Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
2023/02/26 01:33:16 ignoring optional flag "sandboxArg"="0"
2023/02/26 01:33:17 parsed 1 programs
2023/02/26 01:33:17 executed programs: 0
[  101.337787][ T4387] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.346952][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.356882][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.367853][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.376189][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  101.383937][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  101.516468][ T5544] chnl_net:caif_netlink_parms(): no params data found
[  101.566903][ T5544] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.574186][ T5544] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.582891][ T5544] device bridge_slave_0 entered promiscuous mode
[  101.591486][ T5544] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.598726][ T5544] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.606967][ T5544] device bridge_slave_1 entered promiscuous mode
[  101.632402][ T5544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.643865][ T5544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.670847][ T5544] team0: Port device team_slave_0 added
[  101.678883][ T5544] team0: Port device team_slave_1 added
[  101.701575][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.708915][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.735271][ T5544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.747714][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.755138][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.781290][ T5544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.817028][ T5544] device hsr_slave_0 entered promiscuous mode
[  101.823993][ T5544] device hsr_slave_1 entered promiscuous mode
[  102.672213][ T5544] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.683299][ T5544] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.696193][ T5544] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.707032][ T5544] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.804080][ T5544] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.821171][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  102.830230][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.842466][ T5544] 8021q: adding VLAN 0 to HW filter on device team0
[  102.857780][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  102.867026][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.875916][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.883535][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.895194][ T1662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  102.909719][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.918702][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.930567][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.937727][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.962797][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  102.973360][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  102.984711][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  102.994711][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.006204][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  103.015924][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.041094][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  103.050938][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  103.061843][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  103.070710][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  103.081909][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  103.094973][ T5544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  103.361257][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  103.368833][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  103.380710][ T5544] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.406064][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  103.417813][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  103.420470][ T4387] Bluetooth: hci0: command 0x0409 tx timeout
[  103.445926][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  103.457371][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  103.471292][ T5544] device veth0_vlan entered promiscuous mode
[  103.479004][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  103.488201][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  103.504703][ T5544] device veth1_vlan entered promiscuous mode
[  103.543547][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  103.554135][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  103.563128][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  103.582733][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  103.596392][ T5544] device veth0_macvtap entered promiscuous mode
[  103.613897][ T5544] device veth1_macvtap entered promiscuous mode
[  103.639480][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.647421][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  103.658752][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.668562][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.685169][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.696494][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.706758][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.720520][ T5544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.733044][ T5544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.742648][ T5544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.752089][ T5544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.838537][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.860783][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.872520][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.881568][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  103.882964][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.902151][ T1662] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  104.354994][ T5603] loop0: detected capacity change from 0 to 40427
[  104.385512][ T5603] F2FS-fs (loop0): Found nat_bits in checkpoint
[  104.454449][ T5603] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  104.475600][   T27] audit: type=1804 audit(1677375200.556:2): pid=5603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/0/file0/bus" dev="loop0" ino=10 res=1 errno=0
[  104.522554][ T5603] syz-executor.0: attempt to access beyond end of device
[  104.522554][ T5603] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[  104.584308][ T5544] syz-executor.0: attempt to access beyond end of device
[  104.584308][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  105.304132][ T5631] loop0: detected capacity change from 0 to 40427
[  105.323529][ T5631] F2FS-fs (loop0): Found nat_bits in checkpoint
[  105.383490][ T5631] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  105.402630][   T27] audit: type=1804 audit(1677375201.486:3): pid=5631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/1/file0/bus" dev="loop0" ino=10 res=1 errno=0
[  105.471442][ T5631] syz-executor.0: attempt to access beyond end of device
[  105.471442][ T5631] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[  105.499289][ T4387] Bluetooth: hci0: command 0x041b tx timeout
[  105.514207][ T5544] syz-executor.0: attempt to access beyond end of device
[  105.514207][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  106.233563][ T5658] loop0: detected capacity change from 0 to 40427
[  106.248944][ T5658] F2FS-fs (loop0): Found nat_bits in checkpoint
[  106.306526][ T5658] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  106.343238][   T27] audit: type=1804 audit(1677375202.426:4): pid=5658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/2/file0/bus" dev="loop0" ino=10 res=1 errno=0
2023/02/26 01:33:22 executed programs: 3
[  106.413770][ T5658] syz-executor.0: attempt to access beyond end of device
[  106.413770][ T5658] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[  106.455548][ T5544] syz-executor.0: attempt to access beyond end of device
[  106.455548][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  107.143623][ T5685] loop0: detected capacity change from 0 to 40427
[  107.158465][ T5685] F2FS-fs (loop0): Found nat_bits in checkpoint
[  107.211757][ T5685] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  107.231627][   T27] audit: type=1804 audit(1677375203.316:5): pid=5685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/3/file0/bus" dev="loop0" ino=10 res=1 errno=0
[  107.318068][ T5685] syz-executor.0: attempt to access beyond end of device
[  107.318068][ T5685] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[  107.362890][ T5544] syz-executor.0: attempt to access beyond end of device
[  107.362890][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  107.428281][ T5544] ==================================================================
[  107.436496][ T5544] BUG: KASAN: use-after-free in do_raw_write_trylock+0x72/0x1f0
[  107.444373][ T5544] Read of size 4 at addr ffff88807f7585e0 by task syz-executor.0/5544
[  107.452560][ T5544] 
[  107.454919][ T5544] CPU: 1 PID: 5544 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[  107.466146][ T5544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[  107.476328][ T5544] Call Trace:
[  107.479634][ T5544]  <TASK>
[  107.482590][ T5544]  dump_stack_lvl+0x1b5/0x2a0
[  107.487351][ T5544]  ? nf_tcp_handle_invalid+0x640/0x640
[  107.492855][ T5544]  ? panic+0x720/0x720
[  107.496968][ T5544]  ? _printk+0xc4/0x110
[  107.501175][ T5544]  ? _raw_spin_lock_irqsave+0x92/0x100
[  107.506688][ T5544]  print_report+0x163/0x4c0
[  107.511349][ T5544]  ? __virt_addr_valid+0x22f/0x2e0
[  107.517003][ T5544]  ? __phys_addr+0xba/0x170
[  107.521520][ T5544]  ? do_raw_write_trylock+0x72/0x1f0
[  107.526819][ T5544]  kasan_report+0xce/0x100
[  107.531246][ T5544]  ? do_raw_write_trylock+0x72/0x1f0
[  107.536542][ T5544]  kasan_check_range+0x283/0x290
[  107.541488][ T5544]  do_raw_write_trylock+0x72/0x1f0
[  107.546618][ T5544]  ? do_raw_write_lock+0x4f0/0x4f0
[  107.551832][ T5544]  ? __rwlock_init+0x150/0x150
[  107.556702][ T5544]  ? f2fs_release_ino_entry+0x22f/0x260
[  107.562264][ T5544]  ? __lock_acquire+0x1f80/0x1f80
[  107.567304][ T5544]  _raw_write_trylock+0x20/0x70
[  107.572256][ T5544]  __shrink_extent_tree+0x5b9/0xc80
[  107.577469][ T5544]  ? _raw_spin_unlock+0x28/0x40
[  107.582679][ T5544]  ? f2fs_release_ino_entry+0x247/0x260
[  107.588239][ T5544]  f2fs_leave_shrinker+0x86/0x260
[  107.593541][ T5544]  f2fs_put_super+0x597/0xcb0
[  107.598249][ T5544]  ? f2fs_drop_inode+0x900/0x900
[  107.603204][ T5544]  ? clear_inode+0x150/0x150
[  107.607805][ T5544]  ? f2fs_drop_inode+0x900/0x900
[  107.613277][ T5544]  generic_shutdown_super+0x134/0x310
[  107.618666][ T5544]  kill_block_super+0x7e/0xe0
[  107.623348][ T5544]  kill_f2fs_super+0x303/0x3d0
[  107.628137][ T5544]  ? __up_read+0x670/0x670
[  107.632567][ T5544]  ? f2fs_mount+0x40/0x40
[  107.636941][ T5544]  ? unregister_shrinker+0x26a/0x320
[  107.642243][ T5544]  ? kfree+0x46/0x200
[  107.646232][ T5544]  ? unregister_shrinker+0x26a/0x320
[  107.651802][ T5544]  deactivate_locked_super+0xa4/0x110
[  107.657202][ T5544]  cleanup_mnt+0x490/0x520
[  107.661623][ T5544]  ? lockdep_hardirqs_on+0x90/0x130
[  107.667098][ T5544]  task_work_run+0x24a/0x300
[  107.672099][ T5544]  ? task_work_cancel+0x2b0/0x2b0
[  107.677139][ T5544]  ? exit_to_user_mode_loop+0x39/0xf0
[  107.682525][ T5544]  exit_to_user_mode_loop+0xd1/0xf0
[  107.687819][ T5544]  exit_to_user_mode_prepare+0xb1/0x140
[  107.693375][ T5544]  syscall_exit_to_user_mode+0x54/0x2d0
[  107.698972][ T5544]  do_syscall_64+0x4d/0xc0
[  107.703402][ T5544]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  107.709305][ T5544] RIP: 0033:0x7fba8688d537
[  107.713814][ T5544] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  107.733793][ T5544] RSP: 002b:00007ffc7567f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  107.742221][ T5544] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fba8688d537
[  107.750210][ T5544] RDX: 00007ffc7567f819 RSI: 000000000000000a RDI: 00007ffc7567f810
[  107.758186][ T5544] RBP: 00007ffc7567f810 R08: 00000000ffffffff R09: 00007ffc7567f5e0
[  107.766368][ T5544] R10: 00005555569a08b3 R11: 0000000000000246 R12: 00007fba868e6b24
[  107.774349][ T5544] R13: 00007ffc756808d0 R14: 00005555569a0810 R15: 00007ffc75680910
[  107.782526][ T5544]  </TASK>
[  107.785548][ T5544] 
[  107.787873][ T5544] Allocated by task 5685:
[  107.792200][ T5544]  kasan_set_track+0x40/0x70
[  107.796977][ T5544]  __kasan_slab_alloc+0x69/0x80
[  107.801872][ T5544]  slab_post_alloc_hook+0x68/0x390
[  107.807004][ T5544]  kmem_cache_alloc+0x12c/0x280
[  107.811862][ T5544]  __grab_extent_tree+0x183/0x400
[  107.816908][ T5544]  f2fs_init_extent_tree+0x214/0x450
[  107.822549][ T5544]  f2fs_new_inode+0xdb4/0x1090
[  107.827507][ T5544]  __f2fs_tmpfile+0xa5/0x380
[  107.832099][ T5544]  f2fs_ioc_start_atomic_write+0x419/0x970
[  107.837916][ T5544]  __f2fs_ioctl+0x1ace/0xb2b0
[  107.842691][ T5544]  __se_sys_ioctl+0xf1/0x160
[  107.847287][ T5544]  do_syscall_64+0x41/0xc0
[  107.851715][ T5544]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  107.857626][ T5544] 
[  107.859953][ T5544] Freed by task 5702:
[  107.863956][ T5544]  kasan_set_track+0x40/0x70
[  107.868724][ T5544]  kasan_save_free_info+0x2b/0x40
[  107.873776][ T5544]  ____kasan_slab_free+0xd6/0x120
[  107.878805][ T5544]  kmem_cache_free+0x2b5/0x580
[  107.883602][ T5544]  __destroy_extent_tree+0x307/0x730
[  107.888893][ T5544]  f2fs_destroy_extent_tree+0x17/0x30
[  107.894365][ T5544]  f2fs_evict_inode+0x467/0x1650
[  107.899348][ T5544]  evict+0x2a4/0x620
[  107.903343][ T5544]  f2fs_abort_atomic_write+0xda/0x440
[  107.908739][ T5544]  __f2fs_ioctl+0x315c/0xb2b0
[  107.913440][ T5544]  __se_sys_ioctl+0xf1/0x160
[  107.918048][ T5544]  do_syscall_64+0x41/0xc0
[  107.922472][ T5544]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  107.928369][ T5544] 
[  107.930693][ T5544] The buggy address belongs to the object at ffff88807f7585b0
[  107.930693][ T5544]  which belongs to the cache f2fs_extent_tree of size 144
[  107.945270][ T5544] The buggy address is located 48 bytes inside of
[  107.945270][ T5544]  144-byte region [ffff88807f7585b0, ffff88807f758640)
[  107.958457][ T5544] 
[  107.960781][ T5544] The buggy address belongs to the physical page:
[  107.967200][ T5544] page:ffffea0001fdd600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f758
[  107.977354][ T5544] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  107.984924][ T5544] raw: 00fff00000000200 ffff88814616bdc0 dead000000000122 0000000000000000
[  107.993601][ T5544] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000
[  108.002201][ T5544] page dumped because: kasan: bad access detected
[  108.008620][ T5544] page_owner tracks the page as allocated
[  108.014590][ T5544] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5603, tgid 5602 (syz-executor.0), ts 104469031710, free_ts 104442588112
[  108.036308][ T5544]  get_page_from_freelist+0x3403/0x3580
[  108.041888][ T5544]  __alloc_pages+0x291/0x7e0
[  108.046487][ T5544]  alloc_slab_page+0x6a/0x160
[  108.051279][ T5544]  new_slab+0x84/0x2f0
[  108.055368][ T5544]  ___slab_alloc+0xa07/0x1000
[  108.060081][ T5544]  kmem_cache_alloc+0x1b0/0x280
[  108.064970][ T5544]  __grab_extent_tree+0x183/0x400
[  108.070016][ T5544]  f2fs_init_extent_tree+0x214/0x450
[  108.075309][ T5544]  f2fs_new_inode+0xdb4/0x1090
[  108.080076][ T5544]  f2fs_create+0x197/0x530
[  108.084502][ T5544]  path_openat+0x12b9/0x2e30
[  108.089098][ T5544]  do_filp_open+0x26d/0x500
[  108.093615][ T5544]  do_sys_openat2+0x128/0x4f0
[  108.098386][ T5544]  __x64_sys_openat+0x247/0x290
[  108.103249][ T5544]  do_syscall_64+0x41/0xc0
[  108.107669][ T5544]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  108.113606][ T5544] page last free stack trace:
[  108.118274][ T5544]  free_unref_page_prepare+0xf3a/0x1040
[  108.123828][ T5544]  free_unref_page+0x37/0x3f0
[  108.128517][ T5544]  __unfreeze_partials+0x1b1/0x1f0
[  108.133645][ T5544]  put_cpu_partial+0x106/0x170
[  108.138433][ T5544]  qlist_free_all+0x22/0x60
[  108.143029][ T5544]  kasan_quarantine_reduce+0x15a/0x170
[  108.148493][ T5544]  __kasan_slab_alloc+0x23/0x80
[  108.153348][ T5544]  slab_post_alloc_hook+0x68/0x390
[  108.158470][ T5544]  kmem_cache_alloc+0x12c/0x280
[  108.163352][ T5544]  add_free_nid+0xdc/0x700
[  108.167797][ T5544]  f2fs_build_free_nids+0xca3/0x1190
[  108.173261][ T5544]  f2fs_fill_super+0x46f3/0x6f30
[  108.178219][ T5544]  mount_bdev+0x271/0x3a0
[  108.182565][ T5544]  legacy_get_tree+0xef/0x190
[  108.187439][ T5544]  vfs_get_tree+0x8c/0x270
[  108.191867][ T5544]  do_new_mount+0x28f/0xae0
[  108.196384][ T5544] 
[  108.198740][ T5544] Memory state around the buggy address:
[  108.204388][ T5544]  ffff88807f758480: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[  108.212797][ T5544]  ffff88807f758500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  108.220866][ T5544] >ffff88807f758580: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[  108.229013][ T5544]                                                        ^
[  108.236203][ T5544]  ffff88807f758600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  108.244404][ T5544]  ffff88807f758680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  108.252500][ T5544] ==================================================================
[  108.261841][ T5544] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  108.264352][ T4387] Bluetooth: hci0: command 0x040f tx timeout
[  108.275065][ T5544] CPU: 1 PID: 5544 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[  108.286225][ T5544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[  108.296337][ T5544] Call Trace:
[  108.299635][ T5544]  <TASK>
[  108.302570][ T5544]  dump_stack_lvl+0x1b5/0x2a0
[  108.307276][ T5544]  ? nf_tcp_handle_invalid+0x640/0x640
[  108.312749][ T5544]  ? panic+0x720/0x720
[  108.316829][ T5544]  ? lock_release+0x106/0xa70
[  108.321515][ T5544]  ? vscnprintf+0x5d/0x80
[  108.325848][ T5544]  panic+0x2dc/0x720
[  108.329756][ T5544]  ? check_panic_on_warn+0x21/0xa0
[  108.334874][ T5544]  ? memcpy_page_flushcache+0x100/0x100
[  108.340435][ T5544]  ? _raw_spin_unlock_irqrestore+0xc0/0x120
[  108.346344][ T5544]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  108.352246][ T5544]  ? _raw_spin_unlock+0x40/0x40
[  108.357115][ T5544]  ? rcu_read_lock_sched_held+0x61/0x110
[  108.362847][ T5544]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  108.368844][ T5544]  check_panic_on_warn+0x82/0xa0
[  108.373790][ T5544]  ? do_raw_write_trylock+0x72/0x1f0
[  108.379083][ T5544]  end_report+0xb2/0x160
[  108.383335][ T5544]  kasan_report+0xdb/0x100
[  108.388020][ T5544]  ? do_raw_write_trylock+0x72/0x1f0
[  108.393332][ T5544]  kasan_check_range+0x283/0x290
[  108.398366][ T5544]  do_raw_write_trylock+0x72/0x1f0
[  108.403574][ T5544]  ? do_raw_write_lock+0x4f0/0x4f0
[  108.408694][ T5544]  ? __rwlock_init+0x150/0x150
[  108.413472][ T5544]  ? f2fs_release_ino_entry+0x22f/0x260
[  108.419292][ T5544]  ? __lock_acquire+0x1f80/0x1f80
[  108.424323][ T5544]  _raw_write_trylock+0x20/0x70
[  108.429214][ T5544]  __shrink_extent_tree+0x5b9/0xc80
[  108.434434][ T5544]  ? _raw_spin_unlock+0x28/0x40
[  108.439293][ T5544]  ? f2fs_release_ino_entry+0x247/0x260
[  108.444872][ T5544]  f2fs_leave_shrinker+0x86/0x260
[  108.449927][ T5544]  f2fs_put_super+0x597/0xcb0
[  108.454615][ T5544]  ? f2fs_drop_inode+0x900/0x900
[  108.459664][ T5544]  ? clear_inode+0x150/0x150
[  108.464280][ T5544]  ? f2fs_drop_inode+0x900/0x900
[  108.469498][ T5544]  generic_shutdown_super+0x134/0x310
[  108.474906][ T5544]  kill_block_super+0x7e/0xe0
[  108.479613][ T5544]  kill_f2fs_super+0x303/0x3d0
[  108.484436][ T5544]  ? __up_read+0x670/0x670
[  108.488871][ T5544]  ? f2fs_mount+0x40/0x40
[  108.493210][ T5544]  ? unregister_shrinker+0x26a/0x320
[  108.498504][ T5544]  ? kfree+0x46/0x200
[  108.502509][ T5544]  ? unregister_shrinker+0x26a/0x320
[  108.507822][ T5544]  deactivate_locked_super+0xa4/0x110
[  108.513207][ T5544]  cleanup_mnt+0x490/0x520
[  108.517649][ T5544]  ? lockdep_hardirqs_on+0x90/0x130
[  108.522955][ T5544]  task_work_run+0x24a/0x300
[  108.527556][ T5544]  ? task_work_cancel+0x2b0/0x2b0
[  108.532595][ T5544]  ? exit_to_user_mode_loop+0x39/0xf0
[  108.537977][ T5544]  exit_to_user_mode_loop+0xd1/0xf0
[  108.543199][ T5544]  exit_to_user_mode_prepare+0xb1/0x140
[  108.548753][ T5544]  syscall_exit_to_user_mode+0x54/0x2d0
[  108.554321][ T5544]  do_syscall_64+0x4d/0xc0
[  108.558743][ T5544]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  108.564730][ T5544] RIP: 0033:0x7fba8688d537
[  108.569166][ T5544] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  108.589316][ T5544] RSP: 002b:00007ffc7567f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  108.598087][ T5544] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fba8688d537
[  108.606087][ T5544] RDX: 00007ffc7567f819 RSI: 000000000000000a RDI: 00007ffc7567f810
[  108.614066][ T5544] RBP: 00007ffc7567f810 R08: 00000000ffffffff R09: 00007ffc7567f5e0
[  108.622136][ T5544] R10: 00005555569a08b3 R11: 0000000000000246 R12: 00007fba868e6b24
[  108.630111][ T5544] R13: 00007ffc756808d0 R14: 00005555569a0810 R15: 00007ffc75680910
[  108.638099][ T5544]  </TASK>
[  108.641370][ T5544] Kernel Offset: disabled
[  108.645704][ T5544] Rebooting in 86400 seconds..