./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2751976885
<...>
Warning: Permanently added '10.128.1.67' (ED25519) to the list of known hosts.
execve("./syz-executor2751976885", ["./syz-executor2751976885"], 0x7ffd47c8ddc0 /* 10 vars */) = 0
brk(NULL) = 0x5555556f4000
brk(0x5555556f4d00) = 0x5555556f4d00
arch_prctl(ARCH_SET_FS, 0x5555556f4380) = 0
set_tid_address(0x5555556f4650) = 5046
set_robust_list(0x5555556f4660, 24) = 0
rseq(0x5555556f4ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2751976885", 4096) = 28
getrandom("\xd2\xcc\x76\xf3\xe1\x5a\xdc\x16", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555556f4d00
brk(0x555555715d00) = 0x555555715d00
brk(0x555555716000) = 0x555555716000
mprotect(0x7fb05d6c0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb055200000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836
munmap(0x7fb055200000, 138412032) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
close(4) = 0
mkdir("./file1", 0777) = 0
[ 69.170742][ T5046] loop0: detected capacity change from 0 to 63271
[ 69.192701][ T5046] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605)
[ 69.201300][ T5046] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 69.211817][ T5046] F2FS-fs (loop0): invalid crc value
[ 69.220744][ T5046] F2FS-fs (loop0): SIT is corrupted node# 0 vs 1
[ 69.227853][ T5046] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117)
[ 69.239063][ T5046] ==================================================================
[ 69.247153][ T5046] BUG: KASAN: slab-use-after-free in kill_f2fs_super+0x618/0x690
[ 69.254888][ T5046] Read of size 4 at addr ffff888023bdd77c by task syz-executor275/5046
[ 69.263136][ T5046]
[ 69.265463][ T5046] CPU: 0 PID: 5046 Comm: syz-executor275 Not tainted 6.7.0-syzkaller-06264-g70d201a40823 #0
[ 69.275521][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 69.285574][ T5046] Call Trace:
[ 69.288857][ T5046]
[ 69.291792][ T5046] dump_stack_lvl+0x1e7/0x2d0
[ 69.296503][ T5046] ? tcp_gro_dev_warn+0x260/0x260
[ 69.301535][ T5046] ? panic+0x850/0x850
[ 69.305689][ T5046] ? _printk+0xd5/0x120
[ 69.309844][ T5046] ? __virt_addr_valid+0x17e/0x480
[ 69.314958][ T5046] print_report+0x163/0x540
[ 69.319471][ T5046] ? __virt_addr_valid+0x17e/0x480
[ 69.324584][ T5046] ? __virt_addr_valid+0x3d1/0x480
[ 69.329705][ T5046] ? __phys_addr+0xba/0x170
[ 69.334212][ T5046] ? kill_f2fs_super+0x618/0x690
[ 69.339158][ T5046] kasan_report+0x142/0x170
[ 69.343678][ T5046] ? kill_f2fs_super+0x618/0x690
[ 69.348633][ T5046] kill_f2fs_super+0x618/0x690
[ 69.353406][ T5046] ? f2fs_mount+0x40/0x40
[ 69.357763][ T5046] ? radix_tree_delete_item+0x2e0/0x3f0
[ 69.363329][ T5046] ? shrinker_free+0x2c3/0x3d0
[ 69.368111][ T5046] deactivate_locked_super+0xc1/0x130
[ 69.373495][ T5046] mount_bdev+0x222/0x2d0
[ 69.377841][ T5046] ? kill_f2fs_super+0x690/0x690
[ 69.382786][ T5046] ? get_tree_bdev+0x560/0x560
[ 69.387586][ T5046] ? vfs_parse_fs_string+0x190/0x230
[ 69.392883][ T5046] ? vfs_parse_fs_param+0x410/0x410
[ 69.398087][ T5046] ? cap_capable+0x1b4/0x240
[ 69.402687][ T5046] legacy_get_tree+0xef/0x190
[ 69.407372][ T5046] ? trace_raw_output_f2fs__rw_end+0x110/0x110
[ 69.413532][ T5046] vfs_get_tree+0x8c/0x2a0
[ 69.417965][ T5046] do_new_mount+0x2be/0xb40
[ 69.422479][ T5046] ? ns_capable+0x89/0xe0
[ 69.426818][ T5046] ? do_move_mount_old+0x170/0x170
[ 69.431947][ T5046] __se_sys_mount+0x2d9/0x3c0
[ 69.436643][ T5046] ? __x64_sys_mount+0xc0/0xc0
[ 69.441430][ T5046] ? rcu_is_watching+0x15/0xb0
[ 69.446209][ T5046] ? __x64_sys_mount+0x20/0xc0
[ 69.450989][ T5046] do_syscall_64+0xf5/0x230
[ 69.455510][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 69.461421][ T5046] RIP: 0033:0x7fb05d646c7a
[ 69.465841][ T5046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.485458][ T5046] RSP: 002b:00007ffedf4214a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 69.493886][ T5046] RAX: ffffffffffffffda RBX: 00007ffedf4214c0 RCX: 00007fb05d646c7a
[ 69.501868][ T5046] RDX: 00000000200000c0 RSI: 0000000020007f80 RDI: 00007ffedf4214c0
[ 69.509846][ T5046] RBP: 0000000000000010 R08: 00007ffedf421500 R09: 0000000000007e73
[ 69.517823][ T5046] R10: 0000000000000010 R11: 0000000000000286 R12: 0000000000000004
[ 69.525822][ T5046] R13: 00007ffedf421500 R14: 0000000000000003 R15: 0000000001ee4e54
[ 69.533811][ T5046]
[ 69.536836][ T5046]
[ 69.539181][ T5046] Allocated by task 5046:
[ 69.543598][ T5046] kasan_save_track+0x3f/0x70
[ 69.548290][ T5046] __kasan_kmalloc+0x98/0xb0
[ 69.552892][ T5046] kmalloc_trace+0x1d6/0x360
[ 69.557493][ T5046] f2fs_fill_super+0xce/0x8170
[ 69.562261][ T5046] mount_bdev+0x206/0x2d0
[ 69.566610][ T5046] legacy_get_tree+0xef/0x190
[ 69.571291][ T5046] vfs_get_tree+0x8c/0x2a0
[ 69.575721][ T5046] do_new_mount+0x2be/0xb40
[ 69.580242][ T5046] __se_sys_mount+0x2d9/0x3c0
[ 69.584934][ T5046] do_syscall_64+0xf5/0x230
[ 69.589447][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 69.595376][ T5046]
[ 69.597706][ T5046] Freed by task 5046:
[ 69.601687][ T5046] kasan_save_track+0x3f/0x70
[ 69.606377][ T5046] kasan_save_free_info+0x4e/0x60
[ 69.611422][ T5046] poison_slab_object+0xa6/0xe0
[ 69.616374][ T5046] __kasan_slab_free+0x34/0x60
[ 69.621178][ T5046] kfree+0x14a/0x380
[ 69.625087][ T5046] f2fs_fill_super+0x6b04/0x8170
[ 69.630027][ T5046] mount_bdev+0x206/0x2d0
[ 69.634366][ T5046] legacy_get_tree+0xef/0x190
[ 69.639062][ T5046] vfs_get_tree+0x8c/0x2a0
[ 69.643501][ T5046] do_new_mount+0x2be/0xb40
[ 69.648012][ T5046] __se_sys_mount+0x2d9/0x3c0
[ 69.652703][ T5046] do_syscall_64+0xf5/0x230
[ 69.657224][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 69.663134][ T5046]
[ 69.665456][ T5046] The buggy address belongs to the object at ffff888023bdc000
[ 69.665456][ T5046] which belongs to the cache kmalloc-8k of size 8192
[ 69.679516][ T5046] The buggy address is located 6012 bytes inside of
[ 69.679516][ T5046] freed 8192-byte region [ffff888023bdc000, ffff888023bde000)
[ 69.693495][ T5046]
[ 69.695820][ T5046] The buggy address belongs to the physical page:
[ 69.702245][ T5046] page:ffffea00008ef600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23bd8
[ 69.712407][ T5046] head:ffffea00008ef600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 69.721344][ T5046] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 69.729762][ T5046] page_type: 0xffffffff()
[ 69.734100][ T5046] raw: 00fff00000000840 ffff888012c42280 0000000000000000 0000000000000001
[ 69.742688][ T5046] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 69.751276][ T5046] page dumped because: kasan: bad access detected
[ 69.757687][ T5046] page_owner tracks the page as allocated
[ 69.763398][ T5046] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4713, tgid 4713 (start-stop-daem), ts 38918540171, free_ts 38307438771
[ 69.784245][ T5046] post_alloc_hook+0x1e6/0x210
[ 69.789021][ T5046] get_page_from_freelist+0x33ea/0x3570
[ 69.794580][ T5046] __alloc_pages+0x255/0x680
[ 69.799182][ T5046] alloc_slab_page+0x5f/0x160
[ 69.803865][ T5046] new_slab+0x84/0x2f0
[ 69.808113][ T5046] ___slab_alloc+0xd17/0x13d0
[ 69.812793][ T5046] kmalloc_trace+0x25d/0x360
[ 69.817396][ T5046] tomoyo_init_log+0x11cd/0x2040
[ 69.822341][ T5046] tomoyo_supervisor+0x386/0x11f0
[ 69.827373][ T5046] tomoyo_env_perm+0x178/0x210
[ 69.832166][ T5046] tomoyo_find_next_domain+0x1383/0x1cf0
[ 69.837824][ T5046] tomoyo_bprm_check_security+0x114/0x170
[ 69.843561][ T5046] security_bprm_check+0x63/0xa0
[ 69.848508][ T5046] bprm_execve+0x95f/0x18a0
[ 69.853033][ T5046] do_execveat_common+0x580/0x720
[ 69.858084][ T5046] __x64_sys_execve+0x92/0xa0
[ 69.862771][ T5046] page last free pid 4699 tgid 4699 stack trace:
[ 69.869097][ T5046] free_unref_page_prepare+0x959/0xa80
[ 69.874581][ T5046] free_unref_page+0x37/0x3f0
[ 69.879357][ T5046] __put_partials+0xeb/0x130
[ 69.883949][ T5046] put_cpu_partial+0x17b/0x250
[ 69.888718][ T5046] __slab_free+0x2fe/0x410
[ 69.893314][ T5046] qlist_free_all+0x6d/0xd0
[ 69.897825][ T5046] kasan_quarantine_reduce+0x14b/0x160
[ 69.903288][ T5046] __kasan_slab_alloc+0x23/0x70
[ 69.908151][ T5046] __kmalloc+0x1dd/0x490
[ 69.912407][ T5046] tomoyo_supervisor+0xe06/0x11f0
[ 69.917435][ T5046] tomoyo_check_unix_address+0x59b/0x880
[ 69.923194][ T5046] tomoyo_socket_bind_permission+0x21c/0x340
[ 69.929185][ T5046] security_socket_bind+0x71/0xa0
[ 69.934224][ T5046] __sys_bind+0x1ba/0x2e0
[ 69.938556][ T5046] __x64_sys_bind+0x7a/0x90
[ 69.943063][ T5046] do_syscall_64+0xf5/0x230
[ 69.947609][ T5046]
[ 69.949931][ T5046] Memory state around the buggy address:
[ 69.955562][ T5046] ffff888023bdd600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.963629][ T5046] ffff888023bdd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.971706][ T5046] >ffff888023bdd700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.979772][ T5046] ^
[ 69.987751][ T5046] ffff888023bdd780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.995817][ T5046] ffff888023bdd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 70.003877][ T5046] ==================================================================
[ 70.013145][ T5046] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 70.020385][ T5046] CPU: 0 PID: 5046 Comm: syz-executor275 Not tainted 6.7.0-syzkaller-06264-g70d201a40823 #0
[ 70.030477][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 70.040551][ T5046] Call Trace:
[ 70.043835][ T5046]
[ 70.046767][ T5046] dump_stack_lvl+0x1e7/0x2d0
[ 70.051465][ T5046] ? tcp_gro_dev_warn+0x260/0x260
[ 70.056499][ T5046] ? panic+0x850/0x850
[ 70.060573][ T5046] ? rcu_is_watching+0x15/0xb0
[ 70.065355][ T5046] ? vscnprintf+0x5d/0x80
[ 70.069697][ T5046] panic+0x349/0x850
[ 70.073625][ T5046] ? check_panic_on_warn+0x21/0xa0
[ 70.078747][ T5046] ? __memcpy_flushcache+0x2b0/0x2b0
[ 70.084043][ T5046] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 70.090034][ T5046] ? _raw_spin_unlock+0x40/0x40
[ 70.094899][ T5046] ? print_report+0x4fb/0x540
[ 70.099599][ T5046] check_panic_on_warn+0x82/0xa0
[ 70.104552][ T5046] ? kill_f2fs_super+0x618/0x690
[ 70.109501][ T5046] end_report+0x6e/0x140
[ 70.113768][ T5046] kasan_report+0x153/0x170
[ 70.118293][ T5046] ? kill_f2fs_super+0x618/0x690
[ 70.123240][ T5046] kill_f2fs_super+0x618/0x690
[ 70.128011][ T5046] ? f2fs_mount+0x40/0x40
[ 70.132344][ T5046] ? radix_tree_delete_item+0x2e0/0x3f0
[ 70.137907][ T5046] ? shrinker_free+0x2c3/0x3d0
[ 70.142688][ T5046] deactivate_locked_super+0xc1/0x130
[ 70.148077][ T5046] mount_bdev+0x222/0x2d0
[ 70.152417][ T5046] ? kill_f2fs_super+0x690/0x690
[ 70.157391][ T5046] ? get_tree_bdev+0x560/0x560
[ 70.162168][ T5046] ? vfs_parse_fs_string+0x190/0x230
[ 70.167461][ T5046] ? vfs_parse_fs_param+0x410/0x410
[ 70.172668][ T5046] ? cap_capable+0x1b4/0x240
[ 70.177277][ T5046] legacy_get_tree+0xef/0x190
[ 70.181964][ T5046] ? trace_raw_output_f2fs__rw_end+0x110/0x110
[ 70.188127][ T5046] vfs_get_tree+0x8c/0x2a0
[ 70.192571][ T5046] do_new_mount+0x2be/0xb40
[ 70.197103][ T5046] ? ns_capable+0x89/0xe0
[ 70.201450][ T5046] ? do_move_mount_old+0x170/0x170
[ 70.206580][ T5046] __se_sys_mount+0x2d9/0x3c0
[ 70.211275][ T5046] ? __x64_sys_mount+0xc0/0xc0
[ 70.216056][ T5046] ? rcu_is_watching+0x15/0xb0
[ 70.220839][ T5046] ? __x64_sys_mount+0x20/0xc0
[ 70.225624][ T5046] do_syscall_64+0xf5/0x230
[ 70.230145][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 70.236056][ T5046] RIP: 0033:0x7fb05d646c7a
[ 70.240479][ T5046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.260101][ T5046] RSP: 002b:00007ffedf4214a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 70.268531][ T5046] RAX: ffffffffffffffda RBX: 00007ffedf4214c0 RCX: 00007fb05d646c7a
[ 70.276520][ T5046] RDX: 00000000200000c0 RSI: 0000000020007f80 RDI: 00007ffedf4214c0
[ 70.284523][ T5046] RBP: 0000000000000010 R08: 00007ffedf421500 R09: 0000000000007e73
[ 70.292521][ T5046] R10: 0000000000000010 R11: 0000000000000286 R12: 0000000000000004
[ 70.300501][ T5046] R13: 00007ffedf421500 R14: 0000000000000003 R15: 0000000001ee4e54
[ 70.308494][ T5046]
[ 70.311736][ T5046] Kernel Offset: disabled
[ 70.316081][ T5046] Rebooting in 86400 seconds..