./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3048110258
<...>
Warning: Permanently added '10.128.0.136' (ED25519) to the list of known hosts.
execve("./syz-executor3048110258", ["./syz-executor3048110258"], 0x7ffe5b94fd80 /* 10 vars */) = 0
brk(NULL) = 0x555571e9d000
brk(0x555571e9dd00) = 0x555571e9dd00
arch_prctl(ARCH_SET_FS, 0x555571e9d380) = 0
set_tid_address(0x555571e9d650) = 5068
set_robust_list(0x555571e9d660, 24) = 0
rseq(0x555571e9dca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3048110258", 4096) = 28
getrandom("\x32\xaa\x89\x39\xc8\xd2\x63\x0c", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555571e9dd00
brk(0x555571ebed00) = 0x555571ebed00
brk(0x555571ebf000) = 0x555571ebf000
mprotect(0x7fa7867a3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa77e200000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119
munmap(0x7fa77e200000, 138412032) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
close(4) = 0
mkdir("./file0", 0777) = 0
[ 58.226398][ T5068] loop0: detected capacity change from 0 to 40427
[ 58.265306][ T5068] F2FS-fs (loop0): invalid crc value
mount("/dev/loop0", "./file0", "f2fs", 0, "lazytime,noinline_xattr,lazytime,nobarrier,active_logs=4,user_xattr,mode=lfs,alloc_mode=default,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, ".", O_RDONLY) = 4
[ 58.279214][ T5068] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 58.314659][ T5068] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[ 58.356300][ T5068] ==================================================================
[ 58.364386][ T5068] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200
[ 58.372366][ T5068] Read of size 1 at addr ffff888027fe266c by task syz-executor304/5068
[ 58.380584][ T5068]
[ 58.382892][ T5068] CPU: 0 PID: 5068 Comm: syz-executor304 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 58.393286][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 58.403322][ T5068] Call Trace:
[ 58.406589][ T5068]
[ 58.409505][ T5068] dump_stack_lvl+0x241/0x360
[ 58.414175][ T5068] ? __pfx_dump_stack_lvl+0x10/0x10
[ 58.419353][ T5068] ? __pfx__printk+0x10/0x10
[ 58.423924][ T5068] ? _printk+0xd5/0x120
[ 58.428058][ T5068] ? __virt_addr_valid+0x183/0x520
[ 58.433151][ T5068] ? __virt_addr_valid+0x183/0x520
[ 58.438242][ T5068] print_report+0x169/0x550
[ 58.442743][ T5068] ? __virt_addr_valid+0x183/0x520
[ 58.447834][ T5068] ? __virt_addr_valid+0x183/0x520
[ 58.452925][ T5068] ? __virt_addr_valid+0x44e/0x520
[ 58.458015][ T5068] ? __phys_addr+0xba/0x170
[ 58.462498][ T5068] ? f2fs_get_node_info+0xece/0x1200
[ 58.467761][ T5068] kasan_report+0x143/0x180
[ 58.472243][ T5068] ? f2fs_get_node_info+0xece/0x1200
[ 58.477508][ T5068] f2fs_get_node_info+0xece/0x1200
[ 58.482603][ T5068] f2fs_fiemap+0x55d/0x1ee0
[ 58.487096][ T5068] ? __pfx_f2fs_fiemap+0x10/0x10
[ 58.492011][ T5068] ? __might_fault+0xaa/0x120
[ 58.496664][ T5068] ? stack_depot_save_flags+0x29/0x830
[ 58.502110][ T5068] ? __pfx_lock_release+0x10/0x10
[ 58.507133][ T5068] ? kasan_save_track+0x51/0x80
[ 58.511961][ T5068] ? kasan_save_track+0x3f/0x80
[ 58.516790][ T5068] ? __might_fault+0xc6/0x120
[ 58.521444][ T5068] ? __pfx_f2fs_fiemap+0x10/0x10
[ 58.526359][ T5068] do_vfs_ioctl+0x1c07/0x2e50
[ 58.531015][ T5068] ? __pfx_do_vfs_ioctl+0x10/0x10
[ 58.536019][ T5068] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 58.542323][ T5068] ? tomoyo_path_number_perm+0x208/0x880
[ 58.547933][ T5068] ? __pfx_lock_release+0x10/0x10
[ 58.552936][ T5068] ? kfree+0x153/0x3a0
[ 58.556984][ T5068] ? tomoyo_path_number_perm+0x71a/0x880
[ 58.562595][ T5068] ? tomoyo_path_number_perm+0x208/0x880
[ 58.568228][ T5068] ? smack_log+0x123/0x540
[ 58.572638][ T5068] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 58.578613][ T5068] ? __pfx_smack_log+0x10/0x10
[ 58.583369][ T5068] ? smk_access+0x4ab/0x4e0
[ 58.587870][ T5068] ? smk_tskacc+0x300/0x370
[ 58.592367][ T5068] ? smack_file_ioctl+0x2fa/0x3a0
[ 58.597383][ T5068] ? __pfx_smack_file_ioctl+0x10/0x10
[ 58.602740][ T5068] ? __pfx_ptrace_notify+0x10/0x10
[ 58.607841][ T5068] ? bpf_lsm_file_ioctl+0x9/0x10
[ 58.612760][ T5068] ? security_file_ioctl+0x87/0xb0
[ 58.617850][ T5068] __se_sys_ioctl+0x81/0x170
[ 58.622444][ T5068] do_syscall_64+0xf5/0x240
[ 58.626941][ T5068] ? clear_bhb_loop+0x35/0x90
[ 58.631608][ T5068] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.637502][ T5068] RIP: 0033:0x7fa78672a739
[ 58.641905][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 58.661500][ T5068] RSP: 002b:00007ffc1d610258 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.669896][ T5068] RAX: ffffffffffffffda RBX: 00007ffc1d610428 RCX: 00007fa78672a739
[ 58.677846][ T5068] RDX: 0000000020000040 RSI: 00000000c020660b RDI: 0000000000000004
[ 58.685795][ T5068] RBP: 00007fa7867a3610 R08: 0000000000000000 R09: 00007ffc1d610428
[ 58.693744][ T5068] R10: 000000000000551a R11: 0000000000000246 R12: 0000000000000001
[ 58.701695][ T5068] R13: 00007ffc1d610418 R14: 0000000000000001 R15: 0000000000000001
[ 58.709652][ T5068]
[ 58.712657][ T5068]
[ 58.714958][ T5068] Allocated by task 5068:
[ 58.719261][ T5068] kasan_save_track+0x3f/0x80
[ 58.723921][ T5068] __kasan_kmalloc+0x98/0xb0
[ 58.728488][ T5068] __kmalloc_node_track_caller+0x24e/0x4e0
[ 58.734289][ T5068] kmemdup+0x2a/0x60
[ 58.738185][ T5068] f2fs_build_node_manager+0x8cc/0x2870
[ 58.743723][ T5068] f2fs_fill_super+0x583c/0x8120
[ 58.748646][ T5068] mount_bdev+0x20a/0x2d0
[ 58.752967][ T5068] legacy_get_tree+0xee/0x190
[ 58.757636][ T5068] vfs_get_tree+0x90/0x2a0
[ 58.762049][ T5068] do_new_mount+0x2be/0xb40
[ 58.766543][ T5068] __se_sys_mount+0x2d9/0x3c0
[ 58.771209][ T5068] do_syscall_64+0xf5/0x240
[ 58.775703][ T5068] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.781581][ T5068]
[ 58.783894][ T5068] The buggy address belongs to the object at ffff888027fe2600
[ 58.783894][ T5068] which belongs to the cache kmalloc-64 of size 64
[ 58.797749][ T5068] The buggy address is located 44 bytes to the right of
[ 58.797749][ T5068] allocated 64-byte region [ffff888027fe2600, ffff888027fe2640)
[ 58.812212][ T5068]
[ 58.814515][ T5068] The buggy address belongs to the physical page:
[ 58.820900][ T5068] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27fe2
[ 58.829637][ T5068] anon flags: 0xfff80000000800(slab|node=0|zone=1|lastcpupid=0xfff)
[ 58.837596][ T5068] page_type: 0xffffffff()
[ 58.841923][ T5068] raw: 00fff80000000800 ffff888015041640 0000000000000000 dead000000000001
[ 58.850482][ T5068] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[ 58.859040][ T5068] page dumped because: kasan: bad access detected
[ 58.865424][ T5068] page_owner tracks the page as allocated
[ 58.871113][ T5068] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4525, tgid 1164790063 (udevadm), ts 4525, free_ts 16305344130
[ 58.888708][ T5068] post_alloc_hook+0x1ea/0x210
[ 58.893453][ T5068] get_page_from_freelist+0x3410/0x35b0
[ 58.898977][ T5068] __alloc_pages+0x256/0x6c0
[ 58.903545][ T5068] alloc_slab_page+0x5f/0x160
[ 58.908203][ T5068] new_slab+0x84/0x2f0
[ 58.912247][ T5068] ___slab_alloc+0xc73/0x1260
[ 58.916898][ T5068] __kmalloc+0x2e5/0x4a0
[ 58.921117][ T5068] tomoyo_encode+0x26f/0x540
[ 58.925685][ T5068] tomoyo_realpath_from_path+0x59e/0x5e0
[ 58.931293][ T5068] tomoyo_path_perm+0x2b7/0x740
[ 58.936121][ T5068] security_inode_getattr+0xd8/0x130
[ 58.941380][ T5068] vfs_getattr+0x45/0x430
[ 58.945689][ T5068] vfs_statx+0x1a5/0x4e0
[ 58.949909][ T5068] vfs_fstatat+0x135/0x190
[ 58.954305][ T5068] __x64_sys_newfstatat+0x117/0x190
[ 58.959478][ T5068] do_syscall_64+0xf5/0x240
[ 58.963962][ T5068] page last free pid 1 tgid 1 stack trace:
[ 58.969739][ T5068] free_unref_page_prepare+0x97b/0xaa0
[ 58.975182][ T5068] free_unref_page+0x37/0x3f0
[ 58.979838][ T5068] kasan_depopulate_vmalloc_pte+0x74/0x90
[ 58.985533][ T5068] __apply_to_page_range+0x8ec/0xe40
[ 58.990799][ T5068] kasan_release_vmalloc+0x9a/0xb0
[ 58.995888][ T5068] purge_vmap_node+0x3e3/0x770
[ 59.000645][ T5068] __purge_vmap_area_lazy+0x715/0xaf0
[ 59.005994][ T5068] _vm_unmap_aliases+0x7d3/0x870
[ 59.010910][ T5068] change_page_attr_set_clr+0x2fc/0xf70
[ 59.016433][ T5068] set_memory_nx+0xf2/0x130
[ 59.020913][ T5068] free_initmem+0x79/0x110
[ 59.025303][ T5068] kernel_init+0x31/0x2b0
[ 59.029606][ T5068] ret_from_fork+0x4b/0x80
[ 59.034001][ T5068] ret_from_fork_asm+0x1a/0x30
[ 59.038743][ T5068]
[ 59.041044][ T5068] Memory state around the buggy address:
[ 59.046646][ T5068] ffff888027fe2500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 59.054682][ T5068] ffff888027fe2580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 59.062718][ T5068] >ffff888027fe2600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 59.070750][ T5068] ^
[ 59.078179][ T5068] ffff888027fe2680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 59.086214][ T5068] ffff888027fe2700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 59.094248][ T5068] ==================================================================
[ 59.102708][ T5068] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.109925][ T5068] CPU: 1 PID: 5068 Comm: syz-executor304 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0
[ 59.120324][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 59.130377][ T5068] Call Trace:
[ 59.133651][ T5068]
[ 59.136576][ T5068] dump_stack_lvl+0x241/0x360
[ 59.141252][ T5068] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.146442][ T5068] ? __pfx__printk+0x10/0x10
[ 59.151026][ T5068] ? preempt_schedule+0xe1/0xf0
[ 59.155875][ T5068] ? vscnprintf+0x5d/0x90
[ 59.160192][ T5068] panic+0x349/0x860
[ 59.164078][ T5068] ? check_panic_on_warn+0x21/0xb0
[ 59.169182][ T5068] ? __pfx_panic+0x10/0x10
[ 59.173590][ T5068] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 59.179567][ T5068] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 59.185887][ T5068] ? print_report+0x502/0x550
[ 59.190559][ T5068] check_panic_on_warn+0x86/0xb0
[ 59.195488][ T5068] ? f2fs_get_node_info+0xece/0x1200
[ 59.200771][ T5068] end_report+0x77/0x160
[ 59.205003][ T5068] kasan_report+0x154/0x180
[ 59.209499][ T5068] ? f2fs_get_node_info+0xece/0x1200
[ 59.214781][ T5068] f2fs_get_node_info+0xece/0x1200
[ 59.219887][ T5068] f2fs_fiemap+0x55d/0x1ee0
[ 59.224389][ T5068] ? __pfx_f2fs_fiemap+0x10/0x10
[ 59.229314][ T5068] ? __might_fault+0xaa/0x120
[ 59.233976][ T5068] ? stack_depot_save_flags+0x29/0x830
[ 59.239429][ T5068] ? __pfx_lock_release+0x10/0x10
[ 59.244444][ T5068] ? kasan_save_track+0x51/0x80
[ 59.249282][ T5068] ? kasan_save_track+0x3f/0x80
[ 59.254125][ T5068] ? __might_fault+0xc6/0x120
[ 59.258790][ T5068] ? __pfx_f2fs_fiemap+0x10/0x10
[ 59.263715][ T5068] do_vfs_ioctl+0x1c07/0x2e50
[ 59.268384][ T5068] ? __pfx_do_vfs_ioctl+0x10/0x10
[ 59.273403][ T5068] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.279721][ T5068] ? tomoyo_path_number_perm+0x208/0x880
[ 59.285341][ T5068] ? __pfx_lock_release+0x10/0x10
[ 59.290356][ T5068] ? kfree+0x153/0x3a0
[ 59.294415][ T5068] ? tomoyo_path_number_perm+0x71a/0x880
[ 59.300040][ T5068] ? tomoyo_path_number_perm+0x208/0x880
[ 59.305660][ T5068] ? smack_log+0x123/0x540
[ 59.310093][ T5068] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 59.316126][ T5068] ? __pfx_smack_log+0x10/0x10
[ 59.320892][ T5068] ? smk_access+0x4ab/0x4e0
[ 59.325391][ T5068] ? smk_tskacc+0x300/0x370
[ 59.329892][ T5068] ? smack_file_ioctl+0x2fa/0x3a0
[ 59.334911][ T5068] ? __pfx_smack_file_ioctl+0x10/0x10
[ 59.340278][ T5068] ? __pfx_ptrace_notify+0x10/0x10
[ 59.345395][ T5068] ? bpf_lsm_file_ioctl+0x9/0x10
[ 59.350331][ T5068] ? security_file_ioctl+0x87/0xb0
[ 59.355437][ T5068] __se_sys_ioctl+0x81/0x170
[ 59.360088][ T5068] do_syscall_64+0xf5/0x240
[ 59.364620][ T5068] ? clear_bhb_loop+0x35/0x90
[ 59.369312][ T5068] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.375205][ T5068] RIP: 0033:0x7fa78672a739
[ 59.379627][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.399230][ T5068] RSP: 002b:00007ffc1d610258 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 59.407644][ T5068] RAX: ffffffffffffffda RBX: 00007ffc1d610428 RCX: 00007fa78672a739
[ 59.415611][ T5068] RDX: 0000000020000040 RSI: 00000000c020660b RDI: 0000000000000004
[ 59.423572][ T5068] RBP: 00007fa7867a3610 R08: 0000000000000000 R09: 00007ffc1d610428
[ 59.431534][ T5068] R10: 000000000000551a R11: 0000000000000246 R12: 0000000000000001
[ 59.439500][ T5068] R13: 00007ffc1d610418 R14: 0000000000000001 R15: 0000000000000001
[ 59.447464][ T5068]
[ 59.450748][ T5068] Kernel Offset: disabled
[ 59.455055][ T5068] Rebooting in 86400 seconds..