Warning: Permanently added '10.128.1.214' (ED25519) to the list of known hosts.
2025/07/21 21:53:31 ignoring optional flag "sandboxArg"="0"
2025/07/21 21:53:32 parsed 1 programs
[ 50.191392][ T28] audit: type=1400 audit(1753134812.944:106): avc: denied { unlink } for pid=384 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 50.227364][ T384] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 51.141058][ T407] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.148088][ T407] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.155631][ T407] device bridge_slave_0 entered promiscuous mode
[ 51.162457][ T407] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.169551][ T407] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.176925][ T407] device bridge_slave_1 entered promiscuous mode
[ 51.215391][ T407] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.222472][ T407] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.229714][ T407] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.236784][ T407] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.254027][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.261553][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.268892][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 51.276303][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.286081][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.294274][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.301303][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.309688][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.317921][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.324958][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.337719][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.346740][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.358933][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.370418][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.378654][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.386298][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.394985][ T407] device veth0_vlan entered promiscuous mode
[ 51.406586][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.415447][ T407] device veth1_macvtap entered promiscuous mode
[ 51.424194][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.434236][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.515784][ T28] audit: type=1400 audit(1753134814.264:107): avc: denied { create } for pid=424 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 51.550592][ T28] audit: type=1401 audit(1753134814.294:108): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/07/21 21:53:34 executed programs: 0
[ 51.860642][ T444] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.868111][ T444] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.875602][ T444] device bridge_slave_0 entered promiscuous mode
[ 51.882951][ T444] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.889982][ T444] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.897455][ T444] device bridge_slave_1 entered promiscuous mode
[ 51.936797][ T444] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.943840][ T444] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.951098][ T444] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.958108][ T444] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.976589][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.984313][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.991876][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.001118][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 52.009336][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.016375][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.027788][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 52.036168][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.043228][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.059604][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 52.067520][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 52.080265][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 52.092645][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 52.100614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 52.108180][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 52.119170][ T444] device veth0_vlan entered promiscuous mode
[ 52.128660][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 52.138230][ T444] device veth1_macvtap entered promiscuous mode
[ 52.147492][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 52.156667][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 52.166140][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 52.174683][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 52.463335][ T450] loop2: detected capacity change from 0 to 131072
[ 52.472508][ T450] F2FS-fs (loop2): Wrong CP boundary, start(512) end(198144) blocks(1024)
[ 52.481351][ T450] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 52.490364][ T450] F2FS-fs (loop2): invalid crc value
[ 52.506346][ T450] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 52.530750][ T450] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 52.537806][ T450] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[ 52.545702][ T28] audit: type=1400 audit(1753134815.294:109): avc: denied { mount } for pid=449 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 52.567191][ T28] audit: type=1400 audit(1753134815.314:110): avc: denied { write } for pid=449 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.569253][ T444] F2FS-fs (loop2): dec_valid_node_count: inconsistent i_blocks, ino:7, iblocks:0
[ 52.589105][ T28] audit: type=1400 audit(1753134815.314:111): avc: denied { remove_name } for pid=449 comm="syz.2.16" name="file0" dev="loop2" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.600014][ T444] ------------[ cut here ]------------
[ 52.620711][ T28] audit: type=1400 audit(1753134815.314:112): avc: denied { rename } for pid=449 comm="syz.2.16" name="file0" dev="loop2" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.625585][ T444] WARNING: CPU: 0 PID: 444 at fs/f2fs/inode.c:851 f2fs_evict_inode+0x1235/0x14f0
[ 52.647358][ T28] audit: type=1400 audit(1753134815.314:113): avc: denied { add_name } for pid=449 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.656343][ T444] Modules linked in:
[ 52.676656][ T28] audit: type=1400 audit(1753134815.314:114): avc: denied { unlink } for pid=444 comm="syz-executor" name="file1" dev="loop2" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 52.680359][ T444] CPU: 0 PID: 444 Comm: syz-executor Not tainted 6.1.141-syzkaller-1169947-g2dbfabb0eec8 #0
[ 52.712657][ T444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 52.722751][ T444] RIP: 0010:f2fs_evict_inode+0x1235/0x14f0
[ 52.728569][ T444] Code: 4c 8b 74 24 38 4c 8b 7c 24 30 48 8b 7c 24 20 e8 b1 15 03 00 43 80 7c 25 00 00 0f 85 98 fc ff ff e9 9b fc ff ff e8 eb ae 56 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 4c 0b 9b ff f0 41 80 0e 04 e9 63
[ 52.748299][ T444] RSP: 0018:ffffc90000a97ae0 EFLAGS: 00010293
[ 52.754372][ T444] RAX: ffffffff82194885 RBX: 1ffff92000152f70 RCX: ffff888121412880
[ 52.762352][ T444] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 52.770338][ T444] RBP: ffffc90000a97c50 R08: dffffc0000000000 R09: ffffed102549f915
[ 52.778341][ T444] R10: ffffed102549f915 R11: 1ffff1102549f914 R12: dffffc0000000000
[ 52.786367][ T444] R13: 1ffff1102549f8c0 R14: ffff88811e200078 R15: 0000000000000002
[ 52.794368][ T444] FS: 000055557af05500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 52.803581][ T444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.810243][ T444] CR2: 00007ffc33983f78 CR3: 000000012d8dd000 CR4: 00000000003506b0
[ 52.818222][ T444] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.826214][ T444] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.834211][ T444] Call Trace:
[ 52.837482][ T444]
[ 52.840490][ T444] ? __cfi_f2fs_evict_inode+0x10/0x10
[ 52.845883][ T444] ? __cfi_wake_bit_function+0x10/0x10
[ 52.851369][ T444] ? _raw_spin_unlock+0x4c/0x70
[ 52.856208][ T444] ? inode_io_list_del+0x19b/0x1b0
[ 52.861365][ T444] ? __cfi_f2fs_evict_inode+0x10/0x10
[ 52.866739][ T444] evict+0x493/0x890
[ 52.870621][ T444] ? __kasan_check_write+0x14/0x20
[ 52.875747][ T444] ? proc_nr_inodes+0x2f0/0x2f0
[ 52.880591][ T444] ? lockref_put_return+0x152/0x1c0
[ 52.885800][ T444] ? __kasan_check_read+0x11/0x20
[ 52.890836][ T444] ? f2fs_drop_inode+0x174/0x9b0
[ 52.895767][ T444] ? __kasan_check_write+0x14/0x20
[ 52.900882][ T444] iput+0x620/0x670
[ 52.904689][ T444] do_unlinkat+0x375/0x6b0
[ 52.909092][ T444] ? __cfi_do_unlinkat+0x10/0x10
[ 52.914038][ T444] ? getname_flags+0x206/0x500
[ 52.918791][ T444] __x64_sys_unlink+0x49/0x50
[ 52.923466][ T444] x64_sys_call+0x958/0x9a0
[ 52.927960][ T444] do_syscall_64+0x4c/0xa0
[ 52.932379][ T444] ? clear_bhb_loop+0x30/0x80
[ 52.937045][ T444] ? clear_bhb_loop+0x30/0x80
[ 52.941801][ T444] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 52.947680][ T444] RIP: 0033:0x7f16e4d8d717
[ 52.952100][ T444] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 52.971721][ T444] RSP: 002b:00007ffc33984728 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 52.980120][ T444] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f16e4d8d717
[ 52.988087][ T444] RDX: 00007ffc33984750 RSI: 00007ffc339847e0 RDI: 00007ffc339847e0
[ 52.996069][ T444] RBP: 00007ffc339847e0 R08: 0000000000000000 R09: 0000000000000000
[ 53.004064][ T444] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc339858d0
[ 53.012048][ T444] R13: 00007f16e4e10854 R14: 000000000000cd3c R15: 00007ffc339869a0
[ 53.020007][ T444]
[ 53.023067][ T444] ---[ end trace 0000000000000000 ]---
[ 53.028951][ T444] ------------[ cut here ]------------
[ 53.034451][ T444] WARNING: CPU: 1 PID: 444 at fs/inode.c:332 drop_nlink+0xc5/0x110
[ 53.042357][ T444] Modules linked in:
[ 53.046238][ T444] CPU: 1 PID: 444 Comm: syz-executor Tainted: G W 6.1.141-syzkaller-1169947-g2dbfabb0eec8 #0
[ 53.057777][ T444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 53.067834][ T444] RIP: 0010:drop_nlink+0xc5/0x110
[ 53.072869][ T444] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d3 eb f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4b 8f ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[ 53.092480][ T444] RSP: 0018:ffffc90000a97b38 EFLAGS: 00010293
[ 53.098534][ T444] RAX: ffffffff81c36825 RBX: ffff88812a6f2e80 RCX: ffff888121412880
[ 53.106575][ T444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 53.114556][ T444] RBP: ffffc90000a97b60 R08: dffffc0000000000 R09: ffffc90000a97ae0
[ 53.122541][ T444] R10: fffff52000152f5e R11: 1ffff92000152f5c R12: dffffc0000000000
[ 53.130501][ T444] R13: 1ffff110254de5d9 R14: ffff88812a6f2ec8 R15: 0000000000000000
[ 53.138473][ T444] FS: 000055557af05500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 53.147406][ T444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.153983][ T444] CR2: 000000c0059c5000 CR3: 000000012d8dd000 CR4: 00000000003506a0
[ 53.161972][ T444] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.169920][ T444] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.177885][ T444] Call Trace:
[ 53.181186][ T444]
[ 53.184095][ T444] f2fs_drop_nlink+0x13f/0x3d0
[ 53.188937][ T444] ? f2fs_mark_inode_dirty_sync+0x13e/0x1c0
[ 53.194872][ T444] f2fs_delete_entry+0xf0d/0x1080
[ 53.199895][ T444] f2fs_unlink+0x41f/0x7d0
[ 53.204312][ T444] ? __cfi_f2fs_unlink+0x10/0x10
[ 53.209239][ T444] ? HAS_UNMAPPED_ID+0x1fc/0x250
[ 53.214186][ T444] ? selinux_inode_unlink+0x22/0x30
[ 53.219377][ T444] ? security_inode_unlink+0xe5/0x130
[ 53.224789][ T444] vfs_unlink+0x39f/0x630
[ 53.229119][ T444] do_unlinkat+0x31f/0x6b0
[ 53.233537][ T444] ? __cfi_do_unlinkat+0x10/0x10
[ 53.238460][ T444] ? getname_flags+0x206/0x500
[ 53.243228][ T444] __x64_sys_unlink+0x49/0x50
[ 53.247894][ T444] x64_sys_call+0x958/0x9a0
[ 53.252414][ T444] do_syscall_64+0x4c/0xa0
[ 53.256820][ T444] ? clear_bhb_loop+0x30/0x80
[ 53.261541][ T444] ? clear_bhb_loop+0x30/0x80
[ 53.266218][ T444] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 53.272122][ T444] RIP: 0033:0x7f16e4d8d717
[ 53.276527][ T444] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 53.296137][ T444] RSP: 002b:00007ffc33984728 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 53.304553][ T444] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f16e4d8d717
[ 53.312526][ T444] RDX: 00007ffc33984750 RSI: 00007ffc339847e0 RDI: 00007ffc339847e0
[ 53.320484][ T444] RBP: 00007ffc339847e0 R08: 0000000000000000 R09: 0000000000000000
[ 53.328522][ T444] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc339858d0
[ 53.336498][ T444] R13: 00007f16e4e10854 R14: 000000000000cd3c R15: 00007ffc339869a0
[ 53.344480][ T444]
[ 53.347489][ T444] ---[ end trace 0000000000000000 ]---
[ 53.422576][ T444] ==================================================================
[ 53.430664][ T444] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[ 53.438449][ T444] Read of size 8 at addr ffff88812a4fc978 by task syz-executor/444
[ 53.446327][ T444]
[ 53.448625][ T444] CPU: 0 PID: 444 Comm: syz-executor Tainted: G W 6.1.141-syzkaller-1169947-g2dbfabb0eec8 #0
[ 53.460133][ T444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 53.470160][ T444] Call Trace:
[ 53.473415][ T444]
[ 53.476325][ T444] __dump_stack+0x21/0x24
[ 53.480633][ T444] dump_stack_lvl+0xee/0x150
[ 53.485195][ T444] ? __cfi_dump_stack_lvl+0x8/0x8
[ 53.490194][ T444] ? folio_mark_accessed+0x1b8/0x3f0
[ 53.495462][ T444] ? __list_del_entry_valid+0xa6/0x130
[ 53.500905][ T444] print_address_description+0x71/0x210
[ 53.506429][ T444] print_report+0x4a/0x60
[ 53.510735][ T444] kasan_report+0x122/0x150
[ 53.515224][ T444] ? __list_del_entry_valid+0xa6/0x130
[ 53.520757][ T444] __asan_report_load8_noabort+0x14/0x20
[ 53.526386][ T444] __list_del_entry_valid+0xa6/0x130
[ 53.531649][ T444] f2fs_inode_synced+0xf7/0x2e0
[ 53.536559][ T444] f2fs_update_inode+0x74/0x1c30
[ 53.541473][ T444] ? __get_node_page+0x466/0xb00
[ 53.546388][ T444] f2fs_update_inode_page+0x145/0x180
[ 53.551735][ T444] ? f2fs_write_inode+0x407/0x780
[ 53.556731][ T444] f2fs_write_inode+0x40f/0x780
[ 53.561598][ T444] __writeback_single_inode+0x4b1/0xad0
[ 53.567141][ T444] writeback_single_inode+0x221/0x8b0
[ 53.572501][ T444] ? write_inode_now+0x1c0/0x1c0
[ 53.577416][ T444] ? __kasan_check_write+0x14/0x20
[ 53.582502][ T444] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 53.587942][ T444] ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[ 53.593902][ T444] sync_inode_metadata+0xb6/0x110
[ 53.598912][ T444] ? __cfi_sync_inode_metadata+0x10/0x10
[ 53.604617][ T444] ? __wake_up+0x11b/0x190
[ 53.609031][ T444] ? __cfi__raw_spin_lock+0x10/0x10
[ 53.614206][ T444] ? iput+0x289/0x670
[ 53.618165][ T444] ? _raw_spin_unlock+0x4c/0x70
[ 53.623009][ T444] f2fs_write_checkpoint+0xec3/0x25c0
[ 53.628380][ T444] ? __cfi_f2fs_write_checkpoint+0x10/0x10
[ 53.634180][ T444] ? __kasan_check_write+0x14/0x20
[ 53.639288][ T444] ? kthread_stop+0x189/0x3f0
[ 53.643944][ T444] ? memcpy+0x56/0x70
[ 53.647908][ T444] kill_f2fs_super+0x231/0x390
[ 53.652653][ T444] ? __cfi_kill_f2fs_super+0x10/0x10
[ 53.657914][ T444] ? up_write+0x7b/0x290
[ 53.662135][ T444] ? unregister_shrinker+0x208/0x290
[ 53.667397][ T444] deactivate_locked_super+0xb5/0x120
[ 53.672746][ T444] deactivate_super+0xaf/0xe0
[ 53.677410][ T444] cleanup_mnt+0x45f/0x4e0
[ 53.681818][ T444] __cleanup_mnt+0x19/0x20
[ 53.686207][ T444] task_work_run+0x1db/0x240
[ 53.690773][ T444] ? __cfi_task_work_run+0x10/0x10
[ 53.695878][ T444] ? free_nsproxy+0x21f/0x270
[ 53.700544][ T444] do_exit+0xa1d/0x2650
[ 53.704701][ T444] ? __cfi_do_exit+0x10/0x10
[ 53.709274][ T444] ? __kasan_check_write+0x14/0x20
[ 53.714368][ T444] ? _raw_spin_lock_irq+0x8f/0xe0
[ 53.719468][ T444] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 53.725043][ T444] ? xfd_validate_state+0x70/0x150
[ 53.730143][ T444] ? zap_other_threads+0x2c1/0x2f0
[ 53.735234][ T444] do_group_exit+0x210/0x2d0
[ 53.739807][ T444] __x64_sys_exit_group+0x3f/0x40
[ 53.744811][ T444] x64_sys_call+0x7b4/0x9a0
[ 53.749307][ T444] do_syscall_64+0x4c/0xa0
[ 53.753704][ T444] ? clear_bhb_loop+0x30/0x80
[ 53.758356][ T444] ? clear_bhb_loop+0x30/0x80
[ 53.763018][ T444] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 53.768884][ T444] RIP: 0033:0x7f16e4d8e169
[ 53.773273][ T444] Code: Unable to access opcode bytes at 0x7f16e4d8e13f.
[ 53.780260][ T444] RSP: 002b:00007ffc33983528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 53.788643][ T444] RAX: ffffffffffffffda RBX: 00007f16e4e10879 RCX: 00007f16e4d8e169
[ 53.796589][ T444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 53.804531][ T444] RBP: 0000000000000002 R08: 00007ffc339812c7 R09: 00007ffc339847e0
[ 53.812482][ T444] R10: 0000000000000009 R11: 0000000000000246 R12: 00007ffc339847e0
[ 53.820433][ T444] R13: 00007f16e4e10854 R14: 000000000000cd3c R15: 00007ffc339869a0
[ 53.828392][ T444]
[ 53.831390][ T444]
[ 53.833685][ T444] Allocated by task 450:
[ 53.837893][ T444] kasan_set_track+0x4b/0x70
[ 53.842455][ T444] kasan_save_alloc_info+0x25/0x30
[ 53.847539][ T444] __kasan_slab_alloc+0x72/0x80
[ 53.852361][ T444] slab_post_alloc_hook+0x4f/0x2d0
[ 53.857444][ T444] kmem_cache_alloc_lru+0x104/0x280
[ 53.862610][ T444] f2fs_alloc_inode+0x2d/0x340
[ 53.867445][ T444] iget_locked+0x198/0x8b0
[ 53.871830][ T444] f2fs_iget+0x55/0x4cb0
[ 53.876050][ T444] f2fs_lookup+0x366/0xab0
[ 53.880441][ T444] __lookup_slow+0x2c7/0x3f0
[ 53.884999][ T444] lookup_slow+0x57/0x70
[ 53.889215][ T444] walk_component+0x2f4/0x420
[ 53.893866][ T444] path_lookupat+0x180/0x490
[ 53.898428][ T444] filename_lookup+0x1f0/0x500
[ 53.903163][ T444] vfs_statx+0x10b/0x660
[ 53.907379][ T444] __se_sys_newlstat+0xd5/0x350
[ 53.912195][ T444] __x64_sys_newlstat+0x5b/0x70
[ 53.917016][ T444] x64_sys_call+0x393/0x9a0
[ 53.921489][ T444] do_syscall_64+0x4c/0xa0
[ 53.925874][ T444] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 53.931737][ T444]
[ 53.934032][ T444] Freed by task 0:
[ 53.937721][ T444] kasan_set_track+0x4b/0x70
[ 53.942467][ T444] kasan_save_free_info+0x31/0x50
[ 53.947462][ T444] ____kasan_slab_free+0x132/0x180
[ 53.952556][ T444] __kasan_slab_free+0x11/0x20
[ 53.957286][ T444] slab_free_freelist_hook+0xc2/0x190
[ 53.962630][ T444] kmem_cache_free+0x12d/0x300
[ 53.967372][ T444] f2fs_free_inode+0x24/0x30
[ 53.971936][ T444] i_callback+0x5a/0x80
[ 53.976074][ T444] rcu_do_batch+0x515/0xb90
[ 53.980552][ T444] rcu_core+0x5a5/0xe70
[ 53.984689][ T444] rcu_core_si+0x9/0x10
[ 53.988816][ T444] handle_softirqs+0x1d7/0x600
[ 53.993634][ T444] __irq_exit_rcu+0x52/0xf0
[ 53.998125][ T444] irq_exit_rcu+0x9/0x10
[ 54.002333][ T444] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 54.007943][ T444] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 54.013910][ T444]
[ 54.016206][ T444] Last potentially related work creation:
[ 54.021974][ T444] kasan_save_stack+0x3a/0x60
[ 54.026621][ T444] __kasan_record_aux_stack+0xb6/0xc0
[ 54.031962][ T444] kasan_record_aux_stack_noalloc+0xb/0x10
[ 54.037740][ T444] call_rcu+0xd4/0xf90
[ 54.041786][ T444] evict+0x7f6/0x890
[ 54.045652][ T444] iput+0x620/0x670
[ 54.049426][ T444] do_unlinkat+0x375/0x6b0
[ 54.053811][ T444] __x64_sys_unlink+0x49/0x50
[ 54.058460][ T444] x64_sys_call+0x958/0x9a0
[ 54.063024][ T444] do_syscall_64+0x4c/0xa0
[ 54.067410][ T444] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.073273][ T444]
[ 54.075571][ T444] The buggy address belongs to the object at ffff88812a4fc5c0
[ 54.075571][ T444] which belongs to the cache f2fs_inode_cache of size 1360
[ 54.090119][ T444] The buggy address is located 952 bytes inside of
[ 54.090119][ T444] 1360-byte region [ffff88812a4fc5c0, ffff88812a4fcb10)
[ 54.103450][ T444]
[ 54.105747][ T444] The buggy address belongs to the physical page:
[ 54.112474][ T444] page:ffffea0004a93e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12a4f8
[ 54.122686][ T444] head:ffffea0004a93e00 order:3 compound_mapcount:0 compound_pincount:0
[ 54.130977][ T444] flags: 0x4000000000010200(slab|head|zone=1)
[ 54.137025][ T444] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888108816600
[ 54.145581][ T444] raw: 0000000000000000 0000000080160016 00000001ffffffff 0000000000000000
[ 54.154130][ T444] page dumped because: kasan: bad access detected
[ 54.160531][ T444] page_owner tracks the page as allocated
[ 54.166214][ T444] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 450, tgid 449 (syz.2.16), ts 52490050573, free_ts 28752334174
[ 54.189374][ T444] post_alloc_hook+0x1f5/0x210
[ 54.194121][ T444] prep_new_page+0x1c/0x110
[ 54.198595][ T444] get_page_from_freelist+0x2c7b/0x2cf0
[ 54.204111][ T444] __alloc_pages+0x19e/0x3a0
[ 54.208671][ T444] alloc_slab_page+0x6e/0xf0
[ 54.213244][ T444] new_slab+0x98/0x3d0
[ 54.217286][ T444] ___slab_alloc+0x6f6/0xb50
[ 54.221854][ T444] __slab_alloc+0x5e/0xa0
[ 54.226160][ T444] kmem_cache_alloc_lru+0x144/0x280
[ 54.231328][ T444] f2fs_alloc_inode+0x2d/0x340
[ 54.236065][ T444] iget_locked+0x198/0x8b0
[ 54.240455][ T444] f2fs_iget+0x55/0x4cb0
[ 54.244669][ T444] f2fs_fill_super+0x3ab8/0x6c70
[ 54.249581][ T444] mount_bdev+0x2bc/0x3f0
[ 54.253883][ T444] f2fs_mount+0x34/0x40
[ 54.258009][ T444] legacy_get_tree+0xfe/0x1a0
[ 54.262660][ T444] page last free stack trace:
[ 54.267310][ T444] free_unref_page_prepare+0x742/0x750
[ 54.272742][ T444] free_unref_page_list+0xba/0x7c0
[ 54.277936][ T444] release_pages+0xad1/0xb20
[ 54.282502][ T444] free_pages_and_swap_cache+0x86/0xa0
[ 54.287944][ T444] tlb_finish_mmu+0x1aa/0x370
[ 54.292596][ T444] unmap_region+0x28d/0x2e0
[ 54.297079][ T444] do_mas_align_munmap+0xb94/0x11b0
[ 54.302250][ T444] do_mas_munmap+0x241/0x2b0
[ 54.306820][ T444] __vm_munmap+0x19f/0x2f0
[ 54.311208][ T444] __x64_sys_munmap+0x6b/0x80
[ 54.315857][ T444] x64_sys_call+0x8a/0x9a0
[ 54.320247][ T444] do_syscall_64+0x4c/0xa0
[ 54.324631][ T444] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.330498][ T444]
[ 54.332795][ T444] Memory state around the buggy address:
[ 54.338393][ T444] ffff88812a4fc800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.346424][ T444] ffff88812a4fc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.354457][ T444] >ffff88812a4fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.362483][ T444] ^
[ 54.370433][ T444] ffff88812a4fc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.378465][ T444] ffff88812a4fca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.386493][ T444] ==================================================================
[ 54.394833][ T444] Disabling lock debugging due to kernel taint
[ 54.406395][ T28] audit: type=1400 audit(1753134817.154:115): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 54.831798][ T8] device bridge_slave_1 left promiscuous mode
[ 54.837926][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.845594][ T8] device bridge_slave_0 left promiscuous mode
[ 54.851798][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.859805][ T8] device veth1_macvtap left promiscuous mode
[ 54.866173][ T8] device veth0_vlan left promiscuous mode
[ 55.982135][ T8] device bridge_slave_1 left promiscuous mode
[ 55.988272][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.996032][ T8] device bridge_slave_0 left promiscuous mode
[ 56.002311][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.010398][ T8] device veth1_macvtap left promiscuous mode
[ 56.016654][ T8] device veth0_vlan left promiscuous mode