./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2782002510 <...> Warning: Permanently added '10.128.1.133' (ED25519) to the list of known hosts. execve("./syz-executor2782002510", ["./syz-executor2782002510"], 0x7ffedee80420 /* 10 vars */) = 0 brk(NULL) = 0x555560645000 brk(0x555560645d00) = 0x555560645d00 arch_prctl(ARCH_SET_FS, 0x555560645380) = 0 set_tid_address(0x555560645650) = 288 set_robust_list(0x555560645660, 24) = 0 rseq(0x555560645ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2782002510", 4096) = 28 getrandom("\x08\x2e\x8b\xff\xb7\x3a\xa3\x37", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555560645d00 brk(0x555560666d00) = 0x555560666d00 brk(0x555560667000) = 0x555560667000 mprotect(0x7f8160017000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.FSN4Yc", 0700) = 0 chmod("./syzkaller.FSN4Yc", 0777) = 0 chdir("./syzkaller.FSN4Yc") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555560645650) = 291 ./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x555560645660, 24) = 0 [pid 291] chdir("./0") = 0 [pid 291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 291] setpgid(0, 0) = 0 [pid 291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 291] write(3, "1000", 4) = 4 [pid 291] close(3) = 0 [pid 291] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 291] write(1, "executing program\n", 18) = 18 [pid 291] memfd_create("syzkaller", 0) = 3 [pid 291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8157b5f000 [ 23.243128][ T24] audit: type=1400 audit(1743248782.880:66): avc: denied { execmem } for pid=288 comm="syz-executor278" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.250236][ T24] audit: type=1400 audit(1743248782.880:67): avc: denied { read write } for pid=288 comm="syz-executor278" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.258950][ T24] audit: type=1400 audit(1743248782.880:68): avc: denied { open } for pid=288 comm="syz-executor278" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.270626][ T24] audit: type=1400 audit(1743248782.880:69): avc: denied { ioctl } for pid=288 comm="syz-executor278" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 291] munmap(0x7f8157b5f000, 138412032) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 291] close(3) = 0 [pid 291] close(4) = 0 [pid 291] mkdir("./file0", 0777) = 0 [ 23.407093][ T24] audit: type=1400 audit(1743248783.040:70): avc: denied { mounton } for pid=291 comm="syz-executor278" path="/root/syzkaller.FSN4Yc/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.411882][ T291] F2FS-fs (loop0): fault_injection options not supported [ 23.439049][ T291] F2FS-fs (loop0): invalid crc value [ 23.445371][ T291] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 291] mount("/dev/loop0", "./file0", "f2fs", MS_NOEXEC, "fault_injection=00000000000000001262,extent_cache,mode=fragment:block,active_logs=6,active_logs=6,no"...) = 0 [pid 291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 291] chdir("./file0") = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 291] ioctl(4, LOOP_CLR_FD) = 0 [pid 291] close(4) = 0 [pid 291] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 291] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = 0 [pid 291] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0) = -1 ENOSPC (No space left on device) [ 23.475854][ T291] F2FS-fs (loop0): Start checkpoint disabled! [ 23.482549][ T291] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 23.490196][ T24] audit: type=1400 audit(1743248783.120:71): avc: denied { mount } for pid=291 comm="syz-executor278" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 291] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 5 [ 23.518955][ T24] audit: type=1400 audit(1743248783.130:72): avc: denied { write } for pid=291 comm="syz-executor278" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.541157][ T24] audit: type=1400 audit(1743248783.130:73): avc: denied { add_name } for pid=291 comm="syz-executor278" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.552336][ T291] ------------[ cut here ]------------ [ 23.562334][ T24] audit: type=1400 audit(1743248783.130:74): avc: denied { create } for pid=291 comm="syz-executor278" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.567148][ T291] WARNING: CPU: 1 PID: 291 at fs/f2fs/segment.c:2582 new_curseg+0xee2/0x18c0 [ 23.587710][ T24] audit: type=1400 audit(1743248783.130:75): avc: denied { write open } for pid=291 comm="syz-executor278" path="/root/syzkaller.FSN4Yc/0/file0/file0" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.595941][ T291] Modules linked in: [ 23.624562][ T291] CPU: 1 PID: 291 Comm: syz-executor278 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 23.634763][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 23.644658][ T291] RIP: 0010:new_curseg+0xee2/0x18c0 [ 23.649656][ T291] Code: 9d 38 ff ff ff 48 89 df be 08 00 00 00 e8 76 3e 88 ff f0 80 0b 04 c7 45 c0 00 00 00 00 45 89 f4 e9 ea fb ff ff e8 1e 9d 4a ff <0f> 0b 48 8b 9d 38 ff ff ff 48 89 df be 08 00 00 00 e8 48 3e 88 ff [ 23.669217][ T291] RSP: 0018:ffffc90000b376e0 EFLAGS: 00010293 [ 23.675102][ T291] RAX: ffffffff82202232 RBX: 0000000000000018 RCX: ffff88810d2c13c0 [ 23.682913][ T291] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000018 [ 23.690710][ T291] RBP: ffffc90000b377c0 R08: ffffffff82201cb9 R09: 0000000000000003 [ 23.698558][ T291] R10: fffff52000166ecc R11: dffffc0000000001 R12: 0000000000000004 [ 23.706347][ T291] R13: 0000000000000004 R14: 0000000000000018 R15: dffffc0000000000 [ 23.714163][ T291] FS: 0000555560645380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.722916][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.729324][ T291] CR2: 00007f816001b100 CR3: 0000000109a0c000 CR4: 00000000003506a0 [ 23.737169][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.744979][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.752785][ T291] Call Trace: [ 23.755892][ T291] ? show_regs+0x58/0x60 [ 23.759961][ T291] ? __warn+0x160/0x2f0 [ 23.763992][ T291] ? new_curseg+0xee2/0x18c0 [ 23.768388][ T291] ? report_bug+0x3d9/0x5b0 [ 23.772760][ T291] ? new_curseg+0xee2/0x18c0 [ 23.777243][ T291] ? handle_bug+0x41/0x70 [ 23.781549][ T291] ? exc_invalid_op+0x1b/0x50 [ 23.786022][ T291] ? asm_exc_invalid_op+0x12/0x20 [ 23.790913][ T291] ? new_curseg+0x969/0x18c0 [ 23.795299][ T291] ? new_curseg+0xee2/0x18c0 [ 23.799720][ T291] ? new_curseg+0xee2/0x18c0 [ 23.804184][ T291] __allocate_new_segment+0x144/0x870 [ 23.809357][ T291] f2fs_allocate_new_section+0x1c3/0x270 [ 23.814970][ T291] ? new_curseg+0x18c0/0x18c0 [ 23.819432][ T291] ? down_read_trylock+0x179/0x1d0 [ 23.824436][ T291] ? __kasan_check_write+0x14/0x20 [ 23.829425][ T291] ? __init_rwsem+0x1c0/0x1c0 [ 23.833968][ T291] expand_inode_data+0x62d/0xc10 [ 23.838712][ T291] ? f2fs_dirty_inode+0x173/0x2e0 [ 23.843617][ T291] ? f2fs_insert_range+0x590/0x590 [ 23.848517][ T291] ? file_update_time+0x3f8/0x460 [ 23.853404][ T291] ? file_remove_privs+0x570/0x570 [ 23.858327][ T291] f2fs_fallocate+0x429/0x7e0 [ 23.862893][ T291] vfs_fallocate+0x492/0x570 [ 23.867263][ T291] do_vfs_ioctl+0x1686/0x1a30 [ 23.871816][ T291] ? ioctl_has_perm+0x3f0/0x560 [ 23.876465][ T291] ? __x32_compat_sys_ioctl+0x90/0x90 [ 23.881717][ T291] ? has_cap_mac_admin+0x3c0/0x3c0 [ 23.886620][ T291] ? __kasan_check_write+0x14/0x20 [ 23.891610][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.896510][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.901491][ T291] ? selinux_file_ioctl+0x3cc/0x540 [ 23.906497][ T291] ? selinux_file_alloc_security+0x120/0x120 [ 23.912337][ T291] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.917347][ T291] ? ptrace_notify+0x24c/0x350 [ 23.921975][ T291] ? do_notify_parent+0xa10/0xa10 [ 23.926802][ T291] ? security_file_ioctl+0x84/0xb0 [ 23.931778][ T291] __se_sys_ioctl+0x99/0x190 [ 23.936178][ T291] __x64_sys_ioctl+0x7b/0x90 [ 23.940606][ T291] do_syscall_64+0x34/0x70 [ 23.944895][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.950584][ T291] RIP: 0033:0x7f815ff9e4e9 [ 23.954868][ T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.974310][ T291] RSP: 002b:00007ffe6ff57ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 23.982553][ T291] RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007f815ff9e4e9 [ 23.990332][ T291] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 23.998179][ T291] RBP: 0030656c69662f2e R08: 00007ffe6ff57f20 R09: 00007ffe6ff57f20 [ 24.006116][ T291] R10: 00007ffe6ff57f20 R11: 0000000000000246 R12: 0000000000000001 [ 24.013901][ T291] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe6ff57f40 [ 24.021698][ T291] ---[ end trace 78029f07cb91355a ]--- [ 24.027042][ T291] ------------[ cut here ]------------ [ 24.032311][ T291] WARNING: CPU: 1 PID: 291 at fs/f2fs/segment.c:2636 new_curseg+0x14d4/0x18c0 [ 24.040960][ T291] Modules linked in: [ 24.044690][ T291] CPU: 1 PID: 291 Comm: syz-executor278 Tainted: G W 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 24.056162][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.066062][ T291] RIP: 0010:new_curseg+0x14d4/0x18c0 [ 24.071174][ T291] Code: e9 66 fc ff ff e8 4c 97 4a ff 0f 0b 49 8d 7d 78 be 08 00 00 00 e8 7c 38 88 ff f0 41 80 4d 78 04 e9 d2 ed ff ff e8 2c 97 4a ff <0f> 0b 48 8b 5d 98 48 8d 7b 78 be 08 00 00 00 e8 58 38 88 ff f0 80 [ 24.090610][ T291] RSP: 0018:ffffc90000b376e0 EFLAGS: 00010293 [ 24.096517][ T291] RAX: ffffffff82202824 RBX: 0000000000000001 RCX: ffff88810d2c13c0 [ 24.104323][ T291] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 24.112141][ T291] RBP: ffffc90000b377c0 R08: ffffffff822024d6 R09: ffffed10217f3e06 [ 24.119924][ T291] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000018 [ 24.127773][ T291] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88810bf9f001 [ 24.135566][ T291] FS: 0000555560645380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.144342][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.150743][ T291] CR2: 00007f816001b100 CR3: 0000000109a0c000 CR4: 00000000003506a0 [ 24.158582][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.166380][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.174221][ T291] Call Trace: [ 24.177307][ T291] ? show_regs+0x58/0x60 [ 24.181415][ T291] ? __warn+0x160/0x2f0 [ 24.185376][ T291] ? new_curseg+0x14d4/0x18c0 [ 24.189887][ T291] ? report_bug+0x3d9/0x5b0 [ 24.194255][ T291] ? new_curseg+0x14d4/0x18c0 [ 24.198739][ T291] ? handle_bug+0x41/0x70 [ 24.202933][ T291] ? exc_invalid_op+0x1b/0x50 [ 24.207415][ T291] ? asm_exc_invalid_op+0x12/0x20 [ 24.212313][ T291] ? new_curseg+0x1186/0x18c0 [ 24.216790][ T291] ? new_curseg+0x14d4/0x18c0 [ 24.221331][ T291] ? new_curseg+0x14d4/0x18c0 [ 24.225819][ T291] __allocate_new_segment+0x144/0x870 [ 24.231052][ T291] f2fs_allocate_new_section+0x1c3/0x270 [ 24.236489][ T291] ? new_curseg+0x18c0/0x18c0 [ 24.241048][ T291] ? down_read_trylock+0x179/0x1d0 [ 24.245952][ T291] ? __kasan_check_write+0x14/0x20 [ 24.250932][ T291] ? __init_rwsem+0x1c0/0x1c0 [ 24.255413][ T291] expand_inode_data+0x62d/0xc10 [ 24.260185][ T291] ? f2fs_dirty_inode+0x173/0x2e0 [ 24.265091][ T291] ? f2fs_insert_range+0x590/0x590 [ 24.269998][ T291] ? file_update_time+0x3f8/0x460 [ 24.274888][ T291] ? file_remove_privs+0x570/0x570 [ 24.279804][ T291] f2fs_fallocate+0x429/0x7e0 [ 24.284357][ T291] vfs_fallocate+0x492/0x570 [ 24.288741][ T291] do_vfs_ioctl+0x1686/0x1a30 [ 24.293280][ T291] ? ioctl_has_perm+0x3f0/0x560 [ 24.297961][ T291] ? __x32_compat_sys_ioctl+0x90/0x90 [ 24.303186][ T291] ? has_cap_mac_admin+0x3c0/0x3c0 [ 24.308098][ T291] ? __kasan_check_write+0x14/0x20 [ 24.313071][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.317987][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.322964][ T291] ? selinux_file_ioctl+0x3cc/0x540 [ 24.327973][ T291] ? selinux_file_alloc_security+0x120/0x120 [ 24.333818][ T291] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.338822][ T291] ? ptrace_notify+0x24c/0x350 [ 24.343449][ T291] ? do_notify_parent+0xa10/0xa10 [ 24.348282][ T291] ? security_file_ioctl+0x84/0xb0 [ 24.353259][ T291] __se_sys_ioctl+0x99/0x190 [ 24.357653][ T291] __x64_sys_ioctl+0x7b/0x90 [ 24.362115][ T291] do_syscall_64+0x34/0x70 [ 24.366335][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.372086][ T291] RIP: 0033:0x7f815ff9e4e9 [ 24.376327][ T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.395791][ T291] RSP: 002b:00007ffe6ff57ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.404016][ T291] RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007f815ff9e4e9 [ 24.411853][ T291] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 24.419620][ T291] RBP: 0030656c69662f2e R08: 00007ffe6ff57f20 R09: 00007ffe6ff57f20 [ 24.427467][ T291] R10: 00007ffe6ff57f20 R11: 0000000000000246 R12: 0000000000000001 [ 24.435263][ T291] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe6ff57f40 [ 24.443084][ T291] ---[ end trace 78029f07cb91355b ]--- [ 24.448371][ T291] ================================================================== [ 24.456255][ T291] BUG: KASAN: slab-out-of-bounds in reset_curseg+0x52e/0x590 [ 24.463452][ T291] Read of size 4 at addr ffff88810d2993c0 by task syz-executor278/291 [ 24.471431][ T291] [ 24.473617][ T291] CPU: 1 PID: 291 Comm: syz-executor278 Tainted: G W 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 24.485062][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.494954][ T291] Call Trace: [ 24.498090][ T291] dump_stack_lvl+0x1e2/0x24b [ 24.502609][ T291] ? bfq_pos_tree_add_move+0x43b/0x43b [ 24.507893][ T291] ? panic+0x812/0x812 [ 24.511806][ T291] ? __kasan_check_write+0x14/0x20 [ 24.516745][ T291] print_address_description+0x81/0x3b0 [ 24.522126][ T291] ? preempt_schedule+0xd9/0xe0 [ 24.526810][ T291] kasan_report+0x179/0x1c0 [ 24.531155][ T291] ? reset_curseg+0x52e/0x590 [ 24.535663][ T291] ? reset_curseg+0x52e/0x590 [ 24.540182][ T291] __asan_report_load4_noabort+0x14/0x20 [ 24.545665][ T291] reset_curseg+0x52e/0x590 [ 24.549988][ T291] new_curseg+0x1371/0x18c0 [ 24.554325][ T291] __allocate_new_segment+0x144/0x870 [ 24.559536][ T291] f2fs_allocate_new_section+0x1c3/0x270 [ 24.565008][ T291] ? new_curseg+0x18c0/0x18c0 [ 24.569514][ T291] ? down_read_trylock+0x179/0x1d0 [ 24.574462][ T291] ? __kasan_check_write+0x14/0x20 [ 24.579408][ T291] ? __init_rwsem+0x1c0/0x1c0 [ 24.583922][ T291] expand_inode_data+0x62d/0xc10 [ 24.588696][ T291] ? f2fs_dirty_inode+0x173/0x2e0 [ 24.593558][ T291] ? f2fs_insert_range+0x590/0x590 [ 24.598502][ T291] ? file_update_time+0x3f8/0x460 [ 24.603362][ T291] ? file_remove_privs+0x570/0x570 [ 24.608313][ T291] f2fs_fallocate+0x429/0x7e0 [ 24.612824][ T291] vfs_fallocate+0x492/0x570 [ 24.617255][ T291] do_vfs_ioctl+0x1686/0x1a30 [ 24.621859][ T291] ? ioctl_has_perm+0x3f0/0x560 [ 24.626547][ T291] ? __x32_compat_sys_ioctl+0x90/0x90 [ 24.631755][ T291] ? has_cap_mac_admin+0x3c0/0x3c0 [ 24.636700][ T291] ? __kasan_check_write+0x14/0x20 [ 24.641657][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.646592][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.651542][ T291] ? selinux_file_ioctl+0x3cc/0x540 [ 24.656663][ T291] ? selinux_file_alloc_security+0x120/0x120 [ 24.662478][ T291] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.667511][ T291] ? ptrace_notify+0x24c/0x350 [ 24.672113][ T291] ? do_notify_parent+0xa10/0xa10 [ 24.676970][ T291] ? security_file_ioctl+0x84/0xb0 [ 24.681921][ T291] __se_sys_ioctl+0x99/0x190 [ 24.686346][ T291] __x64_sys_ioctl+0x7b/0x90 [ 24.690774][ T291] do_syscall_64+0x34/0x70 [ 24.695027][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.700779][ T291] RIP: 0033:0x7f815ff9e4e9 [ 24.705007][ T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.724446][ T291] RSP: 002b:00007ffe6ff57ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.732691][ T291] RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007f815ff9e4e9 [ 24.740498][ T291] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 24.748400][ T291] RBP: 0030656c69662f2e R08: 00007ffe6ff57f20 R09: 00007ffe6ff57f20 [ 24.756209][ T291] R10: 00007ffe6ff57f20 R11: 0000000000000246 R12: 0000000000000001 [ 24.764026][ T291] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe6ff57f40 [ 24.771830][ T291] [ 24.774010][ T291] Allocated by task 291: [ 24.778086][ T291] ____kasan_kmalloc+0xdb/0x110 [ 24.782769][ T291] __kasan_kmalloc+0x9/0x10 [ 24.787108][ T291] __kmalloc+0x1aa/0x330 [ 24.791202][ T291] kvmalloc_node+0x82/0x130 [ 24.795531][ T291] f2fs_build_segment_manager+0xd2c/0x49b0 [ 24.801261][ T291] f2fs_fill_super+0x6067/0x7d90 [ 24.806030][ T291] mount_bdev+0x262/0x370 [ 24.810314][ T291] f2fs_mount+0x34/0x40 [ 24.814308][ T291] legacy_get_tree+0xf1/0x190 [ 24.818816][ T291] vfs_get_tree+0x88/0x290 [ 24.823071][ T291] do_new_mount+0x2ba/0xb30 [ 24.827411][ T291] path_mount+0x56f/0xcb0 [ 24.831576][ T291] __se_sys_mount+0x2c4/0x3b0 [ 24.836090][ T291] __x64_sys_mount+0xbf/0xd0 [ 24.840518][ T291] do_syscall_64+0x34/0x70 [ 24.844769][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.850489][ T291] [ 24.852666][ T291] The buggy address belongs to the object at ffff88810d299000 [ 24.852666][ T291] which belongs to the cache kmalloc-1k of size 1024 [ 24.866559][ T291] The buggy address is located 960 bytes inside of [ 24.866559][ T291] 1024-byte region [ffff88810d299000, ffff88810d299400) [ 24.880002][ T291] The buggy address belongs to the page: [ 24.885499][ T291] page:ffffea000434a600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d298 [ 24.895545][ T291] head:ffffea000434a600 order:3 compound_mapcount:0 compound_pincount:0 [ 24.903702][ T291] flags: 0x4000000000010200(slab|head) [ 24.909006][ T291] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 24.917421][ T291] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 24.925830][ T291] page dumped because: kasan: bad access detected [ 24.932088][ T291] page_owner tracks the page as allocated [ 24.937651][ T291] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 95, ts 23378949157, free_ts 23255487712 [ 24.956392][ T291] prep_new_page+0x166/0x180 [ 24.960815][ T291] get_page_from_freelist+0x2d8c/0x2f30 [ 24.966194][ T291] __alloc_pages_nodemask+0x435/0xaf0 [ 24.971401][ T291] new_slab+0x80/0x400 [ 24.975305][ T291] ___slab_alloc+0x302/0x4b0 [ 24.979732][ T291] __slab_alloc+0x63/0xa0 [ 24.983901][ T291] __kmalloc_track_caller+0x1f8/0x320 [ 24.989109][ T291] __alloc_skb+0xbc/0x510 [ 24.993272][ T291] netlink_sendmsg+0x7a4/0xd00 [ 24.997872][ T291] ____sys_sendmsg+0x59e/0x8f0 [ 25.002474][ T291] ___sys_sendmsg+0x252/0x2e0 [ 25.007004][ T291] __se_sys_sendmsg+0x1b1/0x280 [ 25.011686][ T291] __x64_sys_sendmsg+0x7b/0x90 [ 25.016277][ T291] do_syscall_64+0x34/0x70 [ 25.020529][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.026258][ T291] page last free stack trace: [ 25.030774][ T291] __free_pages_ok+0x82c/0x850 [ 25.035378][ T291] free_the_page+0x76/0x370 [ 25.039708][ T291] __free_pages+0x67/0xc0 [ 25.043870][ T291] __free_slab+0xcf/0x190 [ 25.048037][ T291] unfreeze_partials+0x15e/0x190 [ 25.052810][ T291] put_cpu_partial+0xbf/0x180 [ 25.057321][ T291] __slab_free+0x2c8/0x3a0 [ 25.061580][ T291] ___cache_free+0x111/0x130 [ 25.066003][ T291] qlink_free+0x50/0x90 [ 25.069998][ T291] qlist_free_all+0x47/0xb0 [ 25.074336][ T291] kasan_quarantine_reduce+0x15a/0x170 [ 25.079640][ T291] __kasan_slab_alloc+0x2f/0xe0 [ 25.084321][ T291] slab_post_alloc_hook+0x61/0x2f0 [ 25.089265][ T291] kmem_cache_alloc+0x168/0x2e0 [ 25.093950][ T291] getname_flags+0xba/0x520 [ 25.098289][ T291] __x64_sys_unlink+0x3c/0x50 [ 25.102801][ T291] [ 25.104969][ T291] Memory state around the buggy address: [ 25.110439][ T291] ffff88810d299280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.118340][ T291] ffff88810d299300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.126238][ T291] >ffff88810d299380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.134133][ T291] ^ [ 25.140125][ T291] ffff88810d299400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.148022][ T291] ffff88810d299480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.155915][ T291] ================================================================== [ 25.163814][ T291] Disabling lock debugging due to kernel taint [ 25.170618][ T291] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 25.182142][ T291] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 25.190389][ T291] CPU: 0 PID: 291 Comm: syz-executor278 Tainted: G B W 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 25.201962][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 25.211861][ T291] RIP: 0010:update_sit_entry+0x434/0x1050 [ 25.217410][ T291] Code: 3b 48 89 45 b0 49 01 c7 41 f6 d5 41 80 e5 07 bb 01 00 00 00 44 89 e9 d3 e3 4d 89 fe 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 4c 8b a5 68 ff ff ff 0f 85 05 09 00 00 45 0f [ 25.236850][ T291] RSP: 0018:ffffc90000b372b8 EFLAGS: 00010246 [ 25.242750][ T291] RAX: dffffc0000000000 RBX: 0000000000000080 RCX: 0000000000000007 [ 25.250561][ T291] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff88810d2993c8 [ 25.258373][ T291] RBP: ffffc90000b37350 R08: ffffffff821fc8af R09: ffffffff821fc4fd [ 25.266191][ T291] R10: 0000000000000003 R11: ffff88810d2c13c0 R12: 0000000000003e00 [ 25.274002][ T291] R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000000 [ 25.281811][ T291] FS: 0000555560645380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.290574][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.296993][ T291] CR2: 0000560b56482088 CR3: 0000000109a0c000 CR4: 00000000003506b0 [ 25.304808][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.312615][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.320426][ T291] Call Trace: [ 25.323563][ T291] ? __die_body+0x62/0xb0 [ 25.327741][ T291] ? die_addr+0x9f/0xd0 [ 25.331718][ T291] ? exc_general_protection+0x3ff/0x490 [ 25.337102][ T291] ? asm_exc_general_protection+0x1e/0x30 [ 25.342658][ T291] ? update_sit_entry+0x2d/0x1050 [ 25.347512][ T291] ? update_sit_entry+0x3df/0x1050 [ 25.352458][ T291] ? update_sit_entry+0x434/0x1050 [ 25.357402][ T291] ? update_sit_entry+0x402/0x1050 [ 25.362352][ T291] ? __asan_report_store8_noabort+0x17/0x20 [ 25.368084][ T291] f2fs_allocate_data_block+0x1512/0x3680 [ 25.373724][ T291] ? __kasan_check_write+0x14/0x20 [ 25.378669][ T291] ? _raw_spin_unlock+0x4d/0x70 [ 25.383357][ T291] ? f2fs_free_inode+0x30/0x30 [ 25.387954][ T291] ? f2fs_io_type_to_rw_hint+0x210/0x210 [ 25.393423][ T291] ? f2fs_mark_inode_dirty_sync+0x10d/0x140 [ 25.399149][ T291] ? inc_valid_block_count+0x583/0xb20 [ 25.404447][ T291] __allocate_data_block+0x5a7/0xb10 [ 25.409569][ T291] ? f2fs_map_blocks+0x3e50/0x3e50 [ 25.414514][ T291] f2fs_map_blocks+0x18ef/0x3e50 [ 25.419292][ T291] ? f2fs_do_map_lock+0x280/0x280 [ 25.424150][ T291] ? __kasan_check_write+0x14/0x20 [ 25.429097][ T291] expand_inode_data+0x682/0xc10 [ 25.433869][ T291] ? f2fs_dirty_inode+0x173/0x2e0 [ 25.438730][ T291] ? f2fs_insert_range+0x590/0x590 [ 25.443677][ T291] ? file_update_time+0x3f8/0x460 [ 25.448535][ T291] ? file_remove_privs+0x570/0x570 [ 25.453483][ T291] f2fs_fallocate+0x429/0x7e0 [ 25.458004][ T291] vfs_fallocate+0x492/0x570 [ 25.462426][ T291] do_vfs_ioctl+0x1686/0x1a30 [ 25.466937][ T291] ? ioctl_has_perm+0x3f0/0x560 [ 25.471625][ T291] ? __x32_compat_sys_ioctl+0x90/0x90 [ 25.476831][ T291] ? has_cap_mac_admin+0x3c0/0x3c0 [ 25.481779][ T291] ? __kasan_check_write+0x14/0x20 [ 25.486725][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.491675][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.496621][ T291] ? selinux_file_ioctl+0x3cc/0x540 [ 25.501661][ T291] ? selinux_file_alloc_security+0x120/0x120 [ 25.507469][ T291] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.512502][ T291] ? ptrace_notify+0x24c/0x350 [ 25.517102][ T291] ? do_notify_parent+0xa10/0xa10 [ 25.521964][ T291] ? security_file_ioctl+0x84/0xb0 [ 25.526910][ T291] __se_sys_ioctl+0x99/0x190 [ 25.531339][ T291] __x64_sys_ioctl+0x7b/0x90 [ 25.535764][ T291] do_syscall_64+0x34/0x70 [ 25.540018][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.545744][ T291] RIP: 0033:0x7f815ff9e4e9 [ 25.549997][ T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.569435][ T291] RSP: 002b:00007ffe6ff57ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 25.577680][ T291] RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007f815ff9e4e9 [ 25.585494][ T291] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 25.593304][ T291] RBP: 0030656c69662f2e R08: 00007ffe6ff57f20 R09: 00007ffe6ff57f20 [ 25.601117][ T291] R10: 00007ffe6ff57f20 R11: 0000000000000246 R12: 0000000000000001 [ 25.608939][ T291] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe6ff57f40 [ 25.616744][ T291] Modules linked in: [ 25.620969][ T291] ---[ end trace 78029f07cb91355c ]--- [ 25.626274][ T291] RIP: 0010:update_sit_entry+0x434/0x1050 [ 25.631948][ T291] Code: 3b 48 89 45 b0 49 01 c7 41 f6 d5 41 80 e5 07 bb 01 00 00 00 44 89 e9 d3 e3 4d 89 fe 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 4c 8b a5 68 ff ff ff 0f 85 05 09 00 00 45 0f [ 25.651458][ T291] RSP: 0018:ffffc90000b372b8 EFLAGS: 00010246 [ 25.657273][ T291] RAX: dffffc0000000000 RBX: 0000000000000080 RCX: 0000000000000007 [ 25.665274][ T291] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff88810d2993c8 [ 25.673090][ T291] RBP: ffffc90000b37350 R08: ffffffff821fc8af R09: ffffffff821fc4fd [ 25.680910][ T291] R10: 0000000000000003 R11: ffff88810d2c13c0 R12: 0000000000003e00 [ 25.688681][ T291] R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000000 [ 25.696512][ T291] FS: 0000555560645380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.705275][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.711713][ T291] CR2: 00007f816001b100 CR3: 0000000109a0c000 CR4: 00000000003506a0 [ 25.719496][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.727330][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.735148][ T291] Kernel panic - not syncing: Fatal exception [ 25.741287][ T291] Kernel Offset: disabled [ 25.745420][ T291] Rebooting in 86400 seconds..