[ 30.950806][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.958625][ T43] device bridge_slave_0 left promiscuous mode
[ 30.964990][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.973290][ T43] device veth1_macvtap left promiscuous mode
[ 30.980243][ T43] device veth0_vlan left promiscuous mode
[ 40.887400][ T28] kauditd_printk_skb: 70 callbacks suppressed
[ 40.887407][ T28] audit: type=1400 audit(1686110707.707:146): avc: denied { transition } for pid=410 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.916007][ T28] audit: type=1400 audit(1686110707.717:147): avc: denied { noatsecure } for pid=410 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.936185][ T28] audit: type=1400 audit(1686110707.717:148): avc: denied { rlimitinh } for pid=410 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.955528][ T28] audit: type=1400 audit(1686110707.717:149): avc: denied { siginh } for pid=410 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts.
2023/06/07 04:05:14 ignoring optional flag "sandboxArg"="0"
2023/06/07 04:05:14 parsed 1 programs
2023/06/07 04:05:14 executed programs: 0
[ 47.885127][ T28] audit: type=1400 audit(1686110714.707:150): avc: denied { mounton } for pid=431 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 47.910574][ T28] audit: type=1400 audit(1686110714.707:151): avc: denied { mount } for pid=431 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 47.941586][ T435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.948833][ T435] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.956074][ T435] device bridge_slave_0 entered promiscuous mode
[ 47.963307][ T435] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.970824][ T435] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.978477][ T435] device bridge_slave_1 entered promiscuous mode
[ 48.008075][ T28] audit: type=1400 audit(1686110714.827:152): avc: denied { write } for pid=435 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 48.026946][ T435] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.029845][ T28] audit: type=1400 audit(1686110714.847:153): avc: denied { read } for pid=435 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 48.036822][ T435] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.036887][ T435] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.073498][ T435] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.089504][ T56] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.097186][ T56] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.105079][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 48.113007][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.121906][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.130157][ T19] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.137318][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.153447][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.162334][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.171513][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.179182][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.187776][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.196191][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.205485][ T435] device veth0_vlan entered promiscuous mode
[ 48.213338][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.221106][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.228390][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.238312][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.247825][ T435] device veth1_macvtap entered promiscuous mode
[ 48.256005][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 48.266958][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 48.278577][ T28] audit: type=1400 audit(1686110715.097:154): avc: denied { mounton } for pid=435 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=366 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 48.572150][ T443] loop0: detected capacity change from 0 to 131072
[ 48.579358][ T28] audit: type=1400 audit(1686110715.407:155): avc: denied { mounton } for pid=441 comm="syz-executor.0" path="/root/syzkaller-testdir3534640715/syzkaller.joSThQ/0/file0" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 48.580877][ T443] F2FS-fs (loop0): invalid crc value
[ 48.613670][ T443] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 48.631574][ T443] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[ 48.639776][ T28] audit: type=1400 audit(1686110715.457:156): avc: denied { mount } for pid=441 comm="syz-executor.0" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 48.662266][ T28] audit: type=1400 audit(1686110715.457:157): avc: denied { read } for pid=441 comm="syz-executor.0" name="file2" dev="loop0" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 48.675924][ T435] ------------[ cut here ]------------
[ 48.686087][ T28] audit: type=1400 audit(1686110715.457:158): avc: denied { open } for pid=441 comm="syz-executor.0" path="/root/syzkaller-testdir3534640715/syzkaller.joSThQ/0/file0/file2" dev="loop0" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 48.691220][ T435] WARNING: CPU: 0 PID: 435 at fs/f2fs/inode.c:861 f2fs_evict_inode+0xe14/0x1090
[ 48.721177][ T28] audit: type=1400 audit(1686110715.457:159): avc: denied { ioctl } for pid=441 comm="syz-executor.0" path="/root/syzkaller-testdir3534640715/syzkaller.joSThQ/0/file0/file2" dev="loop0" ino=8 ioctlcmd=0xf519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 48.760415][ T435] Modules linked in:
[ 48.765179][ T435] CPU: 1 PID: 435 Comm: syz-executor.0 Not tainted 6.1.0-syzkaller #0
[ 48.773767][ T435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 48.784086][ T435] RIP: 0010:f2fs_evict_inode+0xe14/0x1090
[ 48.789784][ T435] Code: 4c 89 ff e8 fe ba 02 00 e9 48 fd ff ff 0f 0b 49 8d 7c 24 60 be 08 00 00 00 e8 48 76 a9 ff f0 41 80 4c 24 60 04 e9 f3 f4 ff ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 2d 76 a9 ff f0 41 80 0e 04 e9 12
[ 48.811234][ T435] RSP: 0018:ffffc90000d67900 EFLAGS: 00010202
[ 48.817737][ T435] RAX: dffffc0000000000 RBX: ffff888122e36f38 RCX: 1ffff110245c6e32
[ 48.825811][ T435] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888122e37190
[ 48.834126][ T435] RBP: ffffc90000d67a78 R08: dffffc0000000000 R09: ffffed10245c6e33
[ 48.841826][ T435] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112210000
[ 48.850222][ T435] R13: 1ffff920001acf34 R14: ffff888112210060 R15: ffff888122e36ef8
[ 48.858453][ T435] FS: 0000555557282400(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
[ 48.867530][ T435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 48.874396][ T435] CR2: 00007ff8bc995ed8 CR3: 000000011ee92000 CR4: 00000000003506a0
[ 48.882199][ T435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 48.890373][ T435] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 48.898245][ T435] Call Trace:
[ 48.901309][ T435]
[ 48.904546][ T435] ? inode_wait_for_writeback+0x1e6/0x260
[ 48.910100][ T435] ? rcu_force_quiescent_state+0x170/0x170
[ 48.915907][ T435] ? f2fs_write_inode+0x580/0x580
[ 48.920662][ T435] ? bit_waitqueue+0x30/0x30
[ 48.925322][ T435] ? __destroy_inode+0x135/0x3b0
[ 48.930037][ T435] ? __kasan_check_write+0x14/0x20
[ 48.935139][ T435] evict+0x29c/0x5a0
[ 48.938897][ T435] evict_inodes+0x51c/0x580
[ 48.943575][ T435] ? clear_inode+0x100/0x100
[ 48.948056][ T435] ? sync_blockdev+0x64/0x70
[ 48.952464][ T435] generic_shutdown_super+0x92/0x2a0
[ 48.958045][ T435] kill_block_super+0x79/0xc0
[ 48.963182][ T435] kill_f2fs_super+0x252/0x320
[ 48.968202][ T435] ? up_read+0x1c0/0x1c0
[ 48.972369][ T435] ? f2fs_mount+0x20/0x20
[ 48.976560][ T435] ? unregister_shrinker+0x1f0/0x280
[ 48.981772][ T435] deactivate_locked_super+0x75/0xd0
[ 48.987220][ T435] deactivate_super+0x5d/0x80
[ 48.991788][ T435] cleanup_mnt+0x3d3/0x450
[ 48.996945][ T435] ? path_umount+0x1cf/0xc10
[ 49.001346][ T435] __cleanup_mnt+0xd/0x10
[ 49.005705][ T435] task_work_run+0x208/0x260
[ 49.010113][ T435] ? task_work_cancel+0x2a0/0x2a0
[ 49.015618][ T435] ? __x64_sys_umount+0xe4/0x120
[ 49.020835][ T435] exit_to_user_mode_loop+0x8b/0xa0
[ 49.026624][ T435] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.031938][ T435] syscall_exit_to_user_mode+0x26/0x130
[ 49.037482][ T435] do_syscall_64+0x49/0xb0
[ 49.041688][ T435] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.048464][ T435] RIP: 0033:0x7fcf3848d5d7
[ 49.053356][ T435] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.075149][ T435] RSP: 002b:00007ffff0dff428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 49.084179][ T435] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcf3848d5d7
[ 49.092573][ T435] RDX: 00007ffff0dff4f9 RSI: 000000000000000a RDI: 00007ffff0dff4f0
[ 49.100476][ T435] RBP: 00007ffff0dff4f0 R08: 00000000ffffffff R09: 00007ffff0dff2c0
[ 49.108544][ T435] R10: 0000555557283773 R11: 0000000000000246 R12: 00007fcf384e6cdc
[ 49.116781][ T435] R13: 00007ffff0e005b0 R14: 00005555572836f0 R15: 00007ffff0e005f0
[ 49.124530][ T435]
[ 49.127366][ T435] ---[ end trace 0000000000000000 ]---
[ 49.192691][ T435] ==================================================================
[ 49.202114][ T435] BUG: KASAN: use-after-free in _raw_spin_lock+0x97/0x1b0
[ 49.210752][ T435] Write of size 4 at addr ffff888122e36f80 by task syz-executor.0/435
[ 49.219038][ T435]
[ 49.221196][ T435] CPU: 0 PID: 435 Comm: syz-executor.0 Tainted: G W 6.1.0-syzkaller #0
[ 49.232233][ T435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 49.242659][ T435] Call Trace:
[ 49.246122][ T435]
[ 49.248983][ T435] dump_stack_lvl+0x105/0x148
[ 49.253593][ T435] ? panic+0x4b7/0x4b7
[ 49.257707][ T435] ? nf_tcp_handle_invalid+0x30b/0x30b
[ 49.263164][ T435] ? _printk+0xca/0x10a
[ 49.267280][ T435] print_report+0x158/0x4e0
[ 49.271589][ T435] ? filemap_get_folios_contig+0x900/0x900
[ 49.277313][ T435] ? kasan_complete_mode_report_info+0x90/0x1b0
[ 49.283600][ T435] ? _raw_spin_lock+0x97/0x1b0
[ 49.288400][ T435] kasan_report+0x13c/0x170
[ 49.292788][ T435] ? _raw_spin_lock+0x97/0x1b0
[ 49.297908][ T435] ? _raw_spin_lock+0x1b0/0x1b0
[ 49.302684][ T435] kasan_check_range+0x294/0x2a0
[ 49.308150][ T435] __kasan_check_write+0x14/0x20
[ 49.313036][ T435] _raw_spin_lock+0x97/0x1b0
[ 49.317539][ T435] ? _raw_spin_trylock_bh+0x190/0x190
[ 49.322995][ T435] ? _raw_spin_lock+0xa4/0x1b0
[ 49.327771][ T435] ? _raw_spin_trylock_bh+0x190/0x190
[ 49.333322][ T435] ? __wake_up_bit+0x2b0/0x2b0
[ 49.338013][ T435] ? up_write+0xc2/0x1c0
[ 49.342101][ T435] igrab+0x1b/0x80
[ 49.345737][ T435] f2fs_sync_inode_meta+0x13f/0x250
[ 49.350880][ T435] f2fs_write_checkpoint+0xacb/0x1ee0
[ 49.356132][ T435] ? f2fs_get_sectors_written+0x460/0x460
[ 49.361660][ T435] ? __kasan_check_write+0x14/0x20
[ 49.366690][ T435] ? mutex_unlock+0xa1/0x110
[ 49.371288][ T435] f2fs_issue_checkpoint+0x2fb/0x460
[ 49.376580][ T435] ? f2fs_destroy_checkpoint_caches+0x20/0x20
[ 49.382765][ T435] ? sync_inodes_sb+0x71f/0x7f0
[ 49.387727][ T435] ? try_to_writeback_inodes_sb+0xa0/0xa0
[ 49.395039][ T435] f2fs_sync_fs+0x109/0x200
[ 49.399375][ T435] sync_filesystem+0x172/0x1b0
[ 49.404417][ T435] f2fs_quota_off_umount+0x1ba/0x1d0
[ 49.409714][ T435] f2fs_put_super+0xb7/0xa70
[ 49.414226][ T435] ? __kasan_check_read+0x11/0x20
[ 49.419091][ T435] ? fsnotify_sb_delete+0x2ff/0x410
[ 49.424125][ T435] ? f2fs_drop_inode+0x770/0x770
[ 49.429087][ T435] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 49.434806][ T435] ? clear_inode+0x100/0x100
[ 49.439228][ T435] ? sync_blockdev+0x64/0x70
[ 49.443757][ T435] generic_shutdown_super+0x113/0x2a0
[ 49.449059][ T435] kill_block_super+0x79/0xc0
[ 49.453737][ T435] kill_f2fs_super+0x252/0x320
[ 49.458609][ T435] ? up_read+0x1c0/0x1c0
[ 49.462682][ T435] ? f2fs_mount+0x20/0x20
[ 49.467112][ T435] ? unregister_shrinker+0x1f0/0x280
[ 49.472592][ T435] deactivate_locked_super+0x75/0xd0
[ 49.477985][ T435] deactivate_super+0x5d/0x80
[ 49.482769][ T435] cleanup_mnt+0x3d3/0x450
[ 49.487004][ T435] ? path_umount+0x1cf/0xc10
[ 49.491509][ T435] __cleanup_mnt+0xd/0x10
[ 49.495676][ T435] task_work_run+0x208/0x260
[ 49.500103][ T435] ? task_work_cancel+0x2a0/0x2a0
[ 49.505330][ T435] ? __x64_sys_umount+0xe4/0x120
[ 49.510346][ T435] exit_to_user_mode_loop+0x8b/0xa0
[ 49.515375][ T435] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.520681][ T435] syscall_exit_to_user_mode+0x26/0x130
[ 49.526410][ T435] do_syscall_64+0x49/0xb0
[ 49.530826][ T435] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.539369][ T435] RIP: 0033:0x7fcf3848d5d7
[ 49.543717][ T435] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.563799][ T435] RSP: 002b:00007ffff0dff428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 49.572728][ T435] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcf3848d5d7
[ 49.581327][ T435] RDX: 00007ffff0dff4f9 RSI: 000000000000000a RDI: 00007ffff0dff4f0
[ 49.589530][ T435] RBP: 00007ffff0dff4f0 R08: 00000000ffffffff R09: 00007ffff0dff2c0
[ 49.597484][ T435] R10: 0000555557283773 R11: 0000000000000246 R12: 00007fcf384e6cdc
[ 49.605475][ T435] R13: 00007ffff0e005b0 R14: 00005555572836f0 R15: 00007ffff0e005f0
[ 49.613848][ T435]
[ 49.616706][ T435]
[ 49.618904][ T435] Allocated by task 443:
[ 49.623386][ T435] kasan_set_track+0x4b/0x70
[ 49.628013][ T435] kasan_save_alloc_info+0x1f/0x30
[ 49.633535][ T435] __kasan_slab_alloc+0x6c/0x80
[ 49.638242][ T435] slab_post_alloc_hook+0x53/0x2c0
[ 49.643859][ T435] kmem_cache_alloc_lru+0x102/0x220
[ 49.649410][ T435] f2fs_alloc_inode+0x28/0x340
[ 49.654270][ T435] iget_locked+0x169/0x6d0
[ 49.658609][ T435] f2fs_iget+0x50/0x4700
[ 49.662867][ T435] f2fs_lookup+0x28f/0xa10
[ 49.667732][ T435] path_openat+0xe15/0x2450
[ 49.673005][ T435] do_filp_open+0x226/0x430
[ 49.677990][ T435] do_sys_openat2+0x10b/0x420
[ 49.682852][ T435] __x64_sys_open+0x1eb/0x240
[ 49.687791][ T435] do_syscall_64+0x3d/0xb0
[ 49.692652][ T435] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.699096][ T435]
[ 49.701446][ T435] Freed by task 0:
[ 49.705703][ T435] kasan_set_track+0x4b/0x70
[ 49.710525][ T435] kasan_save_free_info+0x2b/0x40
[ 49.715825][ T435] ____kasan_slab_free+0x131/0x180
[ 49.720771][ T435] __kasan_slab_free+0x11/0x20
[ 49.725807][ T435] kmem_cache_free+0x291/0x510
[ 49.730628][ T435] f2fs_free_inode+0x1c/0x20
[ 49.735444][ T435] i_callback+0x41/0x60
[ 49.739517][ T435] rcu_do_batch+0x515/0xb60
[ 49.743864][ T435] rcu_core+0x4eb/0xf10
[ 49.748298][ T435] rcu_core_si+0x9/0x10
[ 49.752330][ T435] __do_softirq+0x189/0x57c
[ 49.756855][ T435]
[ 49.758976][ T435] Last potentially related work creation:
[ 49.765315][ T435] kasan_save_stack+0x3b/0x60
[ 49.770088][ T435] __kasan_record_aux_stack+0xb4/0xc0
[ 49.776332][ T435] kasan_record_aux_stack_noalloc+0xb/0x10
[ 49.781988][ T435] call_rcu+0xec/0x1230
[ 49.786053][ T435] evict+0x564/0x5a0
[ 49.789866][ T435] evict_inodes+0x51c/0x580
[ 49.794396][ T435] generic_shutdown_super+0x92/0x2a0
[ 49.799508][ T435] kill_block_super+0x79/0xc0
[ 49.804108][ T435] kill_f2fs_super+0x252/0x320
[ 49.808706][ T435] deactivate_locked_super+0x75/0xd0
[ 49.813830][ T435] deactivate_super+0x5d/0x80
[ 49.818337][ T435] cleanup_mnt+0x3d3/0x450
[ 49.822721][ T435] __cleanup_mnt+0xd/0x10
[ 49.827096][ T435] task_work_run+0x208/0x260
[ 49.831594][ T435] exit_to_user_mode_loop+0x8b/0xa0
[ 49.836874][ T435] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.842254][ T435] syscall_exit_to_user_mode+0x26/0x130
[ 49.847731][ T435] do_syscall_64+0x49/0xb0
[ 49.852363][ T435] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.858269][ T435]
[ 49.860582][ T435] The buggy address belongs to the object at ffff888122e36ef8
[ 49.860582][ T435] which belongs to the cache f2fs_inode_cache of size 1208
[ 49.875958][ T435] The buggy address is located 136 bytes inside of
[ 49.875958][ T435] 1208-byte region [ffff888122e36ef8, ffff888122e373b0)
[ 49.890254][ T435]
[ 49.892476][ T435] The buggy address belongs to the physical page:
[ 49.899327][ T435] page:ffffea00048b8d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122e34
[ 49.910254][ T435] head:ffffea00048b8d00 order:2 compound_mapcount:0 compound_pincount:0
[ 49.918477][ T435] flags: 0x4000000000010200(slab|head|zone=1)
[ 49.924394][ T435] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810a813500
[ 49.932997][ T435] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 49.941675][ T435] page dumped because: kasan: bad access detected
[ 49.947936][ T435] page_owner tracks the page as allocated
[ 49.953652][ T435] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 443, tgid 441 (syz-executor.0), ts 48580751700, free_ts 30732495497
[ 49.977906][ T435] post_alloc_hook+0x1e2/0x1f0
[ 49.982680][ T435] get_page_from_freelist+0x2e7a/0x2f50
[ 49.988053][ T435] __alloc_pages+0x3c2/0x7d0
[ 49.992468][ T435] new_slab+0xce/0x4c0
[ 49.996382][ T435] ___slab_alloc+0x6f9/0xb80
[ 50.000885][ T435] __slab_alloc+0x5d/0xa0
[ 50.005216][ T435] kmem_cache_alloc_lru+0x144/0x220
[ 50.010338][ T435] f2fs_alloc_inode+0x28/0x340
[ 50.014948][ T435] iget_locked+0x169/0x6d0
[ 50.019368][ T435] f2fs_iget+0x50/0x4700
[ 50.023444][ T435] f2fs_fill_super+0x4222/0x6d00
[ 50.028425][ T435] mount_bdev+0x22c/0x330
[ 50.032754][ T435] f2fs_mount+0x10/0x20
[ 50.036998][ T435] legacy_get_tree+0xe8/0x180
[ 50.041521][ T435] vfs_get_tree+0x87/0x250
[ 50.046756][ T435] do_new_mount+0x1e1/0x930
[ 50.051088][ T435] page last free stack trace:
[ 50.056057][ T435] __free_pages_ok+0x886/0x890
[ 50.060744][ T435] free_compound_page+0xb0/0xd0
[ 50.065618][ T435] free_transhuge_page+0x209/0x230
[ 50.071170][ T435] destroy_large_folio+0x56/0x90
[ 50.076490][ T435] release_pages+0x150/0xd60
[ 50.081396][ T435] free_pages_and_swap_cache+0x68/0x80
[ 50.086731][ T435] tlb_finish_mmu+0x1ba/0x3b0
[ 50.091337][ T435] exit_mmap+0x291/0x5d0
[ 50.095505][ T435] __mmput+0x6b/0x2a0
[ 50.099404][ T435] mmput+0x24/0x30
[ 50.103054][ T435] do_exit+0x8f9/0x22b0
[ 50.107263][ T435] do_group_exit+0x1ba/0x290
[ 50.111920][ T435] get_signal+0x10ec/0x11f0
[ 50.116423][ T435] arch_do_signal_or_restart+0xb0/0x16f0
[ 50.121979][ T435] exit_to_user_mode_loop+0x6b/0xa0
[ 50.127357][ T435] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.132737][ T435]
[ 50.134938][ T435] Memory state around the buggy address:
[ 50.140477][ T435] ffff888122e36e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa
[ 50.148544][ T435] ffff888122e36f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.156449][ T435] >ffff888122e36f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.164483][ T435] ^
[ 50.168340][ T435] ffff888122e37000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.176481][ T435] ffff888122e37080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.184369][ T435] ==================================================================
[ 50.192777][ T435] Disabling lock debugging due to kernel taint