==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x42c9/0x5e70
Read of size 8 at addr ffff888019077458 by task syz-executor/7072

CPU: 1 PID: 7072 Comm: syz-executor Not tainted 6.1.0-rc8-next-20221208 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8f/0xb7
 print_report+0x175/0x478
 kasan_report+0xbf/0x1c0
 __lock_acquire+0x42c9/0x5e70
 lock_acquire+0x1a6/0x530
 _raw_spin_lock_irq+0x36/0x50
 kmemleak_scan+0x1a0/0x1600
 kmemleak_write+0x574/0x680
 full_proxy_write+0x121/0x190
 vfs_write+0x358/0xe40
 ksys_write+0x12b/0x260
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f6f319755c3
Code: 16 00 00 00 eb ae 90 b8 6e 00 00 00 eb a6 e8 44 ef 04 00 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
RSP: 002b:00007ffcf8277308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007ffcf8277948 RCX: 00007f6f319755c3
RDX: 0000000000000004 RSI: 00007f6f31a2bed9 RDI: 0000000000000003
RBP: 0000000000000002 R08: 00000000000003db R09: 00007ffcf83b7080
R10: 00007ffcf83b7090 R11: 0000000000000246 R12: 00000000fffffff6
R13: 00007ffcf8278ef1 R14: 0000000000000000 R15: 00000000000f0faa
 </TASK>

Allocated by task 101:
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x5c/0x70
 kmem_cache_alloc+0x1e1/0x410
 __create_object+0x3d/0xc10
 kmem_cache_alloc+0x273/0x410
 __alloc_file+0x21/0x240
 alloc_empty_file+0x71/0x170
 path_openat+0xd4/0x29b0
 do_filp_open+0x1ba/0x410
 do_sys_openat2+0x171/0x4c0
 __x64_sys_openat+0x143/0x200
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

Freed by task 13:
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 kasan_save_free_info+0x2e/0x50
 __kasan_slab_free+0x10a/0x190
 kmem_cache_free+0xfb/0x610
 rcu_core+0x7e2/0x2090
 __do_softirq+0x1c7/0x8f9

Last potentially related work creation:
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa40
 kmem_cache_free+0xc1/0x610
 rcu_core+0x7e2/0x2090
 __do_softirq+0x1c7/0x8f9

Second to last potentially related work creation:
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa40
 kmem_cache_free+0xc1/0x610
 rcu_core+0x7e2/0x2090
 __do_softirq+0x1c7/0x8f9

The buggy address belongs to the object at ffff888019077440
 which belongs to the cache kmemleak_object of size 368
The buggy address is located 24 bytes inside of
 368-byte region [ffff888019077440, ffff8880190775b0)

The buggy address belongs to the physical page:
page:000000008df277ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19076
head:000000008df277ea order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
anon flags: 0x100000000010200(slab|head|node=0|zone=1)
raw: 0100000000010200 ffff88800844f780 ffffea0000387680 dead000000000003
raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888019077300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff888019077380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888019077400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
                                                    ^
 ffff888019077480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888019077500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================