Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
2025/05/06 19:29:45 ignoring optional flag "sandboxArg"="0"
2025/05/06 19:29:46 parsed 1 programs
[ 54.002338][ T28] audit: type=1400 audit(1746559787.868:128): avc: denied { unlink } for pid=369 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 54.048386][ T369] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.734593][ T374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.741911][ T374] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.749463][ T374] device bridge_slave_0 entered promiscuous mode
[ 54.756698][ T374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.763827][ T374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.771451][ T374] device bridge_slave_1 entered promiscuous mode
[ 54.841394][ T374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.848616][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.856030][ T374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.863182][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.888517][ T196] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.898552][ T196] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.906421][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 54.914536][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 54.923706][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 54.931980][ T196] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.939190][ T196] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.947968][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 54.956210][ T196] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.963267][ T196] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.988845][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 55.002060][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 55.018731][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 55.032355][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 55.041739][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 55.049382][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 55.058696][ T374] device veth0_vlan entered promiscuous mode
[ 55.069648][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 55.079213][ T374] device veth1_macvtap entered promiscuous mode
[ 55.089140][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 55.099814][ T196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 55.197372][ T28] audit: type=1401 audit(1746559789.058:129): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 55.592999][ T341] device bridge_slave_1 left promiscuous mode
[ 55.600874][ T341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.621960][ T341] device bridge_slave_0 left promiscuous mode
[ 55.628141][ T341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.653313][ T341] device veth1_macvtap left promiscuous mode
[ 55.659377][ T341] device veth0_vlan left promiscuous mode
2025/05/06 19:29:49 executed programs: 0
[ 55.985805][ T428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.993698][ T428] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.001143][ T428] device bridge_slave_0 entered promiscuous mode
[ 56.008317][ T428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.015383][ T428] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.023232][ T428] device bridge_slave_1 entered promiscuous mode
[ 56.074164][ T428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.081238][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.088775][ T428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.096018][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.118103][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 56.126056][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.133849][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.152988][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 56.161307][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.168381][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.176132][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 56.185313][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.192901][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.214531][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 56.224284][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 56.239247][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 56.252153][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 56.260347][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 56.268524][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 56.285061][ T428] device veth0_vlan entered promiscuous mode
[ 56.295764][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 56.305230][ T428] device veth1_macvtap entered promiscuous mode
[ 56.315628][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 56.325826][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 56.690921][ T433] loop2: detected capacity change from 0 to 131072
[ 56.698933][ T433] F2FS-fs (loop2): Wrong CP boundary, start(512) end(198144) blocks(1024)
[ 56.707905][ T433] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 56.721806][ T433] F2FS-fs (loop2): invalid crc value
[ 56.730811][ T433] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 56.765891][ T433] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 56.773361][ T433] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[ 56.781122][ T28] audit: type=1400 audit(1746559790.638:130): avc: denied { mount } for pid=432 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 56.804127][ T28] audit: type=1400 audit(1746559790.638:131): avc: denied { write } for pid=432 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 56.806188][ T428] F2FS-fs (loop2): dec_valid_node_count: inconsistent i_blocks, ino:7, iblocks:0
[ 56.825924][ T28] audit: type=1400 audit(1746559790.638:132): avc: denied { remove_name } for pid=432 comm="syz.2.16" name="file0" dev="loop2" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 56.836710][ T428] ------------[ cut here ]------------
[ 56.857866][ T28] audit: type=1400 audit(1746559790.638:133): avc: denied { rename } for pid=432 comm="syz.2.16" name="file0" dev="loop2" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 56.863201][ T428] WARNING: CPU: 1 PID: 428 at fs/f2fs/inode.c:847 f2fs_evict_inode+0x1235/0x14f0
[ 56.885799][ T28] audit: type=1400 audit(1746559790.638:134): avc: denied { add_name } for pid=432 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 56.894817][ T428] Modules linked in:
[ 56.915908][ T28] audit: type=1400 audit(1746559790.668:135): avc: denied { unlink } for pid=428 comm="syz-executor" name="file1" dev="loop2" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 56.942431][ T428] CPU: 1 PID: 428 Comm: syz-executor Not tainted 6.1.134-syzkaller-1169249-gca2f65da73b1 #0
[ 56.952621][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.962840][ T428] RIP: 0010:f2fs_evict_inode+0x1235/0x14f0
[ 56.968766][ T428] Code: 4c 8b 74 24 38 4c 8b 7c 24 30 48 8b 7c 24 20 e8 b1 15 03 00 43 80 7c 25 00 00 0f 85 98 fc ff ff e9 9b fc ff ff e8 1b ca 56 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 5c 1e 9b ff f0 41 80 0e 04 e9 63
[ 56.988462][ T428] RSP: 0018:ffffc9000077fae0 EFLAGS: 00010293
[ 56.994672][ T428] RAX: ffffffff82191c55 RBX: 1ffff920000eff70 RCX: ffff88811ac4e540
[ 57.002802][ T428] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 57.010958][ T428] RBP: ffffc9000077fc50 R08: dffffc0000000000 R09: ffffed1021b014b9
[ 57.019166][ T428] R10: ffffed1021b014b9 R11: 1ffff11021b014b8 R12: dffffc0000000000
[ 57.027437][ T428] R13: 1ffff11021b01464 R14: ffff88811b46c078 R15: 0000000000000002
[ 57.035550][ T428] FS: 0000555563cff500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 57.044526][ T428] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 57.051202][ T428] CR2: 0000555563d224e8 CR3: 00000001308d8000 CR4: 00000000003506a0
[ 57.059300][ T428] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 57.067421][ T428] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 57.075470][ T428] Call Trace:
[ 57.078861][ T428]
[ 57.081962][ T428] ? __cfi_f2fs_evict_inode+0x10/0x10
[ 57.087471][ T428] ? __cfi_wake_bit_function+0x10/0x10
[ 57.092998][ T428] ? _raw_spin_unlock+0x4c/0x70
[ 57.097962][ T428] ? inode_io_list_del+0x19b/0x1b0
[ 57.103129][ T428] ? __cfi_f2fs_evict_inode+0x10/0x10
[ 57.108651][ T428] evict+0x493/0x890
[ 57.112778][ T428] ? __kasan_check_write+0x14/0x20
[ 57.118014][ T428] ? proc_nr_inodes+0x2f0/0x2f0
[ 57.123865][ T428] ? lockref_put_return+0x152/0x1c0
[ 57.129268][ T428] ? __kasan_check_read+0x11/0x20
[ 57.134729][ T428] ? f2fs_drop_inode+0x174/0x9b0
[ 57.139702][ T428] ? __kasan_check_write+0x14/0x20
[ 57.144884][ T428] iput+0x620/0x670
[ 57.148799][ T428] do_unlinkat+0x375/0x6b0
[ 57.153253][ T428] ? __cfi_do_unlinkat+0x10/0x10
[ 57.158465][ T428] ? getname_flags+0x206/0x500
[ 57.163381][ T428] __x64_sys_unlink+0x49/0x50
[ 57.168093][ T428] x64_sys_call+0x958/0x9a0
[ 57.172827][ T428] do_syscall_64+0x4c/0xa0
[ 57.177693][ T428] ? clear_bhb_loop+0x15/0x70
[ 57.182501][ T428] ? clear_bhb_loop+0x15/0x70
[ 57.187298][ T428] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 57.193246][ T428] RIP: 0033:0x7f4ed3b8d717
[ 57.197786][ T428] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.218264][ T428] RSP: 002b:00007ffdaf202b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 57.227028][ T428] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4ed3b8d717
[ 57.235231][ T428] RDX: 00007ffdaf202b30 RSI: 00007ffdaf202bc0 RDI: 00007ffdaf202bc0
[ 57.243515][ T428] RBP: 00007ffdaf202bc0 R08: 0000000000000000 R09: 0000000000000000
[ 57.251693][ T428] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdaf203cb0
[ 57.259724][ T428] R13: 00007f4ed3c10854 R14: 000000000000ddcd R15: 00007ffdaf204d80
[ 57.267761][ T428]
[ 57.270805][ T428] ---[ end trace 0000000000000000 ]---
[ 57.277024][ T428] ------------[ cut here ]------------
[ 57.282850][ T428] WARNING: CPU: 0 PID: 428 at fs/inode.c:332 drop_nlink+0xc5/0x110
[ 57.290860][ T428] Modules linked in:
[ 57.294800][ T428] CPU: 0 PID: 428 Comm: syz-executor Tainted: G W 6.1.134-syzkaller-1169249-gca2f65da73b1 #0
[ 57.306473][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 57.317199][ T428] RIP: 0010:drop_nlink+0xc5/0x110
[ 57.322810][ T428] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 73 ee f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 0b 9a ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[ 57.342936][ T428] RSP: 0018:ffffc9000077fb38 EFLAGS: 00010293
[ 57.349197][ T428] RAX: ffffffff81c34c65 RBX: ffff88810bb0a2e0 RCX: ffff88811ac4e540
[ 57.357323][ T428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 57.365382][ T428] RBP: ffffc9000077fb60 R08: dffffc0000000000 R09: ffffc9000077fae0
[ 57.373800][ T428] R10: fffff520000eff5e R11: 1ffff920000eff5c R12: dffffc0000000000
[ 57.382095][ T428] R13: 1ffff11021761465 R14: ffff88810bb0a328 R15: 0000000000000000
[ 57.390075][ T428] FS: 0000555563cff500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 57.399246][ T428] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 57.405974][ T428] CR2: 000000c0056e5000 CR3: 00000001308d8000 CR4: 00000000003506b0
[ 57.414023][ T428] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 57.422307][ T428] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 57.430633][ T428] Call Trace:
[ 57.434051][ T428]
[ 57.437196][ T428] f2fs_drop_nlink+0x13f/0x3d0
[ 57.442125][ T428] ? f2fs_mark_inode_dirty_sync+0x13e/0x1c0
[ 57.448133][ T428] f2fs_delete_entry+0xf0d/0x1080
[ 57.453214][ T428] f2fs_unlink+0x41f/0x7d0
[ 57.457711][ T428] ? __cfi_f2fs_unlink+0x10/0x10
[ 57.462692][ T428] ? HAS_UNMAPPED_ID+0x1fc/0x250
[ 57.467748][ T428] ? selinux_inode_unlink+0x22/0x30
[ 57.473096][ T428] ? security_inode_unlink+0xe5/0x130
[ 57.478836][ T428] vfs_unlink+0x39f/0x630
[ 57.483204][ T428] do_unlinkat+0x31f/0x6b0
[ 57.487633][ T428] ? __cfi_do_unlinkat+0x10/0x10
[ 57.493159][ T428] ? getname_flags+0x206/0x500
[ 57.498126][ T428] __x64_sys_unlink+0x49/0x50
[ 57.503037][ T428] x64_sys_call+0x958/0x9a0
[ 57.507565][ T428] do_syscall_64+0x4c/0xa0
[ 57.512144][ T428] ? clear_bhb_loop+0x15/0x70
[ 57.516938][ T428] ? clear_bhb_loop+0x15/0x70
[ 57.521772][ T428] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 57.527823][ T428] RIP: 0033:0x7f4ed3b8d717
[ 57.532273][ T428] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.552022][ T428] RSP: 002b:00007ffdaf202b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 57.560717][ T428] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4ed3b8d717
[ 57.568740][ T428] RDX: 00007ffdaf202b30 RSI: 00007ffdaf202bc0 RDI: 00007ffdaf202bc0
[ 57.576761][ T428] RBP: 00007ffdaf202bc0 R08: 0000000000000000 R09: 0000000000000000
[ 57.584888][ T428] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdaf203cb0
[ 57.593080][ T428] R13: 00007f4ed3c10854 R14: 000000000000ddcd R15: 00007ffdaf204d80
[ 57.601705][ T428]
[ 57.604786][ T428] ---[ end trace 0000000000000000 ]---
[ 57.664029][ T428] ==================================================================
[ 57.672131][ T428] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[ 57.680228][ T428] Read of size 8 at addr ffff88810d80a698 by task syz-executor/428
[ 57.688309][ T428]
[ 57.690661][ T428] CPU: 0 PID: 428 Comm: syz-executor Tainted: G W 6.1.134-syzkaller-1169249-gca2f65da73b1 #0
[ 57.702578][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 57.713034][ T428] Call Trace:
[ 57.716419][ T428]
[ 57.719460][ T428] __dump_stack+0x21/0x24
[ 57.723832][ T428] dump_stack_lvl+0xee/0x150
[ 57.728444][ T428] ? __cfi_dump_stack_lvl+0x8/0x8
[ 57.733547][ T428] ? folio_mark_accessed+0x1b8/0x3f0
[ 57.738861][ T428] ? __list_del_entry_valid+0xa6/0x130
[ 57.744331][ T428] print_address_description+0x71/0x210
[ 57.749881][ T428] print_report+0x4a/0x60
[ 57.754207][ T428] kasan_report+0x122/0x150
[ 57.758722][ T428] ? __list_del_entry_valid+0xa6/0x130
[ 57.764269][ T428] __asan_report_load8_noabort+0x14/0x20
[ 57.769900][ T428] __list_del_entry_valid+0xa6/0x130
[ 57.775929][ T428] f2fs_inode_synced+0xf7/0x2e0
[ 57.780962][ T428] f2fs_update_inode+0x74/0x1c30
[ 57.786099][ T428] ? __get_node_page+0x466/0xb00
[ 57.791306][ T428] f2fs_update_inode_page+0x137/0x170
[ 57.797422][ T428] ? f2fs_write_inode+0x407/0x780
[ 57.802713][ T428] f2fs_write_inode+0x40f/0x780
[ 57.807574][ T428] __writeback_single_inode+0x4b1/0xad0
[ 57.813202][ T428] writeback_single_inode+0x221/0x8b0
[ 57.818568][ T428] ? write_inode_now+0x1c0/0x1c0
[ 57.823764][ T428] ? __kasan_check_write+0x14/0x20
[ 57.828889][ T428] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 57.834435][ T428] ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[ 57.840609][ T428] sync_inode_metadata+0xb6/0x110
[ 57.845923][ T428] ? __cfi_sync_inode_metadata+0x10/0x10
[ 57.851570][ T428] ? __wake_up+0x11b/0x190
[ 57.856015][ T428] ? __cfi__raw_spin_lock+0x10/0x10
[ 57.861311][ T428] ? iput+0x289/0x670
[ 57.865393][ T428] ? _raw_spin_unlock+0x4c/0x70
[ 57.870520][ T428] f2fs_write_checkpoint+0xec3/0x25c0
[ 57.876008][ T428] ? __cfi_f2fs_write_checkpoint+0x10/0x10
[ 57.881838][ T428] ? __kasan_check_write+0x14/0x20
[ 57.886966][ T428] ? kthread_stop+0x189/0x3f0
[ 57.891996][ T428] ? memcpy+0x56/0x70
[ 57.895998][ T428] kill_f2fs_super+0x231/0x390
[ 57.900767][ T428] ? __cfi_kill_f2fs_super+0x10/0x10
[ 57.906047][ T428] ? up_write+0x7b/0x290
[ 57.910289][ T428] ? unregister_shrinker+0x208/0x290
[ 57.915663][ T428] deactivate_locked_super+0xb5/0x120
[ 57.921061][ T428] deactivate_super+0xaf/0xe0
[ 57.925865][ T428] cleanup_mnt+0x45f/0x4e0
[ 57.930296][ T428] __cleanup_mnt+0x19/0x20
[ 57.935158][ T428] task_work_run+0x1db/0x240
[ 57.939853][ T428] ? __cfi_task_work_run+0x10/0x10
[ 57.944973][ T428] ? free_nsproxy+0x21f/0x270
[ 57.949665][ T428] do_exit+0xa1d/0x2650
[ 57.953845][ T428] ? __cfi_do_exit+0x10/0x10
[ 57.958502][ T428] ? __kasan_check_write+0x14/0x20
[ 57.963804][ T428] ? _raw_spin_lock_irq+0x8f/0xe0
[ 57.969175][ T428] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 57.974891][ T428] ? ksys_write+0x1da/0x240
[ 57.979688][ T428] ? zap_other_threads+0x2c1/0x2f0
[ 57.985251][ T428] do_group_exit+0x210/0x2d0
[ 57.990322][ T428] __x64_sys_exit_group+0x3f/0x40
[ 57.995502][ T428] x64_sys_call+0x7b4/0x9a0
[ 58.000519][ T428] do_syscall_64+0x4c/0xa0
[ 58.005317][ T428] ? clear_bhb_loop+0x15/0x70
[ 58.009999][ T428] ? clear_bhb_loop+0x15/0x70
[ 58.014756][ T428] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 58.020744][ T428] RIP: 0033:0x7f4ed3b8e169
[ 58.025256][ T428] Code: Unable to access opcode bytes at 0x7f4ed3b8e13f.
[ 58.032355][ T428] RSP: 002b:00007ffdaf201908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 58.040778][ T428] RAX: ffffffffffffffda RBX: 00007f4ed3c10879 RCX: 00007f4ed3b8e169
[ 58.048875][ T428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 58.056870][ T428] RBP: 0000000000000002 R08: 00007ffdaf1ff6a7 R09: 00007ffdaf202bc0
[ 58.064935][ T428] R10: 0000000000000009 R11: 0000000000000246 R12: 00007ffdaf202bc0
[ 58.072909][ T428] R13: 00007f4ed3c10854 R14: 000000000000ddcd R15: 00007ffdaf204d80
[ 58.080977][ T428]
[ 58.084088][ T428]
[ 58.086415][ T428] Allocated by task 433:
[ 58.090915][ T428] kasan_set_track+0x4b/0x70
[ 58.095606][ T428] kasan_save_alloc_info+0x25/0x30
[ 58.100735][ T428] __kasan_slab_alloc+0x72/0x80
[ 58.106233][ T428] slab_post_alloc_hook+0x4f/0x2d0
[ 58.111813][ T428] kmem_cache_alloc_lru+0x104/0x280
[ 58.117296][ T428] f2fs_alloc_inode+0x2d/0x340
[ 58.122166][ T428] iget_locked+0x198/0x8b0
[ 58.126598][ T428] f2fs_iget+0x55/0x4cb0
[ 58.130967][ T428] f2fs_lookup+0x366/0xab0
[ 58.135378][ T428] __lookup_slow+0x2c7/0x3f0
[ 58.139978][ T428] lookup_slow+0x57/0x70
[ 58.144222][ T428] walk_component+0x2f4/0x420
[ 58.148958][ T428] path_lookupat+0x180/0x490
[ 58.153593][ T428] filename_lookup+0x1f0/0x500
[ 58.158362][ T428] vfs_statx+0x10b/0x660
[ 58.162605][ T428] __se_sys_newlstat+0xd5/0x350
[ 58.167448][ T428] __x64_sys_newlstat+0x5b/0x70
[ 58.172301][ T428] x64_sys_call+0x393/0x9a0
[ 58.177560][ T428] do_syscall_64+0x4c/0xa0
[ 58.182539][ T428] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 58.188524][ T428]
[ 58.190925][ T428] Freed by task 0:
[ 58.194732][ T428] kasan_set_track+0x4b/0x70
[ 58.199325][ T428] kasan_save_free_info+0x31/0x50
[ 58.204808][ T428] ____kasan_slab_free+0x132/0x180
[ 58.210011][ T428] __kasan_slab_free+0x11/0x20
[ 58.214883][ T428] slab_free_freelist_hook+0xc2/0x190
[ 58.220386][ T428] kmem_cache_free+0x12d/0x300
[ 58.225167][ T428] f2fs_free_inode+0x24/0x30
[ 58.229771][ T428] i_callback+0x5a/0x80
[ 58.233951][ T428] rcu_do_batch+0x515/0xb90
[ 58.238582][ T428] rcu_core+0x5a5/0xe70
[ 58.242750][ T428] rcu_core_si+0x9/0x10
[ 58.246994][ T428] handle_softirqs+0x1d7/0x600
[ 58.251751][ T428] __irq_exit_rcu+0x52/0xf0
[ 58.256283][ T428] irq_exit_rcu+0x9/0x10
[ 58.260629][ T428] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 58.266269][ T428] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 58.272285][ T428]
[ 58.274688][ T428] Last potentially related work creation:
[ 58.281059][ T428] kasan_save_stack+0x3a/0x60
[ 58.286622][ T428] __kasan_record_aux_stack+0xb6/0xc0
[ 58.292006][ T428] kasan_record_aux_stack_noalloc+0xb/0x10
[ 58.297827][ T428] call_rcu+0xd4/0xf90
[ 58.301911][ T428] evict+0x7f6/0x890
[ 58.305816][ T428] iput+0x620/0x670
[ 58.309710][ T428] do_unlinkat+0x375/0x6b0
[ 58.314138][ T428] __x64_sys_unlink+0x49/0x50
[ 58.318879][ T428] x64_sys_call+0x958/0x9a0
[ 58.323469][ T428] do_syscall_64+0x4c/0xa0
[ 58.327889][ T428] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 58.333880][ T428]
[ 58.336665][ T428] The buggy address belongs to the object at ffff88810d80a2e0
[ 58.336665][ T428] which belongs to the cache f2fs_inode_cache of size 1360
[ 58.351235][ T428] The buggy address is located 952 bytes inside of
[ 58.351235][ T428] 1360-byte region [ffff88810d80a2e0, ffff88810d80a830)
[ 58.364602][ T428]
[ 58.366927][ T428] The buggy address belongs to the physical page:
[ 58.373496][ T428] page:ffffea0004360200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d808
[ 58.384437][ T428] head:ffffea0004360200 order:3 compound_mapcount:0 compound_pincount:0
[ 58.392890][ T428] flags: 0x4000000000010200(slab|head|zone=1)
[ 58.399153][ T428] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881002d1080
[ 58.408094][ T428] raw: 0000000000000000 0000000080160016 00000001ffffffff 0000000000000000
[ 58.416755][ T428] page dumped because: kasan: bad access detected
[ 58.423170][ T428] page_owner tracks the page as allocated
[ 58.428967][ T428] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 433, tgid 432 (syz.2.16), ts 56716815427, free_ts 0
[ 58.451282][ T428] post_alloc_hook+0x1f5/0x210
[ 58.456145][ T428] prep_new_page+0x1c/0x110
[ 58.460733][ T428] get_page_from_freelist+0x2c6e/0x2ce0
[ 58.466275][ T428] __alloc_pages+0x19e/0x3a0
[ 58.470866][ T428] alloc_slab_page+0x6e/0xf0
[ 58.475483][ T428] new_slab+0x98/0x3d0
[ 58.479549][ T428] ___slab_alloc+0x6f6/0xb50
[ 58.484164][ T428] __slab_alloc+0x5e/0xa0
[ 58.488588][ T428] kmem_cache_alloc_lru+0x144/0x280
[ 58.494038][ T428] f2fs_alloc_inode+0x2d/0x340
[ 58.499241][ T428] iget_locked+0x198/0x8b0
[ 58.503748][ T428] f2fs_iget+0x55/0x4cb0
[ 58.508007][ T428] f2fs_fill_super+0x3ab8/0x6c70
[ 58.512971][ T428] mount_bdev+0x2bc/0x3f0
[ 58.517345][ T428] f2fs_mount+0x34/0x40
[ 58.521520][ T428] legacy_get_tree+0xfe/0x1a0
[ 58.526288][ T428] page_owner free stack trace missing
[ 58.531739][ T428]
[ 58.534058][ T428] Memory state around the buggy address:
[ 58.539849][ T428] ffff88810d80a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.547986][ T428] ffff88810d80a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.556211][ T428] >ffff88810d80a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.564362][ T428] ^
[ 58.569311][ T428] ffff88810d80a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.577376][ T428] ffff88810d80a780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.585554][ T428] ==================================================================
[ 58.594130][ T428] Disabling lock debugging due to kernel taint
[ 59.362465][ T341] device bridge_slave_1 left promiscuous mode
[ 59.368677][ T341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.376793][ T341] device bridge_slave_0 left promiscuous mode
[ 59.383145][ T341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.391978][ T341] device veth1_macvtap left promiscuous mode
[ 59.398110][ T341] device veth0_vlan left promiscuous mode