./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3950415944

<...>
Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts.
execve("./syz-executor3950415944", ["./syz-executor3950415944"], 0x7ffe1711ecb0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e5a000
brk(0x555555e5ad00)                     = 0x555555e5ad00
arch_prctl(ARCH_SET_FS, 0x555555e5a380) = 0
set_tid_address(0x555555e5a650)         = 291
set_robust_list(0x555555e5a660, 24)     = 0
rseq(0x555555e5aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3950415944", 4096) = 28
getrandom("\x7c\x78\xc4\x44\xd5\x04\xf0\xe1", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555e5ad00
brk(0x555555e7bd00)                     = 0x555555e7bd00
brk(0x555555e7c000)                     = 0x555555e7c000
mprotect(0x7f398736f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a650) = 292
./strace-static-x86_64: Process 292 attached
[pid   292] set_robust_list(0x555555e5a660, 24) = 0
[pid   292] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   292] setsid()                    = 1
[pid   292] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   292] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   292] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   292] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   292] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   292] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   292] unshare(CLONE_NEWNS)        = 0
[pid   292] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   292] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   292] unshare(CLONE_NEWCGROUP)    = 0
[pid   292] unshare(CLONE_NEWUTS)       = 0
[pid   292] unshare(CLONE_SYSVSEM)      = 0
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   292] getpid()                    = 1
[pid   292] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   292] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   292] unshare(CLONE_NEWNET)       = 0
[pid   292] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   292] write(3, "0 65535", 7)      = 7
[pid   292] close(3)                    = 0
[pid   292] mkdir("/dev/binderfs", 0777) = 0
[pid   292] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   292] symlink("/dev/binderfs", "./binderfs") = 0
[pid   292] memfd_create("syzkaller", 0) = 3
[pid   292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f397eead000
[   19.007122][   T30] audit: type=1400 audit(1712805582.470:66): avc:  denied  { execmem } for  pid=291 comm="syz-executor395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.011067][   T30] audit: type=1400 audit(1712805582.470:67): avc:  denied  { mounton } for  pid=292 comm="syz-executor395" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   19.015116][   T30] audit: type=1400 audit(1712805582.470:68): avc:  denied  { mount } for  pid=292 comm="syz-executor395" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   19.019335][   T30] audit: type=1400 audit(1712805582.470:69): avc:  denied  { mounton } for  pid=292 comm="syz-executor395" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   19.027566][   T30] audit: type=1400 audit(1712805582.490:70): avc:  denied  { mounton } for  pid=292 comm="syz-executor395" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   19.050493][   T30] audit: type=1400 audit(1712805582.490:71): avc:  denied  { mount } for  pid=292 comm="syz-executor395" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[pid   292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864) = 67108864
[pid   292] munmap(0x7f397eead000, 138412032) = 0
[pid   292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   19.323143][   T30] audit: type=1400 audit(1712805582.780:72): avc:  denied  { read write } for  pid=292 comm="syz-executor395" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.347294][   T30] audit: type=1400 audit(1712805582.810:73): avc:  denied  { open } for  pid=292 comm="syz-executor395" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid   292] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   292] close(3)                    = 0
[   19.348131][  T292] loop0: detected capacity change from 0 to 131072
[   19.371383][   T30] audit: type=1400 audit(1712805582.810:74): avc:  denied  { ioctl } for  pid=292 comm="syz-executor395" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid   292] close(4)                    = 0
[pid   292] mkdir("./file0", 0777)      = 0
[pid   292] mount("/dev/loop0", "./file0", "f2fs", 0, "") = 0
[pid   292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   292] chdir("./file0")            = 0
[pid   292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   292] ioctl(4, LOOP_CLR_FD)       = 0
[pid   292] close(4)                    = 0
[pid   292] openat(AT_FDCWD, "./file1", O_RDONLY) = 4
[pid   292] ioctl(4, _IOC(_IOC_NONE, 0xf5, 0x19, 0), 0) = 0
[pid   292] close(3)                    = 0
[pid   292] close(4)                    = 0
[pid   292] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   292] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   292] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   292] exit_group(1)               = ?
[   19.468464][   T30] audit: type=1400 audit(1712805582.930:75): avc:  denied  { mounton } for  pid=292 comm="syz-executor395" path="/root/file0" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   19.487327][  T292] F2FS-fs (loop0): Found nat_bits in checkpoint
[   19.511180][  T292] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   19.540973][  T292] ------------[ cut here ]------------
[   19.546243][  T292] WARNING: CPU: 1 PID: 292 at fs/f2fs/inode.c:850 f2fs_evict_inode+0x1191/0x1470
[   19.555232][  T292] Modules linked in:
[   19.559058][  T292] CPU: 1 PID: 292 Comm: syz-executor395 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[   19.569119][  T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   19.579138][  T292] RIP: 0010:f2fs_evict_inode+0x1191/0x1470
[   19.584747][  T292] Code: 53 ff eb 0f e8 a0 98 53 ff 49 bf 00 00 00 00 00 fc ff df 48 8b 5c 24 28 4c 89 ef e8 89 21 03 00 e9 a1 fc ff ff e8 7f 98 53 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 10 ab 95 ff f0 41 80 0e 04 e9 7e
[   19.604248][  T292] RSP: 0018:ffffc900007d7800 EFLAGS: 00010293
[   19.610118][  T292] RAX: ffffffff821c8901 RBX: 0000000000000002 RCX: ffff88811a5f93c0
[   19.617988][  T292] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   19.625756][  T292] RBP: ffffc900007d7970 R08: ffffffff821c8589 R09: ffffed1021269c83
[   19.633595][  T292] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810934e128
[   19.641357][  T292] R13: ffff88810934e100 R14: ffff88811f0be078 R15: dffffc0000000000
[   19.649172][  T292] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   19.657935][  T292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   19.664339][  T292] CR2: 00007f3987333d38 CR3: 000000011ec4a000 CR4: 00000000003506a0
[   19.672181][  T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   19.679980][  T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   19.687798][  T292] Call Trace:
[   19.690894][  T292]  <TASK>
[   19.693670][  T292]  ? show_regs+0x58/0x60
[   19.697771][  T292]  ? __warn+0x160/0x2f0
[   19.701752][  T292]  ? f2fs_evict_inode+0x1191/0x1470
[   19.706776][  T292]  ? report_bug+0x3d9/0x5b0
[   19.711168][  T292]  ? f2fs_evict_inode+0x1191/0x1470
[   19.716151][  T292]  ? handle_bug+0x41/0x70
[   19.720336][  T292]  ? exc_invalid_op+0x1b/0x50
[   19.724829][  T292]  ? asm_exc_invalid_op+0x1b/0x20
[   19.729711][  T292]  ? f2fs_evict_inode+0xe19/0x1470
[   19.734639][  T292]  ? f2fs_evict_inode+0x1191/0x1470
[   19.739698][  T292]  ? f2fs_evict_inode+0x1191/0x1470
[   19.744707][  T292]  ? _raw_spin_unlock+0x4d/0x70
[   19.749424][  T292]  ? f2fs_write_inode+0x5d0/0x5d0
[   19.754259][  T292]  ? bit_waitqueue+0x30/0x30
[   19.758701][  T292]  ? locks_free_lock_context+0x42/0x70
[   19.763975][  T292]  ? __destroy_inode+0x35f/0x4e0
[   19.768799][  T292]  ? f2fs_write_inode+0x5d0/0x5d0
[   19.773611][  T292]  evict+0x2a3/0x630
[   19.777390][  T292]  evict_inodes+0x5db/0x660
[   19.781718][  T292]  ? clear_inode+0x150/0x150
[   19.786117][  T292]  generic_shutdown_super+0x9c/0x2e0
[   19.791273][  T292]  kill_block_super+0x7e/0xe0
[   19.795742][  T292]  kill_f2fs_super+0x2f9/0x3c0
[   19.800407][  T292]  ? f2fs_mount+0x40/0x40
[   19.804506][  T292]  ? unregister_shrinker+0x23c/0x2d0
[   19.809679][  T292]  deactivate_locked_super+0xad/0x110
[   19.814834][  T292]  deactivate_super+0xbe/0xf0
[   19.819381][  T292]  cleanup_mnt+0x45c/0x510
[   19.823616][  T292]  __cleanup_mnt+0x19/0x20
[   19.827881][  T292]  task_work_run+0x129/0x190
[   19.832294][  T292]  do_exit+0xc48/0x2ca0
[   19.836288][  T292]  ? put_task_struct+0x80/0x80
[   19.840907][  T292]  ? ptrace_notify+0x24c/0x350
[   19.845477][  T292]  ? do_notify_parent+0xa30/0xa30
[   19.850380][  T292]  do_group_exit+0x141/0x310
[   19.854775][  T292]  __x64_sys_exit_group+0x3f/0x40
[   19.859683][  T292]  do_syscall_64+0x3d/0xb0
[   19.863874][  T292]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   19.869622][  T292] RIP: 0033:0x7f39872e97c9
[   19.873858][  T292] Code: Unable to access opcode bytes at RIP 0x7f39872e979f.
[   19.881107][  T292] RSP: 002b:00007ffcdf096c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   19.889328][  T292] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f39872e97c9
[   19.897163][  T292] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   19.904947][  T292] RBP: 00007f39873752d0 R08: ffffffffffffffb8 R09: 00007ffcdf096cf0
[   19.912819][  T292] R10: 000000000001058e R11: 0000000000000246 R12: 00007f39873752d0
[   19.920652][  T292] R13: 0000000000000000 R14: 00007f3987376040 R15: 00007f39872b7cf0
[   19.928393][  T292]  </TASK>
[   19.931225][  T292] ---[ end trace b6ddc87460bb2399 ]---
[   19.966884][  T292] ==================================================================
[   19.974756][  T292] BUG: KASAN: use-after-free in _raw_spin_lock+0x97/0x1b0
[   19.981696][  T292] Write of size 4 at addr ffff88810934e188 by task syz-executor395/292
[   19.989767][  T292] 
[   19.991941][  T292] CPU: 0 PID: 292 Comm: syz-executor395 Tainted: G        W         5.15.148-syzkaller-00718-g993bed180178 #0
[   20.003396][  T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   20.013292][  T292] Call Trace:
[   20.016421][  T292]  <TASK>
[   20.019191][  T292]  dump_stack_lvl+0x151/0x1b7
[   20.023706][  T292]  ? io_uring_drop_tctx_refs+0x190/0x190
[   20.029170][  T292]  ? __wake_up_klogd+0xd5/0x110
[   20.033857][  T292]  ? panic+0x751/0x751
[   20.037763][  T292]  ? __schedule+0xcd4/0x1590
[   20.042192][  T292]  print_address_description+0x87/0x3b0
[   20.047571][  T292]  kasan_report+0x179/0x1c0
[   20.051920][  T292]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   20.057902][  T292]  ? _raw_spin_lock+0x97/0x1b0
[   20.062499][  T292]  ? _raw_spin_lock+0x97/0x1b0
[   20.067103][  T292]  kasan_check_range+0x293/0x2a0
[   20.071875][  T292]  __kasan_check_write+0x14/0x20
[   20.076653][  T292]  _raw_spin_lock+0x97/0x1b0
[   20.081077][  T292]  ? _raw_spin_trylock_bh+0x190/0x190
[   20.086294][  T292]  ? _raw_spin_lock+0xa4/0x1b0
[   20.090884][  T292]  ? _raw_spin_trylock_bh+0x190/0x190
[   20.096098][  T292]  ? remove_wait_queue+0x140/0x140
[   20.101040][  T292]  igrab+0x20/0xa0
[   20.104596][  T292]  f2fs_sync_inode_meta+0x14d/0x2a0
[   20.109631][  T292]  f2fs_write_checkpoint+0xab4/0x1fb0
[   20.114842][  T292]  ? f2fs_get_sectors_written+0x500/0x500
[   20.120390][  T292]  ? rwsem_write_trylock+0x15b/0x290
[   20.125522][  T292]  ? __kasan_check_write+0x14/0x20
[   20.130464][  T292]  ? mutex_unlock+0xb2/0x260
[   20.134885][  T292]  f2fs_issue_checkpoint+0x31b/0x4d0
[   20.140006][  T292]  ? f2fs_destroy_checkpoint_caches+0x30/0x30
[   20.145911][  T292]  ? sync_inodes_sb+0x7cd/0x8b0
[   20.150596][  T292]  ? try_to_writeback_inodes_sb+0xc0/0xc0
[   20.156150][  T292]  f2fs_sync_fs+0x186/0x2f0
[   20.160490][  T292]  sync_filesystem+0x1cf/0x250
[   20.165089][  T292]  f2fs_quota_off_umount+0x20e/0x220
[   20.170210][  T292]  ? f2fs_drop_inode+0xa20/0xa20
[   20.174982][  T292]  f2fs_put_super+0xb9/0xc10
[   20.179409][  T292]  ? f2fs_drop_inode+0xa20/0xa20
[   20.184183][  T292]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   20.189748][  T292]  ? clear_inode+0x150/0x150
[   20.194171][  T292]  ? fscrypt_destroy_keyring+0x287/0x2a0
[   20.199631][  T292]  ? f2fs_drop_inode+0xa20/0xa20
[   20.204407][  T292]  generic_shutdown_super+0x157/0x2e0
[   20.209613][  T292]  kill_block_super+0x7e/0xe0
[   20.214126][  T292]  kill_f2fs_super+0x2f9/0x3c0
[   20.218727][  T292]  ? f2fs_mount+0x40/0x40
[   20.222894][  T292]  ? unregister_shrinker+0x23c/0x2d0
[   20.228013][  T292]  deactivate_locked_super+0xad/0x110
[   20.233228][  T292]  deactivate_super+0xbe/0xf0
[   20.237734][  T292]  cleanup_mnt+0x45c/0x510
[   20.241986][  T292]  __cleanup_mnt+0x19/0x20
[   20.246240][  T292]  task_work_run+0x129/0x190
[   20.250671][  T292]  do_exit+0xc48/0x2ca0
[   20.254659][  T292]  ? put_task_struct+0x80/0x80
[   20.259259][  T292]  ? ptrace_notify+0x24c/0x350
[   20.263857][  T292]  ? do_notify_parent+0xa30/0xa30
[   20.268721][  T292]  do_group_exit+0x141/0x310
[   20.273146][  T292]  __x64_sys_exit_group+0x3f/0x40
[   20.278004][  T292]  do_syscall_64+0x3d/0xb0
[   20.282258][  T292]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.287991][  T292] RIP: 0033:0x7f39872e97c9
[   20.292238][  T292] Code: Unable to access opcode bytes at RIP 0x7f39872e979f.
[   20.299444][  T292] RSP: 002b:00007ffcdf096c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   20.307688][  T292] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f39872e97c9
[   20.315501][  T292] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   20.323315][  T292] RBP: 00007f39873752d0 R08: ffffffffffffffb8 R09: 00007ffcdf096cf0
[   20.331126][  T292] R10: 000000000001058e R11: 0000000000000246 R12: 00007f39873752d0
[   20.338935][  T292] R13: 0000000000000000 R14: 00007f3987376040 R15: 00007f39872b7cf0
[   20.346748][  T292]  </TASK>
[   20.349610][  T292] 
[   20.351780][  T292] Allocated by task 292:
[   20.355860][  T292]  __kasan_slab_alloc+0xb1/0xe0
[   20.360546][  T292]  slab_post_alloc_hook+0x53/0x2c0
[   20.365492][  T292]  kmem_cache_alloc+0xf5/0x200
[   20.370097][  T292]  f2fs_alloc_inode+0x26/0x340
[   20.374692][  T292]  iget_locked+0x174/0x860
[   20.378953][  T292]  f2fs_iget+0x55/0x4de0
[   20.383029][  T292]  f2fs_lookup+0x410/0xd80
[   20.387280][  T292]  path_openat+0x1194/0x2f40
[   20.391704][  T292]  do_filp_open+0x21c/0x460
[   20.396042][  T292]  do_sys_openat2+0x13f/0x830
[   20.400557][  T292]  __x64_sys_openat+0x243/0x290
[   20.405243][  T292]  do_syscall_64+0x3d/0xb0
[   20.409496][  T292]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.415225][  T292] 
[   20.417396][  T292] Freed by task 292:
[   20.421127][  T292]  kasan_set_track+0x4b/0x70
[   20.425553][  T292]  kasan_set_free_info+0x23/0x40
[   20.430333][  T292]  ____kasan_slab_free+0x126/0x160
[   20.435274][  T292]  __kasan_slab_free+0x11/0x20
[   20.439871][  T292]  slab_free_freelist_hook+0xbd/0x190
[   20.445213][  T292]  kmem_cache_free+0x116/0x2e0
[   20.449808][  T292]  f2fs_free_inode+0x24/0x30
[   20.454233][  T292]  i_callback+0x4b/0x70
[   20.458226][  T292]  rcu_do_batch+0x57a/0xc10
[   20.462567][  T292]  rcu_core+0x517/0x1020
[   20.466645][  T292]  rcu_core_si+0x9/0x10
[   20.470641][  T292]  __do_softirq+0x26d/0x5bf
[   20.474981][  T292] 
[   20.477148][  T292] Last potentially related work creation:
[   20.482704][  T292]  kasan_save_stack+0x3b/0x60
[   20.487217][  T292]  __kasan_record_aux_stack+0xd3/0xf0
[   20.492423][  T292]  kasan_record_aux_stack_noalloc+0xb/0x10
[   20.498066][  T292]  call_rcu+0x133/0x12a0
[   20.502146][  T292]  evict+0x5df/0x630
[   20.505877][  T292]  evict_inodes+0x5db/0x660
[   20.510216][  T292]  generic_shutdown_super+0x9c/0x2e0
[   20.515337][  T292]  kill_block_super+0x7e/0xe0
[   20.519852][  T292]  kill_f2fs_super+0x2f9/0x3c0
[   20.524448][  T292]  deactivate_locked_super+0xad/0x110
[   20.529656][  T292]  deactivate_super+0xbe/0xf0
[   20.534169][  T292]  cleanup_mnt+0x45c/0x510
[   20.538422][  T292]  __cleanup_mnt+0x19/0x20
[   20.542676][  T292]  task_work_run+0x129/0x190
[   20.547104][  T292]  do_exit+0xc48/0x2ca0
[   20.551101][  T292]  do_group_exit+0x141/0x310
[   20.555521][  T292]  __x64_sys_exit_group+0x3f/0x40
[   20.560386][  T292]  do_syscall_64+0x3d/0xb0
[   20.564634][  T292]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.570366][  T292] 
[   20.572532][  T292] The buggy address belongs to the object at ffff88810934e100
[   20.572532][  T292]  which belongs to the cache f2fs_inode_cache of size 1424
[   20.586944][  T292] The buggy address is located 136 bytes inside of
[   20.586944][  T292]  1424-byte region [ffff88810934e100, ffff88810934e690)
[   20.600219][  T292] The buggy address belongs to the page:
[   20.605691][  T292] page:ffffea000424d200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109348
[   20.615754][  T292] head:ffffea000424d200 order:3 compound_mapcount:0 compound_pincount:0
[   20.623914][  T292] flags: 0x4000000000010200(slab|head|zone=1)
[   20.629824][  T292] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888104bb0d80
[   20.638328][  T292] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[   20.646740][  T292] page dumped because: kasan: bad access detected
[   20.652992][  T292] page_owner tracks the page as allocated
[   20.658549][  T292] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 292, ts 19527450266, free_ts 0
[   20.677466][  T292]  post_alloc_hook+0x1a3/0x1b0
[   20.682084][  T292]  prep_new_page+0x1b/0x110
[   20.686403][  T292]  get_page_from_freelist+0x3550/0x35d0
[   20.691785][  T292]  __alloc_pages+0x27e/0x8f0
[   20.696210][  T292]  new_slab+0x9a/0x4e0
[   20.700115][  T292]  ___slab_alloc+0x39e/0x830
[   20.704543][  T292]  __slab_alloc+0x4a/0x90
[   20.708710][  T292]  kmem_cache_alloc+0x134/0x200
[   20.713398][  T292]  f2fs_alloc_inode+0x26/0x340
[   20.717996][  T292]  iget_locked+0x174/0x860
[   20.722249][  T292]  f2fs_iget+0x55/0x4de0
[   20.726329][  T292]  f2fs_lookup+0x410/0xd80
[   20.730602][  T292]  path_openat+0x1194/0x2f40
[   20.735016][  T292]  do_filp_open+0x21c/0x460
[   20.739347][  T292]  do_sys_openat2+0x13f/0x830
[   20.743864][  T292]  __x64_sys_openat+0x243/0x290
[   20.748549][  T292] page_owner free stack trace missing
[   20.753757][  T292] 
[   20.755924][  T292] Memory state around the buggy address:
[   20.761412][  T292]  ffff88810934e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.769303][  T292]  ffff88810934e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.777192][  T292] >ffff88810934e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.785089][  T292]                       ^
[   20.789258][  T292]  ffff88810934e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.797155][  T292]  ffff88810934e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.805050][  T292] ==================================================================
[   20.812949][  T292] Disabling lock debugging due to kernel taint