syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 ========================= WARNING: held lock freed! 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0 Not tainted ------------------------- syz-executor.0/5531 is freeing memory ffff888028310000-ffff888028311fff, with a lock still held there! ffff888028310c58 (&eti->extent_tree_lock){+.+.}-{3:3}, at: __shrink_extent_tree+0x52d/0xd10 2 locks held by syz-executor.0/5531: #0: ffff8880788800e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xad/0xf0 #1: ffff888028310c58 (&eti->extent_tree_lock){+.+.}-{3:3}, at: __shrink_extent_tree+0x52d/0xd10 stack backtrace: CPU: 1 PID: 5531 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: dump_stack_lvl+0x1b5/0x2a0 debug_check_no_locks_freed+0x375/0x450 __kmem_cache_free+0x1f8/0x3c0 f2fs_put_super+0xaec/0xcb0 generic_shutdown_super+0x134/0x310 kill_block_super+0x7e/0xe0 kill_f2fs_super+0x303/0x3d0 deactivate_locked_super+0xa4/0x110 cleanup_mnt+0x490/0x520 task_work_run+0x24a/0x300 exit_to_user_mode_loop+0xd1/0xf0 exit_to_user_mode_prepare+0xb1/0x140 syscall_exit_to_user_mode+0x54/0x2d0 do_syscall_64+0x4d/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd30c88d537 Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc09131598 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd30c88d537 RDX: 00007ffc09131669 RSI: 000000000000000a RDI: 00007ffc09131660 RBP: 00007ffc09131660 R08: 00000000ffffffff R09: 00007ffc09131430 R10: 00005555560d98b3 R11: 0000000000000246 R12: 00007fd30c8e6b24 R13: 00007ffc09132720 R14: 00005555560d9810 R15: 00007ffc09132760 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 syz-executor.0: attempt to access beyond end of device loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427