F2FS-fs (loop3): inject inconsistent footer in f2fs_sanity_check_node_footer of f2fs_write_end_io+0x95c/0x17a0 fs/f2fs/data.c:396
F2FS-fs (loop3): inconsistent node block, node_type:0, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:10241045589465957861,blkaddr:4102]
================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
modprobe/7537 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff88806a33b608 (&sb->s_type->i_lock_key#41){+.?.}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline]
ffff88806a33b608 (&sb->s_type->i_lock_key#41){+.?.}-{3:3}, at: igrab+0x2d/0x1e0 fs/inode.c:1577
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
  __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
  spin_lock include/linux/spinlock.h:342 [inline]
  iget_locked+0x397/0x6a0 fs/inode.c:1483
  f2fs_iget+0x56/0x5f30 fs/f2fs/inode.c:577
  f2fs_fill_super+0x4419/0x78f0 fs/f2fs/super.c:5118
  get_tree_bdev_flags+0x431/0x4f0 fs/super.c:1694
  vfs_get_tree+0x92/0x2a0 fs/super.c:1754
  fc_mount fs/namespace.c:1193 [inline]
  do_new_mount_fc fs/namespace.c:3758 [inline]
  do_new_mount+0x341/0xd30 fs/namespace.c:3834
  do_mount fs/namespace.c:4167 [inline]
  __do_sys_mount fs/namespace.c:4399 [inline]
  __se_sys_mount+0x31d/0x420 fs/namespace.c:4376
  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
  do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 1320
hardirqs last  enabled at (1320): [<ffffffff8bb1e830>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
hardirqs last  enabled at (1320): [<ffffffff8bb1e830>] _raw_spin_unlock_irqrestore+0x30/0x80 kernel/locking/spinlock.c:198
hardirqs last disabled at (1319): [<ffffffff8bb1e68a>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline]
hardirqs last disabled at (1319): [<ffffffff8bb1e68a>] _raw_spin_lock_irqsave+0x1a/0x60 kernel/locking/spinlock.c:166
softirqs last  enabled at (1232): [<ffffffff81887f0a>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last  enabled at (1232): [<ffffffff81887f0a>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last  enabled at (1232): [<ffffffff81887f0a>] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
softirqs last disabled at (1283): [<ffffffff81887f0a>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last disabled at (1283): [<ffffffff81887f0a>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (1283): [<ffffffff81887f0a>] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sb->s_type->i_lock_key#41);
  <Interrupt>
    lock(&sb->s_type->i_lock_key#41);

 *** DEADLOCK ***

1 lock held by modprobe/7537:
 #0: ffff8880327727f8 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
 #0: ffff8880327727f8 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0 mm/util.c:579

stack backtrace:
CPU: 0 UID: 0 PID: 7537 Comm: modprobe Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <IRQ>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042
 valid_state kernel/locking/lockdep.c:4056 [inline]
 mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1
 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753
 mark_usage kernel/locking/lockdep.c:-1 [inline]
 __lock_acquire+0x689/0x2cf0 kernel/locking/lockdep.c:5191
 lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
 spin_lock include/linux/spinlock.h:342 [inline]
 igrab+0x2d/0x1e0 fs/inode.c:1577
 fserror_report+0x3c5/0x740 fs/fserror.c:159
 fserror_report_file_metadata include/linux/fserror.h:61 [inline]
 f2fs_sanity_check_node_footer+0x637/0x960 fs/f2fs/node.c:1562
 f2fs_write_end_io+0x95c/0x17a0 fs/f2fs/data.c:396
 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016
 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178
 blk_complete_reqs block/blk-mq.c:1253 [inline]
 blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258
 handle_softirqs+0x22a/0x840 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5945
Code: 19 00 00 b8 ff ff ff ff 65 0f c1 05 44 3e 8d 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 0b e9 02 00 cc 90 0f 0b 90 48 c7
RSP: 0018:ffffc90003826f08 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000046
RDX: 0000000000000000 RSI: ffffffff8e2358fb RDI: ffffffff8c287de0
RBP: 00000000ffffffff R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff353e83c R12: 0000000000000246
R13: ffff88802b8ddb80 R14: ffff8880327727f8 R15: 0000000000000000
 lock_is_held include/linux/lockdep.h:249 [inline]
 mt_locked lib/maple_tree.c:-1 [inline]
 mt_slot lib/maple_tree.c:715 [inline]
 mas_slot lib/maple_tree.c:748 [inline]
 mas_validate_parent_slot lib/maple_tree.c:6756 [inline]
 mt_validate+0x7b9/0x41f0 lib/maple_tree.c:6946
 validate_mm+0xd4/0x4c0 mm/vma.c:652
 __split_vma+0x909/0xa40 mm/vma.c:570
 vms_gather_munmap_vmas+0x32d/0x1380 mm/vma.c:1427
 __mmap_setup mm/vma.c:2439 [inline]
 __mmap_region mm/vma.c:2753 [inline]
 mmap_region+0x856/0x2280 mm/vma.c:2856
 do_mmap+0xc39/0x10c0 mm/mmap.c:560
 vm_mmap_pgoff+0x2c9/0x4f0 mm/util.c:581
 ksys_mmap_pgoff+0x51e/0x760 mm/mmap.c:606
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5060372242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007fff9eebe0a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f50600a2000 RCX: 00007f5060372242
RDX: 0000000000000003 RSI: 0000000000002000 RDI: 00007f50600a2000
RBP: 0000000000000812 R08: 0000000000000000 R09: 000000000000e000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007fff9eebe168
R13: 00007f5060346b20 R14: 00007fff9eebe4e0 R15: 00000ffff3dd7c18
 </TASK>
----------------
Code disassembly (best guess):
   0:	19 00                	sbb    %eax,(%rax)
   2:	00 b8 ff ff ff ff    	add    %bh,-0x1(%rax)
   8:	65 0f c1 05 44 3e 8d 	xadd   %eax,%gs:0x78d3e44(%rip)        # 0x78d3e54
   f:	07
  10:	83 f8 01             	cmp    $0x1,%eax
  13:	75 25                	jne    0x3a
  15:	9c                   	pushf
  16:	58                   	pop    %rax
  17:	a9 00 02 00 00       	test   $0x200,%eax
  1c:	75 39                	jne    0x57
  1e:	41 f7 c4 00 02 00 00 	test   $0x200,%r12d
  25:	74 01                	je     0x28
  27:	fb                   	sti
  28:	89 d8                	mov    %ebx,%eax
* 2a:	5b                   	pop    %rbx <-- trapping instruction
  2b:	41 5c                	pop    %r12
  2d:	41 5d                	pop    %r13
  2f:	41 5e                	pop    %r14
  31:	41 5f                	pop    %r15
  33:	5d                   	pop    %rbp
  34:	e9 0b e9 02 00       	jmp    0x2e944
  39:	cc                   	int3
  3a:	90                   	nop
  3b:	0f 0b                	ud2
  3d:	90                   	nop
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7