Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts. 2024/01/14 04:30:43 ignoring optional flag "sandboxArg"="0" 2024/01/14 04:30:43 parsed 1 programs 2024/01/14 04:30:44 executed programs: 0 [ 45.722542][ T2137] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.858433][ T2561] loop0: detected capacity change from 0 to 63271 [ 47.865856][ T2561] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 47.874279][ T2561] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 47.882599][ T2561] F2FS-fs (loop0): Unrecognized mount option "18446744073709551615184467440737095516150177777777777777777777718446744073709551615”źû÷ǘ$H¦Qs¾G™" or missing value [ 47.899529][ T2561] ================================================================== [ 47.907564][ T2561] BUG: KASAN: slab-use-after-free in kill_f2fs_super+0x474/0x530 [ 47.915253][ T2561] Read of size 4 at addr ffff888173785774 by task syz-executor.0/2561 [ 47.923459][ T2561] [ 47.925799][ T2561] CPU: 0 PID: 2561 Comm: syz-executor.0 Not tainted 6.7.0-rc4-syzkaller #0 [ 47.934468][ T2561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 47.944513][ T2561] Call Trace: [ 47.947764][ T2561] [ 47.950675][ T2561] dump_stack_lvl+0x3d/0x60 [ 47.955147][ T2561] print_report+0xc4/0x620 [ 47.959531][ T2561] kasan_report+0xda/0x110 [ 47.963915][ T2561] ? kill_f2fs_super+0x474/0x530 [ 47.968840][ T2561] ? kill_f2fs_super+0x474/0x530 [ 47.973743][ T2561] ? f2fs_record_error_work+0x10/0x10 [ 47.979086][ T2561] kill_f2fs_super+0x474/0x530 [ 47.983818][ T2561] ? trace_event_raw_event_f2fs_unlink_enter+0x410/0x410 [ 47.990803][ T2561] ? node_reclaim+0x210/0x210 [ 47.995444][ T2561] ? f2fs_record_error_work+0x10/0x10 [ 48.000789][ T2561] deactivate_locked_super+0x9d/0x160 [ 48.006125][ T2561] mount_bdev+0x219/0x270 [ 48.010421][ T2561] ? sget+0x530/0x530 [ 48.014380][ T2561] ? vfs_parse_fs_string+0xd3/0x120 [ 48.019572][ T2561] ? vfs_parse_fs_param+0x360/0x360 [ 48.024735][ T2561] ? trace_raw_output_f2fs__bio+0x290/0x290 [ 48.030593][ T2561] legacy_get_tree+0xfe/0x1f0 [ 48.035237][ T2561] ? security_capable+0x67/0xa0 [ 48.040051][ T2561] vfs_get_tree+0x82/0x220 [ 48.044434][ T2561] path_mount+0x878/0x1a00 [ 48.048818][ T2561] ? finish_automount+0x730/0x730 [ 48.053810][ T2561] ? kmem_cache_free+0xe9/0x450 [ 48.058630][ T2561] ? getname_flags.part.0+0xb2/0x440 [ 48.063880][ T2561] __x64_sys_mount+0x208/0x280 [ 48.068608][ T2561] ? copy_mnt_ns+0xa70/0xa70 [ 48.073161][ T2561] ? fpregs_assert_state_consistent+0x41/0x60 [ 48.079192][ T2561] do_syscall_64+0x40/0xe0 [ 48.083576][ T2561] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 48.089433][ T2561] RIP: 0033:0x7fd1b4c7e4aa [ 48.093813][ T2561] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.113392][ T2561] RSP: 002b:00007fd1b5a0cef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 48.121767][ T2561] RAX: ffffffffffffffda RBX: 00007fd1b5a0cf80 RCX: 00007fd1b4c7e4aa [ 48.129714][ T2561] RDX: 00000000200000c0 RSI: 0000000020010280 RDI: 00007fd1b5a0cf40 [ 48.137653][ T2561] RBP: 00000000200000c0 R08: 00007fd1b5a0cf80 R09: 0000000000000010 [ 48.145594][ T2561] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020010280 [ 48.153544][ T2561] R13: 00007fd1b5a0cf40 R14: 0000000000007e64 R15: 0000000020008000 [ 48.161482][ T2561] [ 48.164574][ T2561] [ 48.166869][ T2561] Allocated by task 2561: [ 48.171159][ T2561] kasan_save_stack+0x33/0x50 [ 48.175802][ T2561] kasan_set_track+0x25/0x30 [ 48.180356][ T2561] __kasan_kmalloc+0xa2/0xb0 [ 48.184919][ T2561] f2fs_fill_super+0xeb/0x88d0 [ 48.189655][ T2561] mount_bdev+0x19e/0x270 [ 48.193969][ T2561] legacy_get_tree+0xfe/0x1f0 [ 48.198612][ T2561] vfs_get_tree+0x82/0x220 [ 48.202993][ T2561] path_mount+0x878/0x1a00 [ 48.207386][ T2561] __x64_sys_mount+0x208/0x280 [ 48.212125][ T2561] do_syscall_64+0x40/0xe0 [ 48.216514][ T2561] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 48.222375][ T2561] [ 48.224673][ T2561] Freed by task 2561: [ 48.228645][ T2561] kasan_save_stack+0x33/0x50 [ 48.233550][ T2561] kasan_set_track+0x25/0x30 [ 48.238111][ T2561] kasan_save_free_info+0x2b/0x40 [ 48.243099][ T2561] ____kasan_slab_free+0x15b/0x1b0 [ 48.248176][ T2561] slab_free_freelist_hook+0x114/0x1e0 [ 48.253608][ T2561] __kmem_cache_free+0xba/0x320 [ 48.258441][ T2561] f2fs_fill_super+0x170e/0x88d0 [ 48.263353][ T2561] mount_bdev+0x19e/0x270 [ 48.267651][ T2561] legacy_get_tree+0xfe/0x1f0 [ 48.272298][ T2561] vfs_get_tree+0x82/0x220 [ 48.276678][ T2561] path_mount+0x878/0x1a00 [ 48.281060][ T2561] __x64_sys_mount+0x208/0x280 [ 48.285813][ T2561] do_syscall_64+0x40/0xe0 [ 48.290215][ T2561] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 48.296081][ T2561] [ 48.298377][ T2561] The buggy address belongs to the object at ffff888173784000 [ 48.298377][ T2561] which belongs to the cache kmalloc-8k of size 8192 [ 48.312396][ T2561] The buggy address is located 6004 bytes inside of [ 48.312396][ T2561] freed 8192-byte region [ffff888173784000, ffff888173786000) [ 48.326331][ T2561] [ 48.328628][ T2561] The buggy address belongs to the physical page: [ 48.335029][ T2561] page:ffffea0005cde000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x173780 [ 48.345240][ T2561] head:ffffea0005cde000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.354135][ T2561] anon flags: 0x100000000000840(slab|head|node=0|zone=2) [ 48.361122][ T2561] page_type: 0xffffffff() [ 48.365416][ T2561] raw: 0100000000000840 ffff888100042280 0000000000000000 0000000000000001 [ 48.373963][ T2561] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 48.382509][ T2561] page dumped because: kasan: bad access detected [ 48.389345][ T2561] page_owner tracks the page as allocated [ 48.395026][ T2561] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1613, tgid 1613 (syz-fuzzer), ts 24101337894, free_ts 24088460673 [ 48.415385][ T2561] post_alloc_hook+0x27f/0x2f0 [ 48.420127][ T2561] get_page_from_freelist+0x653/0x40c0 [ 48.425551][ T2561] __alloc_pages+0x1d0/0x470 [ 48.430105][ T2561] alloc_pages_mpol+0x175/0x4a0 [ 48.434923][ T2561] allocate_slab+0x24b/0x360 [ 48.439479][ T2561] ___slab_alloc+0x8ce/0x10e0 [ 48.444119][ T2561] __slab_alloc.constprop.0+0x4d/0x90 [ 48.449454][ T2561] __kmem_cache_alloc_node+0x150/0x350 [ 48.454880][ T2561] kmalloc_trace+0x25/0xb0 [ 48.459264][ T2561] tomoyo_init_log+0xb57/0x1ee0 [ 48.464087][ T2561] tomoyo_supervisor+0x2a7/0xc40 [ 48.468989][ T2561] tomoyo_env_perm+0x16c/0x1d0 [ 48.473715][ T2561] tomoyo_find_next_domain+0xaf6/0x1db0 [ 48.479221][ T2561] tomoyo_bprm_check_security+0x109/0x170 [ 48.484905][ T2561] security_bprm_check+0x4f/0x80 [ 48.490675][ T2561] bprm_execve+0x5e4/0x14d0 [ 48.495232][ T2561] page last free stack trace: [ 48.499872][ T2561] free_unref_page_prepare+0x562/0xbd0 [ 48.505299][ T2561] free_unref_page+0x33/0x350 [ 48.509949][ T2561] __unfreeze_partials+0x1f3/0x210 [ 48.515027][ T2561] qlist_free_all+0x6a/0x170 [ 48.519581][ T2561] kasan_quarantine_reduce+0x180/0x1b0 [ 48.525007][ T2561] __kasan_slab_alloc+0x65/0x90 [ 48.529819][ T2561] __kmem_cache_alloc_node+0x1bd/0x350 [ 48.535241][ T2561] __kmalloc_node_track_caller+0x50/0x160 [ 48.540926][ T2561] krealloc+0x5d/0x100 [ 48.544966][ T2561] ima_collect_measurement+0x36c/0x930 [ 48.550391][ T2561] process_measurement+0x952/0x1ce0 [ 48.555555][ T2561] ima_file_check+0xb3/0x100 [ 48.560110][ T2561] path_openat+0x12bf/0x2a40 [ 48.564667][ T2561] do_filp_open+0x1bc/0x400 [ 48.569136][ T2561] file_open_name+0x185/0x220 [ 48.573789][ T2561] __do_sys_swapon+0x5fa/0x34f0 [ 48.578608][ T2561] [ 48.580902][ T2561] Memory state around the buggy address: [ 48.586500][ T2561] ffff888173785600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.595046][ T2561] ffff888173785680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.603072][ T2561] >ffff888173785700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.611096][ T2561] ^ [ 48.618875][ T2561] ffff888173785780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.626901][ T2561] ffff888173785800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.634928][ T2561] ================================================================== [ 48.643080][ T2561] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.650484][ T2561] Kernel Offset: disabled [ 48.654778][ T2561] Rebooting in 86400 seconds..