Warning: Permanently added '10.128.1.247' (ED25519) to the list of known hosts.
2025/08/15 05:41:42 ignoring optional flag "sandboxArg"="0"
2025/08/15 05:41:42 parsed 1 programs
[ 53.165989][ T30] kauditd_printk_skb: 30 callbacks suppressed
[ 53.166006][ T30] audit: type=1400 audit(1755236503.946:104): avc: denied { unlink } for pid=394 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 53.225086][ T394] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 53.897599][ T422] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.904653][ T422] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.912180][ T422] device bridge_slave_0 entered promiscuous mode
[ 53.920162][ T422] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.927865][ T422] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.935324][ T422] device bridge_slave_1 entered promiscuous mode
[ 53.982912][ T422] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.989980][ T422] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.997288][ T422] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.004321][ T422] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.022745][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 54.030626][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.038025][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.048410][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 54.056645][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.063687][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.072413][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 54.080892][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.087948][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.100247][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 54.110194][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 54.123550][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 54.135990][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 54.144015][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 54.151545][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 54.159510][ T422] device veth0_vlan entered promiscuous mode
[ 54.170561][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 54.179569][ T422] device veth1_macvtap entered promiscuous mode
[ 54.188548][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 54.198505][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 54.236815][ T30] audit: type=1400 audit(1755236505.016:105): avc: denied { create } for pid=436 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 54.398190][ T30] audit: type=1401 audit(1755236505.176:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/08/15 05:41:45 executed programs: 0
[ 54.801448][ T30] audit: type=1400 audit(1755236505.576:107): avc: denied { write } for pid=386 comm="syz-execprog" path="pipe:[15569]" dev="pipefs" ino=15569 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 54.855260][ T461] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.862330][ T461] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.870026][ T461] device bridge_slave_0 entered promiscuous mode
[ 54.882570][ T461] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.889748][ T461] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.897191][ T461] device bridge_slave_1 entered promiscuous mode
[ 54.947845][ T461] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.954924][ T461] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.962223][ T461] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.969277][ T461] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.988712][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 54.996331][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.003481][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.011994][ T55] device bridge_slave_1 left promiscuous mode
[ 55.018370][ T55] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.025923][ T55] device bridge_slave_0 left promiscuous mode
[ 55.032025][ T55] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.040140][ T55] device veth1_macvtap left promiscuous mode
[ 55.046239][ T55] device veth0_vlan left promiscuous mode
[ 55.132659][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 55.140888][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.148190][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.157190][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 55.165580][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.172619][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.186194][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 55.195754][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 55.209589][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 55.220718][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 55.228860][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 55.236362][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 55.244629][ T461] device veth0_vlan entered promiscuous mode
[ 55.254852][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 55.264239][ T461] device veth1_macvtap entered promiscuous mode
[ 55.273655][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 55.284208][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 55.426015][ T472] loop2: detected capacity change from 0 to 40427
[ 55.478049][ T472] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 55.486039][ T472] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 55.497257][ T472] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 55.525587][ T472] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 55.532659][ T472] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 55.541026][ T30] audit: type=1400 audit(1755236506.316:108): avc: denied { mount } for pid=471 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 55.562435][ T30] audit: type=1400 audit(1755236506.316:109): avc: denied { write } for pid=471 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 55.584094][ T30] audit: type=1400 audit(1755236506.316:110): avc: denied { add_name } for pid=471 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 55.604008][ T461] ------------[ cut here ]------------
[ 55.604669][ T30] audit: type=1400 audit(1755236506.316:111): avc: denied { create } for pid=471 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 55.611314][ T461] WARNING: CPU: 1 PID: 461 at fs/f2fs/inode.c:880 f2fs_evict_inode+0x12b0/0x1560
[ 55.630019][ T30] audit: type=1400 audit(1755236506.336:112): avc: denied { read open } for pid=471 comm="syz.2.16" path="/0/file0/bus" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 55.661213][ T461] Modules linked in:
[ 55.661819][ T30] audit: type=1400 audit(1755236506.336:113): avc: denied { ioctl } for pid=471 comm="syz.2.16" path="/0/file0/bus" dev="loop2" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 55.666090][ T461] CPU: 1 PID: 461 Comm: syz-executor Not tainted 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[ 55.698974][ T461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 55.709172][ T461] RIP: 0010:f2fs_evict_inode+0x12b0/0x1560
[ 55.715025][ T461] Code: e9 55 f2 ff ff e8 20 2c 61 ff eb 05 e8 19 2c 61 ff 4c 8b 74 24 28 48 8b 7c 24 18 e8 3a f0 02 00 e9 bc fc ff ff e8 00 2c 61 ff <0f> 0b 4c 89 f7 be 08 00 00 00 e8 d1 a8 9f ff f0 41 80 0e 04 e9 99
[ 55.734668][ T461] RSP: 0018:ffffc90000ad78c0 EFLAGS: 00010293
[ 55.740763][ T461] RAX: ffffffff820783d0 RBX: 1ffff9200015af2c RCX: ffff8881152f4f00
[ 55.748938][ T461] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 55.757179][ T461] RBP: ffffc90000ad7a30 R08: dffffc0000000000 R09: ffffed1025428d45
[ 55.765517][ T461] R10: ffffed1025428d45 R11: 1ffff11025428d44 R12: ffff88812a146a20
[ 55.773541][ T461] R13: dffffc0000000000 R14: ffff8881189f6078 R15: 0000000000000002
[ 55.781817][ T461] FS: 000055557c79f500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 55.790805][ T461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.797444][ T461] CR2: 00007f40da3ec000 CR3: 000000012e162000 CR4: 00000000003506b0
[ 55.805443][ T461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.813424][ T461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.821568][ T461] Call Trace:
[ 55.824859][ T461]
[ 55.827832][ T461] ? inode_wait_for_writeback+0x1b0/0x200
[ 55.833574][ T461] ? f2fs_write_inode+0x850/0x850
[ 55.838629][ T461] ? bit_waitqueue+0x30/0x30
[ 55.843242][ T461] ? locks_free_lock_context+0x42/0x70
[ 55.848871][ T461] ? f2fs_write_inode+0x850/0x850
[ 55.853916][ T461] evict+0x485/0x870
[ 55.857981][ T461] ? proc_nr_inodes+0x310/0x310
[ 55.862850][ T461] ? _raw_spin_lock+0x8e/0xe0
[ 55.867906][ T461] ? _raw_spin_unlock+0x4d/0x70
[ 55.872771][ T461] evict_inodes+0x5de/0x650
[ 55.877341][ T461] ? clear_inode+0x150/0x150
[ 55.882011][ T461] generic_shutdown_super+0x96/0x330
[ 55.887427][ T461] kill_block_super+0x7f/0xf0
[ 55.892223][ T461] kill_f2fs_super+0x2e7/0x390
[ 55.897286][ T461] ? radix_tree_delete_item+0x2c8/0x410
[ 55.902939][ T461] ? f2fs_mount+0x40/0x40
[ 55.907340][ T461] ? unregister_shrinker+0x201/0x290
[ 55.912670][ T461] deactivate_locked_super+0xa0/0x100
[ 55.918108][ T461] deactivate_super+0xaf/0xe0
[ 55.922820][ T461] cleanup_mnt+0x446/0x500
[ 55.927543][ T461] __cleanup_mnt+0x19/0x20
[ 55.931984][ T461] task_work_run+0x127/0x190
[ 55.936626][ T461] exit_to_user_mode_loop+0xd0/0xe0
[ 55.941834][ T461] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.947380][ T461] syscall_exit_to_user_mode+0x1a/0x30
[ 55.952869][ T461] do_syscall_64+0x58/0xa0
[ 55.957353][ T461] ? clear_bhb_loop+0x50/0xa0
[ 55.962090][ T461] ? clear_bhb_loop+0x50/0xa0
[ 55.966792][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.972695][ T461] RIP: 0033:0x7fc4ad0ed497
[ 55.977171][ T461] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 55.997019][ T461] RSP: 002b:00007ffc9f1d1ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 56.006362][ T461] RAX: 0000000000000000 RBX: 00007fc4ad16e854 RCX: 00007fc4ad0ed497
[ 56.014405][ T461] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc9f1d1c60
[ 56.022430][ T461] RBP: 00007ffc9f1d1c60 R08: 0000000000000000 R09: 0000000000000000
[ 56.030447][ T461] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc9f1d2cf0
[ 56.038467][ T461] R13: 00007fc4ad16e854 R14: 000000000000d8e9 R15: 00007ffc9f1d2d30
[ 56.046464][ T461]
[ 56.049507][ T461] ---[ end trace 1bc3e117fcca70e9 ]---
[ 56.095245][ T461] ==================================================================
[ 56.103422][ T461] BUG: KASAN: use-after-free in _raw_spin_lock+0x81/0xe0
[ 56.110445][ T461] Write of size 4 at addr ffff88812a146798 by task syz-executor/461
[ 56.118416][ T461]
[ 56.120744][ T461] CPU: 0 PID: 461 Comm: syz-executor Tainted: G W 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[ 56.132449][ T461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 56.142500][ T461] Call Trace:
[ 56.145776][ T461]
[ 56.148716][ T461] __dump_stack+0x21/0x30
[ 56.153048][ T461] dump_stack_lvl+0xee/0x150
[ 56.157662][ T461] ? show_regs_print_info+0x20/0x20
[ 56.162852][ T461] ? load_image+0x3a0/0x3a0
[ 56.167351][ T461] ? __update_load_avg_cfs_rq+0xaf/0x2f0
[ 56.172984][ T461] print_address_description+0x7f/0x2c0
[ 56.178545][ T461] ? _raw_spin_lock+0x81/0xe0
[ 56.183229][ T461] kasan_report+0xf1/0x140
[ 56.187657][ T461] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 56.193119][ T461] ? _raw_spin_lock+0x81/0xe0
[ 56.197900][ T461] kasan_check_range+0x280/0x290
[ 56.202848][ T461] __kasan_check_write+0x14/0x20
[ 56.207797][ T461] _raw_spin_lock+0x81/0xe0
[ 56.212405][ T461] ? _raw_spin_trylock_bh+0x130/0x130
[ 56.217790][ T461] ? __kasan_check_write+0x14/0x20
[ 56.222900][ T461] ? _raw_spin_lock+0x8e/0xe0
[ 56.227597][ T461] ? _raw_spin_trylock_bh+0x130/0x130
[ 56.232980][ T461] igrab+0x20/0xa0
[ 56.236698][ T461] f2fs_sync_inode_meta+0x153/0x2a0
[ 56.241900][ T461] f2fs_write_checkpoint+0xa7d/0x1f00
[ 56.247287][ T461] ? __kasan_check_write+0x14/0x20
[ 56.252402][ T461] ? f2fs_get_sectors_written+0x4e0/0x4e0
[ 56.258120][ T461] ? rwsem_write_trylock+0x130/0x300
[ 56.263407][ T461] ? __kasan_check_read+0x11/0x20
[ 56.268426][ T461] ? wb_wait_for_completion+0x1d8/0x270
[ 56.274138][ T461] f2fs_issue_checkpoint+0x2e5/0x470
[ 56.279524][ T461] ? f2fs_destroy_checkpoint_caches+0x30/0x30
[ 56.285593][ T461] ? try_to_writeback_inodes_sb+0xc0/0xc0
[ 56.291309][ T461] f2fs_sync_fs+0x16f/0x2c0
[ 56.295806][ T461] sync_filesystem+0x1cb/0x240
[ 56.300564][ T461] f2fs_quota_off_umount+0x217/0x230
[ 56.305847][ T461] f2fs_put_super+0xb7/0xc00
[ 56.310453][ T461] ? fsnotify_destroy_marks+0x14f/0x400
[ 56.316012][ T461] ? fsnotify_sb_delete+0x471/0x4e0
[ 56.321509][ T461] ? f2fs_drop_inode+0x980/0x980
[ 56.326451][ T461] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 56.332171][ T461] ? clear_inode+0x150/0x150
[ 56.336763][ T461] ? fscrypt_destroy_keyring+0x27f/0x290
[ 56.342486][ T461] ? f2fs_drop_inode+0x980/0x980
[ 56.347433][ T461] generic_shutdown_super+0x151/0x330
[ 56.352804][ T461] kill_block_super+0x7f/0xf0
[ 56.357481][ T461] kill_f2fs_super+0x2e7/0x390
[ 56.362245][ T461] ? radix_tree_delete_item+0x2c8/0x410
[ 56.367933][ T461] ? f2fs_mount+0x40/0x40
[ 56.372274][ T461] ? unregister_shrinker+0x201/0x290
[ 56.377559][ T461] deactivate_locked_super+0xa0/0x100
[ 56.382939][ T461] deactivate_super+0xaf/0xe0
[ 56.387627][ T461] cleanup_mnt+0x446/0x500
[ 56.392046][ T461] __cleanup_mnt+0x19/0x20
[ 56.396608][ T461] task_work_run+0x127/0x190
[ 56.401280][ T461] exit_to_user_mode_loop+0xd0/0xe0
[ 56.406492][ T461] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.412193][ T461] syscall_exit_to_user_mode+0x1a/0x30
[ 56.417755][ T461] do_syscall_64+0x58/0xa0
[ 56.422175][ T461] ? clear_bhb_loop+0x50/0xa0
[ 56.426851][ T461] ? clear_bhb_loop+0x50/0xa0
[ 56.431672][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.437572][ T461] RIP: 0033:0x7fc4ad0ed497
[ 56.441992][ T461] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 56.461708][ T461] RSP: 002b:00007ffc9f1d1ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 56.470153][ T461] RAX: 0000000000000000 RBX: 00007fc4ad16e854 RCX: 00007fc4ad0ed497
[ 56.478129][ T461] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc9f1d1c60
[ 56.486108][ T461] RBP: 00007ffc9f1d1c60 R08: 0000000000000000 R09: 0000000000000000
[ 56.494257][ T461] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc9f1d2cf0
[ 56.502235][ T461] R13: 00007fc4ad16e854 R14: 000000000000d8e9 R15: 00007ffc9f1d2d30
[ 56.510211][ T461]
[ 56.513224][ T461]
[ 56.515549][ T461] Allocated by task 472:
[ 56.519775][ T461] __kasan_slab_alloc+0xbd/0xf0
[ 56.524622][ T461] slab_post_alloc_hook+0x4f/0x2b0
[ 56.529734][ T461] kmem_cache_alloc+0xf7/0x260
[ 56.534527][ T461] f2fs_alloc_inode+0x26/0x330
[ 56.539301][ T461] new_inode_pseudo+0x62/0x210
[ 56.544068][ T461] new_inode+0x28/0x1e0
[ 56.548235][ T461] f2fs_new_inode+0xd2/0x12b0
[ 56.552911][ T461] f2fs_create+0x178/0x15f0
[ 56.557411][ T461] path_openat+0x11ae/0x2f10
[ 56.561997][ T461] do_filp_open+0x1b3/0x3e0
[ 56.566501][ T461] do_sys_openat2+0x14c/0x7b0
[ 56.571172][ T461] __x64_sys_openat+0x136/0x160
[ 56.576026][ T461] x64_sys_call+0x219/0x9a0
[ 56.580549][ T461] do_syscall_64+0x4c/0xa0
[ 56.584960][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.590856][ T461]
[ 56.593217][ T461] Freed by task 461:
[ 56.597109][ T461] kasan_set_track+0x4a/0x70
[ 56.601825][ T461] kasan_set_free_info+0x23/0x40
[ 56.606797][ T461] ____kasan_slab_free+0x125/0x160
[ 56.611914][ T461] __kasan_slab_free+0x11/0x20
[ 56.616730][ T461] slab_free_freelist_hook+0xc2/0x190
[ 56.622103][ T461] kmem_cache_free+0x100/0x320
[ 56.626907][ T461] f2fs_free_inode+0x24/0x30
[ 56.631585][ T461] i_callback+0x4c/0x70
[ 56.635737][ T461] rcu_do_batch+0x51d/0xba0
[ 56.640355][ T461] rcu_core+0x5e4/0xf80
[ 56.644510][ T461] rcu_core_si+0x9/0x10
[ 56.648665][ T461] handle_softirqs+0x250/0x560
[ 56.653612][ T461] __irq_exit_rcu+0x52/0xf0
[ 56.658113][ T461] irq_exit_rcu+0x9/0x10
[ 56.662353][ T461] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 56.668122][ T461] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 56.674110][ T461]
[ 56.676448][ T461] Last potentially related work creation:
[ 56.682156][ T461] kasan_save_stack+0x3a/0x60
[ 56.687060][ T461] __kasan_record_aux_stack+0xd2/0x100
[ 56.692519][ T461] kasan_record_aux_stack_noalloc+0xb/0x10
[ 56.698341][ T461] call_rcu+0x105/0xfe0
[ 56.702685][ T461] evict+0x7da/0x870
[ 56.706581][ T461] evict_inodes+0x5de/0x650
[ 56.711077][ T461] generic_shutdown_super+0x96/0x330
[ 56.716357][ T461] kill_block_super+0x7f/0xf0
[ 56.721026][ T461] kill_f2fs_super+0x2e7/0x390
[ 56.725781][ T461] deactivate_locked_super+0xa0/0x100
[ 56.731151][ T461] deactivate_super+0xaf/0xe0
[ 56.735922][ T461] cleanup_mnt+0x446/0x500
[ 56.740342][ T461] __cleanup_mnt+0x19/0x20
[ 56.744751][ T461] task_work_run+0x127/0x190
[ 56.749333][ T461] exit_to_user_mode_loop+0xd0/0xe0
[ 56.754527][ T461] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.759985][ T461] syscall_exit_to_user_mode+0x1a/0x30
[ 56.765449][ T461] do_syscall_64+0x58/0xa0
[ 56.769889][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.775822][ T461]
[ 56.778140][ T461] The buggy address belongs to the object at ffff88812a146710
[ 56.778140][ T461] which belongs to the cache f2fs_inode_cache of size 1424
[ 56.792704][ T461] The buggy address is located 136 bytes inside of
[ 56.792704][ T461] 1424-byte region [ffff88812a146710, ffff88812a146ca0)
[ 56.806152][ T461] The buggy address belongs to the page:
[ 56.811863][ T461] page:ffffea0004a85000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12a140
[ 56.822188][ T461] head:ffffea0004a85000 order:3 compound_mapcount:0 compound_pincount:0
[ 56.830506][ T461] flags: 0x4000000000010200(slab|head|zone=1)
[ 56.836582][ T461] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881081f6a80
[ 56.845189][ T461] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[ 56.853774][ T461] page dumped because: kasan: bad access detected
[ 56.860192][ T461] page_owner tracks the page as allocated
[ 56.865966][ T461] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 472, ts 55494954304, free_ts 30670283594
[ 56.887627][ T461] post_alloc_hook+0x192/0x1b0
[ 56.892401][ T461] prep_new_page+0x1c/0x110
[ 56.896897][ T461] get_page_from_freelist+0x2cc5/0x2d50
[ 56.902438][ T461] __alloc_pages+0x18f/0x440
[ 56.907023][ T461] new_slab+0xa1/0x4d0
[ 56.911090][ T461] ___slab_alloc+0x381/0x810
[ 56.915673][ T461] __slab_alloc+0x49/0x90
[ 56.919992][ T461] kmem_cache_alloc+0x138/0x260
[ 56.924835][ T461] f2fs_alloc_inode+0x26/0x330
[ 56.929595][ T461] iget_locked+0x16c/0x7e0
[ 56.934008][ T461] f2fs_iget+0x55/0x5130
[ 56.938244][ T461] f2fs_fill_super+0x3a20/0x6d10
[ 56.943173][ T461] mount_bdev+0x2ae/0x3e0
[ 56.947495][ T461] f2fs_mount+0x34/0x40
[ 56.951646][ T461] legacy_get_tree+0xed/0x190
[ 56.956317][ T461] vfs_get_tree+0x89/0x260
[ 56.960732][ T461] page last free stack trace:
[ 56.965511][ T461] free_unref_page_prepare+0x542/0x550
[ 56.971000][ T461] free_unref_page_list+0x134/0x9d0
[ 56.976505][ T461] release_pages+0xfda/0x1030
[ 56.981212][ T461] free_pages_and_swap_cache+0x86/0xa0
[ 56.986719][ T461] tlb_finish_mmu+0x175/0x300
[ 56.991401][ T461] unmap_region+0x315/0x360
[ 56.995907][ T461] __do_munmap+0xa0e/0xfe0
[ 57.000326][ T461] __vm_munmap+0x15b/0x2a0
[ 57.004749][ T461] __x64_sys_munmap+0x6b/0x80
[ 57.009427][ T461] x64_sys_call+0xc9/0x9a0
[ 57.013873][ T461] do_syscall_64+0x4c/0xa0
[ 57.018326][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.024249][ T461]
[ 57.026575][ T461] Memory state around the buggy address:
[ 57.032205][ T461] ffff88812a146680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 57.040283][ T461] ffff88812a146700: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.048349][ T461] >ffff88812a146780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.056402][ T461] ^
[ 57.061260][ T461] ffff88812a146800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.069358][ T461] ffff88812a146880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.077509][ T461] ==================================================================
[ 57.085556][ T461] Disabling lock debugging due to kernel taint