Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts.
2023/02/25 05:59:45 ignoring optional flag "sandboxArg"="0"
2023/02/25 05:59:46 parsed 1 programs
2023/02/25 05:59:46 executed programs: 0
[   77.835550][ T4387] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.844315][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.853096][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.861306][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.870068][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.877809][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.979704][ T5528] chnl_net:caif_netlink_parms(): no params data found
[   78.019083][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.026549][ T5528] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.034867][ T5528] device bridge_slave_0 entered promiscuous mode
[   78.044565][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.051915][ T5528] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.061039][ T5528] device bridge_slave_1 entered promiscuous mode
[   78.083956][ T5528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.096535][ T5528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.126408][ T5528] team0: Port device team_slave_0 added
[   78.134749][ T5528] team0: Port device team_slave_1 added
[   78.153039][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.160656][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.190476][ T5528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.205579][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.213334][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.240857][ T5528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.272152][ T5528] device hsr_slave_0 entered promiscuous mode
[   78.279015][ T5528] device hsr_slave_1 entered promiscuous mode
[   78.916445][ T5528] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.926520][ T5528] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.938821][ T5528] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.949126][ T5528] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.977850][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.985220][ T5528] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.992685][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.000191][ T5528] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.013692][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.024469][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.103344][ T5528] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.117626][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   79.128088][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.139695][ T5528] 8021q: adding VLAN 0 to HW filter on device team0
[   79.152863][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.163128][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.171990][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.179213][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.206808][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.216317][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.225448][ T5080] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.232828][ T5080] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.240862][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.250140][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.259399][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   79.270046][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   79.279219][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   79.289884][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   79.314850][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   79.324408][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   79.334373][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.345794][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   79.354720][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.365738][ T5528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   79.584772][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   79.593601][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   79.606315][ T5528] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.631247][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   79.642597][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   79.669785][ T5528] device veth0_vlan entered promiscuous mode
[   79.676908][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   79.686104][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   79.699631][ T5528] device veth1_vlan entered promiscuous mode
[   79.708481][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   79.717105][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   79.726619][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   79.751367][ T5528] device veth0_macvtap entered promiscuous mode
[   79.762629][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   79.770842][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   79.779968][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.795684][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   79.804716][ T5528] device veth1_macvtap entered promiscuous mode
[   79.825318][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.833365][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   79.843755][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   79.853491][ T5080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.865713][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.876278][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   79.886536][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.897997][ T5528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.909623][ T5528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.919226][ T5528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.928892][ T5528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.952706][ T5071] Bluetooth: hci0: command 0x0409 tx timeout
[   80.002512][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.010576][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.039555][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.042666][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   80.057042][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.068299][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   80.493630][ T5590] loop0: detected capacity change from 0 to 40427
[   80.519164][ T5590] F2FS-fs (loop0): Found nat_bits in checkpoint
[   80.570204][ T5590] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   80.615600][   T27] audit: type=1804 audit(1677304789.117:2): pid=5590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir102134172/syzkaller.oYCBv1/0/file0/bus" dev="loop0" ino=10 res=1 errno=0
[   80.685434][ T5590] syz-executor.0: attempt to access beyond end of device
[   80.685434][ T5590] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[   80.721499][ T5528] syz-executor.0: attempt to access beyond end of device
[   80.721499][ T5528] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.345314][ T5622] loop0: detected capacity change from 0 to 40427
[   81.364401][ T5622] F2FS-fs (loop0): Found nat_bits in checkpoint
[   81.412659][ T5622] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   81.445998][   T27] audit: type=1804 audit(1677304789.947:3): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir102134172/syzkaller.oYCBv1/1/file0/bus" dev="loop0" ino=10 res=1 errno=0
[   81.523509][ T5622] syz-executor.0: attempt to access beyond end of device
[   81.523509][ T5622] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[   81.558931][ T5528] syz-executor.0: attempt to access beyond end of device
[   81.558931][ T5528] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.633699][ T1818] cfg80211: failed to load regulatory.db
[   82.033087][ T5071] Bluetooth: hci0: command 0x041b tx timeout
[   82.161366][ T5651] loop0: detected capacity change from 0 to 40427
[   82.177065][ T5651] F2FS-fs (loop0): Found nat_bits in checkpoint
[   82.225227][ T5651] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   82.236669][   T27] audit: type=1804 audit(1677304790.737:4): pid=5651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir102134172/syzkaller.oYCBv1/2/file0/bus" dev="loop0" ino=10 res=1 errno=0
[   82.298803][ T5651] syz-executor.0: attempt to access beyond end of device
[   82.298803][ T5651] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[   82.343309][ T5528] syz-executor.0: attempt to access beyond end of device
[   82.343309][ T5528] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   82.947298][ T5678] loop0: detected capacity change from 0 to 40427
[   82.961147][ T5678] F2FS-fs (loop0): Found nat_bits in checkpoint
[   83.008978][ T5678] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   83.023686][   T27] audit: type=1804 audit(1677304791.527:5): pid=5678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir102134172/syzkaller.oYCBv1/3/file0/bus" dev="loop0" ino=10 res=1 errno=0
2023/02/25 05:59:51 executed programs: 4
[   83.091397][ T5678] syz-executor.0: attempt to access beyond end of device
[   83.091397][ T5678] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[   83.127459][ T5528] syz-executor.0: attempt to access beyond end of device
[   83.127459][ T5528] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   83.707784][ T5706] loop0: detected capacity change from 0 to 40427
[   83.721328][ T5706] F2FS-fs (loop0): Found nat_bits in checkpoint
[   83.765336][ T5706] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   83.783730][   T27] audit: type=1804 audit(1677304792.287:6): pid=5706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir102134172/syzkaller.oYCBv1/4/file0/bus" dev="loop0" ino=10 res=1 errno=0
[   83.836747][ T5706] ==================================================================
[   83.844944][ T5706] BUG: KASAN: use-after-free in __lock_acquire+0x77/0x1f80
[   83.852168][ T5706] Read of size 8 at addr ffff888072b49458 by task syz-executor.0/5706
[   83.860332][ T5706] 
[   83.862668][ T5706] CPU: 1 PID: 5706 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[   83.873892][ T5706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[   83.884147][ T5706] Call Trace:
[   83.887538][ T5706]  <TASK>
[   83.890484][ T5706]  dump_stack_lvl+0x1b5/0x2a0
[   83.895276][ T5706]  ? nf_tcp_handle_invalid+0x640/0x640
[   83.900767][ T5706]  ? panic+0x720/0x720
[   83.904868][ T5706]  ? _printk+0xc4/0x110
[   83.909144][ T5706]  ? reacquire_held_locks+0x640/0x640
[   83.914600][ T5706]  print_report+0x163/0x4c0
[   83.919477][ T5706]  ? __virt_addr_valid+0x22f/0x2e0
[   83.924702][ T5706]  ? __phys_addr+0xba/0x170
[   83.929245][ T5706]  ? __lock_acquire+0x77/0x1f80
[   83.934170][ T5706]  kasan_report+0xce/0x100
[   83.938609][ T5706]  ? __lock_acquire+0x77/0x1f80
[   83.943494][ T5706]  __lock_acquire+0x77/0x1f80
[   83.948198][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   83.954207][ T5706]  ? __pv_queued_spin_lock_slowpath+0x945/0xc50
[   83.960910][ T5706]  lock_acquire+0x20b/0x600
[   83.965615][ T5706]  ? __update_extent_tree_range+0x467/0x1de0
[   83.971963][ T5706]  ? __pv_queued_spin_unlock_slowpath+0x2f0/0x2f0
[   83.978501][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   83.984170][ T5706]  ? read_lock_is_recursive+0x20/0x20
[   83.989743][ T5706]  ? do_raw_spin_lock+0x297/0x3a0
[   83.994793][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   84.000889][ T5706]  ? __rwlock_init+0x150/0x150
[   84.005762][ T5706]  _raw_write_lock+0x2e/0x40
[   84.010381][ T5706]  ? __update_extent_tree_range+0x467/0x1de0
[   84.016555][ T5706]  __update_extent_tree_range+0x467/0x1de0
[   84.022477][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   84.028223][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   84.034227][ T5706]  ? lockdep_hardirqs_on_prepare+0x418/0x780
[   84.040230][ T5706]  ? f2fs_update_read_extent_cache_range+0x4b0/0x4b0
[   84.047023][ T5706]  ? lockdep_hardirqs_on+0x90/0x130
[   84.052301][ T5706]  ? rcu_lock_acquire+0x30/0x30
[   84.057218][ T5706]  ? __lock_acquire+0x1f80/0x1f80
[   84.062269][ T5706]  ? __folio_memcg_unlock+0xf4/0x110
[   84.067578][ T5706]  ? f2fs_start_bidx_of_node+0x4d/0x370
[   84.073241][ T5706]  f2fs_update_read_extent_cache+0x41e/0x590
[   84.079246][ T5706]  ? __lookup_extent_tree+0x1020/0x1020
[   84.085003][ T5706]  f2fs_outplace_write_data+0x200/0x3d0
[   84.090751][ T5706]  ? do_write_page+0x6d0/0x6d0
[   84.095547][ T5706]  ? f2fs_encrypt_one_page+0xaf/0x3c0
[   84.101296][ T5706]  f2fs_do_write_data_page+0x1393/0x27c0
[   84.107056][ T5706]  ? mark_lock+0x9a/0x340
[   84.111422][ T5706]  ? page_private_dummy+0x130/0x130
[   84.118041][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   84.123712][ T5706]  f2fs_write_single_data_page+0x14c1/0x2140
[   84.129900][ T5706]  ? f2fs_i_compr_blocks_update+0x150/0x150
[   84.136013][ T5706]  ? folio_wait_writeback+0x1f0/0x1f0
[   84.141510][ T5706]  f2fs_write_data_pages+0x1948/0x2ed0
[   84.147000][ T5706]  ? f2fs_read_data_folio+0x410/0x410
[   84.152414][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   84.158261][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   84.164357][ T5706]  ? filemap_dirty_folio+0xae/0x370
[   84.169684][ T5706]  ? __lock_acquire+0x125b/0x1f80
[   84.174762][ T5706]  ? filemap_fdatawrite_wbc+0x11a/0x180
[   84.180370][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   84.186047][ T5706]  ? f2fs_read_data_folio+0x410/0x410
[   84.191538][ T5706]  do_writepages+0x3a6/0x660
[   84.196157][ T5706]  ? __writepage+0x130/0x130
[   84.200794][ T5706]  ? filemap_fdatawrite_wbc+0x11a/0x180
[   84.206460][ T5706]  ? __lock_acquire+0x1f80/0x1f80
[   84.211601][ T5706]  ? do_raw_spin_unlock+0x13b/0x8b0
[   84.216998][ T5706]  ? wbc_attach_and_unlock_inode+0x555/0x560
[   84.223005][ T5706]  filemap_fdatawrite_wbc+0x125/0x180
[   84.228441][ T5706]  file_write_and_wait_range+0x21f/0x320
[   84.234188][ T5706]  ? __filemap_set_wb_err+0x310/0x310
[   84.239591][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   84.246148][ T5706]  f2fs_do_sync_file+0x7b6/0x1de0
[   84.251304][ T5706]  ? f2fs_sync_file+0x160/0x160
[   84.256185][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   84.262295][ T5706]  ? f2fs_sync_file+0xe9/0x160
[   84.267190][ T5706]  f2fs_file_write_iter+0x7fc/0x2c20
[   84.272521][ T5706]  ? f2fs_file_read_iter+0xf20/0xf20
[   84.277831][ T5706]  ? rcu_read_lock_any_held+0xb5/0x140
[   84.283391][ T5706]  vfs_write+0x7dd/0xc50
[   84.289141][ T5706]  ? file_end_write+0x240/0x240
[   84.294037][ T5706]  ? __fget_files+0x3bb/0x420
[   84.298737][ T5706]  ? mutex_lock_nested+0x1b/0x20
[   84.303825][ T5706]  ? __fdget_pos+0x254/0x2f0
[   84.308435][ T5706]  ? ksys_write+0x76/0x2a0
[   84.313141][ T5706]  ksys_write+0x17c/0x2a0
[   84.317517][ T5706]  ? __ia32_sys_read+0x90/0x90
[   84.322415][ T5706]  ? syscall_enter_from_user_mode+0x32/0x2c0
[   84.328438][ T5706]  ? lockdep_hardirqs_on+0x90/0x130
[   84.334331][ T5706]  ? syscall_enter_from_user_mode+0x32/0x2c0
[   84.340901][ T5706]  do_syscall_64+0x41/0xc0
[   84.345345][ T5706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.351353][ T5706] RIP: 0033:0x7effd828c0c9
[   84.355930][ T5706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   84.375743][ T5706] RSP: 002b:00007effd8f6a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.384185][ T5706] RAX: ffffffffffffffda RBX: 00007effd83abf80 RCX: 00007effd828c0c9
[   84.392268][ T5706] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   84.400265][ T5706] RBP: 00007effd82e7ae9 R08: 0000000000000000 R09: 0000000000000000
[   84.408269][ T5706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.416607][ T5706] R13: 00007ffcf18a8b3f R14: 00007effd8f6a300 R15: 0000000000022000
[   84.424681][ T5706]  </TASK>
[   84.427717][ T5706] 
[   84.430053][ T5706] Allocated by task 5706:
[   84.434484][ T5706]  kasan_set_track+0x40/0x70
[   84.439180][ T5706]  __kasan_slab_alloc+0x69/0x80
[   84.444227][ T5706]  slab_post_alloc_hook+0x68/0x390
[   84.449447][ T5706]  kmem_cache_alloc+0x12c/0x280
[   84.454407][ T5706]  __grab_extent_tree+0x183/0x400
[   84.459451][ T5706]  f2fs_init_extent_tree+0x214/0x450
[   84.464891][ T5706]  f2fs_new_inode+0xdb4/0x1090
[   84.469761][ T5706]  __f2fs_tmpfile+0xa5/0x380
[   84.474390][ T5706]  f2fs_ioc_start_atomic_write+0x419/0x970
[   84.480222][ T5706]  __f2fs_ioctl+0x1ace/0xb2b0
[   84.485094][ T5706]  __se_sys_ioctl+0xf1/0x160
[   84.489712][ T5706]  do_syscall_64+0x41/0xc0
[   84.494156][ T5706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.500166][ T5706] 
[   84.502506][ T5706] Freed by task 5722:
[   84.506594][ T5706]  kasan_set_track+0x40/0x70
[   84.511224][ T5706]  kasan_save_free_info+0x2b/0x40
[   84.516352][ T5706]  ____kasan_slab_free+0xd6/0x120
[   84.521440][ T5706]  kmem_cache_free+0x2b5/0x580
[   84.526237][ T5706]  __destroy_extent_tree+0x32a/0x740
[   84.531724][ T5706]  f2fs_destroy_extent_tree+0x17/0x30
[   84.537203][ T5706]  f2fs_evict_inode+0x467/0x1650
[   84.542540][ T5706]  evict+0x2a4/0x620
[   84.546697][ T5706]  f2fs_abort_atomic_write+0xda/0x440
[   84.552101][ T5706]  __f2fs_ioctl+0x315c/0xb2b0
[   84.556887][ T5706]  __se_sys_ioctl+0xf1/0x160
[   84.561672][ T5706]  do_syscall_64+0x41/0xc0
[   84.566373][ T5706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.572464][ T5706] 
[   84.574801][ T5706] The buggy address belongs to the object at ffff888072b49410
[   84.574801][ T5706]  which belongs to the cache f2fs_extent_tree of size 144
[   84.589317][ T5706] The buggy address is located 72 bytes inside of
[   84.589317][ T5706]  144-byte region [ffff888072b49410, ffff888072b494a0)
[   84.602606][ T5706] 
[   84.604939][ T5706] The buggy address belongs to the physical page:
[   84.611813][ T5706] page:ffffea0001cad240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72b49
[   84.622940][ T5706] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   84.630503][ T5706] raw: 00fff00000000200 ffff8881461b4140 dead000000000122 0000000000000000
[   84.639538][ T5706] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000
[   84.648137][ T5706] page dumped because: kasan: bad access detected
[   84.654560][ T5706] page_owner tracks the page as allocated
[   84.660284][ T5706] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5651, tgid 5650 (syz-executor.0), ts 82235488460, free_ts 16127728337
[   84.681971][ T5706]  get_page_from_freelist+0x3403/0x3580
[   84.687551][ T5706]  __alloc_pages+0x291/0x7e0
[   84.692246][ T5706]  alloc_slab_page+0x6a/0x160
[   84.697242][ T5706]  new_slab+0x84/0x2f0
[   84.701328][ T5706]  ___slab_alloc+0xa07/0x1000
[   84.706054][ T5706]  kmem_cache_alloc+0x1b0/0x280
[   84.710924][ T5706]  __grab_extent_tree+0x183/0x400
[   84.716072][ T5706]  f2fs_init_extent_tree+0x214/0x450
[   84.721457][ T5706]  f2fs_new_inode+0xdb4/0x1090
[   84.726233][ T5706]  f2fs_create+0x197/0x530
[   84.730751][ T5706]  path_openat+0x12b9/0x2e30
[   84.735433][ T5706]  do_filp_open+0x26d/0x500
[   84.739959][ T5706]  do_sys_openat2+0x128/0x4f0
[   84.744742][ T5706]  __x64_sys_openat+0x247/0x290
[   84.749708][ T5706]  do_syscall_64+0x41/0xc0
[   84.754234][ T5706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.760408][ T5706] page last free stack trace:
[   84.765088][ T5706]  free_unref_page_prepare+0xf3a/0x1040
[   84.770657][ T5706]  free_unref_page+0x37/0x3f0
[   84.775358][ T5706]  free_contig_range+0x9e/0x150
[   84.780228][ T5706]  destroy_args+0x102/0x930
[   84.784753][ T5706]  debug_vm_pgtable+0x446/0x4b0
[   84.789628][ T5706]  do_one_initcall+0x292/0xa20
[   84.794509][ T5706]  do_initcall_level+0x157/0x210
[   84.799637][ T5706]  do_initcalls+0x3f/0x80
[   84.803985][ T5706]  kernel_init_freeable+0x42e/0x5e0
[   84.809294][ T5706]  kernel_init+0x1d/0x2a0
[   84.813738][ T5706]  ret_from_fork+0x1f/0x30
[   84.818361][ T5706] 
[   84.820690][ T5706] Memory state around the buggy address:
[   84.826483][ T5706]  ffff888072b49300: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   84.835086][ T5706]  ffff888072b49380: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   84.843282][ T5706] >ffff888072b49400: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.851451][ T5706]                                                     ^
[   84.858505][ T5706]  ffff888072b49480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   84.866598][ T5706]  ffff888072b49500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.874770][ T5706] ==================================================================
[   84.882844][ T5706] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   84.890196][ T5706] CPU: 1 PID: 5706 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[   84.901146][ T5706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[   84.911433][ T5706] Call Trace:
[   84.914818][ T5706]  <TASK>
[   84.917770][ T5706]  dump_stack_lvl+0x1b5/0x2a0
[   84.922558][ T5706]  ? nf_tcp_handle_invalid+0x640/0x640
[   84.928216][ T5706]  ? panic+0x720/0x720
[   84.932394][ T5706]  ? lock_release+0x106/0xa70
[   84.937185][ T5706]  ? vscnprintf+0x5d/0x80
[   84.941758][ T5706]  panic+0x2dc/0x720
[   84.945693][ T5706]  ? check_panic_on_warn+0x21/0xa0
[   84.950826][ T5706]  ? memcpy_page_flushcache+0x100/0x100
[   84.956591][ T5706]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[   84.963296][ T5706]  ? _raw_spin_unlock+0x40/0x40
[   84.968339][ T5706]  ? rcu_read_lock_sched_held+0x61/0x110
[   84.974031][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   84.980054][ T5706]  check_panic_on_warn+0x82/0xa0
[   84.985099][ T5706]  ? __lock_acquire+0x77/0x1f80
[   84.989978][ T5706]  end_report+0xb2/0x160
[   84.994246][ T5706]  kasan_report+0xdb/0x100
[   84.998769][ T5706]  ? __lock_acquire+0x77/0x1f80
[   85.003640][ T5706]  __lock_acquire+0x77/0x1f80
[   85.008446][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   85.014195][ T5706]  ? __pv_queued_spin_lock_slowpath+0x945/0xc50
[   85.020648][ T5706]  lock_acquire+0x20b/0x600
[   85.025184][ T5706]  ? __update_extent_tree_range+0x467/0x1de0
[   85.031192][ T5706]  ? __pv_queued_spin_unlock_slowpath+0x2f0/0x2f0
[   85.037634][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   85.044509][ T5706]  ? read_lock_is_recursive+0x20/0x20
[   85.049907][ T5706]  ? do_raw_spin_lock+0x297/0x3a0
[   85.055216][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   85.061233][ T5706]  ? __rwlock_init+0x150/0x150
[   85.066114][ T5706]  _raw_write_lock+0x2e/0x40
[   85.070903][ T5706]  ? __update_extent_tree_range+0x467/0x1de0
[   85.076905][ T5706]  __update_extent_tree_range+0x467/0x1de0
[   85.082740][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   85.088433][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   85.094438][ T5706]  ? lockdep_hardirqs_on_prepare+0x418/0x780
[   85.100442][ T5706]  ? f2fs_update_read_extent_cache_range+0x4b0/0x4b0
[   85.107150][ T5706]  ? lockdep_hardirqs_on+0x90/0x130
[   85.112468][ T5706]  ? rcu_lock_acquire+0x30/0x30
[   85.117424][ T5706]  ? __lock_acquire+0x1f80/0x1f80
[   85.122471][ T5706]  ? __folio_memcg_unlock+0xf4/0x110
[   85.128212][ T5706]  ? f2fs_start_bidx_of_node+0x4d/0x370
[   85.133870][ T5706]  f2fs_update_read_extent_cache+0x41e/0x590
[   85.140054][ T5706]  ? __lookup_extent_tree+0x1020/0x1020
[   85.145666][ T5706]  f2fs_outplace_write_data+0x200/0x3d0
[   85.151248][ T5706]  ? do_write_page+0x6d0/0x6d0
[   85.156130][ T5706]  ? f2fs_encrypt_one_page+0xaf/0x3c0
[   85.161525][ T5706]  f2fs_do_write_data_page+0x1393/0x27c0
[   85.167177][ T5706]  ? mark_lock+0x9a/0x340
[   85.171571][ T5706]  ? page_private_dummy+0x130/0x130
[   85.176886][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   85.182557][ T5706]  f2fs_write_single_data_page+0x14c1/0x2140
[   85.188573][ T5706]  ? f2fs_i_compr_blocks_update+0x150/0x150
[   85.194601][ T5706]  ? folio_wait_writeback+0x1f0/0x1f0
[   85.200268][ T5706]  f2fs_write_data_pages+0x1948/0x2ed0
[   85.205891][ T5706]  ? f2fs_read_data_folio+0x410/0x410
[   85.211475][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   85.217344][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   85.223353][ T5706]  ? filemap_dirty_folio+0xae/0x370
[   85.228638][ T5706]  ? __lock_acquire+0x125b/0x1f80
[   85.233773][ T5706]  ? filemap_fdatawrite_wbc+0x11a/0x180
[   85.239359][ T5706]  ? rcu_read_lock_sched_held+0x8b/0x110
[   85.245191][ T5706]  ? f2fs_read_data_folio+0x410/0x410
[   85.250682][ T5706]  do_writepages+0x3a6/0x660
[   85.255304][ T5706]  ? __writepage+0x130/0x130
[   85.260014][ T5706]  ? filemap_fdatawrite_wbc+0x11a/0x180
[   85.265586][ T5706]  ? __lock_acquire+0x1f80/0x1f80
[   85.270636][ T5706]  ? do_raw_spin_unlock+0x13b/0x8b0
[   85.276221][ T5706]  ? wbc_attach_and_unlock_inode+0x555/0x560
[   85.282317][ T5706]  filemap_fdatawrite_wbc+0x125/0x180
[   85.287765][ T5706]  file_write_and_wait_range+0x21f/0x320
[   85.293785][ T5706]  ? __filemap_set_wb_err+0x310/0x310
[   85.299551][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   85.305562][ T5706]  f2fs_do_sync_file+0x7b6/0x1de0
[   85.310711][ T5706]  ? f2fs_sync_file+0x160/0x160
[   85.315613][ T5706]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   85.321622][ T5706]  ? f2fs_sync_file+0xe9/0x160
[   85.326414][ T5706]  f2fs_file_write_iter+0x7fc/0x2c20
[   85.331832][ T5706]  ? f2fs_file_read_iter+0xf20/0xf20
[   85.337321][ T5706]  ? rcu_read_lock_any_held+0xb5/0x140
[   85.342900][ T5706]  vfs_write+0x7dd/0xc50
[   85.347257][ T5706]  ? file_end_write+0x240/0x240
[   85.352221][ T5706]  ? __fget_files+0x3bb/0x420
[   85.356922][ T5706]  ? mutex_lock_nested+0x1b/0x20
[   85.361966][ T5706]  ? __fdget_pos+0x254/0x2f0
[   85.366762][ T5706]  ? ksys_write+0x76/0x2a0
[   85.371271][ T5706]  ksys_write+0x17c/0x2a0
[   85.376422][ T5706]  ? __ia32_sys_read+0x90/0x90
[   85.381220][ T5706]  ? syscall_enter_from_user_mode+0x32/0x2c0
[   85.387262][ T5706]  ? lockdep_hardirqs_on+0x90/0x130
[   85.392489][ T5706]  ? syscall_enter_from_user_mode+0x32/0x2c0
[   85.398510][ T5706]  do_syscall_64+0x41/0xc0
[   85.402970][ T5706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   85.408886][ T5706] RIP: 0033:0x7effd828c0c9
[   85.413319][ T5706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   85.433212][ T5706] RSP: 002b:00007effd8f6a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.441738][ T5706] RAX: ffffffffffffffda RBX: 00007effd83abf80 RCX: 00007effd828c0c9
[   85.449759][ T5706] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   85.457887][ T5706] RBP: 00007effd82e7ae9 R08: 0000000000000000 R09: 0000000000000000
[   85.465880][ T5706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.474311][ T5706] R13: 00007ffcf18a8b3f R14: 00007effd8f6a300 R15: 0000000000022000
[   85.482666][ T5706]  </TASK>
[   85.485993][ T5706] Kernel Offset: disabled
[   85.490379][ T5706] Rebooting in 86400 seconds..