Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts.
2025/02/05 05:57:59 ignoring optional flag "sandboxArg"="0"
2025/02/05 05:58:00 parsed 1 programs
[ 50.510169][ T30] kauditd_printk_skb: 32 callbacks suppressed
[ 50.510184][ T30] audit: type=1400 audit(1738735081.173:108): avc: denied { unlink } for pid=406 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 50.587626][ T406] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 51.148051][ T429] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.155725][ T429] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.163149][ T429] device bridge_slave_0 entered promiscuous mode
[ 51.170816][ T429] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.177781][ T429] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.185168][ T429] device bridge_slave_1 entered promiscuous mode
[ 51.229338][ T429] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.236214][ T429] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.243331][ T429] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.250115][ T429] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.270226][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.277281][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.284843][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 51.292162][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.302183][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.310226][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.317049][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.325721][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.333844][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.340736][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.353543][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.362588][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.376067][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.388066][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.396308][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.403606][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.411810][ T429] device veth0_vlan entered promiscuous mode
[ 51.422420][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.431289][ T429] device veth1_macvtap entered promiscuous mode
[ 51.440140][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.450872][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.661049][ T30] audit: type=1401 audit(1738735082.323:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/02/05 05:58:02 executed programs: 0
[ 51.925157][ T470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.932039][ T470] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.939160][ T470] device bridge_slave_0 entered promiscuous mode
[ 51.948926][ T470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.955978][ T470] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.963180][ T470] device bridge_slave_1 entered promiscuous mode
[ 52.014712][ T470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.021590][ T470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.028640][ T470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.035467][ T470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.057984][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 52.065548][ T350] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.073342][ T350] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.084983][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 52.093053][ T350] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.099903][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.108205][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 52.116380][ T350] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.123268][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.132298][ T45] device bridge_slave_1 left promiscuous mode
[ 52.138309][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.145792][ T45] device bridge_slave_0 left promiscuous mode
[ 52.151843][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.160019][ T45] device veth1_macvtap left promiscuous mode
[ 52.165826][ T45] device veth0_vlan left promiscuous mode
[ 52.248167][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 52.256121][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 52.265061][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 52.273049][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 52.286234][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 52.294486][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 52.305976][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 52.313820][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 52.321691][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 52.328958][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 52.337211][ T470] device veth0_vlan entered promiscuous mode
[ 52.346922][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 52.354874][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 52.364183][ T470] device veth1_macvtap entered promiscuous mode
[ 52.373111][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 52.380632][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 52.388610][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 52.398108][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 52.406304][ T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 52.561447][ T475] loop2: detected capacity change from 0 to 40427
[ 52.640695][ T475] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 52.648299][ T475] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 52.658038][ T475] F2FS-fs (loop2): invalid crc value
[ 52.664915][ T475] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 52.695651][ T475] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 52.702564][ T475] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 52.710084][ T30] audit: type=1400 audit(1738735083.373:110): avc: denied { mount } for pid=474 comm="syz.2.15" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 52.731311][ T30] audit: type=1400 audit(1738735083.373:111): avc: denied { write } for pid=474 comm="syz.2.15" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.752499][ T30] audit: type=1400 audit(1738735083.373:112): avc: denied { add_name } for pid=474 comm="syz.2.15" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 52.763991][ T470] ------------[ cut here ]------------
[ 52.774315][ T30] audit: type=1400 audit(1738735083.373:113): avc: denied { create } for pid=474 comm="syz.2.15" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 52.777974][ T470] WARNING: CPU: 1 PID: 470 at fs/f2fs/inode.c:882 f2fs_evict_inode+0x1246/0x1520
[ 52.798114][ T30] audit: type=1400 audit(1738735083.373:114): avc: denied { read open } for pid=474 comm="syz.2.15" path="/0/bus/file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 52.829242][ T30] audit: type=1400 audit(1738735083.373:115): avc: denied { ioctl } for pid=474 comm="syz.2.15" path="/0/bus/file0" dev="loop2" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 52.852698][ T470] Modules linked in:
[ 52.856412][ T470] CPU: 0 PID: 470 Comm: syz-executor Not tainted 5.15.176-syzkaller-1078825-gd1a25a6a4b3b #0
[ 52.866485][ T470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 52.876429][ T470] RIP: 0010:f2fs_evict_inode+0x1246/0x1520
[ 52.882256][ T470] Code: ff ff e8 0d d4 52 ff eb 08 e8 06 d4 52 ff 4d 89 e5 48 8b 7c 24 10 e8 39 26 03 00 4c 8b 64 24 58 e9 b4 fc ff ff e8 ea d3 52 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 eb 3a 95 ff f0 41 80 0e 04 e9 96
[ 52.901907][ T470] RSP: 0018:ffffc90000a578a0 EFLAGS: 00010293
[ 52.907811][ T470] RAX: ffffffff821d9816 RBX: 0000000000000002 RCX: ffff888116c313c0
[ 52.915641][ T470] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 52.923467][ T470] RBP: ffffc90000a57a10 R08: ffffffff821d94b1 R09: ffffed10256c2125
[ 52.931318][ T470] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88812b610650
[ 52.939035][ T470] R13: dffffc0000000000 R14: ffff8881182fe078 R15: 1ffff9200014af28
[ 52.946982][ T470] FS: 0000555589152500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 52.955786][ T470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.968221][ T470] CR2: 0000564eb8018e38 CR3: 000000012a27f000 CR4: 00000000003506b0
[ 52.976348][ T470] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.984343][ T470] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.992212][ T470] Call Trace:
[ 52.995253][ T470]
[ 52.998036][ T470] ? show_regs+0x58/0x60
[ 53.002268][ T470] ? __warn+0x160/0x2f0
[ 53.006267][ T470] ? f2fs_evict_inode+0x1246/0x1520
[ 53.011344][ T470] ? report_bug+0x3d9/0x5b0
[ 53.015710][ T470] ? f2fs_evict_inode+0x1246/0x1520
[ 53.020996][ T470] ? handle_bug+0x41/0x70
[ 53.025174][ T470] ? exc_invalid_op+0x1b/0x50
[ 53.029901][ T470] ? asm_exc_invalid_op+0x1b/0x20
[ 53.034765][ T470] ? f2fs_evict_inode+0xee1/0x1520
[ 53.040117][ T470] ? f2fs_evict_inode+0x1246/0x1520
[ 53.045212][ T470] ? f2fs_evict_inode+0x1246/0x1520
[ 53.050274][ T470] ? _raw_spin_unlock+0x4d/0x70
[ 53.054912][ T470] ? f2fs_write_inode+0x640/0x640
[ 53.059831][ T470] ? bit_waitqueue+0x30/0x30
[ 53.064209][ T470] ? locks_free_lock_context+0x42/0x70
[ 53.069557][ T470] ? __destroy_inode+0x35f/0x4e0
[ 53.074263][ T470] ? f2fs_write_inode+0x640/0x640
[ 53.079207][ T470] evict+0x529/0x930
[ 53.083072][ T470] ? mode_strip_sgid+0x220/0x220
[ 53.087730][ T470] ? __kasan_check_write+0x14/0x20
[ 53.092723][ T470] ? _raw_spin_lock+0xa4/0x1b0
[ 53.097280][ T470] ? _raw_spin_unlock+0x4d/0x70
[ 53.102255][ T470] ? list_lru_del+0x295/0x2d0
[ 53.106709][ T470] evict_inodes+0x642/0x6d0
[ 53.111078][ T470] ? clear_inode+0x150/0x150
[ 53.115463][ T470] generic_shutdown_super+0x97/0x330
[ 53.120825][ T470] kill_block_super+0x7e/0xe0
[ 53.125644][ T470] kill_f2fs_super+0x2f9/0x3c0
[ 53.130551][ T470] ? f2fs_mount+0x40/0x40
[ 53.134741][ T470] ? unregister_shrinker+0x23c/0x2d0
[ 53.139957][ T470] deactivate_locked_super+0xad/0x110
[ 53.145142][ T470] deactivate_super+0xbe/0xf0
[ 53.150072][ T470] cleanup_mnt+0x45c/0x510
[ 53.154558][ T470] __cleanup_mnt+0x19/0x20
[ 53.158772][ T470] task_work_run+0x129/0x190
[ 53.163462][ T470] exit_to_user_mode_loop+0xc4/0xe0
[ 53.168517][ T470] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.173842][ T470] syscall_exit_to_user_mode+0x26/0x160
[ 53.179190][ T470] do_syscall_64+0x47/0xb0
[ 53.183468][ T470] ? clear_bhb_loop+0x35/0x90
[ 53.187953][ T470] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.193708][ T470] RIP: 0033:0x7f2023248a47
[ 53.197934][ T470] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 53.217609][ T470] RSP: 002b:00007ffc2de2a248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 53.226013][ T470] RAX: 0000000000000000 RBX: 00007f20232ba5fc RCX: 00007f2023248a47
[ 53.233830][ T470] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2de2a300
[ 53.241710][ T470] RBP: 00007ffc2de2a300 R08: 0000000000000000 R09: 0000000000000000
[ 53.249492][ T470] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2de2b380
[ 53.257458][ T470] R13: 00007f20232ba5fc R14: 000000000000ccb7 R15: 00007ffc2de2b3c0
[ 53.265322][ T470]
[ 53.268132][ T470] ---[ end trace feaeefd404321d92 ]---
[ 53.309441][ T470] ==================================================================
[ 53.317325][ T470] BUG: KASAN: use-after-free in _raw_spin_lock+0x97/0x1b0
[ 53.324263][ T470] Write of size 4 at addr ffff88812b610698 by task syz-executor/470
[ 53.332075][ T470]
[ 53.334276][ T470] CPU: 0 PID: 470 Comm: syz-executor Tainted: G W 5.15.176-syzkaller-1078825-gd1a25a6a4b3b #0
[ 53.345622][ T470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 53.355512][ T470] Call Trace:
[ 53.358636][ T470]
[ 53.361419][ T470] dump_stack_lvl+0x151/0x1c0
[ 53.365925][ T470] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.371481][ T470] ? __wake_up_klogd+0xd5/0x110
[ 53.376174][ T470] ? panic+0x760/0x760
[ 53.380073][ T470] ? __schedule+0xcd4/0x1590
[ 53.384585][ T470] print_address_description+0x87/0x3b0
[ 53.389967][ T470] kasan_report+0x179/0x1c0
[ 53.394310][ T470] ? _raw_spin_lock+0x97/0x1b0
[ 53.398907][ T470] ? _raw_spin_lock+0x97/0x1b0
[ 53.403508][ T470] kasan_check_range+0x293/0x2a0
[ 53.408281][ T470] __kasan_check_write+0x14/0x20
[ 53.413053][ T470] _raw_spin_lock+0x97/0x1b0
[ 53.417477][ T470] ? _raw_spin_trylock_bh+0x190/0x190
[ 53.422689][ T470] ? _raw_spin_lock+0xa4/0x1b0
[ 53.427297][ T470] ? _raw_spin_trylock_bh+0x190/0x190
[ 53.432496][ T470] ? remove_wait_queue+0x140/0x140
[ 53.437443][ T470] igrab+0x20/0xa0
[ 53.441002][ T470] f2fs_sync_inode_meta+0x14d/0x2a0
[ 53.446036][ T470] f2fs_write_checkpoint+0xab4/0x1fb0
[ 53.451245][ T470] ? f2fs_get_sectors_written+0x500/0x500
[ 53.456796][ T470] ? rwsem_write_trylock+0x153/0x340
[ 53.461916][ T470] ? __kasan_check_write+0x14/0x20
[ 53.466869][ T470] ? mutex_unlock+0xb2/0x260
[ 53.471296][ T470] f2fs_issue_checkpoint+0x31b/0x4d0
[ 53.476412][ T470] ? f2fs_destroy_checkpoint_caches+0x30/0x30
[ 53.482407][ T470] ? sync_inodes_sb+0x7cd/0x8b0
[ 53.487089][ T470] ? try_to_writeback_inodes_sb+0xc0/0xc0
[ 53.492642][ T470] f2fs_sync_fs+0x186/0x2f0
[ 53.496993][ T470] sync_filesystem+0x1cf/0x250
[ 53.501583][ T470] f2fs_quota_off_umount+0x20e/0x220
[ 53.506713][ T470] f2fs_put_super+0xbc/0xb80
[ 53.511130][ T470] ? fsnotify_sb_delete+0x480/0x4e0
[ 53.516186][ T470] ? f2fs_drop_inode+0xa20/0xa20
[ 53.520950][ T470] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 53.526498][ T470] ? clear_inode+0x150/0x150
[ 53.530934][ T470] ? fscrypt_destroy_keyring+0x287/0x2a0
[ 53.536386][ T470] ? f2fs_drop_inode+0xa20/0xa20
[ 53.541160][ T470] generic_shutdown_super+0x14f/0x330
[ 53.546367][ T470] kill_block_super+0x7e/0xe0
[ 53.550876][ T470] kill_f2fs_super+0x2f9/0x3c0
[ 53.555566][ T470] ? f2fs_mount+0x40/0x40
[ 53.559730][ T470] ? unregister_shrinker+0x23c/0x2d0
[ 53.564853][ T470] deactivate_locked_super+0xad/0x110
[ 53.570065][ T470] deactivate_super+0xbe/0xf0
[ 53.574577][ T470] cleanup_mnt+0x45c/0x510
[ 53.578835][ T470] __cleanup_mnt+0x19/0x20
[ 53.583095][ T470] task_work_run+0x129/0x190
[ 53.587511][ T470] exit_to_user_mode_loop+0xc4/0xe0
[ 53.592701][ T470] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.597956][ T470] syscall_exit_to_user_mode+0x26/0x160
[ 53.603334][ T470] do_syscall_64+0x47/0xb0
[ 53.607589][ T470] ? clear_bhb_loop+0x35/0x90
[ 53.612101][ T470] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.617828][ T470] RIP: 0033:0x7f2023248a47
[ 53.622087][ T470] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 53.641784][ T470] RSP: 002b:00007ffc2de2a248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 53.650039][ T470] RAX: 0000000000000000 RBX: 00007f20232ba5fc RCX: 00007f2023248a47
[ 53.658016][ T470] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2de2a300
[ 53.665917][ T470] RBP: 00007ffc2de2a300 R08: 0000000000000000 R09: 0000000000000000
[ 53.673722][ T470] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2de2b380
[ 53.681531][ T470] R13: 00007f20232ba5fc R14: 000000000000ccb7 R15: 00007ffc2de2b3c0
[ 53.689347][ T470]
[ 53.692206][ T470]
[ 53.694383][ T470] Allocated by task 475:
[ 53.698458][ T470] __kasan_slab_alloc+0xb1/0xe0
[ 53.703142][ T470] slab_post_alloc_hook+0x53/0x2c0
[ 53.708089][ T470] kmem_cache_alloc+0xf5/0x250
[ 53.712690][ T470] f2fs_alloc_inode+0x26/0x340
[ 53.717289][ T470] new_inode_pseudo+0x64/0x220
[ 53.721889][ T470] new_inode+0x28/0x1c0
[ 53.726233][ T470] f2fs_new_inode+0x10e/0x1410
[ 53.730830][ T470] f2fs_create+0x17b/0x15e0
[ 53.735169][ T470] path_openat+0x13a8/0x2f40
[ 53.739599][ T470] do_filp_open+0x21c/0x460
[ 53.743936][ T470] do_sys_openat2+0x13f/0x820
[ 53.748457][ T470] __x64_sys_openat+0x243/0x290
[ 53.753136][ T470] x64_sys_call+0x6bf/0x9a0
[ 53.757474][ T470] do_syscall_64+0x3b/0xb0
[ 53.761815][ T470] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.767543][ T470]
[ 53.769740][ T470] Freed by task 470:
[ 53.773445][ T470] kasan_set_track+0x4b/0x70
[ 53.777868][ T470] kasan_set_free_info+0x23/0x40
[ 53.782658][ T470] ____kasan_slab_free+0x126/0x160
[ 53.787606][ T470] __kasan_slab_free+0x11/0x20
[ 53.792192][ T470] slab_free_freelist_hook+0xbd/0x190
[ 53.797399][ T470] kmem_cache_free+0x115/0x330
[ 53.802088][ T470] f2fs_free_inode+0x24/0x30
[ 53.806512][ T470] i_callback+0x4b/0x70
[ 53.810502][ T470] rcu_do_batch+0x57a/0xc10
[ 53.814846][ T470] rcu_core+0x517/0x1020
[ 53.818922][ T470] rcu_core_si+0x9/0x10
[ 53.822914][ T470] handle_softirqs+0x25e/0x5c0
[ 53.827514][ T470] __irq_exit_rcu+0x52/0xf0
[ 53.831856][ T470] irq_exit_rcu+0x9/0x10
[ 53.835943][ T470] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 53.841404][ T470] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 53.847230][ T470]
[ 53.849385][ T470] Last potentially related work creation:
[ 53.854943][ T470] kasan_save_stack+0x3b/0x60
[ 53.859455][ T470] __kasan_record_aux_stack+0xd3/0xf0
[ 53.864667][ T470] kasan_record_aux_stack_noalloc+0xb/0x10
[ 53.870304][ T470] call_rcu+0x123/0x10b0
[ 53.874380][ T470] evict+0x87d/0x930
[ 53.878114][ T470] evict_inodes+0x642/0x6d0
[ 53.882451][ T470] generic_shutdown_super+0x97/0x330
[ 53.887660][ T470] kill_block_super+0x7e/0xe0
[ 53.892179][ T470] kill_f2fs_super+0x2f9/0x3c0
[ 53.896773][ T470] deactivate_locked_super+0xad/0x110
[ 53.901983][ T470] deactivate_super+0xbe/0xf0
[ 53.906631][ T470] cleanup_mnt+0x45c/0x510
[ 53.910833][ T470] __cleanup_mnt+0x19/0x20
[ 53.915181][ T470] task_work_run+0x129/0x190
[ 53.919601][ T470] exit_to_user_mode_loop+0xc4/0xe0
[ 53.924642][ T470] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.929940][ T470] syscall_exit_to_user_mode+0x26/0x160
[ 53.935315][ T470] do_syscall_64+0x47/0xb0
[ 53.939573][ T470] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.945293][ T470]
[ 53.947465][ T470] The buggy address belongs to the object at ffff88812b610610
[ 53.947465][ T470] which belongs to the cache f2fs_inode_cache of size 1424
[ 53.961869][ T470] The buggy address is located 136 bytes inside of
[ 53.961869][ T470] 1424-byte region [ffff88812b610610, ffff88812b610ba0)
[ 53.975063][ T470] The buggy address belongs to the page:
[ 53.980530][ T470] page:ffffea0004ad8400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12b610
[ 53.990596][ T470] head:ffffea0004ad8400 order:3 compound_mapcount:0 compound_pincount:0
[ 53.998759][ T470] flags: 0x4000000000010200(slab|head|zone=1)
[ 54.004673][ T470] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881003e8f00
[ 54.013083][ T470] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[ 54.021495][ T470] page dumped because: kasan: bad access detected
[ 54.027842][ T470] page_owner tracks the page as allocated
[ 54.033382][ T470] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 475, ts 52657476251, free_ts 0
[ 54.053695][ T470] post_alloc_hook+0x1a3/0x1b0
[ 54.058292][ T470] prep_new_page+0x1b/0x110
[ 54.062732][ T470] get_page_from_freelist+0x3550/0x35d0
[ 54.068099][ T470] __alloc_pages+0x27e/0x8f0
[ 54.072527][ T470] new_slab+0x9a/0x4e0
[ 54.076429][ T470] ___slab_alloc+0x39e/0x830
[ 54.080870][ T470] __slab_alloc+0x4a/0x90
[ 54.085024][ T470] kmem_cache_alloc+0x139/0x250
[ 54.089797][ T470] f2fs_alloc_inode+0x26/0x340
[ 54.094398][ T470] iget_locked+0x174/0x860
[ 54.098650][ T470] f2fs_iget+0x55/0x4fe0
[ 54.102731][ T470] f2fs_fill_super+0x4f0f/0x8190
[ 54.107506][ T470] mount_bdev+0x282/0x3b0
[ 54.111754][ T470] f2fs_mount+0x34/0x40
[ 54.115756][ T470] legacy_get_tree+0xf1/0x190
[ 54.120433][ T470] vfs_get_tree+0x88/0x290
[ 54.124688][ T470] page_owner free stack trace missing
[ 54.129987][ T470]
[ 54.132150][ T470] Memory state around the buggy address:
[ 54.137626][ T470] ffff88812b610580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.145786][ T470] ffff88812b610600: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.153685][ T470] >ffff88812b610680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.161662][ T470] ^
[ 54.166436][ T470] ffff88812b610700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.174422][ T470] ffff88812b610780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.182322][ T470] ==================================================================
[ 54.190213][ T470] Disabling lock debugging due to kernel taint
[ 54.197563][ T30] audit: type=1400 audit(1738735084.853:116): avc: denied { append } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.233390][ T30] audit: type=1400 audit(1738735084.853:117): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1