./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor140449127

<...>
Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts.
execve("./syz-executor140449127", ["./syz-executor140449127"], 0x7ffe8ac812a0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555570e6000
brk(0x5555570e6d00)                     = 0x5555570e6d00
arch_prctl(ARCH_SET_FS, 0x5555570e6380) = 0
set_tid_address(0x5555570e6650)         = 295
set_robust_list(0x5555570e6660, 24)     = 0
rseq(0x5555570e6ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor140449127", 4096) = 27
getrandom("\xd6\xb8\xc6\x59\xa8\x1b\x69\x2c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555570e6d00
brk(0x555557107d00)                     = 0x555557107d00
brk(0x555557108000)                     = 0x555557108000
mprotect(0x7fd6a910f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570e6650) = 296
./strace-static-x86_64: Process 296 attached
[pid   296] set_robust_list(0x5555570e6660, 24) = 0
[pid   296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   296] setsid()                    = 1
[pid   296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   296] unshare(CLONE_NEWNS)        = 0
[pid   296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   296] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   296] unshare(CLONE_NEWCGROUP)    = 0
[pid   296] unshare(CLONE_NEWUTS)       = 0
[pid   296] unshare(CLONE_SYSVSEM)      = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   296] getpid()                    = 1
[pid   296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   296] unshare(CLONE_NEWNET)       = 0
[pid   296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   296] write(3, "0 65535", 7)      = 7
[pid   296] close(3)                    = 0
[pid   296] mkdir("/dev/binderfs", 0777) = 0
[pid   296] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   296] symlink("/dev/binderfs", "./binderfs") = 0
[pid   296] memfd_create("syzkaller", 0) = 3
[pid   296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd6a0c4d000
[   23.324013][   T30] audit: type=1400 audit(1703355588.947:66): avc:  denied  { execmem } for  pid=295 comm="syz-executor140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   23.343758][   T30] audit: type=1400 audit(1703355588.947:67): avc:  denied  { mounton } for  pid=296 comm="syz-executor140" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   23.367932][   T30] audit: type=1400 audit(1703355588.947:68): avc:  denied  { mount } for  pid=296 comm="syz-executor140" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   23.390327][   T30] audit: type=1400 audit(1703355588.947:69): avc:  denied  { mounton } for  pid=296 comm="syz-executor140" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   23.411917][   T30] audit: type=1400 audit(1703355588.967:70): avc:  denied  { mounton } for  pid=296 comm="syz-executor140" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   23.435481][   T30] audit: type=1400 audit(1703355588.967:71): avc:  denied  { mount } for  pid=296 comm="syz-executor140" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[pid   296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864) = 67108864
[pid   296] munmap(0x7fd6a0c4d000, 138412032) = 0
[pid   296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   296] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   296] close(3)                    = 0
[pid   296] mkdir("./file2", 0777)      = 0
[   23.677454][   T30] audit: type=1400 audit(1703355589.297:72): avc:  denied  { read write } for  pid=296 comm="syz-executor140" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.678225][  T296] loop0: detected capacity change from 0 to 131072
[   23.701758][   T30] audit: type=1400 audit(1703355589.297:73): avc:  denied  { open } for  pid=296 comm="syz-executor140" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.710582][  T296] F2FS-fs (loop0): Invalid log sectors per block(124) log sectorsize(9)
[   23.732205][   T30] audit: type=1400 audit(1703355589.297:74): avc:  denied  { ioctl } for  pid=296 comm="syz-executor140" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   23.742669][  T296] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   23.765516][   T30] audit: type=1400 audit(1703355589.337:75): avc:  denied  { mounton } for  pid=296 comm="syz-executor140" path="/root/file2" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   23.797180][  T296] F2FS-fs (loop0): invalid crc value
[   23.803894][  T296] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (9621037545273099749, 1067266233009637)
[   23.816573][  T296] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[pid   296] mount("/dev/loop0", "./file2", "f2fs", 0, "") = 0
[pid   296] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3
[pid   296] chdir("./file2")            = 0
[pid   296] ioctl(4, LOOP_CLR_FD)       = 0
[pid   296] close(4)                    = 0
[pid   296] open("./file2", O_RDONLY)   = 4
[pid   296] ioctl(4, _IOC(_IOC_NONE, 0xf5, 0x19, 0), 0) = 0
[pid   296] close(3)                    = 0
[pid   296] close(4)                    = 0
[pid   296] close(5)                    = -1 EBADF (Bad file descriptor)
[pid   296] close(6)                    = -1 EBADF (Bad file descriptor)
[pid   296] close(7)                    = -1 EBADF (Bad file descriptor)
[pid   296] close(8)                    = -1 EBADF (Bad file descriptor)
[pid   296] close(9)                    = -1 EBADF (Bad file descriptor)
[pid   296] close(10)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(11)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(12)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(13)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(14)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(15)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(16)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(17)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(18)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(19)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(20)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(21)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(22)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(23)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(24)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(25)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(26)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(27)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(28)                   = -1 EBADF (Bad file descriptor)
[pid   296] close(29)                   = -1 EBADF (Bad file descriptor)
[pid   296] exit_group(1)               = ?
[   23.833624][  T296] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   23.840911][  T296] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   23.864968][  T296] ------------[ cut here ]------------
[   23.870497][  T296] WARNING: CPU: 0 PID: 296 at fs/f2fs/inode.c:850 f2fs_evict_inode+0x1191/0x1470
[   23.879791][  T296] Modules linked in:
[   23.883505][  T296] CPU: 0 PID: 296 Comm: syz-executor140 Not tainted 5.15.141-syzkaller-00899-g28e3f5851a99 #0
[   23.893801][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   23.903824][  T296] RIP: 0010:f2fs_evict_inode+0x1191/0x1470
[   23.909637][  T296] Code: 53 ff eb 0f e8 b0 be 53 ff 49 bf 00 00 00 00 00 fc ff df 48 8b 5c 24 28 4c 89 ef e8 09 22 03 00 e9 a1 fc ff ff e8 8f be 53 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 a0 c6 95 ff f0 41 80 0e 04 e9 7e
[   23.930306][  T296] RSP: 0018:ffffc9000074f800 EFLAGS: 00010293
[   23.936221][  T296] RAX: ffffffff821c4591 RBX: 0000000000000002 RCX: ffff888117708000
[   23.944057][  T296] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   23.951867][  T296] RBP: ffffc9000074f970 R08: ffffffff821c4219 R09: ffffed1021237125
[   23.959879][  T296] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881091b8638
[   23.967800][  T296] R13: ffff8881091b8610 R14: ffff8881184d0078 R15: dffffc0000000000
[   23.975622][  T296] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   23.984406][  T296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.991278][  T296] CR2: 000055779d57f498 CR3: 000000010c49f000 CR4: 00000000003506b0
[   24.002355][  T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.010733][  T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.018558][  T296] Call Trace:
[   24.021714][  T296]  <TASK>
[   24.024618][  T296]  ? show_regs+0x58/0x60
[   24.028755][  T296]  ? __warn+0x160/0x2f0
[   24.033763][  T296]  ? f2fs_evict_inode+0x1191/0x1470
[   24.039237][  T296]  ? report_bug+0x3d9/0x5b0
[   24.043772][  T296]  ? f2fs_evict_inode+0x1191/0x1470
[   24.048832][  T296]  ? handle_bug+0x41/0x70
[   24.052998][  T296]  ? exc_invalid_op+0x1b/0x50
[   24.057561][  T296]  ? asm_exc_invalid_op+0x1b/0x20
[   24.062542][  T296]  ? f2fs_evict_inode+0xe19/0x1470
[   24.067426][  T296]  ? f2fs_evict_inode+0x1191/0x1470
[   24.072535][  T296]  ? f2fs_evict_inode+0x1191/0x1470
[   24.077502][  T296]  ? _raw_spin_unlock+0x4d/0x70
[   24.082337][  T296]  ? f2fs_write_inode+0x5d0/0x5d0
[   24.087138][  T296]  ? bit_waitqueue+0x30/0x30
[   24.091716][  T296]  ? locks_free_lock_context+0x42/0x70
[   24.097479][  T296]  ? __destroy_inode+0x35f/0x4e0
[   24.104261][  T296]  ? f2fs_write_inode+0x5d0/0x5d0
[   24.109143][  T296]  evict+0x2a3/0x630
[   24.113017][  T296]  evict_inodes+0x5db/0x660
[   24.117865][  T296]  ? clear_inode+0x150/0x150
[   24.123048][  T296]  generic_shutdown_super+0x9c/0x2e0
[   24.129748][  T296]  kill_block_super+0x7e/0xe0
[   24.134877][  T296]  kill_f2fs_super+0x2f9/0x3c0
[   24.139550][  T296]  ? f2fs_mount+0x40/0x40
[   24.144756][  T296]  ? unregister_shrinker+0x23c/0x2d0
[   24.150188][  T296]  deactivate_locked_super+0xad/0x110
[   24.155443][  T296]  deactivate_super+0xbe/0xf0
[   24.160017][  T296]  cleanup_mnt+0x45c/0x510
[   24.164212][  T296]  __cleanup_mnt+0x19/0x20
[   24.168679][  T296]  task_work_run+0x129/0x190
[   24.173061][  T296]  do_exit+0xc48/0x2ca0
[   24.177061][  T296]  ? put_task_struct+0x80/0x80
[   24.181837][  T296]  ? ptrace_notify+0x24c/0x350
[   24.186344][  T296]  ? do_notify_parent+0xa30/0xa30
[   24.191403][  T296]  do_group_exit+0x141/0x310
[   24.195816][  T296]  __x64_sys_exit_group+0x3f/0x40
[   24.200738][  T296]  do_syscall_64+0x3d/0xb0
[   24.204938][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.210686][  T296] RIP: 0033:0x7fd6a9089a09
[   24.214927][  T296] Code: Unable to access opcode bytes at RIP 0x7fd6a90899df.
[   24.222143][  T296] RSP: 002b:00007ffeda018d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   24.230631][  T296] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd6a9089a09
[   24.238674][  T296] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   24.246457][  T296] RBP: 00007fd6a9115390 R08: ffffffffffffffb8 R09: 00007ffeda018e60
[   24.254368][  T296] R10: 000000000001063a R11: 0000000000000246 R12: 00007fd6a9115390
[   24.262925][  T296] R13: 0000000000000000 R14: 00007fd6a9116100 R15: 00007fd6a9057ce0
[   24.270846][  T296]  </TASK>
[   24.273691][  T296] ---[ end trace ff080d703fec6b03 ]---
[   24.328035][  T296] ==================================================================
[   24.335923][  T296] BUG: KASAN: use-after-free in _raw_spin_lock+0x97/0x1b0
[   24.342887][  T296] Write of size 4 at addr ffff8881091b8698 by task syz-executor140/296
[   24.350928][  T296] 
[   24.353099][  T296] CPU: 0 PID: 296 Comm: syz-executor140 Tainted: G        W         5.15.141-syzkaller-00899-g28e3f5851a99 #0
[   24.364558][  T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   24.374450][  T296] Call Trace:
[   24.377574][  T296]  <TASK>
[   24.380381][  T296]  dump_stack_lvl+0x151/0x1b7
[   24.384865][  T296]  ? io_uring_drop_tctx_refs+0x190/0x190
[   24.390333][  T296]  ? __wake_up_klogd+0xd5/0x110
[   24.395020][  T296]  ? panic+0x751/0x751
[   24.398926][  T296]  print_address_description+0x87/0x3b0
[   24.404393][  T296]  kasan_report+0x179/0x1c0
[   24.408819][  T296]  ? _raw_spin_lock+0x97/0x1b0
[   24.413439][  T296]  ? _raw_spin_lock+0x97/0x1b0
[   24.418021][  T296]  kasan_check_range+0x293/0x2a0
[   24.422889][  T296]  __kasan_check_write+0x14/0x20
[   24.427665][  T296]  _raw_spin_lock+0x97/0x1b0
[   24.432082][  T296]  ? _raw_spin_trylock_bh+0x190/0x190
[   24.437289][  T296]  ? _raw_spin_lock+0xa4/0x1b0
[   24.441888][  T296]  ? _raw_spin_trylock_bh+0x190/0x190
[   24.447094][  T296]  ? remove_wait_queue+0x140/0x140
[   24.452045][  T296]  igrab+0x20/0xa0
[   24.455599][  T296]  f2fs_sync_inode_meta+0x14d/0x2a0
[   24.460634][  T296]  f2fs_write_checkpoint+0xab4/0x1fb0
[   24.465842][  T296]  ? f2fs_get_sectors_written+0x500/0x500
[   24.471397][  T296]  ? rwsem_write_trylock+0x15b/0x290
[   24.476518][  T296]  ? __kasan_check_write+0x14/0x20
[   24.481477][  T296]  ? mutex_unlock+0xb2/0x260
[   24.485891][  T296]  f2fs_issue_checkpoint+0x31b/0x4d0
[   24.491030][  T296]  ? f2fs_destroy_checkpoint_caches+0x30/0x30
[   24.497349][  T296]  ? sync_inodes_sb+0x7cd/0x8b0
[   24.502295][  T296]  ? try_to_writeback_inodes_sb+0xc0/0xc0
[   24.507937][  T296]  f2fs_sync_fs+0x186/0x2f0
[   24.512275][  T296]  sync_filesystem+0x1cf/0x250
[   24.516874][  T296]  f2fs_quota_off_umount+0x20e/0x220
[   24.521997][  T296]  ? f2fs_drop_inode+0xa20/0xa20
[   24.526770][  T296]  f2fs_put_super+0xb9/0xc10
[   24.531198][  T296]  ? f2fs_drop_inode+0xa20/0xa20
[   24.535973][  T296]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   24.541700][  T296]  ? clear_inode+0x150/0x150
[   24.546127][  T296]  ? fscrypt_destroy_keyring+0x287/0x2a0
[   24.551594][  T296]  ? f2fs_drop_inode+0xa20/0xa20
[   24.556367][  T296]  generic_shutdown_super+0x157/0x2e0
[   24.561576][  T296]  kill_block_super+0x7e/0xe0
[   24.566088][  T296]  kill_f2fs_super+0x2f9/0x3c0
[   24.571039][  T296]  ? f2fs_mount+0x40/0x40
[   24.575234][  T296]  ? unregister_shrinker+0x23c/0x2d0
[   24.580522][  T296]  deactivate_locked_super+0xad/0x110
[   24.585727][  T296]  deactivate_super+0xbe/0xf0
[   24.590240][  T296]  cleanup_mnt+0x45c/0x510
[   24.594494][  T296]  __cleanup_mnt+0x19/0x20
[   24.598747][  T296]  task_work_run+0x129/0x190
[   24.603260][  T296]  do_exit+0xc48/0x2ca0
[   24.607253][  T296]  ? put_task_struct+0x80/0x80
[   24.611852][  T296]  ? ptrace_notify+0x24c/0x350
[   24.616464][  T296]  ? do_notify_parent+0xa30/0xa30
[   24.621927][  T296]  do_group_exit+0x141/0x310
[   24.626350][  T296]  __x64_sys_exit_group+0x3f/0x40
[   24.631208][  T296]  do_syscall_64+0x3d/0xb0
[   24.635551][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.641796][  T296] RIP: 0033:0x7fd6a9089a09
[   24.646054][  T296] Code: Unable to access opcode bytes at RIP 0x7fd6a90899df.
[   24.653254][  T296] RSP: 002b:00007ffeda018d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   24.661500][  T296] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd6a9089a09
[   24.669313][  T296] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   24.677122][  T296] RBP: 00007fd6a9115390 R08: ffffffffffffffb8 R09: 00007ffeda018e60
[   24.684939][  T296] R10: 000000000001063a R11: 0000000000000246 R12: 00007fd6a9115390
[   24.692753][  T296] R13: 0000000000000000 R14: 00007fd6a9116100 R15: 00007fd6a9057ce0
[   24.700564][  T296]  </TASK>
[   24.703471][  T296] 
[   24.705590][  T296] Allocated by task 296:
[   24.709670][  T296]  __kasan_slab_alloc+0xb1/0xe0
[   24.714356][  T296]  slab_post_alloc_hook+0x53/0x2c0
[   24.719312][  T296]  kmem_cache_alloc+0xf5/0x200
[   24.723904][  T296]  f2fs_alloc_inode+0x26/0x340
[   24.728618][  T296]  iget_locked+0x174/0x860
[   24.732852][  T296]  f2fs_iget+0x55/0x4de0
[   24.736921][  T296]  f2fs_lookup+0x410/0xd80
[   24.741177][  T296]  path_openat+0x1194/0x2f40
[   24.745615][  T296]  do_filp_open+0x21c/0x460
[   24.749941][  T296]  do_sys_openat2+0x13f/0x830
[   24.754455][  T296]  __x64_sys_open+0x221/0x270
[   24.758977][  T296]  do_syscall_64+0x3d/0xb0
[   24.763226][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.769124][  T296] 
[   24.771292][  T296] Freed by task 296:
[   24.775027][  T296]  kasan_set_track+0x4b/0x70
[   24.779451][  T296]  kasan_set_free_info+0x23/0x40
[   24.784225][  T296]  ____kasan_slab_free+0x126/0x160
[   24.789172][  T296]  __kasan_slab_free+0x11/0x20
[   24.793783][  T296]  slab_free_freelist_hook+0xbd/0x190
[   24.798984][  T296]  kmem_cache_free+0x116/0x2e0
[   24.803580][  T296]  f2fs_free_inode+0x24/0x30
[   24.808020][  T296]  i_callback+0x4b/0x70
[   24.812007][  T296]  rcu_do_batch+0x57a/0xc10
[   24.816339][  T296]  rcu_core+0x517/0x1020
[   24.820420][  T296]  rcu_core_si+0x9/0x10
[   24.824408][  T296]  __do_softirq+0x26d/0x5bf
[   24.828751][  T296] 
[   24.830921][  T296] Last potentially related work creation:
[   24.836474][  T296]  kasan_save_stack+0x3b/0x60
[   24.840991][  T296]  __kasan_record_aux_stack+0xd3/0xf0
[   24.846196][  T296]  kasan_record_aux_stack_noalloc+0xb/0x10
[   24.851838][  T296]  call_rcu+0x133/0x12a0
[   24.855919][  T296]  evict+0x5df/0x630
[   24.859647][  T296]  evict_inodes+0x5db/0x660
[   24.863987][  T296]  generic_shutdown_super+0x9c/0x2e0
[   24.869110][  T296]  kill_block_super+0x7e/0xe0
[   24.873707][  T296]  kill_f2fs_super+0x2f9/0x3c0
[   24.878310][  T296]  deactivate_locked_super+0xad/0x110
[   24.883715][  T296]  deactivate_super+0xbe/0xf0
[   24.888661][  T296]  cleanup_mnt+0x45c/0x510
[   24.892916][  T296]  __cleanup_mnt+0x19/0x20
[   24.898297][  T296]  task_work_run+0x129/0x190
[   24.902725][  T296]  do_exit+0xc48/0x2ca0
[   24.906716][  T296]  do_group_exit+0x141/0x310
[   24.911662][  T296]  __x64_sys_exit_group+0x3f/0x40
[   24.917240][  T296]  do_syscall_64+0x3d/0xb0
[   24.921995][  T296]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.928329][  T296] 
[   24.930510][  T296] The buggy address belongs to the object at ffff8881091b8610
[   24.930510][  T296]  which belongs to the cache f2fs_inode_cache of size 1424
[   24.946575][  T296] The buggy address is located 136 bytes inside of
[   24.946575][  T296]  1424-byte region [ffff8881091b8610, ffff8881091b8ba0)
[   24.960721][  T296] The buggy address belongs to the page:
[   24.966306][  T296] page:ffffea0004246e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b8
[   24.976342][  T296] head:ffffea0004246e00 order:3 compound_mapcount:0 compound_pincount:0
[   24.984505][  T296] flags: 0x4000000000010200(slab|head|zone=1)
[   24.990420][  T296] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888103d99200
[   24.998828][  T296] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[   25.007545][  T296] page dumped because: kasan: bad access detected
[   25.014890][  T296] page_owner tracks the page as allocated
[   25.020527][  T296] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 296, ts 23856839949, free_ts 0
[   25.039618][  T296]  post_alloc_hook+0x1a3/0x1b0
[   25.044227][  T296]  prep_new_page+0x1b/0x110
[   25.048570][  T296]  get_page_from_freelist+0x3550/0x35d0
[   25.053934][  T296]  __alloc_pages+0x27e/0x8f0
[   25.058386][  T296]  new_slab+0x9a/0x4e0
[   25.062444][  T296]  ___slab_alloc+0x39e/0x830
[   25.066958][  T296]  __slab_alloc+0x4a/0x90
[   25.071129][  T296]  kmem_cache_alloc+0x134/0x200
[   25.075824][  T296]  f2fs_alloc_inode+0x26/0x340
[   25.080499][  T296]  iget_locked+0x174/0x860
[   25.084751][  T296]  f2fs_iget+0x55/0x4de0
[   25.088836][  T296]  f2fs_lookup+0x410/0xd80
[   25.093428][  T296]  path_openat+0x1194/0x2f40
[   25.097880][  T296]  do_filp_open+0x21c/0x460
[   25.102194][  T296]  do_sys_openat2+0x13f/0x830
[   25.106710][  T296]  __x64_sys_open+0x221/0x270
[   25.111332][  T296] page_owner free stack trace missing
[   25.116777][  T296] 
[   25.118950][  T296] Memory state around the buggy address:
[   25.124723][  T296]  ffff8881091b8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.132899][  T296]  ffff8881091b8600: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.140741][  T296] >ffff8881091b8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.148732][  T296]                             ^
[   25.153414][  T296]  ffff8881091b8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.161317][  T296]  ffff8881091b8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.169209][  T296] ==================================================================
[   25.177197][  T296] Disabling lock debugging due to kernel taint