./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1265000589

<...>
Warning: Permanently added '10.128.0.110' (ED25519) to the list of known hosts.
execve("./syz-executor1265000589", ["./syz-executor1265000589"], 0x7fff2deabe00 /* 10 vars */) = 0
brk(NULL)                               = 0x555556acb000
brk(0x555556acbd00)                     = 0x555556acbd00
arch_prctl(ARCH_SET_FS, 0x555556acb380) = 0
set_tid_address(0x555556acb650)         = 5046
set_robust_list(0x555556acb660, 24)     = 0
rseq(0x555556acbca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1265000589", 4096) = 28
getrandom("\xfe\x44\xa9\xad\xe5\x25\x02\xf8", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555556acbd00
brk(0x555556aecd00)                     = 0x555556aecd00
brk(0x555556aed000)                     = 0x555556aed000
mprotect(0x7fbf6f8c2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbf67400000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836
munmap(0x7fbf67400000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./bus", 0777)                    = 0
[   52.261561][ T5046] loop0: detected capacity change from 0 to 63271
[   52.305363][ T5046] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605)
[   52.313902][ T5046] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   52.324021][ T5046] F2FS-fs (loop0): invalid crc value
[   52.330887][ T5046] F2FS-fs (loop0): Mismatch valid blocks 1 vs. 2
[   52.337947][ T5046] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117)
[   52.348139][ T5046] ==================================================================
[   52.356560][ T5046] BUG: KASAN: slab-use-after-free in kill_f2fs_super+0x618/0x690
[   52.364307][ T5046] Read of size 4 at addr ffff8880292f977c by task syz-executor126/5046
[   52.372523][ T5046] 
[   52.374852][ T5046] CPU: 1 PID: 5046 Comm: syz-executor126 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[   52.384896][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   52.394930][ T5046] Call Trace:
[   52.398205][ T5046]  <TASK>
[   52.401124][ T5046]  dump_stack_lvl+0x1e7/0x2d0
[   52.405884][ T5046]  ? tcp_gro_dev_warn+0x260/0x260
[   52.410887][ T5046]  ? panic+0x850/0x850
[   52.414939][ T5046]  ? _printk+0xd5/0x120
[   52.419075][ T5046]  ? __virt_addr_valid+0x17e/0x480
[   52.424167][ T5046]  print_report+0x163/0x540
[   52.428671][ T5046]  ? __virt_addr_valid+0x17e/0x480
[   52.433815][ T5046]  ? __virt_addr_valid+0x3d1/0x480
[   52.438922][ T5046]  ? __phys_addr+0xba/0x170
[   52.443420][ T5046]  ? kill_f2fs_super+0x618/0x690
[   52.448345][ T5046]  kasan_report+0x142/0x170
[   52.452833][ T5046]  ? kill_f2fs_super+0x618/0x690
[   52.457750][ T5046]  kill_f2fs_super+0x618/0x690
[   52.462495][ T5046]  ? f2fs_mount+0x40/0x40
[   52.466802][ T5046]  ? radix_tree_delete_item+0x2e0/0x3f0
[   52.472380][ T5046]  ? shrinker_free+0x2c3/0x3d0
[   52.477127][ T5046]  deactivate_locked_super+0xc1/0x130
[   52.482656][ T5046]  mount_bdev+0x222/0x2d0
[   52.486969][ T5046]  ? kill_f2fs_super+0x690/0x690
[   52.491881][ T5046]  ? get_tree_bdev+0x560/0x560
[   52.496628][ T5046]  ? vfs_parse_fs_string+0x190/0x230
[   52.501892][ T5046]  ? vfs_parse_fs_param+0x410/0x410
[   52.507071][ T5046]  ? cap_capable+0x1b4/0x240
[   52.511641][ T5046]  legacy_get_tree+0xef/0x190
[   52.516304][ T5046]  ? trace_raw_output_f2fs__rw_end+0x110/0x110
[   52.522441][ T5046]  vfs_get_tree+0x8c/0x2a0
[   52.526951][ T5046]  do_new_mount+0x2be/0xb40
[   52.531444][ T5046]  ? ns_capable+0x89/0xe0
[   52.535763][ T5046]  ? do_move_mount_old+0x170/0x170
[   52.540876][ T5046]  __se_sys_mount+0x2d9/0x3c0
[   52.545537][ T5046]  ? __x64_sys_mount+0xc0/0xc0
[   52.550371][ T5046]  ? __x64_sys_mount+0x20/0xc0
[   52.555141][ T5046]  do_syscall_64+0xf5/0x230
[   52.559629][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   52.566031][ T5046] RIP: 0033:0x7fbf6f8488ba
[   52.570440][ T5046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   52.590055][ T5046] RSP: 002b:00007ffd5ed1bcc8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   52.598544][ T5046] RAX: ffffffffffffffda RBX: 00007ffd5ed1bce0 RCX: 00007fbf6f8488ba
[   52.606516][ T5046] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007ffd5ed1bce0
[   52.614472][ T5046] RBP: 0000000000000004 R08: 00007ffd5ed1bd20 R09: 0000000000007e65
[   52.622429][ T5046] R10: 0000000000000410 R11: 0000000000000286 R12: 0000000000000410
[   52.630657][ T5046] R13: 00007ffd5ed1bd20 R14: 0000000000000003 R15: 0000000001ee4e54
[   52.638811][ T5046]  </TASK>
[   52.641822][ T5046] 
[   52.644128][ T5046] Allocated by task 5046:
[   52.648449][ T5046]  kasan_save_track+0x3f/0x70
[   52.653114][ T5046]  __kasan_kmalloc+0x98/0xb0
[   52.657685][ T5046]  kmalloc_trace+0x1d6/0x360
[   52.662430][ T5046]  f2fs_fill_super+0xce/0x8170
[   52.667175][ T5046]  mount_bdev+0x206/0x2d0
[   52.671506][ T5046]  legacy_get_tree+0xef/0x190
[   52.676163][ T5046]  vfs_get_tree+0x8c/0x2a0
[   52.680558][ T5046]  do_new_mount+0x2be/0xb40
[   52.685039][ T5046]  __se_sys_mount+0x2d9/0x3c0
[   52.689697][ T5046]  do_syscall_64+0xf5/0x230
[   52.694180][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   52.700055][ T5046] 
[   52.702465][ T5046] Freed by task 5046:
[   52.706421][ T5046]  kasan_save_track+0x3f/0x70
[   52.711112][ T5046]  kasan_save_free_info+0x4e/0x60
[   52.716132][ T5046]  poison_slab_object+0xa6/0xe0
[   52.720962][ T5046]  __kasan_slab_free+0x34/0x60
[   52.725724][ T5046]  kfree+0x14a/0x380
[   52.729601][ T5046]  f2fs_fill_super+0x6b04/0x8170
[   52.734518][ T5046]  mount_bdev+0x206/0x2d0
[   52.738832][ T5046]  legacy_get_tree+0xef/0x190
[   52.743494][ T5046]  vfs_get_tree+0x8c/0x2a0
[   52.747917][ T5046]  do_new_mount+0x2be/0xb40
[   52.752402][ T5046]  __se_sys_mount+0x2d9/0x3c0
[   52.757088][ T5046]  do_syscall_64+0xf5/0x230
[   52.761604][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   52.767489][ T5046] 
[   52.769794][ T5046] The buggy address belongs to the object at ffff8880292f8000
[   52.769794][ T5046]  which belongs to the cache kmalloc-8k of size 8192
[   52.783832][ T5046] The buggy address is located 6012 bytes inside of
[   52.783832][ T5046]  freed 8192-byte region [ffff8880292f8000, ffff8880292fa000)
[   52.797870][ T5046] 
[   52.800175][ T5046] The buggy address belongs to the physical page:
[   52.806566][ T5046] page:ffffea0000a4be00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x292f8
[   52.816701][ T5046] head:ffffea0000a4be00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   52.825613][ T5046] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   52.833569][ T5046] page_type: 0xffffffff()
[   52.837879][ T5046] raw: 00fff00000000840 ffff888012c42280 ffffea0000a40a00 0000000000000006
[   52.846448][ T5046] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   52.855008][ T5046] page dumped because: kasan: bad access detected
[   52.861399][ T5046] page_owner tracks the page as allocated
[   52.867115][ T5046] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4713, tgid 4713 (S41dhcpcd), ts 27080889750, free_ts 27076519643
[   52.887435][ T5046]  post_alloc_hook+0x1e6/0x210
[   52.892186][ T5046]  get_page_from_freelist+0x33ea/0x3570
[   52.897718][ T5046]  __alloc_pages+0x255/0x680
[   52.902290][ T5046]  alloc_slab_page+0x5f/0x160
[   52.906949][ T5046]  new_slab+0x84/0x2f0
[   52.911011][ T5046]  ___slab_alloc+0xd17/0x13d0
[   52.915670][ T5046]  kmalloc_trace+0x25d/0x360
[   52.920251][ T5046]  tomoyo_init_log+0x11cd/0x2040
[   52.925170][ T5046]  tomoyo_supervisor+0x386/0x11f0
[   52.930199][ T5046]  tomoyo_env_perm+0x178/0x210
[   52.936380][ T5046]  tomoyo_find_next_domain+0x1383/0x1cf0
[   52.942006][ T5046]  tomoyo_bprm_check_security+0x114/0x170
[   52.947709][ T5046]  security_bprm_check+0x63/0xa0
[   52.952629][ T5046]  bprm_execve+0x95f/0x18a0
[   52.957120][ T5046]  do_execveat_common+0x580/0x720
[   52.962123][ T5046]  __x64_sys_execve+0x92/0xa0
[   52.966780][ T5046] page last free pid 4712 tgid 4712 stack trace:
[   52.973257][ T5046]  free_unref_page_prepare+0x959/0xa80
[   52.978699][ T5046]  free_unref_page+0x37/0x3f0
[   52.983355][ T5046]  __put_partials+0xeb/0x130
[   52.987925][ T5046]  put_cpu_partial+0x17b/0x250
[   52.992669][ T5046]  __slab_free+0x2fe/0x410
[   52.997072][ T5046]  qlist_free_all+0x6d/0xd0
[   53.001555][ T5046]  kasan_quarantine_reduce+0x14b/0x160
[   53.006992][ T5046]  __kasan_slab_alloc+0x23/0x70
[   53.011826][ T5046]  kmalloc_trace+0x16a/0x360
[   53.016403][ T5046]  tomoyo_init_log+0x1c9/0x2040
[   53.021239][ T5046]  tomoyo_supervisor+0x386/0x11f0
[   53.026283][ T5046]  tomoyo_path_permission+0x243/0x360
[   53.031721][ T5046]  tomoyo_path_perm+0x480/0x730
[   53.036553][ T5046]  security_inode_getattr+0xd3/0x120
[   53.041820][ T5046]  vfs_getattr+0x46/0x430
[   53.046132][ T5046]  vfs_statx+0x1a5/0x4e0
[   53.050357][ T5046] 
[   53.052664][ T5046] Memory state around the buggy address:
[   53.058272][ T5046]  ffff8880292f9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.066339][ T5046]  ffff8880292f9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.074390][ T5046] >ffff8880292f9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.082432][ T5046]                                                                 ^
[   53.090406][ T5046]  ffff8880292f9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.098451][ T5046]  ffff8880292f9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.106497][ T5046] ==================================================================
[   53.114882][ T5046] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.122088][ T5046] CPU: 1 PID: 5046 Comm: syz-executor126 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[   53.132332][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   53.142385][ T5046] Call Trace:
[   53.145659][ T5046]  <TASK>
[   53.148585][ T5046]  dump_stack_lvl+0x1e7/0x2d0
[   53.153271][ T5046]  ? tcp_gro_dev_warn+0x260/0x260
[   53.158284][ T5046]  ? panic+0x850/0x850
[   53.162350][ T5046]  ? rcu_is_watching+0x15/0xb0
[   53.167123][ T5046]  ? vscnprintf+0x5d/0x80
[   53.171444][ T5046]  panic+0x349/0x850
[   53.175334][ T5046]  ? check_panic_on_warn+0x21/0xa0
[   53.180459][ T5046]  ? __memcpy_flushcache+0x2b0/0x2b0
[   53.185762][ T5046]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   53.191743][ T5046]  ? _raw_spin_unlock+0x40/0x40
[   53.196589][ T5046]  ? print_report+0x4fb/0x540
[   53.201259][ T5046]  check_panic_on_warn+0x82/0xa0
[   53.206187][ T5046]  ? kill_f2fs_super+0x618/0x690
[   53.211721][ T5046]  end_report+0x6e/0x140
[   53.215954][ T5046]  kasan_report+0x153/0x170
[   53.220449][ T5046]  ? kill_f2fs_super+0x618/0x690
[   53.225464][ T5046]  kill_f2fs_super+0x618/0x690
[   53.230302][ T5046]  ? f2fs_mount+0x40/0x40
[   53.234616][ T5046]  ? radix_tree_delete_item+0x2e0/0x3f0
[   53.240150][ T5046]  ? shrinker_free+0x2c3/0x3d0
[   53.244907][ T5046]  deactivate_locked_super+0xc1/0x130
[   53.250276][ T5046]  mount_bdev+0x222/0x2d0
[   53.254595][ T5046]  ? kill_f2fs_super+0x690/0x690
[   53.259518][ T5046]  ? get_tree_bdev+0x560/0x560
[   53.264275][ T5046]  ? vfs_parse_fs_string+0x190/0x230
[   53.269637][ T5046]  ? vfs_parse_fs_param+0x410/0x410
[   53.274820][ T5046]  ? cap_capable+0x1b4/0x240
[   53.279396][ T5046]  legacy_get_tree+0xef/0x190
[   53.284061][ T5046]  ? trace_raw_output_f2fs__rw_end+0x110/0x110
[   53.290204][ T5046]  vfs_get_tree+0x8c/0x2a0
[   53.294610][ T5046]  do_new_mount+0x2be/0xb40
[   53.299104][ T5046]  ? ns_capable+0x89/0xe0
[   53.303429][ T5046]  ? do_move_mount_old+0x170/0x170
[   53.308534][ T5046]  __se_sys_mount+0x2d9/0x3c0
[   53.313213][ T5046]  ? __x64_sys_mount+0xc0/0xc0
[   53.317968][ T5046]  ? __x64_sys_mount+0x20/0xc0
[   53.322723][ T5046]  do_syscall_64+0xf5/0x230
[   53.327215][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   53.333097][ T5046] RIP: 0033:0x7fbf6f8488ba
[   53.337499][ T5046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   53.357093][ T5046] RSP: 002b:00007ffd5ed1bcc8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   53.365495][ T5046] RAX: ffffffffffffffda RBX: 00007ffd5ed1bce0 RCX: 00007fbf6f8488ba
[   53.373456][ T5046] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007ffd5ed1bce0
[   53.381672][ T5046] RBP: 0000000000000004 R08: 00007ffd5ed1bd20 R09: 0000000000007e65
[   53.389635][ T5046] R10: 0000000000000410 R11: 0000000000000286 R12: 0000000000000410
[   53.397595][ T5046] R13: 00007ffd5ed1bd20 R14: 0000000000000003 R15: 0000000001ee4e54
[   53.405557][ T5046]  </TASK>
[   53.408750][ T5046] Kernel Offset: disabled
[   53.413232][ T5046] Rebooting in 86400 seconds..