T3637]  kasan_set_track+0x3d/0x60
[   50.742463][ T3637]  __kasan_kmalloc+0x97/0xb0
[   50.747038][ T3637]  __kmalloc+0xaf/0x1a0
[   50.751173][ T3637]  tomoyo_init_log+0x1a16/0x1f80
[   50.756093][ T3637]  tomoyo_supervisor+0x38d/0x14f0
[   50.761097][ T3637]  tomoyo_path_permission+0x245/0x360
[   50.766451][ T3637]  tomoyo_check_open_permission+0x2a3/0x460
[   50.772324][ T3637]  security_file_open+0x50/0x560
[   50.777242][ T3637]  do_dentry_open+0x306/0x11b0
[   50.781987][ T3637]  path_openat+0x25fc/0x2df0
[   50.786995][ T3637]  do_filp_open+0x264/0x4f0
[   50.791475][ T3637]  do_sys_openat2+0x124/0x4e0
[   50.796162][ T3637]  __x64_sys_openat+0x243/0x290
[   50.800990][ T3637]  do_syscall_64+0x3d/0xb0
[   50.805384][ T3637]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.811257][ T3637] 
[   50.813559][ T3637] Freed by task 3350:
[   50.817513][ T3637]  kasan_set_track+0x3d/0x60
[   50.822081][ T3637]  kasan_save_free_info+0x27/0x40
[   50.827086][ T3637]  ____kasan_slab_free+0xd6/0x120
[   50.832087][ T3637]  slab_free_freelist_hook+0x12e/0x1a0
[   50.837531][ T3637]  __kmem_cache_free+0x71/0x110
[   50.842361][ T3637]  tomoyo_supervisor+0x127a/0x14f0
[   50.847451][ T3637]  tomoyo_path_permission+0x245/0x360
[   50.852805][ T3637]  tomoyo_check_open_permission+0x2a3/0x460
[   50.858692][ T3637]  security_file_open+0x50/0x560
[   50.863622][ T3637]  do_dentry_open+0x306/0x11b0
[   50.868369][ T3637]  path_openat+0x25fc/0x2df0
[   50.872940][ T3637]  do_filp_open+0x264/0x4f0
[   50.877422][ T3637]  do_sys_openat2+0x124/0x4e0
[   50.882079][ T3637]  __x64_sys_openat+0x243/0x290
[   50.886922][ T3637]  do_syscall_64+0x3d/0xb0
[   50.891316][ T3637]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.897188][ T3637] 
[   50.899492][ T3637] The buggy address belongs to the object at ffff88807bfa4400
[   50.899492][ T3637]  which belongs to the cache kmalloc-512 of size 512
[   50.913528][ T3637] The buggy address is located 496 bytes to the right of
[   50.913528][ T3637]  512-byte region [ffff88807bfa4400, ffff88807bfa4600)
[   50.927299][ T3637] 
[   50.929610][ T3637] The buggy address belongs to the physical page:
[   50.935998][ T3637] page:ffffea0001efe900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bfa4
[   50.946122][ T3637] head:ffffea0001efe900 order:2 compound_mapcount:0 compound_pincount:0
[   50.954426][ T3637] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   50.962395][ T3637] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888012841c80
[   50.970954][ T3637] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   50.979509][ T3637] page dumped because: kasan: bad access detected
[   50.985898][ T3637] page_owner tracks the page as allocated
[   50.991586][ T3637] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3002, tgid 3002 (udevd), ts 26454865035, free_ts 23525118604
[   51.012323][ T3637]  get_page_from_freelist+0x742/0x7c0
[   51.017694][ T3637]  __alloc_pages+0x259/0x560
[   51.022268][ T3637]  alloc_slab_page+0xbd/0x190
[   51.026947][ T3637]  allocate_slab+0x5e/0x4b0
[   51.031432][ T3637]  ___slab_alloc+0x782/0xe20
[   51.035999][ T3637]  __kmem_cache_alloc_node+0x252/0x310
[   51.041439][ T3637]  kmalloc_trace+0x26/0x60
[   51.045838][ T3637]  kernfs_fop_open+0x3f8/0xc80
[   51.050579][ T3637]  do_dentry_open+0x85f/0x11b0
[   51.055322][ T3637]  path_openat+0x25fc/0x2df0
[   51.059891][ T3637]  do_filp_open+0x264/0x4f0
[   51.064389][ T3637]  do_sys_openat2+0x124/0x4e0
[   51.069070][ T3637]  __x64_sys_openat+0x243/0x290
[   51.073919][ T3637]  do_syscall_64+0x3d/0xb0
[   51.078327][ T3637]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.084207][ T3637] page last free stack trace:
[   51.088863][ T3637]  free_pcp_prepare+0x80c/0x8f0
[   51.093712][ T3637]  free_unref_page+0x7d/0x5f0
[   51.098383][ T3637]  qlist_free_all+0x2b/0x70
[   51.102869][ T3637]  kasan_quarantine_reduce+0x169/0x180
[   51.108315][ T3637]  __kasan_slab_alloc+0x1f/0x70
[   51.113151][ T3637]  kmem_cache_alloc+0x1cc/0x300
[   51.117984][ T3637]  mas_alloc_nodes+0x1fd/0x650
[   51.122729][ T3637]  mas_preallocate+0x133/0x340
[   51.127472][ T3637]  do_mas_align_munmap+0x211/0x14e0
[   51.132736][ T3637]  do_mas_munmap+0x245/0x2b0
[   51.137304][ T3637]  mmap_region+0x7b0/0x1e20
[   51.141798][ T3637]  do_mmap+0x8d9/0xf30
[   51.145848][ T3637]  vm_mmap_pgoff+0x19e/0x2b0
[   51.150422][ T3637]  ksys_mmap_pgoff+0x48c/0x6d0
[   51.155166][ T3637]  do_syscall_64+0x3d/0xb0
[   51.159557][ T3637]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.165438][ T3637] 
[   51.167747][ T3637] Memory state around the buggy address:
[   51.173352][ T3637]  ffff88807bfa4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.181475][ T3637]  ffff88807bfa4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.189512][ T3637] >ffff88807bfa4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.197551][ T3637]                                                              ^
[   51.205243][ T3637]  ffff88807bfa4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.213388][ T3637]  ffff88807bfa4880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.221442][ T3637] ==================================================================
[   51.229975][ T3637] Kernel panic - not syncing: panic_on_warn set ...
[   51.236565][ T3637] CPU: 0 PID: 3637 Comm: syz-executor284 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   51.247000][ T3637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.257042][ T3637] Call Trace:
[   51.260308][ T3637]  <TASK>
[   51.263227][ T3637]  dump_stack_lvl+0x1b1/0x28e
[   51.267894][ T3637]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   51.273338][ T3637]  ? panic+0x710/0x710
[   51.277393][ T3637]  ? preempt_schedule_common+0xb7/0xe0
[   51.282845][ T3637]  ? vscnprintf+0x59/0x80
[   51.287163][ T3637]  panic+0x2d6/0x710
[   51.291047][ T3637]  ? memcpy_page_flushcache+0xfc/0xfc
[   51.296405][ T3637]  ? _raw_spin_unlock_irqrestore+0x110/0x120
[   51.302377][ T3637]  ? print_report+0x1b4/0x1f0
[   51.307041][ T3637]  ? udf_write_aext+0x62d/0x7e0
[   51.311879][ T3637]  end_report+0x91/0xa0
[   51.316023][ T3637]  kasan_report+0xda/0x100
[   51.320429][ T3637]  ? udf_write_aext+0x62d/0x7e0
[   51.325273][ T3637]  udf_write_aext+0x62d/0x7e0
[   51.329940][ T3637]  udf_add_entry+0x1712/0x3300
[   51.334694][ T3637]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   51.340666][ T3637]  ? __mark_inode_dirty+0x593/0x600
[   51.345854][ T3637]  ? udf_add_nondir+0x580/0x580
[   51.350697][ T3637]  ? udf_new_inode+0xb04/0xf30
[   51.355449][ T3637]  ? d_alloc+0x193/0x1d0
[   51.359678][ T3637]  udf_mkdir+0x13c/0x980
[   51.363912][ T3637]  ? udf_symlink+0x1680/0x1680
[   51.368662][ T3637]  ? from_kgid+0x193/0x6b0
[   51.373068][ T3637]  ? make_kgid+0x710/0x710
[   51.377472][ T3637]  ? __lookup_hash+0x123/0x240
[   51.382222][ T3637]  ? apparmor_path_mkdir+0x461/0x520
[   51.387495][ T3637]  ? generic_permission+0x214/0x4e0
[   51.392689][ T3637]  ? inode_permission+0xf5/0x450
[   51.397620][ T3637]  ? bpf_lsm_inode_mkdir+0x5/0x10
[   51.402632][ T3637]  ? security_inode_mkdir+0xdd/0x120
[   51.407910][ T3637]  vfs_mkdir+0x3b3/0x590
[   51.412139][ T3637]  do_mkdirat+0x279/0x550
[   51.416450][ T3637]  ? 0xffffffff81000000
[   51.420588][ T3637]  ? __check_object_size+0x15a/0x210
[   51.425865][ T3637]  ? vfs_mkdir+0x590/0x590
[   51.430270][ T3637]  ? getname_flags+0x1ea/0x4e0
[   51.435028][ T3637]  __x64_sys_mkdir+0x6a/0x80
[   51.439602][ T3637]  do_syscall_64+0x3d/0xb0
[   51.444007][ T3637]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.449887][ T3637] RIP: 0033:0x7f0a24b836a7
[   51.454286][ T3637] Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 c7 c0 c0 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.473878][ T3637] RSP: 002b:00007ffcfb2d6378 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[   51.482277][ T3637] RAX: ffffffffffffffda RBX: 00005555563e6380 RCX: 00007f0a24b836a7
[   51.490236][ T3637] RDX: 1100000000000000 RSI: 00000000000001ff RDI: 0000000020000100
[   51.498192][ T3637] RBP: 00007ffcfb2d6410 R08: 0000000000000000 R09: 0000000000000000
[   51.506149][ T3637] R10: 0000000000010012 R11: 0000000000000286 R12: 00000000ffffffff
[   51.514105][ T3637] R13: 0000000020000100 R14: 0000000020000000 R15: 0000000000000000
[   51.522068][ T3637]  </TASK>
[   51.525231][ T3637] Kernel Offset: disabled
[   51.529546][ T3637] Rebooting in 86400 seconds..