Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
2023/02/26 01:33:16 ignoring optional flag "sandboxArg"="0"
2023/02/26 01:33:17 parsed 1 programs
2023/02/26 01:33:17 executed programs: 0
[ 101.337787][ T4387] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 101.346952][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 101.356882][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 101.367853][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 101.376189][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 101.383937][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 101.516468][ T5544] chnl_net:caif_netlink_parms(): no params data found
[ 101.566903][ T5544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.574186][ T5544] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.582891][ T5544] device bridge_slave_0 entered promiscuous mode
[ 101.591486][ T5544] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.598726][ T5544] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.606967][ T5544] device bridge_slave_1 entered promiscuous mode
[ 101.632402][ T5544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.643865][ T5544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.670847][ T5544] team0: Port device team_slave_0 added
[ 101.678883][ T5544] team0: Port device team_slave_1 added
[ 101.701575][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.708915][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 101.735271][ T5544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.747714][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.755138][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 101.781290][ T5544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.817028][ T5544] device hsr_slave_0 entered promiscuous mode
[ 101.823993][ T5544] device hsr_slave_1 entered promiscuous mode
[ 102.672213][ T5544] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.683299][ T5544] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.696193][ T5544] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.707032][ T5544] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.804080][ T5544] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.821171][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 102.830230][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 102.842466][ T5544] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.857780][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 102.867026][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 102.875916][ T22] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.883535][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.895194][ T1662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 102.909719][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 102.918702][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 102.930567][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.937727][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.962797][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 102.973360][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 102.984711][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 102.994711][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 103.006204][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 103.015924][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 103.041094][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 103.050938][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 103.061843][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 103.070710][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 103.081909][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 103.094973][ T5544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 103.361257][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 103.368833][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 103.380710][ T5544] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.406064][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 103.417813][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 103.420470][ T4387] Bluetooth: hci0: command 0x0409 tx timeout
[ 103.445926][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 103.457371][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 103.471292][ T5544] device veth0_vlan entered promiscuous mode
[ 103.479004][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 103.488201][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 103.504703][ T5544] device veth1_vlan entered promiscuous mode
[ 103.543547][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 103.554135][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 103.563128][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 103.582733][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 103.596392][ T5544] device veth0_macvtap entered promiscuous mode
[ 103.613897][ T5544] device veth1_macvtap entered promiscuous mode
[ 103.639480][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.647421][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 103.658752][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 103.668562][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 103.685169][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.696494][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 103.706758][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 103.720520][ T5544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.733044][ T5544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.742648][ T5544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.752089][ T5544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.838537][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.860783][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.872520][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.881568][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 103.882964][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.902151][ T1662] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 104.354994][ T5603] loop0: detected capacity change from 0 to 40427
[ 104.385512][ T5603] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 104.454449][ T5603] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 104.475600][ T27] audit: type=1804 audit(1677375200.556:2): pid=5603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/0/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 104.522554][ T5603] syz-executor.0: attempt to access beyond end of device
[ 104.522554][ T5603] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 104.584308][ T5544] syz-executor.0: attempt to access beyond end of device
[ 104.584308][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 105.304132][ T5631] loop0: detected capacity change from 0 to 40427
[ 105.323529][ T5631] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 105.383490][ T5631] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 105.402630][ T27] audit: type=1804 audit(1677375201.486:3): pid=5631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/1/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 105.471442][ T5631] syz-executor.0: attempt to access beyond end of device
[ 105.471442][ T5631] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 105.499289][ T4387] Bluetooth: hci0: command 0x041b tx timeout
[ 105.514207][ T5544] syz-executor.0: attempt to access beyond end of device
[ 105.514207][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 106.233563][ T5658] loop0: detected capacity change from 0 to 40427
[ 106.248944][ T5658] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 106.306526][ T5658] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 106.343238][ T27] audit: type=1804 audit(1677375202.426:4): pid=5658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/2/file0/bus" dev="loop0" ino=10 res=1 errno=0
2023/02/26 01:33:22 executed programs: 3
[ 106.413770][ T5658] syz-executor.0: attempt to access beyond end of device
[ 106.413770][ T5658] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 106.455548][ T5544] syz-executor.0: attempt to access beyond end of device
[ 106.455548][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 107.143623][ T5685] loop0: detected capacity change from 0 to 40427
[ 107.158465][ T5685] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 107.211757][ T5685] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 107.231627][ T27] audit: type=1804 audit(1677375203.316:5): pid=5685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir397415751/syzkaller.uWWeul/3/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 107.318068][ T5685] syz-executor.0: attempt to access beyond end of device
[ 107.318068][ T5685] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 107.362890][ T5544] syz-executor.0: attempt to access beyond end of device
[ 107.362890][ T5544] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 107.428281][ T5544] ==================================================================
[ 107.436496][ T5544] BUG: KASAN: use-after-free in do_raw_write_trylock+0x72/0x1f0
[ 107.444373][ T5544] Read of size 4 at addr ffff88807f7585e0 by task syz-executor.0/5544
[ 107.452560][ T5544]
[ 107.454919][ T5544] CPU: 1 PID: 5544 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[ 107.466146][ T5544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 107.476328][ T5544] Call Trace:
[ 107.479634][ T5544]
[ 107.482590][ T5544] dump_stack_lvl+0x1b5/0x2a0
[ 107.487351][ T5544] ? nf_tcp_handle_invalid+0x640/0x640
[ 107.492855][ T5544] ? panic+0x720/0x720
[ 107.496968][ T5544] ? _printk+0xc4/0x110
[ 107.501175][ T5544] ? _raw_spin_lock_irqsave+0x92/0x100
[ 107.506688][ T5544] print_report+0x163/0x4c0
[ 107.511349][ T5544] ? __virt_addr_valid+0x22f/0x2e0
[ 107.517003][ T5544] ? __phys_addr+0xba/0x170
[ 107.521520][ T5544] ? do_raw_write_trylock+0x72/0x1f0
[ 107.526819][ T5544] kasan_report+0xce/0x100
[ 107.531246][ T5544] ? do_raw_write_trylock+0x72/0x1f0
[ 107.536542][ T5544] kasan_check_range+0x283/0x290
[ 107.541488][ T5544] do_raw_write_trylock+0x72/0x1f0
[ 107.546618][ T5544] ? do_raw_write_lock+0x4f0/0x4f0
[ 107.551832][ T5544] ? __rwlock_init+0x150/0x150
[ 107.556702][ T5544] ? f2fs_release_ino_entry+0x22f/0x260
[ 107.562264][ T5544] ? __lock_acquire+0x1f80/0x1f80
[ 107.567304][ T5544] _raw_write_trylock+0x20/0x70
[ 107.572256][ T5544] __shrink_extent_tree+0x5b9/0xc80
[ 107.577469][ T5544] ? _raw_spin_unlock+0x28/0x40
[ 107.582679][ T5544] ? f2fs_release_ino_entry+0x247/0x260
[ 107.588239][ T5544] f2fs_leave_shrinker+0x86/0x260
[ 107.593541][ T5544] f2fs_put_super+0x597/0xcb0
[ 107.598249][ T5544] ? f2fs_drop_inode+0x900/0x900
[ 107.603204][ T5544] ? clear_inode+0x150/0x150
[ 107.607805][ T5544] ? f2fs_drop_inode+0x900/0x900
[ 107.613277][ T5544] generic_shutdown_super+0x134/0x310
[ 107.618666][ T5544] kill_block_super+0x7e/0xe0
[ 107.623348][ T5544] kill_f2fs_super+0x303/0x3d0
[ 107.628137][ T5544] ? __up_read+0x670/0x670
[ 107.632567][ T5544] ? f2fs_mount+0x40/0x40
[ 107.636941][ T5544] ? unregister_shrinker+0x26a/0x320
[ 107.642243][ T5544] ? kfree+0x46/0x200
[ 107.646232][ T5544] ? unregister_shrinker+0x26a/0x320
[ 107.651802][ T5544] deactivate_locked_super+0xa4/0x110
[ 107.657202][ T5544] cleanup_mnt+0x490/0x520
[ 107.661623][ T5544] ? lockdep_hardirqs_on+0x90/0x130
[ 107.667098][ T5544] task_work_run+0x24a/0x300
[ 107.672099][ T5544] ? task_work_cancel+0x2b0/0x2b0
[ 107.677139][ T5544] ? exit_to_user_mode_loop+0x39/0xf0
[ 107.682525][ T5544] exit_to_user_mode_loop+0xd1/0xf0
[ 107.687819][ T5544] exit_to_user_mode_prepare+0xb1/0x140
[ 107.693375][ T5544] syscall_exit_to_user_mode+0x54/0x2d0
[ 107.698972][ T5544] do_syscall_64+0x4d/0xc0
[ 107.703402][ T5544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 107.709305][ T5544] RIP: 0033:0x7fba8688d537
[ 107.713814][ T5544] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 107.733793][ T5544] RSP: 002b:00007ffc7567f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 107.742221][ T5544] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fba8688d537
[ 107.750210][ T5544] RDX: 00007ffc7567f819 RSI: 000000000000000a RDI: 00007ffc7567f810
[ 107.758186][ T5544] RBP: 00007ffc7567f810 R08: 00000000ffffffff R09: 00007ffc7567f5e0
[ 107.766368][ T5544] R10: 00005555569a08b3 R11: 0000000000000246 R12: 00007fba868e6b24
[ 107.774349][ T5544] R13: 00007ffc756808d0 R14: 00005555569a0810 R15: 00007ffc75680910
[ 107.782526][ T5544]
[ 107.785548][ T5544]
[ 107.787873][ T5544] Allocated by task 5685:
[ 107.792200][ T5544] kasan_set_track+0x40/0x70
[ 107.796977][ T5544] __kasan_slab_alloc+0x69/0x80
[ 107.801872][ T5544] slab_post_alloc_hook+0x68/0x390
[ 107.807004][ T5544] kmem_cache_alloc+0x12c/0x280
[ 107.811862][ T5544] __grab_extent_tree+0x183/0x400
[ 107.816908][ T5544] f2fs_init_extent_tree+0x214/0x450
[ 107.822549][ T5544] f2fs_new_inode+0xdb4/0x1090
[ 107.827507][ T5544] __f2fs_tmpfile+0xa5/0x380
[ 107.832099][ T5544] f2fs_ioc_start_atomic_write+0x419/0x970
[ 107.837916][ T5544] __f2fs_ioctl+0x1ace/0xb2b0
[ 107.842691][ T5544] __se_sys_ioctl+0xf1/0x160
[ 107.847287][ T5544] do_syscall_64+0x41/0xc0
[ 107.851715][ T5544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 107.857626][ T5544]
[ 107.859953][ T5544] Freed by task 5702:
[ 107.863956][ T5544] kasan_set_track+0x40/0x70
[ 107.868724][ T5544] kasan_save_free_info+0x2b/0x40
[ 107.873776][ T5544] ____kasan_slab_free+0xd6/0x120
[ 107.878805][ T5544] kmem_cache_free+0x2b5/0x580
[ 107.883602][ T5544] __destroy_extent_tree+0x307/0x730
[ 107.888893][ T5544] f2fs_destroy_extent_tree+0x17/0x30
[ 107.894365][ T5544] f2fs_evict_inode+0x467/0x1650
[ 107.899348][ T5544] evict+0x2a4/0x620
[ 107.903343][ T5544] f2fs_abort_atomic_write+0xda/0x440
[ 107.908739][ T5544] __f2fs_ioctl+0x315c/0xb2b0
[ 107.913440][ T5544] __se_sys_ioctl+0xf1/0x160
[ 107.918048][ T5544] do_syscall_64+0x41/0xc0
[ 107.922472][ T5544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 107.928369][ T5544]
[ 107.930693][ T5544] The buggy address belongs to the object at ffff88807f7585b0
[ 107.930693][ T5544] which belongs to the cache f2fs_extent_tree of size 144
[ 107.945270][ T5544] The buggy address is located 48 bytes inside of
[ 107.945270][ T5544] 144-byte region [ffff88807f7585b0, ffff88807f758640)
[ 107.958457][ T5544]
[ 107.960781][ T5544] The buggy address belongs to the physical page:
[ 107.967200][ T5544] page:ffffea0001fdd600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f758
[ 107.977354][ T5544] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 107.984924][ T5544] raw: 00fff00000000200 ffff88814616bdc0 dead000000000122 0000000000000000
[ 107.993601][ T5544] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000
[ 108.002201][ T5544] page dumped because: kasan: bad access detected
[ 108.008620][ T5544] page_owner tracks the page as allocated
[ 108.014590][ T5544] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5603, tgid 5602 (syz-executor.0), ts 104469031710, free_ts 104442588112
[ 108.036308][ T5544] get_page_from_freelist+0x3403/0x3580
[ 108.041888][ T5544] __alloc_pages+0x291/0x7e0
[ 108.046487][ T5544] alloc_slab_page+0x6a/0x160
[ 108.051279][ T5544] new_slab+0x84/0x2f0
[ 108.055368][ T5544] ___slab_alloc+0xa07/0x1000
[ 108.060081][ T5544] kmem_cache_alloc+0x1b0/0x280
[ 108.064970][ T5544] __grab_extent_tree+0x183/0x400
[ 108.070016][ T5544] f2fs_init_extent_tree+0x214/0x450
[ 108.075309][ T5544] f2fs_new_inode+0xdb4/0x1090
[ 108.080076][ T5544] f2fs_create+0x197/0x530
[ 108.084502][ T5544] path_openat+0x12b9/0x2e30
[ 108.089098][ T5544] do_filp_open+0x26d/0x500
[ 108.093615][ T5544] do_sys_openat2+0x128/0x4f0
[ 108.098386][ T5544] __x64_sys_openat+0x247/0x290
[ 108.103249][ T5544] do_syscall_64+0x41/0xc0
[ 108.107669][ T5544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 108.113606][ T5544] page last free stack trace:
[ 108.118274][ T5544] free_unref_page_prepare+0xf3a/0x1040
[ 108.123828][ T5544] free_unref_page+0x37/0x3f0
[ 108.128517][ T5544] __unfreeze_partials+0x1b1/0x1f0
[ 108.133645][ T5544] put_cpu_partial+0x106/0x170
[ 108.138433][ T5544] qlist_free_all+0x22/0x60
[ 108.143029][ T5544] kasan_quarantine_reduce+0x15a/0x170
[ 108.148493][ T5544] __kasan_slab_alloc+0x23/0x80
[ 108.153348][ T5544] slab_post_alloc_hook+0x68/0x390
[ 108.158470][ T5544] kmem_cache_alloc+0x12c/0x280
[ 108.163352][ T5544] add_free_nid+0xdc/0x700
[ 108.167797][ T5544] f2fs_build_free_nids+0xca3/0x1190
[ 108.173261][ T5544] f2fs_fill_super+0x46f3/0x6f30
[ 108.178219][ T5544] mount_bdev+0x271/0x3a0
[ 108.182565][ T5544] legacy_get_tree+0xef/0x190
[ 108.187439][ T5544] vfs_get_tree+0x8c/0x270
[ 108.191867][ T5544] do_new_mount+0x28f/0xae0
[ 108.196384][ T5544]
[ 108.198740][ T5544] Memory state around the buggy address:
[ 108.204388][ T5544] ffff88807f758480: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[ 108.212797][ T5544] ffff88807f758500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 108.220866][ T5544] >ffff88807f758580: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 108.229013][ T5544] ^
[ 108.236203][ T5544] ffff88807f758600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.244404][ T5544] ffff88807f758680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.252500][ T5544] ==================================================================
[ 108.261841][ T5544] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 108.264352][ T4387] Bluetooth: hci0: command 0x040f tx timeout
[ 108.275065][ T5544] CPU: 1 PID: 5544 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[ 108.286225][ T5544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 108.296337][ T5544] Call Trace:
[ 108.299635][ T5544]
[ 108.302570][ T5544] dump_stack_lvl+0x1b5/0x2a0
[ 108.307276][ T5544] ? nf_tcp_handle_invalid+0x640/0x640
[ 108.312749][ T5544] ? panic+0x720/0x720
[ 108.316829][ T5544] ? lock_release+0x106/0xa70
[ 108.321515][ T5544] ? vscnprintf+0x5d/0x80
[ 108.325848][ T5544] panic+0x2dc/0x720
[ 108.329756][ T5544] ? check_panic_on_warn+0x21/0xa0
[ 108.334874][ T5544] ? memcpy_page_flushcache+0x100/0x100
[ 108.340435][ T5544] ? _raw_spin_unlock_irqrestore+0xc0/0x120
[ 108.346344][ T5544] ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 108.352246][ T5544] ? _raw_spin_unlock+0x40/0x40
[ 108.357115][ T5544] ? rcu_read_lock_sched_held+0x61/0x110
[ 108.362847][ T5544] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 108.368844][ T5544] check_panic_on_warn+0x82/0xa0
[ 108.373790][ T5544] ? do_raw_write_trylock+0x72/0x1f0
[ 108.379083][ T5544] end_report+0xb2/0x160
[ 108.383335][ T5544] kasan_report+0xdb/0x100
[ 108.388020][ T5544] ? do_raw_write_trylock+0x72/0x1f0
[ 108.393332][ T5544] kasan_check_range+0x283/0x290
[ 108.398366][ T5544] do_raw_write_trylock+0x72/0x1f0
[ 108.403574][ T5544] ? do_raw_write_lock+0x4f0/0x4f0
[ 108.408694][ T5544] ? __rwlock_init+0x150/0x150
[ 108.413472][ T5544] ? f2fs_release_ino_entry+0x22f/0x260
[ 108.419292][ T5544] ? __lock_acquire+0x1f80/0x1f80
[ 108.424323][ T5544] _raw_write_trylock+0x20/0x70
[ 108.429214][ T5544] __shrink_extent_tree+0x5b9/0xc80
[ 108.434434][ T5544] ? _raw_spin_unlock+0x28/0x40
[ 108.439293][ T5544] ? f2fs_release_ino_entry+0x247/0x260
[ 108.444872][ T5544] f2fs_leave_shrinker+0x86/0x260
[ 108.449927][ T5544] f2fs_put_super+0x597/0xcb0
[ 108.454615][ T5544] ? f2fs_drop_inode+0x900/0x900
[ 108.459664][ T5544] ? clear_inode+0x150/0x150
[ 108.464280][ T5544] ? f2fs_drop_inode+0x900/0x900
[ 108.469498][ T5544] generic_shutdown_super+0x134/0x310
[ 108.474906][ T5544] kill_block_super+0x7e/0xe0
[ 108.479613][ T5544] kill_f2fs_super+0x303/0x3d0
[ 108.484436][ T5544] ? __up_read+0x670/0x670
[ 108.488871][ T5544] ? f2fs_mount+0x40/0x40
[ 108.493210][ T5544] ? unregister_shrinker+0x26a/0x320
[ 108.498504][ T5544] ? kfree+0x46/0x200
[ 108.502509][ T5544] ? unregister_shrinker+0x26a/0x320
[ 108.507822][ T5544] deactivate_locked_super+0xa4/0x110
[ 108.513207][ T5544] cleanup_mnt+0x490/0x520
[ 108.517649][ T5544] ? lockdep_hardirqs_on+0x90/0x130
[ 108.522955][ T5544] task_work_run+0x24a/0x300
[ 108.527556][ T5544] ? task_work_cancel+0x2b0/0x2b0
[ 108.532595][ T5544] ? exit_to_user_mode_loop+0x39/0xf0
[ 108.537977][ T5544] exit_to_user_mode_loop+0xd1/0xf0
[ 108.543199][ T5544] exit_to_user_mode_prepare+0xb1/0x140
[ 108.548753][ T5544] syscall_exit_to_user_mode+0x54/0x2d0
[ 108.554321][ T5544] do_syscall_64+0x4d/0xc0
[ 108.558743][ T5544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 108.564730][ T5544] RIP: 0033:0x7fba8688d537
[ 108.569166][ T5544] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 108.589316][ T5544] RSP: 002b:00007ffc7567f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 108.598087][ T5544] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fba8688d537
[ 108.606087][ T5544] RDX: 00007ffc7567f819 RSI: 000000000000000a RDI: 00007ffc7567f810
[ 108.614066][ T5544] RBP: 00007ffc7567f810 R08: 00000000ffffffff R09: 00007ffc7567f5e0
[ 108.622136][ T5544] R10: 00005555569a08b3 R11: 0000000000000246 R12: 00007fba868e6b24
[ 108.630111][ T5544] R13: 00007ffc756808d0 R14: 00005555569a0810 R15: 00007ffc75680910
[ 108.638099][ T5544]
[ 108.641370][ T5544] Kernel Offset: disabled
[ 108.645704][ T5544] Rebooting in 86400 seconds..