./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3783126237

<...>
Warning: Permanently added '10.128.1.79' (ECDSA) to the list of known hosts.
execve("./syz-executor3783126237", ["./syz-executor3783126237"], 0x7fff8f124650 /* 10 vars */) = 0
brk(NULL)                               = 0x555555dd8000
brk(0x555555dd8c40)                     = 0x555555dd8c40
arch_prctl(ARCH_SET_FS, 0x555555dd8300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3783126237", 4096) = 28
brk(0x555555df9c40)                     = 0x555555df9c40
brk(0x555555dfa000)                     = 0x555555dfa000
mprotect(0x7fad755a2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dd85d0) = 293
./strace-static-x86_64: Process 293 attached
[pid   293] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   293] setsid()                    = 1
[pid   293] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   293] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   293] unshare(CLONE_NEWNS)        = 0
[pid   293] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   293] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   293] unshare(CLONE_NEWCGROUP)    = 0
[pid   293] unshare(CLONE_NEWUTS)       = 0
[pid   293] unshare(CLONE_SYSVSEM)      = 0
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   293] getpid()                    = 1
[pid   293] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   293] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   293] unshare(CLONE_NEWNET)       = 0
[pid   293] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   293] write(3, "0 65535", 7)      = 7
[pid   293] close(3)                    = 0
[pid   293] mkdir("/dev/binderfs", 0777) = 0
[pid   293] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   293] symlink("/dev/binderfs", "./binderfs") = 0
[pid   293] memfd_create("syzkaller", 0) = 3
[pid   293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fad6d0d7000
[   22.721938][   T28] audit: type=1400 audit(1686100240.148:66): avc:  denied  { execmem } for  pid=292 comm="syz-executor378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   22.726257][   T28] audit: type=1400 audit(1686100240.158:67): avc:  denied  { mounton } for  pid=293 comm="syz-executor378" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   22.734017][   T28] audit: type=1400 audit(1686100240.158:68): avc:  denied  { mount } for  pid=293 comm="syz-executor378" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   22.741064][   T28] audit: type=1400 audit(1686100240.158:69): avc:  denied  { mounton } for  pid=293 comm="syz-executor378" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   22.760338][   T28] audit: type=1400 audit(1686100240.168:70): avc:  denied  { mounton } for  pid=293 comm="syz-executor378" path="/dev/binderfs" dev="devtmpfs" ino=368 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   22.783376][   T28] audit: type=1400 audit(1686100240.168:71): avc:  denied  { mount } for  pid=293 comm="syz-executor378" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[pid   293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864) = 67108864
[pid   293] munmap(0x7fad6d0d7000, 67108864) = 0
[pid   293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   23.111815][   T28] audit: type=1400 audit(1686100240.538:72): avc:  denied  { read write } for  pid=293 comm="syz-executor378" name="loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.112325][  T293] loop0: detected capacity change from 0 to 131072
[pid   293] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   293] close(3)                    = 0
[pid   293] mkdir("./file0", 0777)      = 0
[   23.136196][   T28] audit: type=1400 audit(1686100240.538:73): avc:  denied  { open } for  pid=293 comm="syz-executor378" path="/dev/loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.144893][  T293] F2FS-fs (loop0): invalid crc value
[   23.166930][   T28] audit: type=1400 audit(1686100240.538:74): avc:  denied  { ioctl } for  pid=293 comm="syz-executor378" path="/dev/loop0" dev="devtmpfs" ino=113 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid   293] mount("/dev/loop0", "./file0", "f2fs", MS_SYNCHRONOUS, "") = 0
[pid   293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid   293] chdir("./file0")            = 0
[pid   293] ioctl(4, LOOP_CLR_FD)       = 0
[pid   293] close(4)                    = 0
[pid   293] open("./file2", O_RDONLY)   = 4
[pid   293] ioctl(4, _IOC(_IOC_NONE, 0xf5, 0x19, 0), 0) = 0
[pid   293] close(3)                    = 0
[pid   293] close(4)                    = 0
[pid   293] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   293] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   293] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   293] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   293] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   293] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   293] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   293] exit_group(1)               = ?
[   23.197047][   T28] audit: type=1400 audit(1686100240.568:75): avc:  denied  { mounton } for  pid=293 comm="syz-executor378" path="/root/file0" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   23.198500][  T293] F2FS-fs (loop0): Found nat_bits in checkpoint
[   23.252487][  T293] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   23.291205][  T293] ------------[ cut here ]------------
[   23.296499][  T293] WARNING: CPU: 1 PID: 293 at fs/f2fs/inode.c:869 f2fs_evict_inode+0x11a5/0x1480
[   23.305462][  T293] Modules linked in:
[   23.309154][  T293] CPU: 1 PID: 293 Comm: syz-executor378 Not tainted 6.1.25-syzkaller-00355-g312dfb3b7ec3 #0
[   23.319156][  T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   23.329070][  T293] RIP: 0010:f2fs_evict_inode+0x11a5/0x1480
[   23.334689][  T293] Code: 4e ff eb 0f e8 3c 18 4e ff 49 bf 00 00 00 00 00 fc ff df 48 8b 5c 24 28 4c 89 ef e8 25 2c 03 00 e9 79 fc ff ff e8 1b 18 4e ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 7c 9a 93 ff f0 41 80 0e 04 e9 56
[   23.354174][  T293] RSP: 0018:ffffc90000e77760 EFLAGS: 00010293
[   23.360051][  T293] RAX: ffffffff82259945 RBX: 0000000000000002 RCX: ffff88810e07df00
[   23.367841][  T293] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   23.375662][  T293] RBP: ffffc90000e778d0 R08: ffffffff822595a5 R09: ffffed10216ff9bf
[   23.383447][  T293] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810b7fcb68
[   23.391280][  T293] R13: ffff88810b7fcb40 R14: ffff88810d0ec068 R15: dffffc0000000000
[   23.399099][  T293] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   23.407858][  T293] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.414264][  T293] CR2: 00007fad75567408 CR3: 000000000660f000 CR4: 00000000003506a0
[   23.422097][  T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.429895][  T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.437724][  T293] Call Trace:
[   23.440821][  T293]  <TASK>
[   23.443597][  T293]  ? f2fs_write_inode+0x500/0x500
[   23.448476][  T293]  ? bit_waitqueue+0x30/0x30
[   23.452887][  T293]  ? locks_free_lock_context+0x42/0x70
[   23.458205][  T293]  ? __destroy_inode+0x35f/0x4e0
[   23.462950][  T293]  ? f2fs_write_inode+0x500/0x500
[   23.467850][  T293]  evict+0x2a3/0x630
[   23.471555][  T293]  evict_inodes+0x5d1/0x650
[   23.475996][  T293]  ? clear_inode+0x150/0x150
[   23.480409][  T293]  generic_shutdown_super+0x97/0x370
[   23.485563][  T293]  kill_block_super+0x7e/0xe0
[   23.490031][  T293]  kill_f2fs_super+0x2f9/0x3c0
[   23.494648][  T293]  ? radix_tree_delete_item+0x2f1/0x3f0
[   23.500010][  T293]  ? f2fs_mount+0x40/0x40
[   23.504263][  T293]  ? unregister_shrinker+0x243/0x2e0
[   23.509404][  T293]  deactivate_locked_super+0xa5/0x110
[   23.514608][  T293]  deactivate_super+0xbe/0xf0
[   23.519105][  T293]  cleanup_mnt+0x485/0x510
[   23.523360][  T293]  __cleanup_mnt+0x19/0x20
[   23.527641][  T293]  task_work_run+0x24d/0x2e0
[   23.532561][  T293]  ? kmem_cache_free+0x291/0x510
[   23.537356][  T293]  ? task_work_cancel+0x2b0/0x2b0
[   23.542193][  T293]  ? free_nsproxy+0x20d/0x260
[   23.546733][  T293]  ? exit_task_namespaces+0xb4/0xd0
[   23.551741][  T293]  do_exit+0xbc5/0x2a40
[   23.555842][  T293]  ? put_task_struct+0x80/0x80
[   23.560423][  T293]  ? __kasan_check_write+0x14/0x20
[   23.565388][  T293]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   23.570315][  T293]  ? _raw_spin_lock_irqsave+0x210/0x210
[   23.575724][  T293]  ? zap_other_threads+0x29c/0x2d0
[   23.580648][  T293]  do_group_exit+0x21a/0x2d0
[   23.585180][  T293]  __x64_sys_exit_group+0x3f/0x40
[   23.590016][  T293]  do_syscall_64+0x3d/0xb0
[   23.594269][  T293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   23.600019][  T293] RIP: 0033:0x7fad75522a09
[   23.604251][  T293] Code: Unable to access opcode bytes at 0x7fad755229df.
[   23.611129][  T293] RSP: 002b:00007ffcbaf04e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   23.619364][  T293] RAX: ffffffffffffffda RBX: 00007fad755a8330 RCX: 00007fad75522a09
[   23.627181][  T293] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   23.635001][  T293] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fad755a2e40
[   23.642785][  T293] R10: 0000000000010600 R11: 0000000000000246 R12: 00007fad755a8330
[   23.650619][  T293] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   23.658425][  T293]  </TASK>
[   23.661273][  T293] ---[ end trace 0000000000000000 ]---
[   23.704367][  T293] ==================================================================
[   23.712369][  T293] BUG: KASAN: use-after-free in _raw_spin_lock+0x97/0x1b0
[   23.719304][  T293] Write of size 4 at addr ffff88810b7fcbc8 by task syz-executor378/293
[   23.727375][  T293] 
[   23.729550][  T293] CPU: 1 PID: 293 Comm: syz-executor378 Tainted: G        W          6.1.25-syzkaller-00355-g312dfb3b7ec3 #0
[   23.740915][  T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   23.750816][  T293] Call Trace:
[   23.753943][  T293]  <TASK>
[   23.756714][  T293]  dump_stack_lvl+0x151/0x1b7
[   23.761235][  T293]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   23.766606][  T293]  ? _printk+0xd1/0x111
[   23.770599][  T293]  ? __virt_addr_valid+0x242/0x2f0
[   23.775549][  T293]  print_report+0x158/0x4e0
[   23.779911][  T293]  ? __virt_addr_valid+0x242/0x2f0
[   23.784834][  T293]  ? kasan_complete_mode_report_info+0x90/0x1b0
[   23.790912][  T293]  ? _raw_spin_lock+0x97/0x1b0
[   23.795509][  T293]  kasan_report+0x13c/0x170
[   23.799993][  T293]  ? _raw_spin_lock+0x97/0x1b0
[   23.804539][  T293]  kasan_check_range+0x294/0x2a0
[   23.809310][  T293]  __kasan_check_write+0x14/0x20
[   23.814084][  T293]  _raw_spin_lock+0x97/0x1b0
[   23.818507][  T293]  ? _raw_spin_trylock_bh+0x190/0x190
[   23.823718][  T293]  ? _raw_spin_lock+0xa4/0x1b0
[   23.828318][  T293]  ? _raw_spin_trylock_bh+0x190/0x190
[   23.833527][  T293]  igrab+0x20/0xa0
[   23.837082][  T293]  f2fs_write_checkpoint+0xdab/0x2410
[   23.842307][  T293]  ? f2fs_get_sectors_written+0x4c0/0x4c0
[   23.847856][  T293]  f2fs_issue_checkpoint+0x2e5/0x4f0
[   23.852986][  T293]  ? f2fs_destroy_checkpoint_caches+0x30/0x30
[   23.858868][  T293]  ? sync_inodes_sb+0x7c8/0x8a0
[   23.863553][  T293]  ? filemap_flush+0x11a/0x170
[   23.868154][  T293]  ? try_to_writeback_inodes_sb+0xc0/0xc0
[   23.873716][  T293]  f2fs_sync_fs+0x186/0x2f0
[   23.878049][  T293]  sync_filesystem+0x1cf/0x250
[   23.882660][  T293]  f2fs_quota_off_umount+0x20e/0x220
[   23.887775][  T293]  f2fs_put_super+0xbe/0xce0
[   23.892207][  T293]  ? f2fs_drop_inode+0xa10/0xa10
[   23.897057][  T293]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   23.902612][  T293]  ? clear_inode+0x150/0x150
[   23.907040][  T293]  ? fscrypt_destroy_keyring+0x273/0x290
[   23.912508][  T293]  ? f2fs_drop_inode+0xa10/0xa10
[   23.917375][  T293]  generic_shutdown_super+0x14f/0x370
[   23.922572][  T293]  kill_block_super+0x7e/0xe0
[   23.927087][  T293]  kill_f2fs_super+0x2f9/0x3c0
[   23.931695][  T293]  ? radix_tree_delete_item+0x2f1/0x3f0
[   23.937068][  T293]  ? f2fs_mount+0x40/0x40
[   23.941234][  T293]  ? unregister_shrinker+0x243/0x2e0
[   23.946354][  T293]  deactivate_locked_super+0xa5/0x110
[   23.951570][  T293]  deactivate_super+0xbe/0xf0
[   23.956077][  T293]  cleanup_mnt+0x485/0x510
[   23.960329][  T293]  __cleanup_mnt+0x19/0x20
[   23.964582][  T293]  task_work_run+0x24d/0x2e0
[   23.969008][  T293]  ? kmem_cache_free+0x291/0x510
[   23.973785][  T293]  ? task_work_cancel+0x2b0/0x2b0
[   23.978641][  T293]  ? free_nsproxy+0x20d/0x260
[   23.983157][  T293]  ? exit_task_namespaces+0xb4/0xd0
[   23.988188][  T293]  do_exit+0xbc5/0x2a40
[   23.992198][  T293]  ? put_task_struct+0x80/0x80
[   23.996784][  T293]  ? __kasan_check_write+0x14/0x20
[   24.001728][  T293]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   24.006677][  T293]  ? _raw_spin_lock_irqsave+0x210/0x210
[   24.012058][  T293]  ? zap_other_threads+0x29c/0x2d0
[   24.017006][  T293]  do_group_exit+0x21a/0x2d0
[   24.021431][  T293]  __x64_sys_exit_group+0x3f/0x40
[   24.026290][  T293]  do_syscall_64+0x3d/0xb0
[   24.030571][  T293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.036276][  T293] RIP: 0033:0x7fad75522a09
[   24.040524][  T293] Code: Unable to access opcode bytes at 0x7fad755229df.
[   24.047384][  T293] RSP: 002b:00007ffcbaf04e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   24.055823][  T293] RAX: ffffffffffffffda RBX: 00007fad755a8330 RCX: 00007fad75522a09
[   24.063631][  T293] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   24.071452][  T293] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fad755a2e40
[   24.079254][  T293] R10: 0000000000010600 R11: 0000000000000246 R12: 00007fad755a8330
[   24.087067][  T293] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   24.094878][  T293]  </TASK>
[   24.097739][  T293] 
[   24.099907][  T293] Allocated by task 293:
[   24.103996][  T293]  kasan_set_track+0x4b/0x70
[   24.108422][  T293]  kasan_save_alloc_info+0x1f/0x30
[   24.113361][  T293]  __kasan_slab_alloc+0x6c/0x80
[   24.118137][  T293]  slab_post_alloc_hook+0x53/0x2c0
[   24.123082][  T293]  kmem_cache_alloc_lru+0x102/0x220
[   24.128119][  T293]  f2fs_alloc_inode+0x2d/0x350
[   24.132726][  T293]  iget_locked+0x18c/0x7e0
[   24.136968][  T293]  f2fs_iget+0x55/0x4df0
[   24.141051][  T293]  f2fs_lookup+0x410/0xd80
[   24.145305][  T293]  path_openat+0x10fd/0x2d60
[   24.149729][  T293]  do_filp_open+0x230/0x480
[   24.154066][  T293]  do_sys_openat2+0x13f/0x850
[   24.158578][  T293]  __x64_sys_open+0x221/0x270
[   24.163093][  T293]  do_syscall_64+0x3d/0xb0
[   24.167346][  T293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.173074][  T293] 
[   24.175245][  T293] Freed by task 293:
[   24.178979][  T293]  kasan_set_track+0x4b/0x70
[   24.183405][  T293]  kasan_save_free_info+0x2b/0x40
[   24.188266][  T293]  ____kasan_slab_free+0x131/0x180
[   24.193213][  T293]  __kasan_slab_free+0x11/0x20
[   24.197813][  T293]  kmem_cache_free+0x291/0x510
[   24.202411][  T293]  f2fs_free_inode+0x24/0x30
[   24.206837][  T293]  i_callback+0x4b/0x70
[   24.210831][  T293]  rcu_do_batch+0x515/0xb60
[   24.215174][  T293]  rcu_core+0x4eb/0xf10
[   24.219161][  T293]  rcu_core_si+0x9/0x10
[   24.223154][  T293]  __do_softirq+0x1d8/0x661
[   24.227496][  T293] 
[   24.229666][  T293] Last potentially related work creation:
[   24.235404][  T293]  kasan_save_stack+0x3b/0x60
[   24.239992][  T293]  __kasan_record_aux_stack+0xb4/0xc0
[   24.245209][  T293]  kasan_record_aux_stack_noalloc+0xb/0x10
[   24.250842][  T293]  call_rcu+0xec/0x1230
[   24.254834][  T293]  evict+0x5df/0x630
[   24.258566][  T293]  evict_inodes+0x5d1/0x650
[   24.262908][  T293]  generic_shutdown_super+0x97/0x370
[   24.268034][  T293]  kill_block_super+0x7e/0xe0
[   24.272541][  T293]  kill_f2fs_super+0x2f9/0x3c0
[   24.277141][  T293]  deactivate_locked_super+0xa5/0x110
[   24.282349][  T293]  deactivate_super+0xbe/0xf0
[   24.286863][  T293]  cleanup_mnt+0x485/0x510
[   24.291112][  T293]  __cleanup_mnt+0x19/0x20
[   24.295364][  T293]  task_work_run+0x24d/0x2e0
[   24.299932][  T293]  do_exit+0xbc5/0x2a40
[   24.303967][  T293]  do_group_exit+0x21a/0x2d0
[   24.308395][  T293]  __x64_sys_exit_group+0x3f/0x40
[   24.313247][  T293]  do_syscall_64+0x3d/0xb0
[   24.317501][  T293]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   24.323312][  T293] 
[   24.325493][  T293] The buggy address belongs to the object at ffff88810b7fcb40
[   24.325493][  T293]  which belongs to the cache f2fs_inode_cache of size 1248
[   24.339893][  T293] The buggy address is located 136 bytes inside of
[   24.339893][  T293]  1248-byte region [ffff88810b7fcb40, ffff88810b7fd020)
[   24.353103][  T293] 
[   24.355253][  T293] The buggy address belongs to the physical page:
[   24.361505][  T293] page:ffffea00042dfe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b7f8
[   24.371570][  T293] head:ffffea00042dfe00 order:3 compound_mapcount:0 compound_pincount:0
[   24.379734][  T293] flags: 0x4000000000010200(slab|head|zone=1)
[   24.385642][  T293] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810b1c0c80
[   24.394065][  T293] raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
[   24.402655][  T293] page dumped because: kasan: bad access detected
[   24.408903][  T293] page_owner tracks the page as allocated
[   24.414448][  T293] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 293, tgid 293 (syz-executor378), ts 23261688081, free_ts 0
[   24.435804][  T293]  post_alloc_hook+0x213/0x220
[   24.440397][  T293]  get_page_from_freelist+0x2527/0x2600
[   24.445778][  T293]  __alloc_pages+0x3a1/0x780
[   24.450222][  T293]  new_slab+0xce/0x4c0
[   24.454132][  T293]  ___slab_alloc+0x6f9/0xb80
[   24.458535][  T293]  __slab_alloc+0x5d/0xa0
[   24.462701][  T293]  kmem_cache_alloc_lru+0x144/0x220
[   24.467752][  T293]  f2fs_alloc_inode+0x2d/0x350
[   24.472335][  T293]  iget_locked+0x18c/0x7e0
[   24.476597][  T293]  f2fs_iget+0x55/0x4df0
[   24.480680][  T293]  f2fs_lookup+0x410/0xd80
[   24.484920][  T293]  path_openat+0x10fd/0x2d60
[   24.489346][  T293]  do_filp_open+0x230/0x480
[   24.493812][  T293]  do_sys_openat2+0x13f/0x850
[   24.498741][  T293]  __x64_sys_open+0x221/0x270
[   24.503256][  T293]  do_syscall_64+0x3d/0xb0
[   24.507513][  T293] page_owner free stack trace missing
[   24.512734][  T293] 
[   24.514887][  T293] Memory state around the buggy address:
[   24.520443][  T293]  ffff88810b7fca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.528366][  T293]  ffff88810b7fcb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   24.536260][  T293] >ffff88810b7fcb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.544136][  T293]                                               ^
[   24.550394][  T293]  ffff88810b7fcc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.558284][  T293]  ffff88810b7fcc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.566182][  T293] ==================================================================
[   24.574217][  T293] Disabling lock debugging due to kernel taint