./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1485480918

<...>
[   35.996344][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.016568][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   47.132247][   T26] kauditd_printk_skb: 37 callbacks suppressed
[   47.132265][   T26] audit: type=1400 audit(1670396208.547:73): avc:  denied  { transition } for  pid=3440 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   47.193102][   T26] audit: type=1400 audit(1670396208.557:74): avc:  denied  { write } for  pid=3440 comm="sh" path="pipe:[28897]" dev="pipefs" ino=28897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
execve("./syz-executor1485480918", ["./syz-executor1485480918"], 0x7fffa40232f0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555eee000
brk(0x555555eeec40)                     = 0x555555eeec40
arch_prctl(ARCH_SET_FS, 0x555555eee300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1485480918", 4096) = 28
brk(0x555555f0fc40)                     = 0x555555f0fc40
brk(0x555555f10000)                     = 0x555555f10000
mprotect(0x7fa4db278000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4d2d9f000
write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x04\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\xbf\xd6\xaf\x3d\x29\x4e\xa1\x54\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
munmap(0x7fa4d2d9f000, 2097152)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
[   60.524787][   T26] audit: type=1400 audit(1670396221.947:75): avc:  denied  { execmem } for  pid=3634 comm="syz-executor148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   60.558851][   T26] audit: type=1400 audit(1670396221.977:76): avc:  denied  { read write } for  pid=3634 comm="syz-executor148" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   60.566328][ T3634] loop0: detected capacity change from 0 to 4096
[   60.583610][   T26] audit: type=1400 audit(1670396221.987:77): avc:  denied  { open } for  pid=3634 comm="syz-executor148" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   60.600178][ T3634] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512)
mount("/dev/loop0", "./file0", "ntfs3", 0, "") = 0
[   60.614805][   T26] audit: type=1400 audit(1670396221.987:78): avc:  denied  { ioctl } for  pid=3634 comm="syz-executor148" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   60.648896][   T26] audit: type=1400 audit(1670396222.017:79): avc:  denied  { mounton } for  pid=3634 comm="syz-executor148" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[   60.678726][   T26] audit: type=1400 audit(1670396222.097:80): avc:  denied  { mount } for  pid=3634 comm="syz-executor148" name="/" dev="loop0" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   60.696398][ T3634] ==================================================================
[   60.709317][ T3634] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x402/0x460
[   60.716904][ T3634] Read of size 1 at addr ffff88807ce7fabd by task syz-executor148/3634
[   60.725169][ T3634] 
[   60.727510][ T3634] CPU: 1 PID: 3634 Comm: syz-executor148 Not tainted 6.1.0-rc8-syzkaller-00014-g8ed710da2873 #0
[   60.737944][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.747996][ T3634] Call Trace:
[   60.751266][ T3634]  <TASK>
[   60.754184][ T3634]  dump_stack_lvl+0xd1/0x138
[   60.758772][ T3634]  print_report+0x15e/0x461
[   60.763263][ T3634]  ? __phys_addr+0xc8/0x140
[   60.767758][ T3634]  ? ntfs_listxattr+0x402/0x460
[   60.772604][ T3634]  kasan_report+0xbf/0x1f0
[   60.777009][ T3634]  ? ntfs_listxattr+0x402/0x460
[   60.781938][ T3634]  ntfs_listxattr+0x402/0x460
[   60.786632][ T3634]  ? selinux_inode_listxattr+0xdb/0x130
[   60.792183][ T3634]  ? ntfs_permission+0x120/0x120
[   60.797117][ T3634]  ? kmem_cache_free+0x264/0x4c0
[   60.802048][ T3634]  ? putname+0x102/0x140
[   60.806281][ T3634]  ? lockdep_hardirqs_on+0x7d/0x100
[   60.811468][ T3634]  ? ntfs_permission+0x120/0x120
[   60.816395][ T3634]  vfs_listxattr+0x109/0x190
[   60.820978][ T3634]  listxattr+0xf6/0x180
[   60.825124][ T3634]  path_listxattr+0xae/0x140
[   60.829704][ T3634]  ? listxattr+0x180/0x180
[   60.834111][ T3634]  ? lockdep_hardirqs_on+0x7d/0x100
[   60.839305][ T3634]  ? _raw_spin_unlock_irq+0x2e/0x50
[   60.844496][ T3634]  ? ptrace_notify+0xfe/0x140
[   60.849171][ T3634]  do_syscall_64+0x39/0xb0
[   60.853573][ T3634]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.859461][ T3634] RIP: 0033:0x7fa4db1eb749
[   60.863869][ T3634] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.883553][ T3634] RSP: 002b:00007fffa7d68008 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[   60.891952][ T3634] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fa4db1eb749
[   60.899928][ T3634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
[   60.907896][ T3634] RBP: 00007fa4db1aafe0 R08: 000000000001f6fe R09: 0000000000000000
[   60.915887][ T3634] R10: 00007fffa7d67ed0 R11: 0000000000000246 R12: 00007fa4db1ab070
[   60.923850][ T3634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   60.931810][ T3634]  </TASK>
[   60.934816][ T3634] 
[   60.937129][ T3634] Allocated by task 3634:
[   60.941439][ T3634]  kasan_save_stack+0x22/0x40
[   60.946116][ T3634]  kasan_set_track+0x25/0x30
[   60.950704][ T3634]  __kasan_kmalloc+0xa3/0xb0
[   60.955285][ T3634]  __kmalloc+0x5a/0xd0
[   60.959346][ T3634]  ntfs_read_ea+0x3e4/0x850
[   60.963843][ T3634]  ntfs_listxattr+0x16b/0x460
[   60.968505][ T3634]  vfs_listxattr+0x109/0x190
[   60.973088][ T3634]  listxattr+0xf6/0x180
[   60.977233][ T3634]  path_listxattr+0xae/0x140
[   60.981812][ T3634]  do_syscall_64+0x39/0xb0
[   60.986214][ T3634]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.992103][ T3634] 
[   60.994413][ T3634] The buggy address belongs to the object at ffff88807ce7fa80
[   60.994413][ T3634]  which belongs to the cache kmalloc-64 of size 64
[   61.008278][ T3634] The buggy address is located 61 bytes inside of
[   61.008278][ T3634]  64-byte region [ffff88807ce7fa80, ffff88807ce7fac0)
[   61.021361][ T3634] 
[   61.023668][ T3634] The buggy address belongs to the physical page:
[   61.030080][ T3634] page:ffffea0001f39fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807ce7f180 pfn:0x7ce7f
[   61.041542][ T3634] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   61.049081][ T3634] raw: 00fff00000000200 ffffea0001e69a08 ffffea0000895088 ffff888012040200
[   61.057660][ T3634] raw: ffff88807ce7f180 ffff88807ce7f000 0000000100000016 0000000000000000
[   61.066225][ T3634] page dumped because: kasan: bad access detected
[   61.072621][ T3634] page_owner tracks the page as allocated
[   61.078315][ T3634] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x242040(__GFP_IO|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 3009, tgid 3009 (udevd), ts 32348431009, free_ts 32117580289
[   61.096966][ T3634]  get_page_from_freelist+0x10b5/0x2d50
[   61.102508][ T3634]  __alloc_pages+0x1cb/0x5b0
[   61.107084][ T3634]  cache_grow_begin+0x94/0x390
[   61.111861][ T3634]  cache_alloc_refill+0x27f/0x380
[   61.116874][ T3634]  __kmem_cache_alloc_node+0x44a/0x510
[   61.122325][ T3634]  __kmalloc+0x4a/0xd0
[   61.126385][ T3634]  tomoyo_encode2.part.0+0xe9/0x3a0
[   61.131597][ T3634]  tomoyo_encode+0x2c/0x50
[   61.136000][ T3634]  tomoyo_realpath_from_path+0x185/0x600
[   61.141635][ T3634]  tomoyo_check_open_permission+0x27a/0x380
[   61.147519][ T3634]  tomoyo_file_open+0xa1/0xc0
[   61.152205][ T3634]  security_file_open+0x49/0xb0
[   61.157043][ T3634]  do_dentry_open+0x575/0x13f0
[   61.161797][ T3634]  path_openat+0x1bf6/0x2860
[   61.166482][ T3634]  do_filp_open+0x1ba/0x410
[   61.170980][ T3634]  do_sys_openat2+0x16d/0x4c0
[   61.175679][ T3634] page last free stack trace:
[   61.180332][ T3634]  free_pcp_prepare+0x65c/0xd90
[   61.185169][ T3634]  free_unref_page+0x1d/0x4d0
[   61.189834][ T3634]  slabs_destroy+0x85/0xc0
[   61.194257][ T3634]  ___cache_free+0x2ac/0x3d0
[   61.198851][ T3634]  qlist_free_all+0x4f/0x1a0
[   61.203444][ T3634]  kasan_quarantine_reduce+0x184/0x210
[   61.208905][ T3634]  __kasan_slab_alloc+0x63/0x90
[   61.213747][ T3634]  kmem_cache_alloc+0x220/0x460
[   61.218597][ T3634]  getname_flags.part.0+0x50/0x4f0
[   61.223702][ T3634]  getname_flags+0x9e/0xe0
[   61.228109][ T3634]  vfs_fstatat+0x77/0xb0
[   61.232342][ T3634]  __do_sys_newfstatat+0x94/0x120
[   61.237368][ T3634]  do_syscall_64+0x39/0xb0
[   61.241774][ T3634]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.247774][ T3634] 
[   61.250100][ T3634] Memory state around the buggy address:
[   61.255718][ T3634]  ffff88807ce7f980: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   61.263768][ T3634]  ffff88807ce7fa00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.271813][ T3634] >ffff88807ce7fa80: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc
[   61.279854][ T3634]                                         ^
[   61.285733][ T3634]  ffff88807ce7fb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.293780][ T3634]  ffff88807ce7fb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.301822][ T3634] ==================================================================
[   61.310160][ T3634] Kernel panic - not syncing: panic_on_warn set ...
[   61.316765][ T3634] CPU: 1 PID: 3634 Comm: syz-executor148 Not tainted 6.1.0-rc8-syzkaller-00014-g8ed710da2873 #0
[   61.327204][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   61.337264][ T3634] Call Trace:
[   61.340539][ T3634]  <TASK>
[   61.343470][ T3634]  dump_stack_lvl+0xd1/0x138
[   61.348088][ T3634]  panic+0x2cc/0x626
[   61.351991][ T3634]  ? panic_print_sys_info.part.0+0x110/0x110
[   61.357984][ T3634]  ? preempt_schedule_common+0x59/0xc0
[   61.363452][ T3634]  ? preempt_schedule_thunk+0x1a/0x1c
[   61.368846][ T3634]  end_report.part.0+0x3f/0x7c
[   61.373622][ T3634]  ? ntfs_listxattr+0x402/0x460
[   61.378491][ T3634]  kasan_report.cold+0xa/0xf
[   61.383093][ T3634]  ? ntfs_listxattr+0x402/0x460
[   61.387966][ T3634]  ntfs_listxattr+0x402/0x460
[   61.392657][ T3634]  ? selinux_inode_listxattr+0xdb/0x130
[   61.398220][ T3634]  ? ntfs_permission+0x120/0x120
[   61.403170][ T3634]  ? kmem_cache_free+0x264/0x4c0
[   61.408128][ T3634]  ? putname+0x102/0x140
[   61.412383][ T3634]  ? lockdep_hardirqs_on+0x7d/0x100
[   61.417597][ T3634]  ? ntfs_permission+0x120/0x120
[   61.422547][ T3634]  vfs_listxattr+0x109/0x190
[   61.427160][ T3634]  listxattr+0xf6/0x180
[   61.431330][ T3634]  path_listxattr+0xae/0x140
[   61.435935][ T3634]  ? listxattr+0x180/0x180
[   61.440372][ T3634]  ? lockdep_hardirqs_on+0x7d/0x100
[   61.445586][ T3634]  ? _raw_spin_unlock_irq+0x2e/0x50
[   61.450799][ T3634]  ? ptrace_notify+0xfe/0x140
[   61.455583][ T3634]  do_syscall_64+0x39/0xb0
[   61.460010][ T3634]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.465930][ T3634] RIP: 0033:0x7fa4db1eb749
[   61.470348][ T3634] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   61.489958][ T3634] RSP: 002b:00007fffa7d68008 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[   61.498378][ T3634] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fa4db1eb749
[   61.506351][ T3634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
[   61.514324][ T3634] RBP: 00007fa4db1aafe0 R08: 000000000001f6fe R09: 0000000000000000
[   61.522304][ T3634] R10: 00007fffa7d67ed0 R11: 0000000000000246 R12: 00007fa4db1ab070
[   61.530277][ T3634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   61.538254][ T3634]  </TASK>
[   61.541328][ T3634] Kernel Offset: disabled
[   61.545646][ T3634] Rebooting in 86400 seconds..