[ 76.447507][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts.
2023/02/24 14:33:08 ignoring optional flag "sandboxArg"="0"
2023/02/24 14:33:08 parsed 1 programs
2023/02/24 14:33:08 executed programs: 0
[ 81.931413][ T4389] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.940021][ T4389] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.947874][ T4389] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.957023][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.964594][ T4389] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 81.972543][ T4389] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.077051][ T5539] chnl_net:caif_netlink_parms(): no params data found
[ 82.117757][ T5539] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.124943][ T5539] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.133027][ T5539] device bridge_slave_0 entered promiscuous mode
[ 82.141940][ T5539] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.149636][ T5539] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.158089][ T5539] device bridge_slave_1 entered promiscuous mode
[ 82.178603][ T5539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 82.190269][ T5539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 82.214868][ T5539] team0: Port device team_slave_0 added
[ 82.222762][ T5539] team0: Port device team_slave_1 added
[ 82.240801][ T5539] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 82.248312][ T5539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 82.275946][ T5539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 82.288408][ T5539] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 82.296399][ T5539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 82.324484][ T5539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.353971][ T5539] device hsr_slave_0 entered promiscuous mode
[ 82.361417][ T5539] device hsr_slave_1 entered promiscuous mode
[ 83.146792][ T5539] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 83.158174][ T5539] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 83.169532][ T5539] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 83.180218][ T5539] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 83.257569][ T5539] 8021q: adding VLAN 0 to HW filter on device bond0
[ 83.275375][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 83.284189][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 83.297926][ T5539] 8021q: adding VLAN 0 to HW filter on device team0
[ 83.311403][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 83.321564][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 83.330627][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.338035][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 83.355918][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 83.364528][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 83.376534][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 83.385391][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.392705][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.402334][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 83.412921][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 83.436716][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 83.448017][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 83.458085][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 83.469538][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 83.478747][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 83.488471][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 83.497590][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 83.506940][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 83.518452][ T5539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 83.530918][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 83.743653][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 83.752827][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 83.768757][ T5539] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.793567][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 83.803905][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 83.826805][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 83.835358][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 83.848138][ T5539] device veth0_vlan entered promiscuous mode
[ 83.857349][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 83.865409][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 83.877950][ T5539] device veth1_vlan entered promiscuous mode
[ 83.907295][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 83.918062][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 83.926689][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 83.937871][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 83.949122][ T5539] device veth0_macvtap entered promiscuous mode
[ 83.964131][ T5539] device veth1_macvtap entered promiscuous mode
[ 83.989344][ T5539] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.997294][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 84.009844][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 84.019198][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 84.029961][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 84.042300][ T5539] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 84.050162][ T4389] Bluetooth: hci0: command 0x0409 tx timeout
[ 84.061002][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 84.070979][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 84.083464][ T5539] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.093747][ T5539] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.104681][ T5539] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.115293][ T5539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.210375][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.229481][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.239069][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 84.261296][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.271250][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.281090][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 84.688562][ T5605] loop0: detected capacity change from 0 to 40427
[ 84.713939][ T5605] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 84.766449][ T5605] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 84.822442][ T27] audit: type=1804 audit(1677249191.838:2): pid=5605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1468046384/syzkaller.V3e7VQ/0/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 84.891926][ T5605] syz-executor.0: attempt to access beyond end of device
[ 84.891926][ T5605] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 84.932017][ T5539] syz-executor.0: attempt to access beyond end of device
[ 84.932017][ T5539] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 85.605288][ T5637] loop0: detected capacity change from 0 to 40427
[ 85.620319][ T5637] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 85.671213][ T5637] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 85.701871][ T27] audit: type=1804 audit(1677249192.718:3): pid=5637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1468046384/syzkaller.V3e7VQ/1/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 85.769687][ T5637] syz-executor.0: attempt to access beyond end of device
[ 85.769687][ T5637] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 85.800218][ T5539] syz-executor.0: attempt to access beyond end of device
[ 85.800218][ T5539] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 86.126434][ T4389] Bluetooth: hci0: command 0x041b tx timeout
[ 86.463696][ T5666] loop0: detected capacity change from 0 to 40427
[ 86.479882][ T5666] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 86.523607][ T5666] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 86.537217][ T27] audit: type=1804 audit(1677249193.558:4): pid=5666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1468046384/syzkaller.V3e7VQ/2/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 86.573030][ T5666] syz-executor.0: attempt to access beyond end of device
[ 86.573030][ T5666] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 86.613832][ T5539] syz-executor.0: attempt to access beyond end of device
[ 86.613832][ T5539] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 87.255192][ T5694] loop0: detected capacity change from 0 to 40427
[ 87.271892][ T5694] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 87.321467][ T5694] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 87.344022][ T27] audit: type=1804 audit(1677249194.358:5): pid=5694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1468046384/syzkaller.V3e7VQ/3/file0/bus" dev="loop0" ino=10 res=1 errno=0
2023/02/24 14:33:14 executed programs: 4
[ 87.422535][ T5694] syz-executor.0: attempt to access beyond end of device
[ 87.422535][ T5694] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 87.453126][ T5539] syz-executor.0: attempt to access beyond end of device
[ 87.453126][ T5539] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 88.059120][ T5724] loop0: detected capacity change from 0 to 40427
[ 88.075161][ T5724] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 88.121059][ T5724] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 88.132521][ T27] audit: type=1804 audit(1677249195.148:6): pid=5724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1468046384/syzkaller.V3e7VQ/4/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 88.172385][ T5724] syz-executor.0: attempt to access beyond end of device
[ 88.172385][ T5724] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=40427
[ 88.205908][ T4389] Bluetooth: hci0: command 0x040f tx timeout
[ 88.224944][ T5539] syz-executor.0: attempt to access beyond end of device
[ 88.224944][ T5539] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 88.884609][ T5753] loop0: detected capacity change from 0 to 40427
[ 88.899249][ T5753] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 88.944714][ T5753] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 88.979627][ T27] audit: type=1804 audit(1677249195.998:7): pid=5753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1468046384/syzkaller.V3e7VQ/5/file0/bus" dev="loop0" ino=10 res=1 errno=0
[ 89.033108][ T5753] ==================================================================
[ 89.041227][ T5753] BUG: KASAN: use-after-free in __lock_acquire+0x77/0x1f80
[ 89.048511][ T5753] Read of size 8 at addr ffff8880753cc5f8 by task syz-executor.0/5753
[ 89.056765][ T5753]
[ 89.059207][ T5753] CPU: 1 PID: 5753 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[ 89.070156][ T5753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 89.080692][ T5753] Call Trace:
[ 89.083987][ T5753]
[ 89.087664][ T5753] dump_stack_lvl+0x1b5/0x2a0
[ 89.092367][ T5753] ? nf_tcp_handle_invalid+0x640/0x640
[ 89.097941][ T5753] ? panic+0x720/0x720
[ 89.102134][ T5753] ? _printk+0xc4/0x110
[ 89.106348][ T5753] print_report+0x163/0x4c0
[ 89.110961][ T5753] ? validate_chain+0x119/0x5860
[ 89.115943][ T5753] ? __virt_addr_valid+0x22f/0x2e0
[ 89.121188][ T5753] ? __phys_addr+0xba/0x170
[ 89.125728][ T5753] ? __lock_acquire+0x77/0x1f80
[ 89.130610][ T5753] kasan_report+0xce/0x100
[ 89.135056][ T5753] ? __lock_acquire+0x77/0x1f80
[ 89.140370][ T5753] __lock_acquire+0x77/0x1f80
[ 89.145157][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 89.151284][ T5753] lock_acquire+0x20b/0x600
[ 89.156000][ T5753] ? __update_extent_tree_range+0x431/0x1d50
[ 89.162010][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.168060][ T5753] ? f2fs_allocate_data_block+0x22bc/0x3790
[ 89.173985][ T5753] ? read_lock_is_recursive+0x20/0x20
[ 89.179626][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 89.185400][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.191435][ T5753] _raw_write_lock+0x2e/0x40
[ 89.196067][ T5753] ? __update_extent_tree_range+0x431/0x1d50
[ 89.202073][ T5753] __update_extent_tree_range+0x431/0x1d50
[ 89.208179][ T5753] ? rcu_lock_acquire+0x30/0x30
[ 89.213059][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 89.218982][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.225036][ T5753] ? lockdep_hardirqs_on_prepare+0x418/0x780
[ 89.231520][ T5753] ? f2fs_update_read_extent_cache_range+0x4b0/0x4b0
[ 89.238224][ T5753] ? lockdep_hardirqs_on+0x90/0x130
[ 89.243658][ T5753] ? rcu_lock_acquire+0x30/0x30
[ 89.248673][ T5753] ? __lock_acquire+0x1f80/0x1f80
[ 89.253941][ T5753] ? __folio_memcg_unlock+0xf4/0x110
[ 89.259586][ T5753] ? f2fs_start_bidx_of_node+0x4d/0x370
[ 89.265349][ T5753] f2fs_update_read_extent_cache+0x41e/0x590
[ 89.271357][ T5753] ? __lookup_extent_tree+0x1020/0x1020
[ 89.276935][ T5753] f2fs_outplace_write_data+0x200/0x3d0
[ 89.282801][ T5753] ? do_write_page+0x6d0/0x6d0
[ 89.287828][ T5753] ? f2fs_encrypt_one_page+0xaf/0x3c0
[ 89.293309][ T5753] f2fs_do_write_data_page+0x1393/0x27c0
[ 89.299072][ T5753] ? mark_lock+0x9a/0x340
[ 89.303518][ T5753] ? page_private_dummy+0x130/0x130
[ 89.309182][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 89.314872][ T5753] f2fs_write_single_data_page+0x14c1/0x2140
[ 89.320973][ T5753] ? f2fs_i_compr_blocks_update+0x150/0x150
[ 89.326897][ T5753] ? folio_wait_writeback+0x1f0/0x1f0
[ 89.332658][ T5753] f2fs_write_data_pages+0x1948/0x2ed0
[ 89.338161][ T5753] ? f2fs_read_data_folio+0x410/0x410
[ 89.343738][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 89.349442][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.355806][ T5753] ? filemap_dirty_folio+0xae/0x370
[ 89.361055][ T5753] ? __lock_acquire+0x125b/0x1f80
[ 89.366228][ T5753] ? filemap_fdatawrite_wbc+0x11a/0x180
[ 89.371926][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 89.377680][ T5753] ? f2fs_read_data_folio+0x410/0x410
[ 89.383425][ T5753] do_writepages+0x3a6/0x660
[ 89.389108][ T5753] ? __writepage+0x130/0x130
[ 89.393889][ T5753] ? filemap_fdatawrite_wbc+0x11a/0x180
[ 89.399560][ T5753] ? __lock_acquire+0x1f80/0x1f80
[ 89.404702][ T5753] ? do_raw_spin_unlock+0x13b/0x8b0
[ 89.409938][ T5753] ? wbc_attach_and_unlock_inode+0x555/0x560
[ 89.415951][ T5753] filemap_fdatawrite_wbc+0x125/0x180
[ 89.421357][ T5753] file_write_and_wait_range+0x21f/0x320
[ 89.427774][ T5753] ? __filemap_set_wb_err+0x310/0x310
[ 89.433276][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.439735][ T5753] f2fs_do_sync_file+0x7b6/0x1de0
[ 89.445244][ T5753] ? f2fs_sync_file+0x160/0x160
[ 89.450225][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 89.456326][ T5753] ? f2fs_sync_file+0xe9/0x160
[ 89.462516][ T5753] f2fs_file_write_iter+0x7fc/0x2c20
[ 89.469160][ T5753] ? f2fs_file_read_iter+0xf20/0xf20
[ 89.474567][ T5753] ? rcu_read_lock_any_held+0xb5/0x140
[ 89.480116][ T5753] vfs_write+0x7dd/0xc50
[ 89.484482][ T5753] ? file_end_write+0x240/0x240
[ 89.489555][ T5753] ? __fget_files+0x3bb/0x420
[ 89.494338][ T5753] ? mutex_lock_nested+0x1b/0x20
[ 89.500082][ T5753] ? __fdget_pos+0x254/0x2f0
[ 89.504783][ T5753] ? ksys_write+0x76/0x2a0
[ 89.509230][ T5753] ksys_write+0x17c/0x2a0
[ 89.513669][ T5753] ? __ia32_sys_read+0x90/0x90
[ 89.518463][ T5753] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 89.524473][ T5753] ? lockdep_hardirqs_on+0x90/0x130
[ 89.529732][ T5753] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 89.536186][ T5753] do_syscall_64+0x41/0xc0
[ 89.540799][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.546806][ T5753] RIP: 0033:0x7fba50c8c0c9
[ 89.551241][ T5753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.571211][ T5753] RSP: 002b:00007fba51982168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 89.579907][ T5753] RAX: ffffffffffffffda RBX: 00007fba50dabf80 RCX: 00007fba50c8c0c9
[ 89.588112][ T5753] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 89.596340][ T5753] RBP: 00007fba50ce7ae9 R08: 0000000000000000 R09: 0000000000000000
[ 89.604952][ T5753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 89.612944][ T5753] R13: 00007ffff99c5d3f R14: 00007fba51982300 R15: 0000000000022000
[ 89.621555][ T5753]
[ 89.624676][ T5753]
[ 89.627009][ T5753] Allocated by task 5753:
[ 89.631441][ T5753] kasan_set_track+0x40/0x70
[ 89.636312][ T5753] __kasan_slab_alloc+0x69/0x80
[ 89.641450][ T5753] slab_post_alloc_hook+0x68/0x390
[ 89.646795][ T5753] kmem_cache_alloc+0x12c/0x280
[ 89.651850][ T5753] __grab_extent_tree+0x183/0x400
[ 89.656984][ T5753] f2fs_init_extent_tree+0x214/0x450
[ 89.662376][ T5753] f2fs_new_inode+0xdb4/0x1090
[ 89.667171][ T5753] __f2fs_tmpfile+0xa5/0x380
[ 89.671785][ T5753] f2fs_ioc_start_atomic_write+0x419/0x970
[ 89.677799][ T5753] __f2fs_ioctl+0x1ace/0xb2b0
[ 89.682516][ T5753] __se_sys_ioctl+0xf1/0x160
[ 89.687136][ T5753] do_syscall_64+0x41/0xc0
[ 89.691579][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.697607][ T5753]
[ 89.700004][ T5753] Freed by task 5771:
[ 89.704089][ T5753] kasan_set_track+0x40/0x70
[ 89.708716][ T5753] kasan_save_free_info+0x2b/0x40
[ 89.713781][ T5753] ____kasan_slab_free+0xd6/0x120
[ 89.719019][ T5753] kmem_cache_free+0x2b5/0x580
[ 89.724000][ T5753] __destroy_extent_tree+0x311/0x720
[ 89.729435][ T5753] f2fs_destroy_extent_tree+0x17/0x30
[ 89.734932][ T5753] f2fs_evict_inode+0x467/0x1650
[ 89.739904][ T5753] evict+0x2a4/0x620
[ 89.743914][ T5753] f2fs_abort_atomic_write+0xda/0x440
[ 89.749580][ T5753] __f2fs_ioctl+0x315c/0xb2b0
[ 89.756894][ T5753] __se_sys_ioctl+0xf1/0x160
[ 89.761515][ T5753] do_syscall_64+0x41/0xc0
[ 89.766154][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.772248][ T5753]
[ 89.774685][ T5753] The buggy address belongs to the object at ffff8880753cc5b0
[ 89.774685][ T5753] which belongs to the cache f2fs_extent_tree of size 144
[ 89.789842][ T5753] The buggy address is located 72 bytes inside of
[ 89.789842][ T5753] 144-byte region [ffff8880753cc5b0, ffff8880753cc640)
[ 89.803861][ T5753]
[ 89.806647][ T5753] The buggy address belongs to the physical page:
[ 89.813254][ T5753] page:ffffea0001d4f300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x753cc
[ 89.824032][ T5753] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 89.832189][ T5753] raw: 00fff00000000200 ffff8881461fca00 dead000000000122 0000000000000000
[ 89.841580][ T5753] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000
[ 89.850349][ T5753] page dumped because: kasan: bad access detected
[ 89.856786][ T5753] page_owner tracks the page as allocated
[ 89.862603][ T5753] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5666, tgid 5665 (syz-executor.0), ts 86534459606, free_ts 85331804235
[ 89.886039][ T5753] get_page_from_freelist+0x3403/0x3580
[ 89.891836][ T5753] __alloc_pages+0x291/0x7e0
[ 89.896715][ T5753] alloc_slab_page+0x6a/0x160
[ 89.901509][ T5753] new_slab+0x84/0x2f0
[ 89.905694][ T5753] ___slab_alloc+0xa07/0x1000
[ 89.910408][ T5753] kmem_cache_alloc+0x1b0/0x280
[ 89.915461][ T5753] __grab_extent_tree+0x183/0x400
[ 89.920688][ T5753] f2fs_init_extent_tree+0x214/0x450
[ 89.925998][ T5753] f2fs_new_inode+0xdb4/0x1090
[ 89.930891][ T5753] f2fs_create+0x197/0x530
[ 89.935678][ T5753] path_openat+0x12b9/0x2e30
[ 89.940811][ T5753] do_filp_open+0x26d/0x500
[ 89.945427][ T5753] do_sys_openat2+0x128/0x4f0
[ 89.950157][ T5753] __x64_sys_openat+0x247/0x290
[ 89.955231][ T5753] do_syscall_64+0x41/0xc0
[ 89.959796][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.965718][ T5753] page last free stack trace:
[ 89.970838][ T5753] free_unref_page_prepare+0xf3a/0x1040
[ 89.976686][ T5753] free_unref_page+0x37/0x3f0
[ 89.981710][ T5753] __unfreeze_partials+0x1b1/0x1f0
[ 89.987056][ T5753] put_cpu_partial+0x106/0x170
[ 89.992105][ T5753] qlist_free_all+0x22/0x60
[ 89.996925][ T5753] kasan_quarantine_reduce+0x15a/0x170
[ 90.002501][ T5753] __kasan_slab_alloc+0x23/0x80
[ 90.008249][ T5753] slab_post_alloc_hook+0x68/0x390
[ 90.013566][ T5753] kmem_cache_alloc_node+0x158/0x2c0
[ 90.019356][ T5753] dup_task_struct+0x57/0x6d0
[ 90.024323][ T5753] copy_process+0x5c9/0x3f90
[ 90.028942][ T5753] kernel_clone+0x215/0x950
[ 90.033741][ T5753] __x64_sys_clone+0x22d/0x290
[ 90.038882][ T5753] do_syscall_64+0x41/0xc0
[ 90.043410][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.049416][ T5753]
[ 90.051861][ T5753] Memory state around the buggy address:
[ 90.057695][ T5753] ffff8880753cc480: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00
[ 90.065781][ T5753] ffff8880753cc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 90.073968][ T5753] >ffff8880753cc580: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 90.082294][ T5753] ^
[ 90.090559][ T5753] ffff8880753cc600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 90.099070][ T5753] ffff8880753cc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.107687][ T5753] ==================================================================
[ 90.116371][ T5753] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.123589][ T5753] CPU: 1 PID: 5753 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
[ 90.134549][ T5753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 90.144797][ T5753] Call Trace:
[ 90.148183][ T5753]
[ 90.151136][ T5753] dump_stack_lvl+0x1b5/0x2a0
[ 90.155930][ T5753] ? nf_tcp_handle_invalid+0x640/0x640
[ 90.161726][ T5753] ? panic+0x720/0x720
[ 90.165919][ T5753] ? lock_release+0x106/0xa70
[ 90.171059][ T5753] ? vscnprintf+0x5d/0x80
[ 90.175444][ T5753] panic+0x2dc/0x720
[ 90.179501][ T5753] ? check_panic_on_warn+0x21/0xa0
[ 90.184731][ T5753] ? memcpy_page_flushcache+0x100/0x100
[ 90.190572][ T5753] ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 90.196497][ T5753] ? _raw_spin_unlock+0x40/0x40
[ 90.201463][ T5753] ? rcu_read_lock_sched_held+0x61/0x110
[ 90.207321][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.213346][ T5753] check_panic_on_warn+0x82/0xa0
[ 90.218511][ T5753] ? __lock_acquire+0x77/0x1f80
[ 90.223570][ T5753] end_report+0xb2/0x160
[ 90.227930][ T5753] kasan_report+0xdb/0x100
[ 90.232371][ T5753] ? __lock_acquire+0x77/0x1f80
[ 90.237346][ T5753] __lock_acquire+0x77/0x1f80
[ 90.242157][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 90.247830][ T5753] lock_acquire+0x20b/0x600
[ 90.252366][ T5753] ? __update_extent_tree_range+0x431/0x1d50
[ 90.258616][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.264718][ T5753] ? f2fs_allocate_data_block+0x22bc/0x3790
[ 90.270819][ T5753] ? read_lock_is_recursive+0x20/0x20
[ 90.276392][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 90.282145][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.287155][ T4389] Bluetooth: hci0: command 0x0419 tx timeout
[ 90.294239][ T5753] _raw_write_lock+0x2e/0x40
[ 90.298946][ T5753] ? __update_extent_tree_range+0x431/0x1d50
[ 90.305042][ T5753] __update_extent_tree_range+0x431/0x1d50
[ 90.310876][ T5753] ? rcu_lock_acquire+0x30/0x30
[ 90.315752][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 90.321509][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.327616][ T5753] ? lockdep_hardirqs_on_prepare+0x418/0x780
[ 90.333803][ T5753] ? f2fs_update_read_extent_cache_range+0x4b0/0x4b0
[ 90.340781][ T5753] ? lockdep_hardirqs_on+0x90/0x130
[ 90.346014][ T5753] ? rcu_lock_acquire+0x30/0x30
[ 90.350896][ T5753] ? __lock_acquire+0x1f80/0x1f80
[ 90.355956][ T5753] ? __folio_memcg_unlock+0xf4/0x110
[ 90.361414][ T5753] ? f2fs_start_bidx_of_node+0x4d/0x370
[ 90.367347][ T5753] f2fs_update_read_extent_cache+0x41e/0x590
[ 90.373627][ T5753] ? __lookup_extent_tree+0x1020/0x1020
[ 90.379216][ T5753] f2fs_outplace_write_data+0x200/0x3d0
[ 90.384886][ T5753] ? do_write_page+0x6d0/0x6d0
[ 90.389864][ T5753] ? f2fs_encrypt_one_page+0xaf/0x3c0
[ 90.395262][ T5753] f2fs_do_write_data_page+0x1393/0x27c0
[ 90.400922][ T5753] ? mark_lock+0x9a/0x340
[ 90.405442][ T5753] ? page_private_dummy+0x130/0x130
[ 90.410669][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 90.416385][ T5753] f2fs_write_single_data_page+0x14c1/0x2140
[ 90.422402][ T5753] ? f2fs_i_compr_blocks_update+0x150/0x150
[ 90.428418][ T5753] ? folio_wait_writeback+0x1f0/0x1f0
[ 90.434190][ T5753] f2fs_write_data_pages+0x1948/0x2ed0
[ 90.440235][ T5753] ? f2fs_read_data_folio+0x410/0x410
[ 90.445639][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 90.451309][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.457371][ T5753] ? filemap_dirty_folio+0xae/0x370
[ 90.462696][ T5753] ? __lock_acquire+0x125b/0x1f80
[ 90.467839][ T5753] ? filemap_fdatawrite_wbc+0x11a/0x180
[ 90.473947][ T5753] ? rcu_read_lock_sched_held+0x8b/0x110
[ 90.479694][ T5753] ? f2fs_read_data_folio+0x410/0x410
[ 90.485098][ T5753] do_writepages+0x3a6/0x660
[ 90.489806][ T5753] ? __writepage+0x130/0x130
[ 90.494516][ T5753] ? filemap_fdatawrite_wbc+0x11a/0x180
[ 90.500185][ T5753] ? __lock_acquire+0x1f80/0x1f80
[ 90.505234][ T5753] ? do_raw_spin_unlock+0x13b/0x8b0
[ 90.510548][ T5753] ? wbc_attach_and_unlock_inode+0x555/0x560
[ 90.516648][ T5753] filemap_fdatawrite_wbc+0x125/0x180
[ 90.522141][ T5753] file_write_and_wait_range+0x21f/0x320
[ 90.527945][ T5753] ? __filemap_set_wb_err+0x310/0x310
[ 90.533438][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.539453][ T5753] f2fs_do_sync_file+0x7b6/0x1de0
[ 90.544550][ T5753] ? f2fs_sync_file+0x160/0x160
[ 90.549434][ T5753] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 90.555622][ T5753] ? f2fs_sync_file+0xe9/0x160
[ 90.560615][ T5753] f2fs_file_write_iter+0x7fc/0x2c20
[ 90.565951][ T5753] ? f2fs_file_read_iter+0xf20/0xf20
[ 90.571392][ T5753] ? rcu_read_lock_any_held+0xb5/0x140
[ 90.577147][ T5753] vfs_write+0x7dd/0xc50
[ 90.581572][ T5753] ? file_end_write+0x240/0x240
[ 90.586452][ T5753] ? __fget_files+0x3bb/0x420
[ 90.591254][ T5753] ? mutex_lock_nested+0x1b/0x20
[ 90.596309][ T5753] ? __fdget_pos+0x254/0x2f0
[ 90.601193][ T5753] ? ksys_write+0x76/0x2a0
[ 90.605656][ T5753] ksys_write+0x17c/0x2a0
[ 90.610368][ T5753] ? __ia32_sys_read+0x90/0x90
[ 90.615337][ T5753] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 90.621714][ T5753] ? lockdep_hardirqs_on+0x90/0x130
[ 90.627036][ T5753] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 90.633501][ T5753] do_syscall_64+0x41/0xc0
[ 90.638043][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.643982][ T5753] RIP: 0033:0x7fba50c8c0c9
[ 90.648415][ T5753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.669462][ T5753] RSP: 002b:00007fba51982168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.678114][ T5753] RAX: ffffffffffffffda RBX: 00007fba50dabf80 RCX: 00007fba50c8c0c9
[ 90.687155][ T5753] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 90.695868][ T5753] RBP: 00007fba50ce7ae9 R08: 0000000000000000 R09: 0000000000000000
[ 90.704034][ T5753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 90.712284][ T5753] R13: 00007ffff99c5d3f R14: 00007fba51982300 R15: 0000000000022000
[ 90.720454][ T5753]
[ 90.723950][ T5753] Kernel Offset: disabled
[ 90.728480][ T5753] Rebooting in 86400 seconds..