Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts.
2025/07/29 15:14:53 ignoring optional flag "sandboxArg"="0"
2025/07/29 15:14:54 parsed 1 programs
[ 50.241583][ T30] kauditd_printk_skb: 30 callbacks suppressed
[ 50.241596][ T30] audit: type=1400 audit(1753802095.465:104): avc: denied { unlink } for pid=396 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 50.289000][ T396] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 50.663572][ T30] audit: type=1400 audit(1753802095.885:105): avc: denied { create } for pid=400 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 50.939115][ T417] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.946281][ T417] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.953866][ T417] device bridge_slave_0 entered promiscuous mode
[ 50.961282][ T417] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.968407][ T417] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.975793][ T417] device bridge_slave_1 entered promiscuous mode
[ 51.011348][ T417] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.018549][ T417] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.026357][ T417] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.033488][ T417] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.049489][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.056842][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.064542][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 51.071934][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.081436][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.089601][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.096652][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.105084][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.113313][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.120320][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.132105][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.141440][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.154258][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.165228][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.173199][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.180534][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.189906][ T417] device veth0_vlan entered promiscuous mode
[ 51.199113][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.207971][ T417] device veth1_macvtap entered promiscuous mode
[ 51.216608][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.227026][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.295742][ T30] audit: type=1401 audit(1753802096.515:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/07/29 15:14:56 executed programs: 0
[ 51.715263][ T30] audit: type=1400 audit(1753802096.935:107): avc: denied { write } for pid=387 comm="syz-execprog" path="pipe:[995]" dev="pipefs" ino=995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 51.739701][ T344] device bridge_slave_1 left promiscuous mode
[ 51.745845][ T344] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.753333][ T344] device bridge_slave_0 left promiscuous mode
[ 51.759510][ T344] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.767620][ T344] device veth1_macvtap left promiscuous mode
[ 51.773656][ T344] device veth0_vlan left promiscuous mode
[ 51.858634][ T462] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.865716][ T462] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.873077][ T462] device bridge_slave_0 entered promiscuous mode
[ 51.879774][ T462] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.886845][ T462] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.894409][ T462] device bridge_slave_1 entered promiscuous mode
[ 51.932948][ T462] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.939981][ T462] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.947301][ T462] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.954326][ T462] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.970094][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.977791][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.985361][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.994237][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 52.002676][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 52.010822][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.017873][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.026183][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 52.034686][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 52.042838][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.049841][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.060412][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 52.068523][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 52.077629][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 52.085843][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 52.104608][ T462] device veth0_vlan entered promiscuous mode
[ 52.110944][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 52.119285][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 52.127794][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 52.135939][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 52.144166][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 52.151733][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 52.164076][ T462] device veth1_macvtap entered promiscuous mode
[ 52.171113][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 52.179718][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 52.187879][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 52.197756][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 52.206116][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 52.215602][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 52.223980][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 52.326581][ T473] loop2: detected capacity change from 0 to 40427
[ 52.431978][ T473] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 52.439786][ T473] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 52.448856][ T473] F2FS-fs (loop2): invalid crc value
[ 52.455508][ T473] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 52.475723][ T473] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 52.482818][ T473] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 52.490447][ T30] audit: type=1400 audit(1753802097.705:108): avc: denied { mount } for pid=472 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 52.511920][ T30] audit: type=1400 audit(1753802097.715:109): avc: denied { write } for pid=472 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.526862][ T462] ------------[ cut here ]------------
[ 52.533425][ T30] audit: type=1400 audit(1753802097.715:110): avc: denied { add_name } for pid=472 comm="syz.2.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.538700][ T462] WARNING: CPU: 1 PID: 462 at fs/f2fs/inode.c:880 f2fs_evict_inode+0x12b0/0x1560
[ 52.559997][ T30] audit: type=1400 audit(1753802097.715:111): avc: denied { create } for pid=472 comm="syz.2.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 52.568406][ T462] Modules linked in:
[ 52.588578][ T30] audit: type=1400 audit(1753802097.725:112): avc: denied { read open } for pid=472 comm="syz.2.16" path="/0/bus/file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 52.592604][ T462] CPU: 1 PID: 462 Comm: syz-executor Not tainted 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[ 52.616313][ T30] audit: type=1400 audit(1753802097.725:113): avc: denied { ioctl } for pid=472 comm="syz.2.16" path="/0/bus/file0" dev="loop2" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 52.648956][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 52.659049][ T462] RIP: 0010:f2fs_evict_inode+0x12b0/0x1560
[ 52.664966][ T462] Code: e9 55 f2 ff ff e8 20 2c 61 ff eb 05 e8 19 2c 61 ff 4c 8b 74 24 28 48 8b 7c 24 18 e8 3a f0 02 00 e9 bc fc ff ff e8 00 2c 61 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 d1 a8 9f ff f0 41 80 0e 04 e9 99
[ 52.684632][ T462] RSP: 0018:ffffc90000ba78c0 EFLAGS: 00010293
[ 52.690751][ T462] RAX: ffffffff820783d0 RBX: 1ffff92000174f2c RCX: ffff8881167f0000
[ 52.698773][ T462] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 52.706827][ T462] RBP: ffffc90000ba7a30 R08: dffffc0000000000 R09: ffffed1025aa97f7
[ 52.715016][ T462] R10: ffffed1025aa97f7 R11: 1ffff11025aa97f6 R12: ffff88812d54bfb0
[ 52.723131][ T462] R13: dffffc0000000000 R14: ffff888118aa2078 R15: 0000000000000002
[ 52.731134][ T462] FS: 000055555d6d5500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 52.740097][ T462] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.746902][ T462] CR2: 00007ffdcfb56fa8 CR3: 0000000120f20000 CR4: 00000000003506b0
[ 52.754968][ T462] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.763000][ T462] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.771088][ T462] Call Trace:
[ 52.774542][ T462]
[ 52.777480][ T462] ? inode_wait_for_writeback+0x1b0/0x200
[ 52.783266][ T462] ? f2fs_write_inode+0x850/0x850
[ 52.788307][ T462] ? bit_waitqueue+0x30/0x30
[ 52.793085][ T462] ? locks_free_lock_context+0x42/0x70
[ 52.798557][ T462] ? f2fs_write_inode+0x850/0x850
[ 52.803715][ T462] evict+0x485/0x870
[ 52.807618][ T462] ? proc_nr_inodes+0x310/0x310
[ 52.812505][ T462] ? _raw_spin_lock+0x8e/0xe0
[ 52.817173][ T462] ? _raw_spin_unlock+0x4d/0x70
[ 52.822047][ T462] evict_inodes+0x5de/0x650
[ 52.826544][ T462] ? clear_inode+0x150/0x150
[ 52.831173][ T462] generic_shutdown_super+0x96/0x330
[ 52.836446][ T462] kill_block_super+0x7f/0xf0
[ 52.841137][ T462] kill_f2fs_super+0x2e7/0x390
[ 52.845890][ T462] ? radix_tree_delete_item+0x2c8/0x410
[ 52.851574][ T462] ? f2fs_mount+0x40/0x40
[ 52.855897][ T462] ? unregister_shrinker+0x201/0x290
[ 52.861226][ T462] deactivate_locked_super+0xa0/0x100
[ 52.866817][ T462] deactivate_super+0xaf/0xe0
[ 52.871567][ T462] cleanup_mnt+0x446/0x500
[ 52.876001][ T462] __cleanup_mnt+0x19/0x20
[ 52.880427][ T462] task_work_run+0x127/0x190
[ 52.885280][ T462] exit_to_user_mode_loop+0xd0/0xe0
[ 52.890501][ T462] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.896382][ T462] syscall_exit_to_user_mode+0x1a/0x30
[ 52.901893][ T462] do_syscall_64+0x58/0xa0
[ 52.906314][ T462] ? clear_bhb_loop+0x50/0xa0
[ 52.911039][ T462] ? clear_bhb_loop+0x50/0xa0
[ 52.915715][ T462] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.921669][ T462] RIP: 0033:0x7f7a69275c57
[ 52.926091][ T462] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 52.945762][ T462] RSP: 002b:00007ffdcfb57758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 52.954209][ T462] RAX: 0000000000000000 RBX: 00007f7a692f6925 RCX: 00007f7a69275c57
[ 52.962326][ T462] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcfb57810
[ 52.970297][ T462] RBP: 00007ffdcfb57810 R08: 0000000000000000 R09: 0000000000000000
[ 52.978290][ T462] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdcfb588a0
[ 52.986546][ T462] R13: 00007f7a692f6925 R14: 000000000000cbfc R15: 00007ffdcfb588e0
[ 52.994571][ T462]
[ 52.997604][ T462] ---[ end trace b342c6d228be9f58 ]---
[ 53.020946][ T462] ==================================================================
[ 53.029062][ T462] BUG: KASAN: use-after-free in _raw_spin_lock+0x81/0xe0
[ 53.036076][ T462] Write of size 4 at addr ffff88812d54bd28 by task syz-executor/462
[ 53.044031][ T462]
[ 53.046347][ T462] CPU: 0 PID: 462 Comm: syz-executor Tainted: G W 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[ 53.057862][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 53.067898][ T462] Call Trace:
[ 53.071157][ T462]
[ 53.074067][ T462] __dump_stack+0x21/0x30
[ 53.078379][ T462] dump_stack_lvl+0xee/0x150
[ 53.082945][ T462] ? show_regs_print_info+0x20/0x20
[ 53.088120][ T462] ? load_image+0x3a0/0x3a0
[ 53.092612][ T462] ? preempt_schedule_irq+0xbb/0x110
[ 53.097877][ T462] ? __update_load_avg_cfs_rq+0xaf/0x2f0
[ 53.103486][ T462] print_address_description+0x7f/0x2c0
[ 53.109010][ T462] ? _raw_spin_lock+0x81/0xe0
[ 53.113707][ T462] kasan_report+0xf1/0x140
[ 53.118100][ T462] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 53.123533][ T462] ? _raw_spin_lock+0x81/0xe0
[ 53.128182][ T462] kasan_check_range+0x280/0x290
[ 53.133098][ T462] __kasan_check_write+0x14/0x20
[ 53.138049][ T462] _raw_spin_lock+0x81/0xe0
[ 53.142616][ T462] ? _raw_spin_trylock_bh+0x130/0x130
[ 53.148311][ T462] ? __kasan_check_write+0x14/0x20
[ 53.153408][ T462] ? _raw_spin_lock+0x8e/0xe0
[ 53.158061][ T462] ? _raw_spin_trylock_bh+0x130/0x130
[ 53.163520][ T462] igrab+0x20/0xa0
[ 53.167222][ T462] f2fs_sync_inode_meta+0x153/0x2a0
[ 53.172518][ T462] f2fs_write_checkpoint+0xa7d/0x1f00
[ 53.177891][ T462] ? __kasan_check_write+0x14/0x20
[ 53.182992][ T462] ? f2fs_get_sectors_written+0x4e0/0x4e0
[ 53.188697][ T462] ? rwsem_write_trylock+0x130/0x300
[ 53.193963][ T462] ? __kasan_check_read+0x11/0x20
[ 53.198977][ T462] ? wb_wait_for_completion+0x1d8/0x270
[ 53.204508][ T462] f2fs_issue_checkpoint+0x2e5/0x470
[ 53.209775][ T462] ? f2fs_destroy_checkpoint_caches+0x30/0x30
[ 53.215829][ T462] ? try_to_writeback_inodes_sb+0xc0/0xc0
[ 53.221553][ T462] f2fs_sync_fs+0x16f/0x2c0
[ 53.226294][ T462] sync_filesystem+0x1cb/0x240
[ 53.231144][ T462] f2fs_quota_off_umount+0x217/0x230
[ 53.236427][ T462] f2fs_put_super+0xb7/0xc00
[ 53.241007][ T462] ? fsnotify_destroy_marks+0x14f/0x400
[ 53.246536][ T462] ? fsnotify_sb_delete+0x471/0x4e0
[ 53.251714][ T462] ? f2fs_drop_inode+0x980/0x980
[ 53.256630][ T462] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 53.262375][ T462] ? clear_inode+0x150/0x150
[ 53.267040][ T462] ? fscrypt_destroy_keyring+0x27f/0x290
[ 53.272650][ T462] ? f2fs_drop_inode+0x980/0x980
[ 53.277569][ T462] generic_shutdown_super+0x151/0x330
[ 53.282923][ T462] kill_block_super+0x7f/0xf0
[ 53.287585][ T462] kill_f2fs_super+0x2e7/0x390
[ 53.292332][ T462] ? radix_tree_delete_item+0x2c8/0x410
[ 53.297858][ T462] ? f2fs_mount+0x40/0x40
[ 53.302186][ T462] ? unregister_shrinker+0x201/0x290
[ 53.307450][ T462] deactivate_locked_super+0xa0/0x100
[ 53.312803][ T462] deactivate_super+0xaf/0xe0
[ 53.317456][ T462] cleanup_mnt+0x446/0x500
[ 53.321851][ T462] __cleanup_mnt+0x19/0x20
[ 53.326244][ T462] task_work_run+0x127/0x190
[ 53.330901][ T462] exit_to_user_mode_loop+0xd0/0xe0
[ 53.336080][ T462] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.341557][ T462] syscall_exit_to_user_mode+0x1a/0x30
[ 53.347120][ T462] do_syscall_64+0x58/0xa0
[ 53.351534][ T462] ? clear_bhb_loop+0x50/0xa0
[ 53.356193][ T462] ? clear_bhb_loop+0x50/0xa0
[ 53.360848][ T462] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.366722][ T462] RIP: 0033:0x7f7a69275c57
[ 53.371116][ T462] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 53.390875][ T462] RSP: 002b:00007ffdcfb57758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 53.399268][ T462] RAX: 0000000000000000 RBX: 00007f7a692f6925 RCX: 00007f7a69275c57
[ 53.407219][ T462] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcfb57810
[ 53.415165][ T462] RBP: 00007ffdcfb57810 R08: 0000000000000000 R09: 0000000000000000
[ 53.423115][ T462] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdcfb588a0
[ 53.431064][ T462] R13: 00007f7a692f6925 R14: 000000000000cbfc R15: 00007ffdcfb588e0
[ 53.439016][ T462]
[ 53.442012][ T462]
[ 53.444312][ T462] Allocated by task 473:
[ 53.448550][ T462] __kasan_slab_alloc+0xbd/0xf0
[ 53.453383][ T462] slab_post_alloc_hook+0x4f/0x2b0
[ 53.458493][ T462] kmem_cache_alloc+0xf7/0x260
[ 53.463231][ T462] f2fs_alloc_inode+0x26/0x330
[ 53.467972][ T462] new_inode_pseudo+0x62/0x210
[ 53.472713][ T462] new_inode+0x28/0x1e0
[ 53.476850][ T462] f2fs_new_inode+0xd2/0x12b0
[ 53.481502][ T462] f2fs_create+0x178/0x15f0
[ 53.485981][ T462] path_openat+0x11ae/0x2f10
[ 53.490549][ T462] do_filp_open+0x1b3/0x3e0
[ 53.495115][ T462] do_sys_openat2+0x14c/0x7b0
[ 53.499778][ T462] __x64_sys_openat+0x136/0x160
[ 53.504777][ T462] x64_sys_call+0x219/0x9a0
[ 53.509271][ T462] do_syscall_64+0x4c/0xa0
[ 53.513679][ T462] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.519558][ T462]
[ 53.521954][ T462] Freed by task 0:
[ 53.525653][ T462] kasan_set_track+0x4a/0x70
[ 53.530238][ T462] kasan_set_free_info+0x23/0x40
[ 53.535695][ T462] ____kasan_slab_free+0x125/0x160
[ 53.540799][ T462] __kasan_slab_free+0x11/0x20
[ 53.545552][ T462] slab_free_freelist_hook+0xc2/0x190
[ 53.550904][ T462] kmem_cache_free+0x100/0x320
[ 53.555646][ T462] f2fs_free_inode+0x24/0x30
[ 53.560473][ T462] i_callback+0x4c/0x70
[ 53.564608][ T462] rcu_do_batch+0x51d/0xba0
[ 53.569091][ T462] rcu_core+0x5e4/0xf80
[ 53.573227][ T462] rcu_core_si+0x9/0x10
[ 53.577370][ T462] handle_softirqs+0x250/0x560
[ 53.582118][ T462] __irq_exit_rcu+0x52/0xf0
[ 53.586601][ T462] irq_exit_rcu+0x9/0x10
[ 53.590819][ T462] sysvec_call_function_single+0xa6/0xc0
[ 53.596443][ T462] asm_sysvec_call_function_single+0x1b/0x20
[ 53.602401][ T462]
[ 53.604708][ T462] Last potentially related work creation:
[ 53.610411][ T462] kasan_save_stack+0x3a/0x60
[ 53.615089][ T462] __kasan_record_aux_stack+0xd2/0x100
[ 53.620531][ T462] kasan_record_aux_stack_noalloc+0xb/0x10
[ 53.626324][ T462] call_rcu+0x105/0xfe0
[ 53.630481][ T462] evict+0x7da/0x870
[ 53.634355][ T462] evict_inodes+0x5de/0x650
[ 53.638834][ T462] generic_shutdown_super+0x96/0x330
[ 53.644157][ T462] kill_block_super+0x7f/0xf0
[ 53.648819][ T462] kill_f2fs_super+0x2e7/0x390
[ 53.653560][ T462] deactivate_locked_super+0xa0/0x100
[ 53.658912][ T462] deactivate_super+0xaf/0xe0
[ 53.663565][ T462] cleanup_mnt+0x446/0x500
[ 53.667962][ T462] __cleanup_mnt+0x19/0x20
[ 53.672362][ T462] task_work_run+0x127/0x190
[ 53.676950][ T462] exit_to_user_mode_loop+0xd0/0xe0
[ 53.682142][ T462] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.687589][ T462] syscall_exit_to_user_mode+0x1a/0x30
[ 53.693036][ T462] do_syscall_64+0x58/0xa0
[ 53.697432][ T462] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.703322][ T462]
[ 53.705628][ T462] The buggy address belongs to the object at ffff88812d54bca0
[ 53.705628][ T462] which belongs to the cache f2fs_inode_cache of size 1424
[ 53.720188][ T462] The buggy address is located 136 bytes inside of
[ 53.720188][ T462] 1424-byte region [ffff88812d54bca0, ffff88812d54c230)
[ 53.733561][ T462] The buggy address belongs to the page:
[ 53.739190][ T462] page:ffffea0004b55200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d548
[ 53.749430][ T462] head:ffffea0004b55200 order:3 compound_mapcount:0 compound_pincount:0
[ 53.757820][ T462] flags: 0x4000000000010200(slab|head|zone=1)
[ 53.763879][ T462] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881081f7200
[ 53.772442][ T462] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[ 53.780994][ T462] page dumped because: kasan: bad access detected
[ 53.787379][ T462] page_owner tracks the page as allocated
[ 53.793067][ T462] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 473, ts 52500937532, free_ts 29844891312
[ 53.814403][ T462] post_alloc_hook+0x192/0x1b0
[ 53.819161][ T462] prep_new_page+0x1c/0x110
[ 53.823642][ T462] get_page_from_freelist+0x2cc5/0x2d50
[ 53.829172][ T462] __alloc_pages+0x18f/0x440
[ 53.833738][ T462] new_slab+0xa1/0x4d0
[ 53.837875][ T462] ___slab_alloc+0x381/0x810
[ 53.842472][ T462] __slab_alloc+0x49/0x90
[ 53.846778][ T462] kmem_cache_alloc+0x138/0x260
[ 53.851605][ T462] f2fs_alloc_inode+0x26/0x330
[ 53.856346][ T462] new_inode_pseudo+0x62/0x210
[ 53.861099][ T462] new_inode+0x28/0x1e0
[ 53.865231][ T462] f2fs_new_inode+0xd2/0x12b0
[ 53.869883][ T462] f2fs_create+0x178/0x15f0
[ 53.874461][ T462] path_openat+0x11ae/0x2f10
[ 53.879047][ T462] do_filp_open+0x1b3/0x3e0
[ 53.883538][ T462] do_sys_openat2+0x14c/0x7b0
[ 53.888194][ T462] page last free stack trace:
[ 53.892845][ T462] free_unref_page_prepare+0x542/0x550
[ 53.898379][ T462] free_unref_page+0xa2/0x550
[ 53.903029][ T462] __free_pages+0x6c/0x100
[ 53.907425][ T462] __vunmap+0x84d/0x9e0
[ 53.911584][ T462] vfree+0x8b/0xc0
[ 53.915283][ T462] kcov_close+0x2b/0x50
[ 53.919419][ T462] __fput+0x20b/0x8b0
[ 53.923459][ T462] ____fput+0x15/0x20
[ 53.927596][ T462] task_work_run+0x127/0x190
[ 53.932180][ T462] do_exit+0xa7e/0x27a0
[ 53.936319][ T462] do_group_exit+0x141/0x310
[ 53.940896][ T462] get_signal+0x66a/0x1480
[ 53.945291][ T462] arch_do_signal_or_restart+0xc1/0x10f0
[ 53.950901][ T462] exit_to_user_mode_loop+0xa7/0xe0
[ 53.956075][ T462] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.961511][ T462] syscall_exit_to_user_mode+0x1a/0x30
[ 53.967208][ T462]
[ 53.969509][ T462] Memory state around the buggy address:
[ 53.975127][ T462] ffff88812d54bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.983292][ T462] ffff88812d54bc80: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 53.991343][ T462] >ffff88812d54bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.999412][ T462] ^
[ 54.004784][ T462] ffff88812d54bd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.012826][ T462] ffff88812d54be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.020863][ T462] ==================================================================
[ 54.028986][ T462] Disabling lock debugging due to kernel taint