./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1574795305

<...>
Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts.
execve("./syz-executor1574795305", ["./syz-executor1574795305"], 0x7ffda1878880 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e1b000
brk(0x555555e1bd00)                     = 0x555555e1bd00
arch_prctl(ARCH_SET_FS, 0x555555e1b380) = 0
set_tid_address(0x555555e1b650)         = 5045
set_robust_list(0x555555e1b660, 24)     = 0
rseq(0x555555e1bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1574795305", 4096) = 28
getrandom("\x85\x5f\x70\x36\x79\x45\xc9\xe3", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555e1bd00
brk(0x555555e3cd00)                     = 0x555555e3cd00
brk(0x555555e3d000)                     = 0x555555e3d000
mprotect(0x7fd67a5c3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd672000000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
munmap(0x7fd672000000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file2", 0777)                  = 0
[   50.354868][ T5045] loop0: detected capacity change from 0 to 40427
[   50.375587][ T5045] F2FS-fs (loop0): Invalid segment count (0)
[   50.381607][ T5045] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   50.390264][ T5045] F2FS-fs (loop0): Unrecognized mount option "noacl	fastboot" or missing value
[   50.399521][ T5045] ==================================================================
[   50.407588][ T5045] BUG: KASAN: slab-use-after-free in kill_f2fs_super+0x618/0x690
[   50.415325][ T5045] Read of size 4 at addr ffff88801e31577c by task syz-executor157/5045
[   50.423554][ T5045] 
[   50.425868][ T5045] CPU: 1 PID: 5045 Comm: syz-executor157 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[   50.435918][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   50.445959][ T5045] Call Trace:
[   50.449226][ T5045]  <TASK>
[   50.452146][ T5045]  dump_stack_lvl+0x1e7/0x2d0
[   50.456828][ T5045]  ? tcp_gro_dev_warn+0x260/0x260
[   50.461842][ T5045]  ? panic+0x850/0x850
[   50.465905][ T5045]  ? _printk+0xd5/0x120
[   50.470050][ T5045]  ? __virt_addr_valid+0x17e/0x480
[   50.475153][ T5045]  print_report+0x163/0x540
[   50.479644][ T5045]  ? __virt_addr_valid+0x17e/0x480
[   50.484742][ T5045]  ? __virt_addr_valid+0x3d1/0x480
[   50.489856][ T5045]  ? __phys_addr+0xba/0x170
[   50.494360][ T5045]  ? kill_f2fs_super+0x618/0x690
[   50.499295][ T5045]  kasan_report+0x142/0x170
[   50.503797][ T5045]  ? kill_f2fs_super+0x618/0x690
[   50.508730][ T5045]  kill_f2fs_super+0x618/0x690
[   50.513486][ T5045]  ? f2fs_mount+0x40/0x40
[   50.517817][ T5045]  ? radix_tree_delete_item+0x2e0/0x3f0
[   50.523358][ T5045]  ? shrinker_free+0x2c3/0x3d0
[   50.528115][ T5045]  deactivate_locked_super+0xc1/0x130
[   50.533475][ T5045]  mount_bdev+0x222/0x2d0
[   50.537792][ T5045]  ? kill_f2fs_super+0x690/0x690
[   50.542714][ T5045]  ? get_tree_bdev+0x560/0x560
[   50.547466][ T5045]  ? vfs_parse_fs_string+0x190/0x230
[   50.552735][ T5045]  ? vfs_parse_fs_param+0x410/0x410
[   50.557920][ T5045]  ? cap_capable+0x1b4/0x240
[   50.562498][ T5045]  legacy_get_tree+0xef/0x190
[   50.567167][ T5045]  ? trace_raw_output_f2fs__rw_end+0x110/0x110
[   50.573305][ T5045]  vfs_get_tree+0x8c/0x2a0
[   50.577711][ T5045]  do_new_mount+0x2be/0xb40
[   50.582204][ T5045]  ? ns_capable+0x89/0xe0
[   50.586526][ T5045]  ? do_move_mount_old+0x170/0x170
[   50.591625][ T5045]  __se_sys_mount+0x2d9/0x3c0
[   50.596293][ T5045]  ? __x64_sys_mount+0xc0/0xc0
[   50.601042][ T5045]  ? rcu_is_watching+0x15/0xb0
[   50.605797][ T5045]  ? __x64_sys_mount+0x20/0xc0
[   50.610551][ T5045]  do_syscall_64+0xf5/0x230
[   50.615043][ T5045]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   50.620925][ T5045] RIP: 0033:0x7fd67a54c93a
[   50.625328][ T5045] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   50.644917][ T5045] RSP: 002b:00007fff3469c168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   50.653318][ T5045] RAX: ffffffffffffffda RBX: 00007fff3469c180 RCX: 00007fd67a54c93a
[   50.661278][ T5045] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 00007fff3469c180
[   50.669232][ T5045] RBP: 0000000000000004 R08: 00007fff3469c1c0 R09: 002c65686361635f
[   50.677188][ T5045] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[   50.685144][ T5045] R13: 00007fff3469c1c0 R14: 0000000000000003 R15: 00000000013bd7ef
[   50.693104][ T5045]  </TASK>
[   50.696107][ T5045] 
[   50.698414][ T5045] Allocated by task 5045:
[   50.702720][ T5045]  kasan_save_track+0x3f/0x70
[   50.707385][ T5045]  __kasan_kmalloc+0x98/0xb0
[   50.711958][ T5045]  kmalloc_trace+0x1d6/0x360
[   50.716534][ T5045]  f2fs_fill_super+0xce/0x8170
[   50.721278][ T5045]  mount_bdev+0x206/0x2d0
[   50.725595][ T5045]  legacy_get_tree+0xef/0x190
[   50.730254][ T5045]  vfs_get_tree+0x8c/0x2a0
[   50.734655][ T5045]  do_new_mount+0x2be/0xb40
[   50.739145][ T5045]  __se_sys_mount+0x2d9/0x3c0
[   50.743804][ T5045]  do_syscall_64+0xf5/0x230
[   50.748290][ T5045]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   50.754169][ T5045] 
[   50.756474][ T5045] Freed by task 5045:
[   50.760436][ T5045]  kasan_save_track+0x3f/0x70
[   50.765097][ T5045]  kasan_save_free_info+0x4e/0x60
[   50.770109][ T5045]  poison_slab_object+0xa6/0xe0
[   50.774952][ T5045]  __kasan_slab_free+0x34/0x60
[   50.779707][ T5045]  kfree+0x14a/0x380
[   50.783588][ T5045]  f2fs_fill_super+0x6b04/0x8170
[   50.788512][ T5045]  mount_bdev+0x206/0x2d0
[   50.792833][ T5045]  legacy_get_tree+0xef/0x190
[   50.797590][ T5045]  vfs_get_tree+0x8c/0x2a0
[   50.801992][ T5045]  do_new_mount+0x2be/0xb40
[   50.806478][ T5045]  __se_sys_mount+0x2d9/0x3c0
[   50.811143][ T5045]  do_syscall_64+0xf5/0x230
[   50.815639][ T5045]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   50.821517][ T5045] 
[   50.823824][ T5045] The buggy address belongs to the object at ffff88801e314000
[   50.823824][ T5045]  which belongs to the cache kmalloc-8k of size 8192
[   50.837857][ T5045] The buggy address is located 6012 bytes inside of
[   50.837857][ T5045]  freed 8192-byte region [ffff88801e314000, ffff88801e316000)
[   50.851805][ T5045] 
[   50.854110][ T5045] The buggy address belongs to the physical page:
[   50.860506][ T5045] page:ffffea000078c400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e310
[   50.870636][ T5045] head:ffffea000078c400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   50.879549][ T5045] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   50.887505][ T5045] page_type: 0xffffffff()
[   50.891818][ T5045] raw: 00fff00000000840 ffff888012c42280 ffffea0000815a00 dead000000000002
[   50.900381][ T5045] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[   50.908941][ T5045] page dumped because: kasan: bad access detected
[   50.915330][ T5045] page_owner tracks the page as allocated
[   50.921023][ T5045] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6350519923, free_ts 0
[   50.940631][ T5045]  post_alloc_hook+0x1e6/0x210
[   50.945383][ T5045]  get_page_from_freelist+0x33ea/0x3570
[   50.950913][ T5045]  __alloc_pages+0x255/0x680
[   50.955488][ T5045]  alloc_slab_page+0x5f/0x160
[   50.960146][ T5045]  new_slab+0x84/0x2f0
[   50.964196][ T5045]  ___slab_alloc+0xd17/0x13d0
[   50.968866][ T5045]  __kmalloc_node+0x2d2/0x4e0
[   50.973531][ T5045]  kvmalloc_node+0x72/0x180
[   50.978023][ T5045]  drm_gem_get_pages+0x178/0xe00
[   50.982944][ T5045]  drm_gem_shmem_get_pages+0xdd/0x290
[   50.988302][ T5045]  drm_gem_shmem_vmap+0x2ba/0x620
[   50.993313][ T5045]  drm_gem_vmap_unlocked+0x102/0x1d0
[   50.998600][ T5045]  drm_gem_fb_vmap+0xa6/0x800
[   51.003266][ T5045]  drm_atomic_helper_prepare_planes+0x2b1/0xb30
[   51.009494][ T5045]  drm_atomic_helper_commit+0x181/0xac0
[   51.015026][ T5045]  drm_atomic_commit+0x279/0x2c0
[   51.019953][ T5045] page_owner free stack trace missing
[   51.025305][ T5045] 
[   51.027611][ T5045] Memory state around the buggy address:
[   51.033223][ T5045]  ffff88801e315600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.041264][ T5045]  ffff88801e315680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.049305][ T5045] >ffff88801e315700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.057346][ T5045]                                                                 ^
[   51.065298][ T5045]  ffff88801e315780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.073342][ T5045]  ffff88801e315800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.081382][ T5045] ==================================================================
[   51.096234][ T5045] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   51.103427][ T5045] CPU: 1 PID: 5045 Comm: syz-executor157 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[   51.113498][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   51.123540][ T5045] Call Trace:
[   51.126806][ T5045]  <TASK>
[   51.129721][ T5045]  dump_stack_lvl+0x1e7/0x2d0
[   51.134387][ T5045]  ? tcp_gro_dev_warn+0x260/0x260
[   51.139484][ T5045]  ? panic+0x850/0x850
[   51.143547][ T5045]  ? rcu_is_watching+0x15/0xb0
[   51.148312][ T5045]  ? vscnprintf+0x5d/0x80
[   51.152629][ T5045]  panic+0x349/0x850
[   51.156508][ T5045]  ? check_panic_on_warn+0x21/0xa0
[   51.161598][ T5045]  ? __memcpy_flushcache+0x2b0/0x2b0
[   51.166864][ T5045]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   51.172845][ T5045]  ? _raw_spin_unlock+0x40/0x40
[   51.177676][ T5045]  ? print_report+0x4fb/0x540
[   51.182336][ T5045]  check_panic_on_warn+0x82/0xa0
[   51.187261][ T5045]  ? kill_f2fs_super+0x618/0x690
[   51.192186][ T5045]  end_report+0x6e/0x140
[   51.196421][ T5045]  kasan_report+0x153/0x170
[   51.200910][ T5045]  ? kill_f2fs_super+0x618/0x690
[   51.205836][ T5045]  kill_f2fs_super+0x618/0x690
[   51.210600][ T5045]  ? f2fs_mount+0x40/0x40
[   51.214916][ T5045]  ? radix_tree_delete_item+0x2e0/0x3f0
[   51.220460][ T5045]  ? shrinker_free+0x2c3/0x3d0
[   51.225217][ T5045]  deactivate_locked_super+0xc1/0x130
[   51.230579][ T5045]  mount_bdev+0x222/0x2d0
[   51.234927][ T5045]  ? kill_f2fs_super+0x690/0x690
[   51.239849][ T5045]  ? get_tree_bdev+0x560/0x560
[   51.244600][ T5045]  ? vfs_parse_fs_string+0x190/0x230
[   51.249870][ T5045]  ? vfs_parse_fs_param+0x410/0x410
[   51.255063][ T5045]  ? cap_capable+0x1b4/0x240
[   51.259659][ T5045]  legacy_get_tree+0xef/0x190
[   51.264338][ T5045]  ? trace_raw_output_f2fs__rw_end+0x110/0x110
[   51.270482][ T5045]  vfs_get_tree+0x8c/0x2a0
[   51.274897][ T5045]  do_new_mount+0x2be/0xb40
[   51.279392][ T5045]  ? ns_capable+0x89/0xe0
[   51.283713][ T5045]  ? do_move_mount_old+0x170/0x170
[   51.288818][ T5045]  __se_sys_mount+0x2d9/0x3c0
[   51.293495][ T5045]  ? __x64_sys_mount+0xc0/0xc0
[   51.298250][ T5045]  ? rcu_is_watching+0x15/0xb0
[   51.303005][ T5045]  ? __x64_sys_mount+0x20/0xc0
[   51.307761][ T5045]  do_syscall_64+0xf5/0x230
[   51.312255][ T5045]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   51.318142][ T5045] RIP: 0033:0x7fd67a54c93a
[   51.322542][ T5045] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   51.342130][ T5045] RSP: 002b:00007fff3469c168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   51.350527][ T5045] RAX: ffffffffffffffda RBX: 00007fff3469c180 RCX: 00007fd67a54c93a
[   51.358489][ T5045] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 00007fff3469c180
[   51.366445][ T5045] RBP: 0000000000000004 R08: 00007fff3469c1c0 R09: 002c65686361635f
[   51.374402][ T5045] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[   51.382358][ T5045] R13: 00007fff3469c1c0 R14: 0000000000000003 R15: 00000000013bd7ef
[   51.390318][ T5045]  </TASK>
[   51.393517][ T5045] Kernel Offset: disabled
[   51.397824][ T5045] Rebooting in 86400 seconds..