./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4017343232
<...>
Warning: Permanently added '10.128.10.61' (ED25519) to the list of known hosts.
execve("./syz-executor4017343232", ["./syz-executor4017343232"], 0x7ffe69ce9090 /* 10 vars */) = 0
brk(NULL) = 0x55555608e000
brk(0x55555608ed00) = 0x55555608ed00
arch_prctl(ARCH_SET_FS, 0x55555608e380) = 0
set_tid_address(0x55555608e650) = 5057
set_robust_list(0x55555608e660, 24) = 0
rseq(0x55555608eca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4017343232", 4096) = 28
getrandom("\xa9\xd8\xb0\x31\xc6\xcb\x26\x1b", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555608ed00
brk(0x5555560afd00) = 0x5555560afd00
brk(0x5555560b0000) = 0x5555560b0000
mprotect(0x7f01b325b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01aac00000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836
munmap(0x7f01aac00000, 138412032) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
close(4) = 0
mkdir("./bus", 0777) = 0
[ 47.129483][ T5057] loop0: detected capacity change from 0 to 63271
[ 47.148893][ T5057] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605)
[ 47.157341][ T5057] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 47.167155][ T5057] F2FS-fs (loop0): invalid crc value
[ 47.173998][ T5057] F2FS-fs (loop0): Mismatch valid blocks 1 vs. 2
[ 47.180792][ T5057] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117)
[ 47.190770][ T5057] ==================================================================
[ 47.198816][ T5057] BUG: KASAN: slab-use-after-free in destroy_device_list+0x195/0x200
[ 47.206875][ T5057] Read of size 4 at addr ffff88802383d77c by task syz-executor401/5057
[ 47.215088][ T5057]
[ 47.217388][ T5057] CPU: 0 PID: 5057 Comm: syz-executor401 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[ 47.227424][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 47.237455][ T5057] Call Trace:
[ 47.240710][ T5057]
[ 47.243616][ T5057] dump_stack_lvl+0xd9/0x1b0
[ 47.248187][ T5057] print_report+0xc4/0x620
[ 47.252577][ T5057] ? __virt_addr_valid+0x5e/0x580
[ 47.257580][ T5057] ? __phys_addr+0xc6/0x140
[ 47.262070][ T5057] kasan_report+0xda/0x110
[ 47.266462][ T5057] ? destroy_device_list+0x195/0x200
[ 47.271719][ T5057] ? destroy_device_list+0x195/0x200
[ 47.276979][ T5057] destroy_device_list+0x195/0x200
[ 47.282075][ T5057] kill_f2fs_super+0x2c6/0x430
[ 47.286834][ T5057] ? trace_event_raw_event_f2fs_unlink_enter+0x450/0x450
[ 47.293837][ T5057] ? f2fs_record_error_work+0x20/0x20
[ 47.299185][ T5057] deactivate_locked_super+0xbc/0x1a0
[ 47.304540][ T5057] mount_bdev+0x277/0x2d0
[ 47.308850][ T5057] ? sget+0x640/0x640
[ 47.312810][ T5057] ? apparmor_capable+0x126/0x1e0
[ 47.317813][ T5057] ? destroy_device_list+0x200/0x200
[ 47.323073][ T5057] legacy_get_tree+0x109/0x220
[ 47.327816][ T5057] vfs_get_tree+0x8c/0x370
[ 47.332224][ T5057] path_mount+0x14e6/0x1f20
[ 47.336712][ T5057] ? kmem_cache_free+0x129/0x350
[ 47.341624][ T5057] ? finish_automount+0xa40/0xa40
[ 47.346628][ T5057] ? putname+0x12e/0x170
[ 47.350846][ T5057] __x64_sys_mount+0x293/0x310
[ 47.355589][ T5057] ? copy_mnt_ns+0x9f0/0x9f0
[ 47.360157][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50
[ 47.365332][ T5057] ? ptrace_notify+0xf4/0x130
[ 47.369985][ T5057] do_syscall_64+0xd3/0x250
[ 47.374478][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 47.380347][ T5057] RIP: 0033:0x7f01b31e18ba
[ 47.384738][ T5057] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 47.404319][ T5057] RSP: 002b:00007fffd9b750c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 47.412703][ T5057] RAX: ffffffffffffffda RBX: 00007fffd9b750e0 RCX: 00007f01b31e18ba
[ 47.420649][ T5057] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007fffd9b750e0
[ 47.428593][ T5057] RBP: 0000000000000004 R08: 00007fffd9b75120 R09: 0000000000007e65
[ 47.436544][ T5057] R10: 0000000000000410 R11: 0000000000000286 R12: 0000000000000410
[ 47.444493][ T5057] R13: 00007fffd9b75120 R14: 0000000000000003 R15: 0000000001ee4e54
[ 47.452450][ T5057]
[ 47.455444][ T5057]
[ 47.457742][ T5057] Allocated by task 5057:
[ 47.462045][ T5057] kasan_save_stack+0x33/0x50
[ 47.466712][ T5057] kasan_save_track+0x14/0x30
[ 47.471379][ T5057] __kasan_kmalloc+0xa2/0xb0
[ 47.475941][ T5057] f2fs_fill_super+0xfe/0x8e50
[ 47.480701][ T5057] mount_bdev+0x1df/0x2d0
[ 47.485013][ T5057] legacy_get_tree+0x109/0x220
[ 47.489751][ T5057] vfs_get_tree+0x8c/0x370
[ 47.494146][ T5057] path_mount+0x14e6/0x1f20
[ 47.498627][ T5057] __x64_sys_mount+0x293/0x310
[ 47.503366][ T5057] do_syscall_64+0xd3/0x250
[ 47.507843][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 47.513713][ T5057]
[ 47.516014][ T5057] Freed by task 5057:
[ 47.519964][ T5057] kasan_save_stack+0x33/0x50
[ 47.524616][ T5057] kasan_save_track+0x14/0x30
[ 47.529264][ T5057] kasan_save_free_info+0x3f/0x60
[ 47.534262][ T5057] __kasan_slab_free+0x121/0x1b0
[ 47.539190][ T5057] kfree+0x124/0x360
[ 47.543062][ T5057] f2fs_fill_super+0x270c/0x8e50
[ 47.548064][ T5057] mount_bdev+0x1df/0x2d0
[ 47.552380][ T5057] legacy_get_tree+0x109/0x220
[ 47.557132][ T5057] vfs_get_tree+0x8c/0x370
[ 47.561519][ T5057] path_mount+0x14e6/0x1f20
[ 47.565997][ T5057] __x64_sys_mount+0x293/0x310
[ 47.570736][ T5057] do_syscall_64+0xd3/0x250
[ 47.575214][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 47.581083][ T5057]
[ 47.583394][ T5057] The buggy address belongs to the object at ffff88802383c000
[ 47.583394][ T5057] which belongs to the cache kmalloc-8k of size 8192
[ 47.597417][ T5057] The buggy address is located 6012 bytes inside of
[ 47.597417][ T5057] freed 8192-byte region [ffff88802383c000, ffff88802383e000)
[ 47.611358][ T5057]
[ 47.613658][ T5057] The buggy address belongs to the physical page:
[ 47.620040][ T5057] page:ffffea00008e0e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23838
[ 47.630161][ T5057] head:ffffea00008e0e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 47.639066][ T5057] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 47.647016][ T5057] page_type: 0xffffffff()
[ 47.651319][ T5057] raw: 00fff00000000840 ffff888013042280 ffffea0001357600 0000000000000002
[ 47.659874][ T5057] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 47.668425][ T5057] page dumped because: kasan: bad access detected
[ 47.674823][ T5057] page_owner tracks the page as allocated
[ 47.680506][ T5057] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4723, tgid 4723 (S41dhcpcd), ts 24160833017, free_ts 24143445832
[ 47.700791][ T5057] post_alloc_hook+0x2d0/0x350
[ 47.705533][ T5057] get_page_from_freelist+0xa28/0x3780
[ 47.710965][ T5057] __alloc_pages+0x22f/0x2440
[ 47.715615][ T5057] new_slab+0xcc/0x3a0
[ 47.719657][ T5057] ___slab_alloc+0x4af/0x19a0
[ 47.724311][ T5057] __slab_alloc.constprop.0+0x56/0xa0
[ 47.729658][ T5057] kmalloc_trace+0x30b/0x340
[ 47.734224][ T5057] tomoyo_init_log+0xcdf/0x2110
[ 47.739049][ T5057] tomoyo_supervisor+0x30c/0xea0
[ 47.743957][ T5057] tomoyo_env_perm+0x18f/0x200
[ 47.748695][ T5057] tomoyo_find_next_domain+0xef6/0x2020
[ 47.754212][ T5057] tomoyo_bprm_check_security+0x12b/0x1d0
[ 47.759909][ T5057] security_bprm_check+0x6a/0xe0
[ 47.764819][ T5057] bprm_execve+0x73a/0x1a90
[ 47.769295][ T5057] do_execveat_common.isra.0+0x5d3/0x740
[ 47.774903][ T5057] __x64_sys_execve+0x8c/0xb0
[ 47.779559][ T5057] page last free pid 4722 tgid 4722 stack trace:
[ 47.785869][ T5057] free_unref_page_prepare+0x51f/0xb10
[ 47.791308][ T5057] free_unref_page+0x33/0x3c0
[ 47.795965][ T5057] __put_partials+0x14c/0x160
[ 47.800617][ T5057] qlist_free_all+0x58/0x150
[ 47.805184][ T5057] kasan_quarantine_reduce+0x18e/0x1d0
[ 47.810618][ T5057] __kasan_slab_alloc+0x65/0x90
[ 47.815443][ T5057] __kmalloc+0x1bd/0x440
[ 47.819661][ T5057] tomoyo_supervisor+0x43d/0xea0
[ 47.824595][ T5057] tomoyo_env_perm+0x18f/0x200
[ 47.829331][ T5057] tomoyo_find_next_domain+0xef6/0x2020
[ 47.834852][ T5057] tomoyo_bprm_check_security+0x12b/0x1d0
[ 47.840548][ T5057] security_bprm_check+0x6a/0xe0
[ 47.845459][ T5057] bprm_execve+0x73a/0x1a90
[ 47.849934][ T5057] do_execveat_common.isra.0+0x5d3/0x740
[ 47.855542][ T5057] __x64_sys_execve+0x8c/0xb0
[ 47.860192][ T5057] do_syscall_64+0xd3/0x250
[ 47.864670][ T5057]
[ 47.866970][ T5057] Memory state around the buggy address:
[ 47.872570][ T5057] ffff88802383d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.880603][ T5057] ffff88802383d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.888642][ T5057] >ffff88802383d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.896671][ T5057] ^
[ 47.904619][ T5057] ffff88802383d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.912651][ T5057] ffff88802383d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.920694][ T5057] ==================================================================
[ 47.929457][ T5057] ==================================================================
[ 47.937518][ T5057] BUG: KASAN: slab-use-after-free in destroy_device_list+0x1f1/0x200
[ 47.945582][ T5057] Read of size 8 at addr ffff88802383d780 by task syz-executor401/5057
[ 47.953792][ T5057]
[ 47.956091][ T5057] CPU: 0 PID: 5057 Comm: syz-executor401 Tainted: G B 6.7.0-syzkaller-09928-g052d534373b7 #0
[ 47.967601][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 47.977629][ T5057] Call Trace:
[ 47.980881][ T5057]
[ 47.983790][ T5057] dump_stack_lvl+0xd9/0x1b0
[ 47.988364][ T5057] print_report+0xc4/0x620
[ 47.992753][ T5057] ? __virt_addr_valid+0x5e/0x580
[ 47.997752][ T5057] ? __phys_addr+0xc6/0x140
[ 48.002229][ T5057] kasan_report+0xda/0x110
[ 48.006618][ T5057] ? destroy_device_list+0x1f1/0x200
[ 48.011876][ T5057] ? destroy_device_list+0x1f1/0x200
[ 48.017139][ T5057] destroy_device_list+0x1f1/0x200
[ 48.022228][ T5057] kill_f2fs_super+0x2c6/0x430
[ 48.026969][ T5057] ? trace_event_raw_event_f2fs_unlink_enter+0x450/0x450
[ 48.033972][ T5057] ? f2fs_record_error_work+0x20/0x20
[ 48.039320][ T5057] deactivate_locked_super+0xbc/0x1a0
[ 48.044671][ T5057] mount_bdev+0x277/0x2d0
[ 48.048980][ T5057] ? sget+0x640/0x640
[ 48.052940][ T5057] ? apparmor_capable+0x126/0x1e0
[ 48.057940][ T5057] ? destroy_device_list+0x200/0x200
[ 48.063208][ T5057] legacy_get_tree+0x109/0x220
[ 48.067945][ T5057] vfs_get_tree+0x8c/0x370
[ 48.072336][ T5057] path_mount+0x14e6/0x1f20
[ 48.076816][ T5057] ? kmem_cache_free+0x129/0x350
[ 48.081732][ T5057] ? finish_automount+0xa40/0xa40
[ 48.086738][ T5057] ? putname+0x12e/0x170
[ 48.090957][ T5057] __x64_sys_mount+0x293/0x310
[ 48.095698][ T5057] ? copy_mnt_ns+0x9f0/0x9f0
[ 48.100263][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50
[ 48.105441][ T5057] ? ptrace_notify+0xf4/0x130
[ 48.110116][ T5057] do_syscall_64+0xd3/0x250
[ 48.114595][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 48.120465][ T5057] RIP: 0033:0x7f01b31e18ba
[ 48.124857][ T5057] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 48.144439][ T5057] RSP: 002b:00007fffd9b750c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 48.152823][ T5057] RAX: ffffffffffffffda RBX: 00007fffd9b750e0 RCX: 00007f01b31e18ba
[ 48.160777][ T5057] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007fffd9b750e0
[ 48.168720][ T5057] RBP: 0000000000000004 R08: 00007fffd9b75120 R09: 0000000000007e65
[ 48.176665][ T5057] R10: 0000000000000410 R11: 0000000000000286 R12: 0000000000000410
[ 48.184613][ T5057] R13: 00007fffd9b75120 R14: 0000000000000003 R15: 0000000001ee4e54
[ 48.192564][ T5057]
[ 48.195557][ T5057]
[ 48.197854][ T5057] Allocated by task 5057:
[ 48.202149][ T5057] kasan_save_stack+0x33/0x50
[ 48.206800][ T5057] kasan_save_track+0x14/0x30
[ 48.211445][ T5057] __kasan_kmalloc+0xa2/0xb0
[ 48.216006][ T5057] f2fs_fill_super+0xfe/0x8e50
[ 48.220754][ T5057] mount_bdev+0x1df/0x2d0
[ 48.225062][ T5057] legacy_get_tree+0x109/0x220
[ 48.229802][ T5057] vfs_get_tree+0x8c/0x370
[ 48.234189][ T5057] path_mount+0x14e6/0x1f20
[ 48.238669][ T5057] __x64_sys_mount+0x293/0x310
[ 48.243411][ T5057] do_syscall_64+0xd3/0x250
[ 48.247886][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 48.253754][ T5057]
[ 48.256050][ T5057] Freed by task 5057:
[ 48.259998][ T5057] kasan_save_stack+0x33/0x50
[ 48.264661][ T5057] kasan_save_track+0x14/0x30
[ 48.269309][ T5057] kasan_save_free_info+0x3f/0x60
[ 48.274323][ T5057] __kasan_slab_free+0x121/0x1b0
[ 48.279232][ T5057] kfree+0x124/0x360
[ 48.283116][ T5057] f2fs_fill_super+0x270c/0x8e50
[ 48.288030][ T5057] mount_bdev+0x1df/0x2d0
[ 48.292336][ T5057] legacy_get_tree+0x109/0x220
[ 48.297073][ T5057] vfs_get_tree+0x8c/0x370
[ 48.301461][ T5057] path_mount+0x14e6/0x1f20
[ 48.306033][ T5057] __x64_sys_mount+0x293/0x310
[ 48.310771][ T5057] do_syscall_64+0xd3/0x250
[ 48.315246][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 48.321113][ T5057]
[ 48.323410][ T5057] The buggy address belongs to the object at ffff88802383c000
[ 48.323410][ T5057] which belongs to the cache kmalloc-8k of size 8192
[ 48.337438][ T5057] The buggy address is located 6016 bytes inside of
[ 48.337438][ T5057] freed 8192-byte region [ffff88802383c000, ffff88802383e000)
[ 48.351465][ T5057]
[ 48.353762][ T5057] The buggy address belongs to the physical page:
[ 48.360141][ T5057] page:ffffea00008e0e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23838
[ 48.370259][ T5057] head:ffffea00008e0e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 48.379160][ T5057] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 48.387108][ T5057] page_type: 0xffffffff()
[ 48.391412][ T5057] raw: 00fff00000000840 ffff888013042280 ffffea0001357600 0000000000000002
[ 48.399982][ T5057] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 48.408537][ T5057] page dumped because: kasan: bad access detected
[ 48.414919][ T5057] page_owner tracks the page as allocated
[ 48.420603][ T5057] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4723, tgid 4723 (S41dhcpcd), ts 24160833017, free_ts 24143445832
[ 48.440891][ T5057] post_alloc_hook+0x2d0/0x350
[ 48.445724][ T5057] get_page_from_freelist+0xa28/0x3780
[ 48.451162][ T5057] __alloc_pages+0x22f/0x2440
[ 48.455812][ T5057] new_slab+0xcc/0x3a0
[ 48.459852][ T5057] ___slab_alloc+0x4af/0x19a0
[ 48.464503][ T5057] __slab_alloc.constprop.0+0x56/0xa0
[ 48.469851][ T5057] kmalloc_trace+0x30b/0x340
[ 48.474420][ T5057] tomoyo_init_log+0xcdf/0x2110
[ 48.479240][ T5057] tomoyo_supervisor+0x30c/0xea0
[ 48.484150][ T5057] tomoyo_env_perm+0x18f/0x200
[ 48.488892][ T5057] tomoyo_find_next_domain+0xef6/0x2020
[ 48.494409][ T5057] tomoyo_bprm_check_security+0x12b/0x1d0
[ 48.500102][ T5057] security_bprm_check+0x6a/0xe0
[ 48.505014][ T5057] bprm_execve+0x73a/0x1a90
[ 48.509492][ T5057] do_execveat_common.isra.0+0x5d3/0x740
[ 48.515102][ T5057] __x64_sys_execve+0x8c/0xb0
[ 48.519753][ T5057] page last free pid 4722 tgid 4722 stack trace:
[ 48.526048][ T5057] free_unref_page_prepare+0x51f/0xb10
[ 48.531484][ T5057] free_unref_page+0x33/0x3c0
[ 48.536140][ T5057] __put_partials+0x14c/0x160
[ 48.540807][ T5057] qlist_free_all+0x58/0x150
[ 48.545373][ T5057] kasan_quarantine_reduce+0x18e/0x1d0
[ 48.550805][ T5057] __kasan_slab_alloc+0x65/0x90
[ 48.555627][ T5057] __kmalloc+0x1bd/0x440
[ 48.559845][ T5057] tomoyo_supervisor+0x43d/0xea0
[ 48.564754][ T5057] tomoyo_env_perm+0x18f/0x200
[ 48.569488][ T5057] tomoyo_find_next_domain+0xef6/0x2020
[ 48.575009][ T5057] tomoyo_bprm_check_security+0x12b/0x1d0
[ 48.580706][ T5057] security_bprm_check+0x6a/0xe0
[ 48.585618][ T5057] bprm_execve+0x73a/0x1a90
[ 48.590094][ T5057] do_execveat_common.isra.0+0x5d3/0x740
[ 48.595700][ T5057] __x64_sys_execve+0x8c/0xb0
[ 48.600351][ T5057] do_syscall_64+0xd3/0x250
[ 48.604829][ T5057]
[ 48.607125][ T5057] Memory state around the buggy address:
[ 48.612725][ T5057] ffff88802383d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.620759][ T5057] ffff88802383d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.628793][ T5057] >ffff88802383d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.636828][ T5057] ^
[ 48.640867][ T5057] ffff88802383d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.648902][ T5057] ffff88802383d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.656940][ T5057] ==================================================================
[ 48.665105][ T5057] ==================================================================
[ 48.673156][ T5057] BUG: KASAN: double-free in kill_f2fs_super+0x2ce/0x430
[ 48.680169][ T5057] Free of addr ffff88802383c000 by task syz-executor401/5057
[ 48.687517][ T5057]
[ 48.689829][ T5057] CPU: 0 PID: 5057 Comm: syz-executor401 Tainted: G B 6.7.0-syzkaller-09928-g052d534373b7 #0
[ 48.701348][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 48.711385][ T5057] Call Trace:
[ 48.714650][ T5057]
[ 48.717565][ T5057] dump_stack_lvl+0xd9/0x1b0
[ 48.722159][ T5057] print_report+0xc4/0x620
[ 48.726563][ T5057] ? __virt_addr_valid+0x5e/0x580
[ 48.731589][ T5057] ? __phys_addr+0xc6/0x140
[ 48.736081][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 48.741008][ T5057] kasan_report_invalid_free+0xab/0xd0
[ 48.746457][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 48.751388][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 48.756311][ T5057] __kasan_slab_free+0x18f/0x1b0
[ 48.761234][ T5057] kfree+0x124/0x360
[ 48.765116][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 48.770043][ T5057] kill_f2fs_super+0x2ce/0x430
[ 48.774795][ T5057] ? trace_event_raw_event_f2fs_unlink_enter+0x450/0x450
[ 48.781812][ T5057] ? f2fs_record_error_work+0x20/0x20
[ 48.787172][ T5057] deactivate_locked_super+0xbc/0x1a0
[ 48.792537][ T5057] mount_bdev+0x277/0x2d0
[ 48.796861][ T5057] ? sget+0x640/0x640
[ 48.800835][ T5057] ? apparmor_capable+0x126/0x1e0
[ 48.805850][ T5057] ? destroy_device_list+0x200/0x200
[ 48.811120][ T5057] legacy_get_tree+0x109/0x220
[ 48.815873][ T5057] vfs_get_tree+0x8c/0x370
[ 48.820271][ T5057] path_mount+0x14e6/0x1f20
[ 48.824767][ T5057] ? kmem_cache_free+0x129/0x350
[ 48.829695][ T5057] ? finish_automount+0xa40/0xa40
[ 48.834718][ T5057] ? putname+0x12e/0x170
[ 48.838948][ T5057] __x64_sys_mount+0x293/0x310
[ 48.843705][ T5057] ? copy_mnt_ns+0x9f0/0x9f0
[ 48.848291][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50
[ 48.853487][ T5057] ? ptrace_notify+0xf4/0x130
[ 48.858159][ T5057] do_syscall_64+0xd3/0x250
[ 48.862649][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 48.868537][ T5057] RIP: 0033:0x7f01b31e18ba
[ 48.872938][ T5057] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 48.892534][ T5057] RSP: 002b:00007fffd9b750c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 48.900927][ T5057] RAX: ffffffffffffffda RBX: 00007fffd9b750e0 RCX: 00007f01b31e18ba
[ 48.908885][ T5057] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007fffd9b750e0
[ 48.916839][ T5057] RBP: 0000000000000004 R08: 00007fffd9b75120 R09: 0000000000007e65
[ 48.924796][ T5057] R10: 0000000000000410 R11: 0000000000000286 R12: 0000000000000410
[ 48.932752][ T5057] R13: 00007fffd9b75120 R14: 0000000000000003 R15: 0000000001ee4e54
[ 48.940711][ T5057]
[ 48.943710][ T5057]
[ 48.946017][ T5057] Allocated by task 5057:
[ 48.950321][ T5057] kasan_save_stack+0x33/0x50
[ 48.954983][ T5057] kasan_save_track+0x14/0x30
[ 48.959639][ T5057] __kasan_kmalloc+0xa2/0xb0
[ 48.964209][ T5057] f2fs_fill_super+0xfe/0x8e50
[ 48.968961][ T5057] mount_bdev+0x1df/0x2d0
[ 48.973283][ T5057] legacy_get_tree+0x109/0x220
[ 48.978034][ T5057] vfs_get_tree+0x8c/0x370
[ 48.982432][ T5057] path_mount+0x14e6/0x1f20
[ 48.986926][ T5057] __x64_sys_mount+0x293/0x310
[ 48.991684][ T5057] do_syscall_64+0xd3/0x250
[ 48.996170][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 49.002059][ T5057]
[ 49.004363][ T5057] Freed by task 5057:
[ 49.008322][ T5057] kasan_save_stack+0x33/0x50
[ 49.012981][ T5057] kasan_save_track+0x14/0x30
[ 49.017639][ T5057] kasan_save_free_info+0x3f/0x60
[ 49.022648][ T5057] __kasan_slab_free+0x121/0x1b0
[ 49.027569][ T5057] kfree+0x124/0x360
[ 49.031449][ T5057] f2fs_fill_super+0x270c/0x8e50
[ 49.036374][ T5057] mount_bdev+0x1df/0x2d0
[ 49.040692][ T5057] legacy_get_tree+0x109/0x220
[ 49.045441][ T5057] vfs_get_tree+0x8c/0x370
[ 49.049838][ T5057] path_mount+0x14e6/0x1f20
[ 49.054331][ T5057] __x64_sys_mount+0x293/0x310
[ 49.059083][ T5057] do_syscall_64+0xd3/0x250
[ 49.063568][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 49.069453][ T5057]
[ 49.071758][ T5057] The buggy address belongs to the object at ffff88802383c000
[ 49.071758][ T5057] which belongs to the cache kmalloc-8k of size 8192
[ 49.085798][ T5057] The buggy address is located 0 bytes inside of
[ 49.085798][ T5057] 8192-byte region [ffff88802383c000, ffff88802383e000)
[ 49.098966][ T5057]
[ 49.101271][ T5057] The buggy address belongs to the physical page:
[ 49.107661][ T5057] page:ffffea00008e0e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23838
[ 49.117798][ T5057] head:ffffea00008e0e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 49.126712][ T5057] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 49.134672][ T5057] page_type: 0xffffffff()
[ 49.138981][ T5057] raw: 00fff00000000840 ffff888013042280 ffffea0001357600 0000000000000002
[ 49.147551][ T5057] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 49.156110][ T5057] page dumped because: kasan: bad access detected
[ 49.162500][ T5057] page_owner tracks the page as allocated
[ 49.168192][ T5057] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4723, tgid 4723 (S41dhcpcd), ts 24160833017, free_ts 24143445832
[ 49.188487][ T5057] post_alloc_hook+0x2d0/0x350
[ 49.193247][ T5057] get_page_from_freelist+0xa28/0x3780
[ 49.198695][ T5057] __alloc_pages+0x22f/0x2440
[ 49.203356][ T5057] new_slab+0xcc/0x3a0
[ 49.207410][ T5057] ___slab_alloc+0x4af/0x19a0
[ 49.212074][ T5057] __slab_alloc.constprop.0+0x56/0xa0
[ 49.217432][ T5057] kmalloc_trace+0x30b/0x340
[ 49.222007][ T5057] tomoyo_init_log+0xcdf/0x2110
[ 49.226844][ T5057] tomoyo_supervisor+0x30c/0xea0
[ 49.231767][ T5057] tomoyo_env_perm+0x18f/0x200
[ 49.238338][ T5057] tomoyo_find_next_domain+0xef6/0x2020
[ 49.243869][ T5057] tomoyo_bprm_check_security+0x12b/0x1d0
[ 49.249584][ T5057] security_bprm_check+0x6a/0xe0
[ 49.254508][ T5057] bprm_execve+0x73a/0x1a90
[ 49.258998][ T5057] do_execveat_common.isra.0+0x5d3/0x740
[ 49.264615][ T5057] __x64_sys_execve+0x8c/0xb0
[ 49.269280][ T5057] page last free pid 4722 tgid 4722 stack trace:
[ 49.275582][ T5057] free_unref_page_prepare+0x51f/0xb10
[ 49.281030][ T5057] free_unref_page+0x33/0x3c0
[ 49.285697][ T5057] __put_partials+0x14c/0x160
[ 49.290359][ T5057] qlist_free_all+0x58/0x150
[ 49.294939][ T5057] kasan_quarantine_reduce+0x18e/0x1d0
[ 49.300382][ T5057] __kasan_slab_alloc+0x65/0x90
[ 49.305219][ T5057] __kmalloc+0x1bd/0x440
[ 49.309455][ T5057] tomoyo_supervisor+0x43d/0xea0
[ 49.314375][ T5057] tomoyo_env_perm+0x18f/0x200
[ 49.319121][ T5057] tomoyo_find_next_domain+0xef6/0x2020
[ 49.324653][ T5057] tomoyo_bprm_check_security+0x12b/0x1d0
[ 49.330372][ T5057] security_bprm_check+0x6a/0xe0
[ 49.335294][ T5057] bprm_execve+0x73a/0x1a90
[ 49.339786][ T5057] do_execveat_common.isra.0+0x5d3/0x740
[ 49.345402][ T5057] __x64_sys_execve+0x8c/0xb0
[ 49.350064][ T5057] do_syscall_64+0xd3/0x250
[ 49.354548][ T5057]
[ 49.356856][ T5057] Memory state around the buggy address:
[ 49.362466][ T5057] ffff88802383bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.370507][ T5057] ffff88802383bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.378551][ T5057] >ffff88802383c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.386604][ T5057] ^
[ 49.390653][ T5057] ffff88802383c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.398696][ T5057] ffff88802383c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.406734][ T5057] ==================================================================
[ 49.414976][ T5057] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 49.422695][ T5057] CPU: 0 PID: 5057 Comm: syz-executor401 Tainted: G B 6.7.0-syzkaller-09928-g052d534373b7 #0
[ 49.434240][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 49.444291][ T5057] Call Trace:
[ 49.447556][ T5057]
[ 49.450471][ T5057] dump_stack_lvl+0xd9/0x1b0
[ 49.455083][ T5057] panic+0x6dc/0x790
[ 49.458970][ T5057] ? panic_smp_self_stop+0xa0/0xa0
[ 49.464067][ T5057] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 49.470039][ T5057] ? preempt_schedule_common+0x45/0xc0
[ 49.475490][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 49.480424][ T5057] ? preempt_schedule_thunk+0x1a/0x30
[ 49.485793][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 49.490727][ T5057] end_report+0x12f/0x150
[ 49.495047][ T5057] kasan_report_invalid_free+0xbb/0xd0
[ 49.500500][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 49.505437][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 49.510365][ T5057] __kasan_slab_free+0x18f/0x1b0
[ 49.515287][ T5057] kfree+0x124/0x360
[ 49.519169][ T5057] ? kill_f2fs_super+0x2ce/0x430
[ 49.524098][ T5057] kill_f2fs_super+0x2ce/0x430
[ 49.528850][ T5057] ? trace_event_raw_event_f2fs_unlink_enter+0x450/0x450
[ 49.535866][ T5057] ? f2fs_record_error_work+0x20/0x20
[ 49.541228][ T5057] deactivate_locked_super+0xbc/0x1a0
[ 49.546943][ T5057] mount_bdev+0x277/0x2d0
[ 49.551267][ T5057] ? sget+0x640/0x640
[ 49.555243][ T5057] ? apparmor_capable+0x126/0x1e0
[ 49.560261][ T5057] ? destroy_device_list+0x200/0x200
[ 49.565536][ T5057] legacy_get_tree+0x109/0x220
[ 49.570290][ T5057] vfs_get_tree+0x8c/0x370
[ 49.574692][ T5057] path_mount+0x14e6/0x1f20
[ 49.579185][ T5057] ? kmem_cache_free+0x129/0x350
[ 49.584114][ T5057] ? finish_automount+0xa40/0xa40
[ 49.589133][ T5057] ? putname+0x12e/0x170
[ 49.593365][ T5057] __x64_sys_mount+0x293/0x310
[ 49.598124][ T5057] ? copy_mnt_ns+0x9f0/0x9f0
[ 49.602707][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50
[ 49.607897][ T5057] ? ptrace_notify+0xf4/0x130
[ 49.612562][ T5057] do_syscall_64+0xd3/0x250
[ 49.617056][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 49.622940][ T5057] RIP: 0033:0x7f01b31e18ba
[ 49.627339][ T5057] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.646929][ T5057] RSP: 002b:00007fffd9b750c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 49.655326][ T5057] RAX: ffffffffffffffda RBX: 00007fffd9b750e0 RCX: 00007f01b31e18ba
[ 49.663280][ T5057] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007fffd9b750e0
[ 49.671236][ T5057] RBP: 0000000000000004 R08: 00007fffd9b75120 R09: 0000000000007e65
[ 49.679192][ T5057] R10: 0000000000000410 R11: 0000000000000286 R12: 0000000000000410
[ 49.687145][ T5057] R13: 00007fffd9b75120 R14: 0000000000000003 R15: 0000000001ee4e54
[ 49.695103][ T5057]
[ 49.698321][ T5057] Kernel Offset: disabled
[ 49.702620][ T5057] Rebooting in 86400 seconds..