./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2804780123

<...>
DUID 00:04:e6:d8:3e:4c:c1:15:84:42:dc:00:60:8c:e3:5f:26:b4
forked to background, child pid 4738
[   46.988875][ T4739] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.999347][ T4739] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts.
execve("./syz-executor2804780123", ["./syz-executor2804780123"], 0x7ffda8730ca0 /* 10 vars */) = 0
brk(NULL)                               = 0x555583e19000
brk(0x555583e19d00)                     = 0x555583e19d00
arch_prctl(ARCH_SET_FS, 0x555583e19380) = 0
set_tid_address(0x555583e19650)         = 5076
set_robust_list(0x555583e19660, 24)     = 0
rseq(0x555583e19ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2804780123", 4096) = 28
getrandom("\x57\x79\xee\x8b\x01\x0f\x66\x73", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555583e19d00
brk(0x555583e3ad00)                     = 0x555583e3ad00
brk(0x555583e3b000)                     = 0x555583e3b000
mprotect(0x7f60d3527000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60cb000000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
munmap(0x7f60cb000000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   73.508319][ T5076] loop0: detected capacity change from 0 to 40427
[   73.540557][ T5076] F2FS-fs (loop0): invalid crc value
[   73.555975][ T5076] F2FS-fs (loop0): Found nat_bits in checkpoint
mount("/dev/loop0", "./file0", "f2fs", 0, "lazytime,noinline_xattr,lazytime,nobarrier,active_logs=4,user_xattr,mode=lfs,alloc_mode=default,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, ".", O_RDONLY)         = 4
[   73.600791][ T5076] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   73.633220][ T5076] ==================================================================
[   73.641306][ T5076] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200
[   73.649302][ T5076] Read of size 1 at addr ffff88807a58c76c by task syz-executor280/5076
[   73.657526][ T5076] 
[   73.659845][ T5076] CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0
[   73.668530][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   73.678575][ T5076] Call Trace:
[   73.681849][ T5076]  <TASK>
[   73.684773][ T5076]  dump_stack_lvl+0x241/0x360
[   73.689458][ T5076]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.694656][ T5076]  ? __pfx__printk+0x10/0x10
[   73.699244][ T5076]  ? _printk+0xd5/0x120
[   73.703397][ T5076]  ? __virt_addr_valid+0x183/0x520
[   73.708508][ T5076]  ? __virt_addr_valid+0x183/0x520
[   73.713641][ T5076]  print_report+0x169/0x550
[   73.718137][ T5076]  ? __virt_addr_valid+0x183/0x520
[   73.723249][ T5076]  ? __virt_addr_valid+0x183/0x520
[   73.728373][ T5076]  ? __virt_addr_valid+0x44e/0x520
[   73.733484][ T5076]  ? __phys_addr+0xba/0x170
[   73.737989][ T5076]  ? f2fs_get_node_info+0xece/0x1200
[   73.743271][ T5076]  kasan_report+0x143/0x180
[   73.747770][ T5076]  ? f2fs_get_node_info+0xece/0x1200
[   73.753071][ T5076]  f2fs_get_node_info+0xece/0x1200
[   73.758186][ T5076]  f2fs_fiemap+0x55d/0x1ee0
[   73.762723][ T5076]  ? __pfx_f2fs_fiemap+0x10/0x10
[   73.767673][ T5076]  ? __might_fault+0xaa/0x120
[   73.772344][ T5076]  ? stack_depot_save_flags+0x29/0x830
[   73.777810][ T5076]  ? __pfx_lock_release+0x10/0x10
[   73.782864][ T5076]  ? kasan_save_track+0x51/0x80
[   73.787716][ T5076]  ? kasan_save_track+0x3f/0x80
[   73.792572][ T5076]  ? __might_fault+0xc6/0x120
[   73.797262][ T5076]  ? __pfx_f2fs_fiemap+0x10/0x10
[   73.802206][ T5076]  do_vfs_ioctl+0x1c07/0x2e50
[   73.806887][ T5076]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   73.811918][ T5076]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   73.818243][ T5076]  ? tomoyo_path_number_perm+0x208/0x880
[   73.823866][ T5076]  ? __pfx_lock_release+0x10/0x10
[   73.828889][ T5076]  ? kfree+0x153/0x3a0
[   73.832954][ T5076]  ? tomoyo_path_number_perm+0x71a/0x880
[   73.838607][ T5076]  ? tomoyo_path_number_perm+0x208/0x880
[   73.844233][ T5076]  ? smack_log+0x123/0x540
[   73.848649][ T5076]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   73.854624][ T5076]  ? __pfx_smack_log+0x10/0x10
[   73.859386][ T5076]  ? smk_access+0x4ab/0x4e0
[   73.863891][ T5076]  ? smk_tskacc+0x300/0x370
[   73.868407][ T5076]  ? smack_file_ioctl+0x2fa/0x3a0
[   73.873423][ T5076]  ? __pfx_smack_file_ioctl+0x10/0x10
[   73.878790][ T5076]  ? __pfx_ptrace_notify+0x10/0x10
[   73.883906][ T5076]  ? bpf_lsm_file_ioctl+0x9/0x10
[   73.888840][ T5076]  ? security_file_ioctl+0x87/0xb0
[   73.893946][ T5076]  __se_sys_ioctl+0x81/0x170
[   73.898536][ T5076]  do_syscall_64+0xf5/0x240
[   73.903043][ T5076]  ? clear_bhb_loop+0x35/0x90
[   73.907717][ T5076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.913607][ T5076] RIP: 0033:0x7f60d34ae739
[   73.918014][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   73.937622][ T5076] RSP: 002b:00007ffc9f2f1148 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.946049][ T5076] RAX: ffffffffffffffda RBX: 00007ffc9f2f1318 RCX: 00007f60d34ae739
[   73.954011][ T5076] RDX: 0000000020000040 RSI: 00000000c020660b RDI: 0000000000000004
[   73.961976][ T5076] RBP: 00007f60d3527610 R08: 0000000000000000 R09: 00007ffc9f2f1318
[   73.969960][ T5076] R10: 000000000000551a R11: 0000000000000246 R12: 0000000000000001
[   73.977936][ T5076] R13: 00007ffc9f2f1308 R14: 0000000000000001 R15: 0000000000000001
[   73.985913][ T5076]  </TASK>
[   73.988926][ T5076] 
[   73.991252][ T5076] Allocated by task 5076:
[   73.995572][ T5076]  kasan_save_track+0x3f/0x80
[   74.000251][ T5076]  __kasan_kmalloc+0x98/0xb0
[   74.004836][ T5076]  __kmalloc_node_track_caller+0x24e/0x4e0
[   74.010646][ T5076]  kmemdup+0x2a/0x60
[   74.014535][ T5076]  f2fs_build_node_manager+0x8cc/0x2870
[   74.020097][ T5076]  f2fs_fill_super+0x583c/0x8120
[   74.025036][ T5076]  mount_bdev+0x20a/0x2d0
[   74.029380][ T5076]  legacy_get_tree+0xee/0x190
[   74.034056][ T5076]  vfs_get_tree+0x90/0x2a0
[   74.038471][ T5076]  do_new_mount+0x2be/0xb40
[   74.042969][ T5076]  __se_sys_mount+0x2d9/0x3c0
[   74.047663][ T5076]  do_syscall_64+0xf5/0x240
[   74.052168][ T5076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.058056][ T5076] 
[   74.060372][ T5076] The buggy address belongs to the object at ffff88807a58c700
[   74.060372][ T5076]  which belongs to the cache kmalloc-64 of size 64
[   74.074243][ T5076] The buggy address is located 44 bytes to the right of
[   74.074243][ T5076]  allocated 64-byte region [ffff88807a58c700, ffff88807a58c740)
[   74.088727][ T5076] 
[   74.091043][ T5076] The buggy address belongs to the physical page:
[   74.097440][ T5076] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a58c
[   74.106190][ T5076] flags: 0xfff80000000800(slab|node=0|zone=1|lastcpupid=0xfff)
[   74.113723][ T5076] page_type: 0xffffffff()
[   74.118040][ T5076] raw: 00fff80000000800 ffff888015041640 ffffea0000aa6400 dead000000000004
[   74.126618][ T5076] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[   74.135185][ T5076] page dumped because: kasan: bad access detected
[   74.141587][ T5076] page_owner tracks the page as allocated
[   74.147290][ T5076] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4536, tgid 106643948 (udevd), ts 4536, free_ts 43042041281
[   74.164660][ T5076]  post_alloc_hook+0x1ea/0x210
[   74.169424][ T5076]  get_page_from_freelist+0x3410/0x35b0
[   74.174971][ T5076]  __alloc_pages+0x256/0x6c0
[   74.179560][ T5076]  alloc_slab_page+0x5f/0x160
[   74.184233][ T5076]  new_slab+0x84/0x2f0
[   74.188290][ T5076]  ___slab_alloc+0xc73/0x1260
[   74.192956][ T5076]  __kmalloc+0x2e5/0x4a0
[   74.197194][ T5076]  tomoyo_encode+0x26f/0x540
[   74.201783][ T5076]  tomoyo_realpath_from_path+0x59e/0x5e0
[   74.207425][ T5076]  tomoyo_path_number_perm+0x23a/0x880
[   74.212885][ T5076]  tomoyo_path_mknod+0x176/0x1b0
[   74.217816][ T5076]  security_path_mknod+0xf8/0x150
[   74.222827][ T5076]  path_openat+0xc7c/0x3240
[   74.227323][ T5076]  do_filp_open+0x235/0x490
[   74.231831][ T5076]  do_sys_openat2+0x13e/0x1d0
[   74.236497][ T5076]  __x64_sys_openat+0x247/0x2a0
[   74.241340][ T5076] page last free pid 4528 tgid 4528 stack trace:
[   74.247653][ T5076]  free_unref_page_prepare+0x97b/0xaa0
[   74.253130][ T5076]  free_unref_page+0x37/0x3f0
[   74.257799][ T5076]  __slab_free+0x31b/0x3d0
[   74.262211][ T5076]  qlist_free_all+0x5e/0xc0
[   74.266728][ T5076]  kasan_quarantine_reduce+0x14f/0x170
[   74.272182][ T5076]  __kasan_slab_alloc+0x23/0x80
[   74.277026][ T5076]  __kmalloc+0x1e2/0x4a0
[   74.281265][ T5076]  tomoyo_encode+0x26f/0x540
[   74.285846][ T5076]  tomoyo_realpath_from_path+0x59e/0x5e0
[   74.291468][ T5076]  tomoyo_path_number_perm+0x23a/0x880
[   74.296920][ T5076]  tomoyo_path_mknod+0x176/0x1b0
[   74.301854][ T5076]  security_path_mknod+0xf8/0x150
[   74.306870][ T5076]  path_openat+0xc7c/0x3240
[   74.311371][ T5076]  do_filp_open+0x235/0x490
[   74.315867][ T5076]  do_sys_openat2+0x13e/0x1d0
[   74.320531][ T5076]  __x64_sys_openat+0x247/0x2a0
[   74.325376][ T5076] 
[   74.327710][ T5076] Memory state around the buggy address:
[   74.333328][ T5076]  ffff88807a58c600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   74.341383][ T5076]  ffff88807a58c680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   74.349431][ T5076] >ffff88807a58c700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   74.357477][ T5076]                                                           ^
[   74.364916][ T5076]  ffff88807a58c780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   74.372966][ T5076]  ffff88807a58c800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   74.381033][ T5076] ==================================================================
[   74.389698][ T5076] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.396912][ T5076] CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0
[   74.405596][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   74.415653][ T5076] Call Trace:
[   74.418938][ T5076]  <TASK>
[   74.421872][ T5076]  dump_stack_lvl+0x241/0x360
[   74.426566][ T5076]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.431785][ T5076]  ? __pfx__printk+0x10/0x10
[   74.436388][ T5076]  ? preempt_schedule+0xe1/0xf0
[   74.441247][ T5076]  ? vscnprintf+0x5d/0x90
[   74.445587][ T5076]  panic+0x349/0x860
[   74.449498][ T5076]  ? check_panic_on_warn+0x21/0xb0
[   74.454629][ T5076]  ? __pfx_panic+0x10/0x10
[   74.459077][ T5076]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   74.465066][ T5076]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.471403][ T5076]  ? print_report+0x502/0x550
[   74.476092][ T5076]  check_panic_on_warn+0x86/0xb0
[   74.481036][ T5076]  ? f2fs_get_node_info+0xece/0x1200
[   74.486330][ T5076]  end_report+0x77/0x160
[   74.490592][ T5076]  kasan_report+0x154/0x180
[   74.495106][ T5076]  ? f2fs_get_node_info+0xece/0x1200
[   74.500411][ T5076]  f2fs_get_node_info+0xece/0x1200
[   74.505536][ T5076]  f2fs_fiemap+0x55d/0x1ee0
[   74.510061][ T5076]  ? __pfx_f2fs_fiemap+0x10/0x10
[   74.515004][ T5076]  ? __might_fault+0xaa/0x120
[   74.519682][ T5076]  ? stack_depot_save_flags+0x29/0x830
[   74.525150][ T5076]  ? __pfx_lock_release+0x10/0x10
[   74.530182][ T5076]  ? kasan_save_track+0x51/0x80
[   74.535034][ T5076]  ? kasan_save_track+0x3f/0x80
[   74.539886][ T5076]  ? __might_fault+0xc6/0x120
[   74.544564][ T5076]  ? __pfx_f2fs_fiemap+0x10/0x10
[   74.549512][ T5076]  do_vfs_ioctl+0x1c07/0x2e50
[   74.554213][ T5076]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   74.559250][ T5076]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   74.565585][ T5076]  ? tomoyo_path_number_perm+0x208/0x880
[   74.571225][ T5076]  ? __pfx_lock_release+0x10/0x10
[   74.576256][ T5076]  ? kfree+0x153/0x3a0
[   74.580328][ T5076]  ? tomoyo_path_number_perm+0x71a/0x880
[   74.585967][ T5076]  ? tomoyo_path_number_perm+0x208/0x880
[   74.591612][ T5076]  ? smack_log+0x123/0x540
[   74.596037][ T5076]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   74.602020][ T5076]  ? __pfx_smack_log+0x10/0x10
[   74.606794][ T5076]  ? smk_access+0x4ab/0x4e0
[   74.611305][ T5076]  ? smk_tskacc+0x300/0x370
[   74.615829][ T5076]  ? smack_file_ioctl+0x2fa/0x3a0
[   74.620863][ T5076]  ? __pfx_smack_file_ioctl+0x10/0x10
[   74.626247][ T5076]  ? __pfx_ptrace_notify+0x10/0x10
[   74.631391][ T5076]  ? bpf_lsm_file_ioctl+0x9/0x10
[   74.636346][ T5076]  ? security_file_ioctl+0x87/0xb0
[   74.641503][ T5076]  __se_sys_ioctl+0x81/0x170
[   74.646108][ T5076]  do_syscall_64+0xf5/0x240
[   74.650625][ T5076]  ? clear_bhb_loop+0x35/0x90
[   74.655309][ T5076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.661207][ T5076] RIP: 0033:0x7f60d34ae739
[   74.665622][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.685225][ T5076] RSP: 002b:00007ffc9f2f1148 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.693649][ T5076] RAX: ffffffffffffffda RBX: 00007ffc9f2f1318 RCX: 00007f60d34ae739
[   74.701624][ T5076] RDX: 0000000020000040 RSI: 00000000c020660b RDI: 0000000000000004
[   74.709598][ T5076] RBP: 00007f60d3527610 R08: 0000000000000000 R09: 00007ffc9f2f1318
[   74.717572][ T5076] R10: 000000000000551a R11: 0000000000000246 R12: 0000000000000001
[   74.725543][ T5076] R13: 00007ffc9f2f1308 R14: 0000000000000001 R15: 0000000000000001
[   74.733521][ T5076]  </TASK>
[   74.736867][ T5076] Kernel Offset: disabled
[   74.741188][ T5076] Rebooting in 86400 seconds..