Warning: Permanently added '10.128.1.245' (ED25519) to the list of known hosts. 2025/12/11 13:28:41 parsed 1 programs [ 52.717889][ T23] audit: type=1400 audit(1765459721.970:109): avc: denied { unlink } for pid=395 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 52.749477][ T395] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.115339][ T23] audit: type=1401 audit(1765459722.370:110): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 53.284934][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.295511][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.304190][ T428] device bridge_slave_0 entered promiscuous mode [ 53.323584][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.330765][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.338243][ T428] device bridge_slave_1 entered promiscuous mode [ 53.376079][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.383134][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.390345][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.397375][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.413098][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.420248][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.427663][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.435486][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.444527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.452613][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.459614][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.467935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.476292][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.483313][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.494736][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.503492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.515035][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.525518][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.533437][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.540732][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.548627][ T428] device veth0_vlan entered promiscuous mode [ 53.557577][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.567046][ T428] device veth1_macvtap entered promiscuous mode [ 53.575386][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.584693][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/12/11 13:28:43 executed programs: 0 [ 53.871253][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.878287][ T452] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.886063][ T452] device bridge_slave_0 entered promiscuous mode [ 53.893624][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.900639][ T452] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.908653][ T452] device bridge_slave_1 entered promiscuous mode [ 53.931843][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.938873][ T459] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.946250][ T459] device bridge_slave_0 entered promiscuous mode [ 53.953820][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.960840][ T459] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.968300][ T459] device bridge_slave_1 entered promiscuous mode [ 54.008679][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.015744][ T454] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.023549][ T454] device bridge_slave_0 entered promiscuous mode [ 54.030296][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.037479][ T454] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.044877][ T454] device bridge_slave_1 entered promiscuous mode [ 54.101595][ T458] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.108629][ T458] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.116141][ T458] device bridge_slave_0 entered promiscuous mode [ 54.124425][ T458] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.131544][ T458] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.138832][ T458] device bridge_slave_1 entered promiscuous mode [ 54.169143][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.176199][ T457] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.183503][ T457] device bridge_slave_0 entered promiscuous mode [ 54.190215][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.197550][ T457] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.204884][ T457] device bridge_slave_1 entered promiscuous mode [ 54.261175][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.268210][ T452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.275459][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.282564][ T452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.307541][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.314860][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.370501][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.378650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.386494][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.394107][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.409978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.418294][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.426675][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.433702][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.442098][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.461379][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.469776][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.478153][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.485558][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.493384][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.502056][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.510120][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.517145][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.524531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.531950][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.539250][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.547540][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.555617][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.562647][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.569946][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.578192][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.586335][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.593359][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.600709][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.608727][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.616631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.624765][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.632719][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.640618][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.648497][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.669687][ T452] device veth0_vlan entered promiscuous mode [ 54.675943][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.684582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.692052][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.699531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.708838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.717081][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.724111][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.731643][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.739821][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.747991][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.755030][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.762341][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.770508][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.778654][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.785667][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.793128][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.801309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.809462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.817291][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.825131][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.832736][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.840034][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.850761][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.858129][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.865539][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.874762][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.882654][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.891039][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.899110][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.906132][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.919305][ T459] device veth0_vlan entered promiscuous mode [ 54.930085][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.937688][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.946011][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.954763][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.962362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.969783][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.978014][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.985965][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.994160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.006649][ T452] device veth1_macvtap entered promiscuous mode [ 55.027098][ T454] device veth0_vlan entered promiscuous mode [ 55.033510][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.043554][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.051550][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.059111][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.067846][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.075280][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.083680][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.091982][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.100039][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.108259][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.116418][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.123437][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.130982][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.138928][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.159312][ T459] device veth1_macvtap entered promiscuous mode [ 55.171682][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.179794][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.188869][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.201956][ T454] device veth1_macvtap entered promiscuous mode [ 55.208650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.219704][ T458] device veth0_vlan entered promiscuous mode [ 55.232633][ T457] device veth0_vlan entered promiscuous mode [ 55.246458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.254906][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.263458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.270806][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.278930][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.287282][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.295802][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.304164][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.313607][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.321978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.330177][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.338505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.353724][ T458] device veth1_macvtap entered promiscuous mode [ 55.365500][ T457] device veth1_macvtap entered promiscuous mode [ 55.376485][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.390002][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.412061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.419395][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.458729][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.477061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.487155][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.507319][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.517390][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.537752][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.551198][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.569530][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.861029][ T480] ====================================================== [ 55.861029][ T480] WARNING: the mand mount option is being deprecated and [ 55.861029][ T480] will be removed in v5.15! [ 55.861029][ T480] ====================================================== [ 55.978789][ T480] F2FS-fs (loop1): invalid crc value [ 56.011322][ T480] F2FS-fs (loop1): Found nat_bits in checkpoint [ 56.041592][ T47] device bridge_slave_1 left promiscuous mode [ 56.050923][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.068879][ T47] device bridge_slave_0 left promiscuous mode [ 56.088792][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.108968][ T47] device veth1_macvtap left promiscuous mode [ 56.121021][ T47] device veth0_vlan left promiscuous mode [ 56.139951][ T480] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 56.142288][ T482] F2FS-fs (loop3): invalid crc value [ 56.152947][ T23] audit: type=1400 audit(1765459725.400:111): avc: denied { mount } for pid=479 comm="syz.1.18" name="/" dev="loop1" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.174791][ T480] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 56.198062][ T480] CPU: 0 PID: 480 Comm: syz.1.18 Not tainted syzkaller #0 [ 56.205192][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.215249][ T480] Call Trace: [ 56.218544][ T480] dump_stack_lvl+0x81/0xac [ 56.223073][ T480] dump_stack+0x10/0x12 [ 56.227239][ T480] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.232775][ T480] f2fs_iget+0x351e/0x4a00 [ 56.237299][ T480] f2fs_lookup+0x491/0xc20 [ 56.241712][ T480] ? __recover_dot_dentries+0x530/0x530 [ 56.247259][ T480] ? __legitimize_path+0x6c/0x170 [ 56.252286][ T480] __lookup_slow+0x19b/0x3d0 [ 56.256865][ T480] ? page_put_link+0x80/0x80 [ 56.261468][ T480] ? inode_permission.part.0+0xc2/0x320 [ 56.267045][ T480] walk_component+0x3ad/0x710 [ 56.271728][ T480] ? handle_dots.part.0+0x11c0/0x11c0 [ 56.277090][ T480] ? walk_component+0x710/0x710 [ 56.281928][ T480] path_lookupat+0x112/0x6a0 [ 56.286510][ T480] ? _atomic_dec_and_lock+0x19/0xa0 [ 56.291698][ T480] filename_lookup+0x17f/0x510 [ 56.296452][ T480] ? may_linkat+0x200/0x200 [ 56.300958][ T480] ? __check_object_size+0x1df/0x270 [ 56.306250][ T480] ? kmem_cache_alloc+0x17f/0x4f0 [ 56.311271][ T480] ? getname_flags.part.0+0x8c/0x480 [ 56.316564][ T480] user_path_at_empty+0xa2/0xf0 [ 56.321409][ T480] do_sys_truncate.part.0+0x85/0x100 [ 56.326682][ T480] ? vfs_truncate+0x540/0x540 [ 56.331346][ T480] ? __kasan_check_write+0x14/0x20 [ 56.336441][ T480] ? switch_fpu_return+0xbf/0x1b0 [ 56.341449][ T480] __x64_sys_truncate+0x54/0x80 [ 56.346280][ T480] do_syscall_64+0x32/0x50 [ 56.350676][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.356552][ T480] RIP: 0033:0x7f0d971d0be9 [ 56.360967][ T480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.380562][ T480] RSP: 002b:00007f0d97041038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 56.388967][ T480] RAX: ffffffffffffffda RBX: 00007f0d973f7fa0 RCX: 00007f0d971d0be9 [ 56.396925][ T480] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 56.404882][ T480] RBP: 00007f0d97253e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.412843][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.420796][ T480] R13: 00007f0d973f8038 R14: 00007f0d973f7fa0 R15: 00007ffe96489fb8 [ 56.439540][ T482] F2FS-fs (loop3): Found nat_bits in checkpoint [ 56.446061][ T480] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 56.480554][ T484] F2FS-fs (loop0): invalid crc value [ 56.516886][ T484] F2FS-fs (loop0): Found nat_bits in checkpoint [ 56.542213][ T499] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 56.591198][ T499] CPU: 1 PID: 499 Comm: syz.1.18 Not tainted syzkaller #0 [ 56.598317][ T499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.608369][ T499] Call Trace: [ 56.611648][ T499] dump_stack_lvl+0x81/0xac [ 56.616140][ T499] dump_stack+0x10/0x12 [ 56.620391][ T499] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.625933][ T499] f2fs_iget+0x351e/0x4a00 [ 56.630365][ T499] f2fs_lookup+0x491/0xc20 [ 56.634768][ T499] ? __recover_dot_dentries+0x530/0x530 [ 56.640302][ T499] path_openat+0x1024/0x3950 [ 56.644885][ T499] ? path_lookupat+0x6a0/0x6a0 [ 56.649640][ T499] ? __slab_free+0x23f/0x560 [ 56.654226][ T499] ? __kasan_check_read+0x11/0x20 [ 56.659225][ T499] ? pagevec_add_and_need_flush+0x1b0/0x290 [ 56.665097][ T499] ? __mod_node_page_state+0xa6/0x110 [ 56.670451][ T499] do_filp_open+0x193/0x3d0 [ 56.674931][ T499] ? may_open_dev+0xd0/0xd0 [ 56.679411][ T499] ? __check_object_size+0x1df/0x270 [ 56.684757][ T499] ? _raw_spin_unlock+0x41/0x70 [ 56.689587][ T499] do_sys_openat2+0x135/0x810 [ 56.694241][ T499] ? recalc_sigpending+0x7c/0xb0 [ 56.699150][ T499] ? build_open_flags+0x490/0x490 [ 56.704146][ T499] ? __kasan_check_write+0x14/0x20 [ 56.709235][ T499] ? __handle_speculative_fault+0xee/0x280 [ 56.715018][ T499] __x64_sys_openat+0x124/0x200 [ 56.719850][ T499] ? __ia32_sys_open+0x1b0/0x1b0 [ 56.724763][ T499] ? exit_to_user_mode_prepare+0x36/0x160 [ 56.730462][ T499] ? irqentry_exit_to_user_mode+0xe/0x10 [ 56.736076][ T499] do_syscall_64+0x32/0x50 [ 56.740476][ T499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.746345][ T499] RIP: 0033:0x7f0d971d0be9 [ 56.750742][ T499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.770409][ T499] RSP: 002b:00007f0d97020038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 56.778802][ T499] RAX: ffffffffffffffda RBX: 00007f0d973f8090 RCX: 00007f0d971d0be9 [ 56.786749][ T499] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 56.794707][ T499] RBP: 00007f0d97253e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.802658][ T499] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 56.810605][ T499] R13: 00007f0d973f8128 R14: 00007f0d973f8090 R15: 00007ffe96489fb8 [ 56.825512][ T482] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 56.825638][ T484] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 56.833398][ T499] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 56.861367][ T482] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 56.879184][ T482] CPU: 0 PID: 482 Comm: syz.3.20 Not tainted syzkaller #0 [ 56.886306][ T482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.896360][ T482] Call Trace: [ 56.899643][ T482] dump_stack_lvl+0x81/0xac [ 56.904159][ T482] dump_stack+0x10/0x12 [ 56.908318][ T482] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.913867][ T482] f2fs_iget+0x351e/0x4a00 [ 56.918364][ T482] f2fs_lookup+0x491/0xc20 [ 56.922770][ T482] ? __recover_dot_dentries+0x530/0x530 [ 56.928307][ T482] ? __legitimize_path+0x6c/0x170 [ 56.933312][ T482] __lookup_slow+0x19b/0x3d0 [ 56.937877][ T482] ? page_put_link+0x80/0x80 [ 56.942618][ T482] ? inode_permission.part.0+0xc2/0x320 [ 56.948144][ T482] walk_component+0x3ad/0x710 [ 56.952807][ T482] ? handle_dots.part.0+0x11c0/0x11c0 [ 56.958160][ T482] ? walk_component+0x710/0x710 [ 56.963029][ T482] path_lookupat+0x112/0x6a0 [ 56.967596][ T482] ? _atomic_dec_and_lock+0x19/0xa0 [ 56.972806][ T482] filename_lookup+0x17f/0x510 [ 56.977547][ T482] ? may_linkat+0x200/0x200 [ 56.982113][ T482] ? __check_object_size+0x1df/0x270 [ 56.987395][ T482] ? kmem_cache_alloc+0x17f/0x4f0 [ 56.992394][ T482] ? getname_flags.part.0+0x8c/0x480 [ 56.997653][ T482] user_path_at_empty+0xa2/0xf0 [ 57.002484][ T482] do_sys_truncate.part.0+0x85/0x100 [ 57.007761][ T482] ? vfs_truncate+0x540/0x540 [ 57.012437][ T482] ? __kasan_check_write+0x14/0x20 [ 57.017527][ T482] ? switch_fpu_return+0xbf/0x1b0 [ 57.022528][ T482] __x64_sys_truncate+0x54/0x80 [ 57.027354][ T482] do_syscall_64+0x32/0x50 [ 57.031749][ T482] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.037638][ T482] RIP: 0033:0x7f968f5e9be9 [ 57.042032][ T482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.061619][ T482] RSP: 002b:00007f968f45a038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 57.070009][ T482] RAX: ffffffffffffffda RBX: 00007f968f810fa0 RCX: 00007f968f5e9be9 [ 57.077960][ T482] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 57.085910][ T482] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 57.093864][ T482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.101818][ T482] R13: 00007f968f811038 R14: 00007f968f810fa0 R15: 00007ffca8eaddd8 [ 57.110493][ T482] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.122919][ T506] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 57.129747][ T506] CPU: 1 PID: 506 Comm: syz.3.20 Not tainted syzkaller #0 [ 57.136853][ T506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 57.146915][ T506] Call Trace: [ 57.150197][ T506] dump_stack_lvl+0x81/0xac [ 57.154700][ T506] dump_stack+0x10/0x12 [ 57.158845][ T506] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.164383][ T506] f2fs_iget+0x351e/0x4a00 [ 57.168789][ T506] f2fs_lookup+0x491/0xc20 [ 57.173203][ T506] ? __recover_dot_dentries+0x530/0x530 [ 57.178740][ T506] path_openat+0x1024/0x3950 [ 57.183321][ T506] ? path_lookupat+0x6a0/0x6a0 [ 57.188084][ T506] ? __kasan_check_read+0x11/0x20 [ 57.193618][ T506] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.199497][ T506] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.205480][ T506] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.211184][ T506] ? __mod_node_page_state+0xa6/0x110 [ 57.216536][ T506] do_filp_open+0x193/0x3d0 [ 57.221035][ T506] ? may_open_dev+0xd0/0xd0 [ 57.225526][ T506] ? __check_object_size+0x1df/0x270 [ 57.230799][ T506] ? _raw_spin_unlock+0x41/0x70 [ 57.235677][ T506] do_sys_openat2+0x135/0x810 [ 57.240356][ T506] ? recalc_sigpending+0x7c/0xb0 [ 57.245280][ T506] ? build_open_flags+0x490/0x490 [ 57.250292][ T506] ? __kasan_check_write+0x14/0x20 [ 57.255385][ T506] ? __handle_speculative_fault+0xee/0x280 [ 57.261171][ T506] __x64_sys_openat+0x124/0x200 [ 57.266050][ T506] ? __ia32_sys_open+0x1b0/0x1b0 [ 57.270980][ T506] ? exit_to_user_mode_prepare+0x36/0x160 [ 57.276682][ T506] ? irqentry_exit_to_user_mode+0xe/0x10 [ 57.282310][ T506] do_syscall_64+0x32/0x50 [ 57.286714][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.292596][ T506] RIP: 0033:0x7f968f5e9be9 [ 57.296995][ T506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.316584][ T506] RSP: 002b:00007f968f439038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 57.324978][ T506] RAX: ffffffffffffffda RBX: 00007f968f811090 RCX: 00007f968f5e9be9 [ 57.332929][ T506] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 57.340885][ T506] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 57.348844][ T506] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 57.356798][ T506] R13: 00007f968f811128 R14: 00007f968f811090 R15: 00007ffca8eaddd8 [ 57.367170][ T484] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 57.369306][ T506] ================================================================== [ 57.375188][ T484] CPU: 0 PID: 484 Comm: syz.0.17 Not tainted syzkaller #0 [ 57.381910][ T506] BUG: KASAN: use-after-free in f2fs_iget+0x4321/0x4a00 [ 57.388987][ T484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 57.395902][ T506] Read of size 4 at addr ffff88810dee41e4 by task syz.3.20/506 [ 57.405935][ T484] Call Trace: [ 57.413460][ T506] [ 57.416746][ T484] dump_stack_lvl+0x81/0xac [ 57.423530][ T484] dump_stack+0x10/0x12 [ 57.427666][ T484] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.433191][ T484] f2fs_iget+0x351e/0x4a00 [ 57.437630][ T484] f2fs_lookup+0x491/0xc20 [ 57.442046][ T484] ? __recover_dot_dentries+0x530/0x530 [ 57.447578][ T484] ? __legitimize_path+0x6c/0x170 [ 57.452583][ T484] __lookup_slow+0x19b/0x3d0 [ 57.457184][ T484] ? page_put_link+0x80/0x80 [ 57.461755][ T484] ? inode_permission.part.0+0xc2/0x320 [ 57.467286][ T484] walk_component+0x3ad/0x710 [ 57.471946][ T484] ? handle_dots.part.0+0x11c0/0x11c0 [ 57.477301][ T484] ? walk_component+0x710/0x710 [ 57.482138][ T484] path_lookupat+0x112/0x6a0 [ 57.486709][ T484] ? _atomic_dec_and_lock+0x19/0xa0 [ 57.491892][ T484] filename_lookup+0x17f/0x510 [ 57.496643][ T484] ? may_linkat+0x200/0x200 [ 57.501130][ T484] ? __check_object_size+0x1df/0x270 [ 57.506399][ T484] ? kmem_cache_alloc+0x17f/0x4f0 [ 57.511419][ T484] ? getname_flags.part.0+0x8c/0x480 [ 57.516688][ T484] user_path_at_empty+0xa2/0xf0 [ 57.521538][ T484] do_sys_truncate.part.0+0x85/0x100 [ 57.526809][ T484] ? vfs_truncate+0x540/0x540 [ 57.531466][ T484] ? __kasan_check_write+0x14/0x20 [ 57.536563][ T484] ? switch_fpu_return+0xbf/0x1b0 [ 57.541569][ T484] __x64_sys_truncate+0x54/0x80 [ 57.546400][ T484] do_syscall_64+0x32/0x50 [ 57.550799][ T484] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.556675][ T484] RIP: 0033:0x7efd0e604be9 [ 57.561078][ T484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.580674][ T484] RSP: 002b:00007efd0e475038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 57.589065][ T484] RAX: ffffffffffffffda RBX: 00007efd0e82bfa0 RCX: 00007efd0e604be9 [ 57.597020][ T484] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 57.604975][ T484] RBP: 00007efd0e687e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.612936][ T484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.620913][ T484] R13: 00007efd0e82c038 R14: 00007efd0e82bfa0 R15: 00007ffe62a633d8 [ 57.628891][ T506] CPU: 1 PID: 506 Comm: syz.3.20 Not tainted syzkaller #0 [ 57.630327][ T484] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.636003][ T506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 57.636006][ T506] Call Trace: [ 57.636014][ T506] dump_stack_lvl+0x81/0xac [ 57.636042][ T506] print_address_description.constprop.0+0x24/0x160 [ 57.672709][ T506] ? f2fs_iget+0x4321/0x4a00 [ 57.677295][ T506] kasan_report.cold+0x82/0xdb [ 57.682037][ T506] ? f2fs_iget+0x4321/0x4a00 [ 57.686608][ T506] __asan_report_load4_noabort+0x14/0x20 [ 57.692220][ T506] f2fs_iget+0x4321/0x4a00 [ 57.696616][ T506] f2fs_lookup+0x491/0xc20 [ 57.701020][ T506] ? __recover_dot_dentries+0x530/0x530 [ 57.706545][ T506] path_openat+0x1024/0x3950 [ 57.711125][ T506] ? path_lookupat+0x6a0/0x6a0 [ 57.715866][ T506] ? __kasan_check_read+0x11/0x20 [ 57.720870][ T506] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.726744][ T506] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.732701][ T506] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.738395][ T506] ? __mod_node_page_state+0xa6/0x110 [ 57.743740][ T506] do_filp_open+0x193/0x3d0 [ 57.748214][ T506] ? may_open_dev+0xd0/0xd0 [ 57.752694][ T506] ? __check_object_size+0x1df/0x270 [ 57.757992][ T506] ? _raw_spin_unlock+0x41/0x70 [ 57.762823][ T506] do_sys_openat2+0x135/0x810 [ 57.767483][ T506] ? recalc_sigpending+0x7c/0xb0 [ 57.772405][ T506] ? build_open_flags+0x490/0x490 [ 57.777403][ T506] ? __kasan_check_write+0x14/0x20 [ 57.782489][ T506] ? __handle_speculative_fault+0xee/0x280 [ 57.788269][ T506] __x64_sys_openat+0x124/0x200 [ 57.793113][ T506] ? __ia32_sys_open+0x1b0/0x1b0 [ 57.798028][ T506] ? exit_to_user_mode_prepare+0x36/0x160 [ 57.803721][ T506] ? irqentry_exit_to_user_mode+0xe/0x10 [ 57.809328][ T506] do_syscall_64+0x32/0x50 [ 57.813726][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.819607][ T506] RIP: 0033:0x7f968f5e9be9 [ 57.824005][ T506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.843584][ T506] RSP: 002b:00007f968f439038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 57.851971][ T506] RAX: ffffffffffffffda RBX: 00007f968f811090 RCX: 00007f968f5e9be9 [ 57.859924][ T506] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 57.867871][ T506] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 57.875818][ T506] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 57.883777][ T506] R13: 00007f968f811128 R14: 00007f968f811090 R15: 00007ffca8eaddd8 [ 57.891737][ T506] [ 57.894044][ T506] Allocated by task 482: [ 57.898267][ T506] kasan_save_stack+0x26/0x50 [ 57.902919][ T506] __kasan_slab_alloc+0x94/0xc0 [ 57.907747][ T506] kmem_cache_alloc+0x15d/0x4f0 [ 57.912575][ T506] f2fs_init_extent_tree+0x98f/0xdf0 [ 57.917850][ T506] f2fs_iget+0xa75/0x4a00 [ 57.922159][ T506] f2fs_lookup+0x491/0xc20 [ 57.926552][ T506] __lookup_slow+0x19b/0x3d0 [ 57.931118][ T506] walk_component+0x3ad/0x710 [ 57.935772][ T506] path_lookupat+0x112/0x6a0 [ 57.940340][ T506] filename_lookup+0x17f/0x510 [ 57.945082][ T506] user_path_at_empty+0xa2/0xf0 [ 57.949909][ T506] do_sys_truncate.part.0+0x85/0x100 [ 57.955170][ T506] __x64_sys_truncate+0x54/0x80 [ 57.960010][ T506] do_syscall_64+0x32/0x50 [ 57.964429][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.970297][ T506] [ 57.972609][ T506] Freed by task 482: [ 57.976488][ T506] kasan_save_stack+0x26/0x50 [ 57.981145][ T506] kasan_set_track+0x25/0x30 [ 57.985714][ T506] kasan_set_free_info+0x24/0x40 [ 57.990629][ T506] __kasan_slab_free+0x111/0x150 [ 57.995543][ T506] slab_free_freelist_hook+0x9b/0x1a0 [ 58.001326][ T506] kmem_cache_free+0x106/0x440 [ 58.006067][ T506] f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.011600][ T506] f2fs_evict_inode+0x335/0x1680 [ 58.016520][ T506] evict+0x372/0x940 [ 58.020391][ T506] iput.part.0+0x33b/0x640 [ 58.024786][ T506] iput+0x3f/0x50 [ 58.028399][ T506] iget_failed+0x1e/0x30 [ 58.032621][ T506] f2fs_iget+0x22be/0x4a00 [ 58.037013][ T506] f2fs_lookup+0x491/0xc20 [ 58.041414][ T506] __lookup_slow+0x19b/0x3d0 [ 58.046020][ T506] walk_component+0x3ad/0x710 [ 58.050671][ T506] path_lookupat+0x112/0x6a0 [ 58.055242][ T506] filename_lookup+0x17f/0x510 [ 58.059989][ T506] user_path_at_empty+0xa2/0xf0 [ 58.064815][ T506] do_sys_truncate.part.0+0x85/0x100 [ 58.070076][ T506] __x64_sys_truncate+0x54/0x80 [ 58.074903][ T506] do_syscall_64+0x32/0x50 [ 58.079303][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.085182][ T506] [ 58.087485][ T506] The buggy address belongs to the object at ffff88810dee41c0 [ 58.087485][ T506] which belongs to the cache f2fs_extent_tree of size 80 [ 58.102033][ T506] The buggy address is located 36 bytes inside of [ 58.102033][ T506] 80-byte region [ffff88810dee41c0, ffff88810dee4210) [ 58.115200][ T506] The buggy address belongs to the page: [ 58.121077][ T506] page:ffffea000437b900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dee4 [ 58.131309][ T506] flags: 0x4000000000000200(slab) [ 58.136312][ T506] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888104580300 [ 58.144882][ T506] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 58.153460][ T506] page dumped because: kasan: bad access detected [ 58.159851][ T506] page_owner tracks the page as allocated [ 58.165546][ T506] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 499, ts 56542183092, free_ts 55763625825 [ 58.184442][ T506] get_page_from_freelist+0x1fee/0x2ad0 [ 58.189967][ T506] __alloc_pages_nodemask+0x2ae/0x2530 [ 58.195402][ T506] allocate_slab+0x30f/0x460 [ 58.199967][ T506] ___slab_alloc.constprop.0+0x32b/0x730 [ 58.205660][ T506] kmem_cache_alloc+0x491/0x4f0 [ 58.210489][ T506] f2fs_init_extent_tree+0x98f/0xdf0 [ 58.215758][ T506] f2fs_iget+0xa75/0x4a00 [ 58.220082][ T506] f2fs_lookup+0x491/0xc20 [ 58.224471][ T506] path_openat+0x1024/0x3950 [ 58.229036][ T506] do_filp_open+0x193/0x3d0 [ 58.233517][ T506] do_sys_openat2+0x135/0x810 [ 58.238171][ T506] __x64_sys_openat+0x124/0x200 [ 58.242998][ T506] do_syscall_64+0x32/0x50 [ 58.247390][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.253256][ T506] page last free stack trace: [ 58.257908][ T506] free_pcp_prepare+0x1a7/0x230 [ 58.262734][ T506] free_unref_page+0x19/0x270 [ 58.267390][ T506] __free_pages+0xba/0xf0 [ 58.271694][ T506] __free_slab+0xde/0x1d0 [ 58.276003][ T506] discard_slab+0x2b/0x40 [ 58.280311][ T506] unfreeze_partials+0x1e1/0x240 [ 58.285351][ T506] put_cpu_partial+0xce/0x120 [ 58.290003][ T506] __slab_free+0x23f/0x560 [ 58.294395][ T506] ___cache_free+0x255/0x2b0 [ 58.298959][ T506] qlist_free_all+0x71/0x150 [ 58.303529][ T506] kasan_quarantine_reduce+0x15f/0x1c0 [ 58.308960][ T506] __kasan_slab_alloc+0xaa/0xc0 [ 58.313783][ T506] kmem_cache_alloc+0x15d/0x4f0 [ 58.318607][ T506] __alloc_skb+0x41/0x4d0 [ 58.322913][ T506] rtmsg_ifinfo_build_skb+0x70/0x160 [ 58.328173][ T506] unregister_netdevice_many+0xe93/0x14c0 [ 58.333867][ T506] [ 58.336180][ T506] Memory state around the buggy address: [ 58.341797][ T506] ffff88810dee4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.349841][ T506] ffff88810dee4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.357876][ T506] >ffff88810dee4180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 58.365915][ T506] ^ [ 58.373094][ T506] ffff88810dee4200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.381136][ T506] ffff88810dee4280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.389264][ T506] ================================================================== [ 58.397326][ T506] Disabling lock debugging due to kernel taint [ 58.406387][ T484] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 58.413169][ T506] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 58.413181][ T506] ================================================================== [ 58.413189][ T506] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 58.413190][ T506] [ 58.413195][ T506] CPU: 1 PID: 506 Comm: syz.3.20 Tainted: G B syzkaller #0 [ 58.413202][ T506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 58.460923][ T23] audit: type=1400 audit(1765459727.670:112): avc: denied { read } for pid=73 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 58.462799][ T506] Call Trace: [ 58.487767][ T506] dump_stack_lvl+0x81/0xac [ 58.492258][ T506] print_address_description.constprop.0+0x24/0x160 [ 58.494656][ T23] audit: type=1400 audit(1765459727.670:113): avc: denied { search } for pid=73 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.498966][ T506] ? kmem_cache_free+0x106/0x440 [ 58.525205][ T506] kasan_report_invalid_free+0x56/0x80 [ 58.530649][ T506] ? kmem_cache_free+0x106/0x440 [ 58.535572][ T506] __kasan_slab_free+0x134/0x150 [ 58.540492][ T506] slab_free_freelist_hook+0x9b/0x1a0 [ 58.540633][ T23] audit: type=1400 audit(1765459727.670:114): avc: denied { write } for pid=73 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.545843][ T506] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.545847][ T506] kmem_cache_free+0x106/0x440 [ 58.545853][ T506] f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.545858][ T506] f2fs_evict_inode+0x335/0x1680 [ 58.545865][ T506] ? down_trylock+0x58/0x80 [ 58.577366][ T23] audit: type=1400 audit(1765459727.670:115): avc: denied { add_name } for pid=73 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.577482][ T506] ? preempt_count_add+0x7a/0x100 [ 58.577489][ T506] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 58.587430][ T23] audit: type=1400 audit(1765459727.670:116): avc: denied { create } for pid=73 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.587924][ T506] ? f2fs_write_inode+0x1010/0x1010 [ 58.606254][ T23] audit: type=1400 audit(1765459727.670:117): avc: denied { append open } for pid=73 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.612969][ T506] ? var_wake_function+0x130/0x130 [ 58.612975][ T506] ? _raw_spin_lock_bh+0x110/0x110 [ 58.612984][ T506] ? vprintk_func+0x5a/0x150 [ 58.630907][ T23] audit: type=1400 audit(1765459727.670:118): avc: denied { getattr } for pid=73 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.644145][ T506] ? _raw_spin_lock_bh+0x110/0x110 [ 58.644152][ T506] evict+0x372/0x940 [ 58.644157][ T506] ? new_inode+0x2f0/0x2f0 [ 58.644160][ T506] ? _raw_spin_lock+0x86/0x110 [ 58.644163][ T506] ? _raw_spin_lock_bh+0x110/0x110 [ 58.644168][ T506] ? __kasan_check_read+0x11/0x20 [ 58.644173][ T506] ? f2fs_drop_inode+0x71/0x910 [ 58.644177][ T506] iput.part.0+0x33b/0x640 [ 58.644183][ T506] iput+0x3f/0x50 [ 58.750649][ T506] iget_failed+0x1e/0x30 [ 58.754882][ T506] f2fs_iget+0x22be/0x4a00 [ 58.759298][ T506] f2fs_lookup+0x491/0xc20 [ 58.763696][ T506] ? __recover_dot_dentries+0x530/0x530 [ 58.769248][ T506] path_openat+0x1024/0x3950 [ 58.773837][ T506] ? path_lookupat+0x6a0/0x6a0 [ 58.778598][ T506] ? __kasan_check_read+0x11/0x20 [ 58.783624][ T506] ? pagevec_add_and_need_flush+0x216/0x290 [ 58.789508][ T506] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 58.795491][ T506] ? __mod_memcg_lruvec_state+0x118/0x330 [ 58.801205][ T506] ? __mod_node_page_state+0xa6/0x110 [ 58.806565][ T506] do_filp_open+0x193/0x3d0 [ 58.811052][ T506] ? may_open_dev+0xd0/0xd0 [ 58.815546][ T506] ? __check_object_size+0x1df/0x270 [ 58.820826][ T506] ? _raw_spin_unlock+0x41/0x70 [ 58.825670][ T506] do_sys_openat2+0x135/0x810 [ 58.830333][ T506] ? recalc_sigpending+0x7c/0xb0 [ 58.835249][ T506] ? build_open_flags+0x490/0x490 [ 58.840261][ T506] ? __kasan_check_write+0x14/0x20 [ 58.843678][ T488] F2FS-fs (loop2): invalid crc value [ 58.845356][ T506] ? __handle_speculative_fault+0xee/0x280 [ 58.856424][ T506] __x64_sys_openat+0x124/0x200 [ 58.861276][ T506] ? __ia32_sys_open+0x1b0/0x1b0 [ 58.866216][ T506] ? exit_to_user_mode_prepare+0x36/0x160 [ 58.871926][ T506] ? irqentry_exit_to_user_mode+0xe/0x10 [ 58.877543][ T506] do_syscall_64+0x32/0x50 [ 58.881937][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.887810][ T506] RIP: 0033:0x7f968f5e9be9 [ 58.892209][ T506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.911794][ T506] RSP: 002b:00007f968f439038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 58.920187][ T506] RAX: ffffffffffffffda RBX: 00007f968f811090 RCX: 00007f968f5e9be9 [ 58.928141][ T506] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 58.936100][ T506] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 58.944064][ T506] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 58.952020][ T506] R13: 00007f968f811128 R14: 00007f968f811090 R15: 00007ffca8eaddd8 [ 58.959979][ T506] [ 58.959987][ T484] CPU: 0 PID: 484 Comm: syz.0.17 Tainted: G B syzkaller #0 [ 58.962291][ T506] Allocated by task 482: [ 58.970784][ T484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 58.975008][ T506] kasan_save_stack+0x26/0x50 [ 58.985036][ T484] Call Trace: [ 58.989693][ T506] __kasan_slab_alloc+0x94/0xc0 [ 58.992953][ T484] dump_stack_lvl+0x81/0xac [ 58.997773][ T506] kmem_cache_alloc+0x15d/0x4f0 [ 59.002270][ T484] dump_stack+0x10/0x12 [ 59.007120][ T506] f2fs_init_extent_tree+0x98f/0xdf0 [ 59.011258][ T484] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 59.016634][ T506] f2fs_iget+0xa75/0x4a00 [ 59.022162][ T484] f2fs_iget+0x351e/0x4a00 [ 59.026464][ T506] f2fs_lookup+0x491/0xc20 [ 59.030860][ T484] f2fs_lookup+0x491/0xc20 [ 59.035261][ T506] __lookup_slow+0x19b/0x3d0 [ 59.039659][ T484] ? __recover_dot_dentries+0x530/0x530 [ 59.044234][ T506] walk_component+0x3ad/0x710 [ 59.049757][ T484] path_openat+0x1024/0x3950 [ 59.054583][ T506] path_lookupat+0x112/0x6a0 [ 59.059147][ T484] ? path_lookupat+0x6a0/0x6a0 [ 59.063711][ T506] filename_lookup+0x17f/0x510 [ 59.068452][ T484] ? futex_wake+0x379/0x590 [ 59.073198][ T506] user_path_at_empty+0xa2/0xf0 [ 59.077681][ T484] do_filp_open+0x193/0x3d0 [ 59.082510][ T506] do_sys_truncate.part.0+0x85/0x100 [ 59.086991][ T484] ? may_open_dev+0xd0/0xd0 [ 59.092261][ T506] __x64_sys_truncate+0x54/0x80 [ 59.096739][ T484] ? __check_object_size+0x1df/0x270 [ 59.101740][ T506] do_syscall_64+0x32/0x50 [ 59.106997][ T484] ? _raw_spin_unlock+0x41/0x70 [ 59.111428][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.116264][ T484] do_sys_openat2+0x135/0x810 [ 59.122134][ T506] [ 59.126799][ T484] ? build_open_flags+0x490/0x490 [ 59.129285][ T506] Freed by task 482: [ 59.134302][ T484] __x64_sys_openat+0x124/0x200 [ 59.138187][ T506] kasan_save_stack+0x26/0x50 [ 59.143456][ T484] ? __ia32_sys_open+0x1b0/0x1b0 [ 59.148113][ T506] kasan_set_track+0x25/0x30 [ 59.153039][ T484] ? exit_to_user_mode_prepare+0xa8/0x160 [ 59.157594][ T506] kasan_set_free_info+0x24/0x40 [ 59.163296][ T484] do_syscall_64+0x32/0x50 [ 59.168207][ T506] __kasan_slab_free+0x111/0x150 [ 59.172597][ T484] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.177508][ T506] slab_free_freelist_hook+0x9b/0x1a0 [ 59.183459][ T484] RIP: 0033:0x7efd0e604be9 [ 59.188808][ T506] kmem_cache_free+0x106/0x440 [ 59.193200][ T484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.197951][ T506] f2fs_destroy_extent_tree+0x174/0x4b0 [ 59.217630][ T484] RSP: 002b:00007efd0e475038 EFLAGS: 00000246 [ 59.223168][ T506] f2fs_evict_inode+0x335/0x1680 [ 59.223171][ T484] ORIG_RAX: 0000000000000101 [ 59.223177][ T484] RAX: ffffffffffffffda RBX: 00007efd0e82bfa0 RCX: 00007efd0e604be9 [ 59.229244][ T506] evict+0x372/0x940 2025/12/11 13:28:48 executed programs: 16 [ 59.234247][ T484] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 59.238901][ T506] iput.part.0+0x33b/0x640 [ 59.246852][ T484] RBP: 00007efd0e687e19 R08: 0000000000000000 R09: 0000000000000000 [ 59.250727][ T506] iput+0x3f/0x50 [ 59.258694][ T484] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 59.263121][ T506] iget_failed+0x1e/0x30 [ 59.271079][ T484] R13: 00007efd0e82c038 R14: 00007efd0e82bfa0 R15: 00007ffe62a633d8 [ 59.274713][ T506] f2fs_iget+0x22be/0x4a00 [ 59.285027][ T484] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.286904][ T506] f2fs_lookup+0x491/0xc20 [ 59.315972][ T506] __lookup_slow+0x19b/0x3d0 [ 59.320572][ T506] walk_component+0x3ad/0x710 [ 59.325252][ T506] path_lookupat+0x112/0x6a0 [ 59.329835][ T506] filename_lookup+0x17f/0x510 [ 59.334592][ T506] user_path_at_empty+0xa2/0xf0 [ 59.339438][ T506] do_sys_truncate.part.0+0x85/0x100 [ 59.344721][ T506] __x64_sys_truncate+0x54/0x80 [ 59.349571][ T506] do_syscall_64+0x32/0x50 [ 59.353981][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.359855][ T506] [ 59.362248][ T506] The buggy address belongs to the object at ffff88810dee41c0 [ 59.362248][ T506] which belongs to the cache f2fs_extent_tree of size 80 [ 59.376644][ T506] The buggy address is located 0 bytes inside of [ 59.376644][ T506] 80-byte region [ffff88810dee41c0, ffff88810dee4210) [ 59.389640][ T506] The buggy address belongs to the page: [ 59.395280][ T506] page:ffffea000437b900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dee4 [ 59.405604][ T506] flags: 0x4000000000000200(slab) [ 59.410621][ T506] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888104580300 [ 59.419196][ T506] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 59.427799][ T506] page dumped because: kasan: bad access detected [ 59.434288][ T506] page_owner tracks the page as allocated [ 59.439998][ T506] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 499, ts 56542183092, free_ts 55763625825 [ 59.458911][ T506] get_page_from_freelist+0x1fee/0x2ad0 [ 59.464455][ T506] __alloc_pages_nodemask+0x2ae/0x2530 [ 59.469922][ T506] allocate_slab+0x30f/0x460 [ 59.474513][ T506] ___slab_alloc.constprop.0+0x32b/0x730 [ 59.480136][ T506] kmem_cache_alloc+0x491/0x4f0 [ 59.484982][ T506] f2fs_init_extent_tree+0x98f/0xdf0 [ 59.490257][ T506] f2fs_iget+0xa75/0x4a00 [ 59.494587][ T506] f2fs_lookup+0x491/0xc20 [ 59.498996][ T506] path_openat+0x1024/0x3950 [ 59.503576][ T506] do_filp_open+0x193/0x3d0 [ 59.508066][ T506] do_sys_openat2+0x135/0x810 [ 59.512730][ T506] __x64_sys_openat+0x124/0x200 [ 59.517567][ T506] do_syscall_64+0x32/0x50 [ 59.521985][ T506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.527973][ T506] page last free stack trace: [ 59.532652][ T506] free_pcp_prepare+0x1a7/0x230 [ 59.537485][ T506] free_unref_page+0x19/0x270 [ 59.542149][ T506] __free_pages+0xba/0xf0 [ 59.546464][ T506] __free_slab+0xde/0x1d0 [ 59.550784][ T506] discard_slab+0x2b/0x40 [ 59.555104][ T506] unfreeze_partials+0x1e1/0x240 [ 59.560029][ T506] put_cpu_partial+0xce/0x120 [ 59.564693][ T506] __slab_free+0x23f/0x560 [ 59.569103][ T506] ___cache_free+0x255/0x2b0 [ 59.573682][ T506] qlist_free_all+0x71/0x150 [ 59.578255][ T506] kasan_quarantine_reduce+0x15f/0x1c0 [ 59.583795][ T506] __kasan_slab_alloc+0xaa/0xc0 [ 59.588632][ T506] kmem_cache_alloc+0x15d/0x4f0 [ 59.593470][ T506] __alloc_skb+0x41/0x4d0 [ 59.597870][ T506] rtmsg_ifinfo_build_skb+0x70/0x160 [ 59.603146][ T506] unregister_netdevice_many+0xe93/0x14c0 [ 59.608848][ T506] [ 59.611159][ T506] Memory state around the buggy address: [ 59.616774][ T506] ffff88810dee4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.624827][ T506] ffff88810dee4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.632876][ T506] >ffff88810dee4180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 59.640933][ T506] ^ [ 59.647073][ T506] ffff88810dee4200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.655132][ T506] ffff88810dee4280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.663181][ T506] ================================================================== [ 59.673315][ T488] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-4) [ 60.146015][ T509] F2FS-fs (loop5): invalid crc value [ 60.199072][ T509] F2FS-fs (loop5): Found nat_bits in checkpoint [ 60.309739][ T513] F2FS-fs (loop1): invalid crc value [ 60.315126][ T509] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 60.341554][ T509] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 60.358425][ T509] CPU: 0 PID: 509 Comm: syz.5.23 Tainted: G B syzkaller #0 [ 60.366936][ T509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 60.376987][ T509] Call Trace: [ 60.380271][ T509] dump_stack_lvl+0x81/0xac [ 60.384772][ T509] dump_stack+0x10/0x12 [ 60.388916][ T509] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.394454][ T509] f2fs_iget+0x351e/0x4a00 [ 60.398857][ T509] f2fs_lookup+0x491/0xc20 [ 60.403258][ T509] ? __recover_dot_dentries+0x530/0x530 [ 60.408798][ T509] ? __legitimize_path+0x6c/0x170 [ 60.413910][ T509] __lookup_slow+0x19b/0x3d0 [ 60.418634][ T509] ? page_put_link+0x80/0x80 [ 60.423244][ T509] ? inode_permission.part.0+0xc2/0x320 [ 60.428783][ T509] walk_component+0x3ad/0x710 [ 60.433592][ T509] ? handle_dots.part.0+0x11c0/0x11c0 [ 60.438954][ T509] ? walk_component+0x710/0x710 [ 60.443886][ T509] path_lookupat+0x112/0x6a0 [ 60.448472][ T509] ? setup_object.isra.0+0x22/0xd0 [ 60.453583][ T509] filename_lookup+0x17f/0x510 [ 60.458354][ T509] ? may_linkat+0x200/0x200 [ 60.462856][ T509] ? ___slab_alloc.constprop.0+0x32b/0x730 [ 60.468665][ T509] ? __check_object_size+0x1df/0x270 [ 60.473948][ T509] ? kmem_cache_alloc+0x17f/0x4f0 [ 60.478969][ T509] ? getname_flags.part.0+0x8c/0x480 [ 60.484262][ T509] user_path_at_empty+0xa2/0xf0 [ 60.489108][ T509] do_sys_truncate.part.0+0x85/0x100 [ 60.494382][ T509] ? vfs_truncate+0x540/0x540 [ 60.499049][ T509] ? __kasan_check_write+0x14/0x20 [ 60.504150][ T509] ? switch_fpu_return+0xbf/0x1b0 [ 60.509167][ T509] __x64_sys_truncate+0x54/0x80 [ 60.514010][ T509] do_syscall_64+0x32/0x50 [ 60.518424][ T509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.524309][ T509] RIP: 0033:0x7fe2d0761be9 [ 60.528714][ T509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.548414][ T509] RSP: 002b:00007fe2d05d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.556816][ T509] RAX: ffffffffffffffda RBX: 00007fe2d0988fa0 RCX: 00007fe2d0761be9 [ 60.564782][ T509] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.572918][ T509] RBP: 00007fe2d07e4e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.580881][ T509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.588846][ T509] R13: 00007fe2d0989038 R14: 00007fe2d0988fa0 R15: 00007ffe4949ac98 [ 60.612773][ T513] F2FS-fs (loop1): Found nat_bits in checkpoint [ 60.680918][ T513] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 60.691081][ T513] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 60.697770][ T513] CPU: 0 PID: 513 Comm: syz.1.22 Tainted: G B syzkaller #0 [ 60.706255][ T513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 60.716394][ T513] Call Trace: [ 60.719676][ T513] dump_stack_lvl+0x81/0xac [ 60.724168][ T513] dump_stack+0x10/0x12 [ 60.728310][ T513] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.733844][ T513] f2fs_iget+0x351e/0x4a00 [ 60.738253][ T513] f2fs_lookup+0x491/0xc20 [ 60.742670][ T513] ? __recover_dot_dentries+0x530/0x530 [ 60.748215][ T513] ? __legitimize_path+0x6c/0x170 [ 60.753236][ T513] __lookup_slow+0x19b/0x3d0 [ 60.753845][ T519] F2FS-fs (loop2): invalid crc value [ 60.757857][ T513] ? page_put_link+0x80/0x80 [ 60.757862][ T513] ? inode_permission.part.0+0xc2/0x320 [ 60.757869][ T513] walk_component+0x3ad/0x710 [ 60.778081][ T513] ? handle_dots.part.0+0x11c0/0x11c0 [ 60.783444][ T513] ? walk_component+0x710/0x710 [ 60.788292][ T513] path_lookupat+0x112/0x6a0 [ 60.792875][ T513] ? _atomic_dec_and_lock+0x19/0xa0 [ 60.798060][ T513] filename_lookup+0x17f/0x510 [ 60.802813][ T513] ? may_linkat+0x200/0x200 [ 60.807301][ T513] ? __check_object_size+0x1df/0x270 [ 60.812569][ T513] ? kmem_cache_alloc+0x17f/0x4f0 [ 60.817582][ T513] ? getname_flags.part.0+0x8c/0x480 [ 60.822858][ T513] user_path_at_empty+0xa2/0xf0 [ 60.827704][ T513] do_sys_truncate.part.0+0x85/0x100 [ 60.832990][ T513] ? vfs_truncate+0x540/0x540 [ 60.837657][ T513] ? __kasan_check_write+0x14/0x20 [ 60.843019][ T513] ? switch_fpu_return+0xbf/0x1b0 [ 60.848046][ T513] __x64_sys_truncate+0x54/0x80 [ 60.852903][ T513] do_syscall_64+0x32/0x50 [ 60.857332][ T513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.863230][ T513] RIP: 0033:0x7f0d971d0be9 [ 60.867640][ T513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.887243][ T513] RSP: 002b:00007f0d97041038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.895800][ T513] RAX: ffffffffffffffda RBX: 00007f0d973f7fa0 RCX: 00007f0d971d0be9 [ 60.903766][ T513] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.911734][ T513] RBP: 00007f0d97253e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.919698][ T513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.927666][ T513] R13: 00007f0d973f8038 R14: 00007f0d973f7fa0 R15: 00007ffe96489fb8 [ 60.962250][ T519] F2FS-fs (loop2): Found nat_bits in checkpoint [ 61.019469][ T523] F2FS-fs (loop3): invalid crc value [ 61.020992][ T519] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 61.038188][ T509] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.050909][ T529] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 61.059771][ T519] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 61.067028][ T523] F2FS-fs (loop3): Found nat_bits in checkpoint [ 61.067053][ T529] CPU: 1 PID: 529 Comm: syz.5.23 Tainted: G B syzkaller #0 [ 61.081811][ T529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.091872][ T529] Call Trace: [ 61.095149][ T529] dump_stack_lvl+0x81/0xac [ 61.099724][ T529] dump_stack+0x10/0x12 [ 61.103873][ T529] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.109414][ T529] f2fs_iget+0x351e/0x4a00 [ 61.113841][ T529] f2fs_lookup+0x491/0xc20 [ 61.118240][ T529] ? __recover_dot_dentries+0x530/0x530 [ 61.123799][ T529] path_openat+0x1024/0x3950 [ 61.128398][ T529] ? path_lookupat+0x6a0/0x6a0 [ 61.133156][ T529] ? __kasan_check_read+0x11/0x20 [ 61.138175][ T529] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.144059][ T529] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.150030][ T529] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.155755][ T529] ? __mod_node_page_state+0xa6/0x110 [ 61.161115][ T529] do_filp_open+0x193/0x3d0 [ 61.165615][ T529] ? may_open_dev+0xd0/0xd0 [ 61.170117][ T529] ? __check_object_size+0x1df/0x270 [ 61.175401][ T529] ? _raw_spin_unlock+0x41/0x70 [ 61.180254][ T529] do_sys_openat2+0x135/0x810 [ 61.184922][ T529] ? recalc_sigpending+0x7c/0xb0 [ 61.189848][ T529] ? build_open_flags+0x490/0x490 [ 61.194860][ T529] ? __kasan_check_write+0x14/0x20 [ 61.199956][ T529] ? __handle_speculative_fault+0xee/0x280 [ 61.204071][ T515] F2FS-fs (loop0): invalid crc value [ 61.205757][ T529] __x64_sys_openat+0x124/0x200 [ 61.215872][ T529] ? __ia32_sys_open+0x1b0/0x1b0 [ 61.220810][ T529] ? exit_to_user_mode_prepare+0x36/0x160 [ 61.226552][ T529] ? irqentry_exit_to_user_mode+0xe/0x10 [ 61.232184][ T529] do_syscall_64+0x32/0x50 [ 61.236623][ T529] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.242531][ T529] RIP: 0033:0x7fe2d0761be9 [ 61.246935][ T529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.266879][ T529] RSP: 002b:00007fe2d05b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.275280][ T529] RAX: ffffffffffffffda RBX: 00007fe2d0989090 RCX: 00007fe2d0761be9 [ 61.281130][ T513] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.283238][ T529] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.303587][ T529] RBP: 00007fe2d07e4e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.311547][ T529] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.314109][ T542] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 61.319739][ T529] R13: 00007fe2d0989128 R14: 00007fe2d0989090 R15: 00007ffe4949ac98 [ 61.334387][ T519] CPU: 0 PID: 519 Comm: syz.2.26 Tainted: G B syzkaller #0 [ 61.342874][ T519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.345192][ T523] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 61.352918][ T519] Call Trace: [ 61.352926][ T519] dump_stack_lvl+0x81/0xac [ 61.352929][ T519] dump_stack+0x10/0x12 [ 61.352935][ T519] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.352941][ T519] f2fs_iget+0x351e/0x4a00 [ 61.352949][ T519] f2fs_lookup+0x491/0xc20 [ 61.386616][ T519] ? __recover_dot_dentries+0x530/0x530 [ 61.392160][ T519] ? __legitimize_path+0x6c/0x170 [ 61.393813][ T515] F2FS-fs (loop0): Found nat_bits in checkpoint [ 61.397189][ T519] __lookup_slow+0x19b/0x3d0 [ 61.397194][ T519] ? page_put_link+0x80/0x80 [ 61.397199][ T519] ? inode_permission.part.0+0xc2/0x320 [ 61.397206][ T519] walk_component+0x3ad/0x710 [ 61.422778][ T519] ? handle_dots.part.0+0x11c0/0x11c0 [ 61.428270][ T519] ? walk_component+0x710/0x710 [ 61.433125][ T519] path_lookupat+0x112/0x6a0 [ 61.437717][ T519] ? _atomic_dec_and_lock+0x19/0xa0 [ 61.443021][ T519] filename_lookup+0x17f/0x510 [ 61.447875][ T519] ? may_linkat+0x200/0x200 [ 61.452368][ T519] ? __check_object_size+0x1df/0x270 [ 61.457640][ T519] ? kmem_cache_alloc+0x17f/0x4f0 [ 61.462645][ T519] ? getname_flags.part.0+0x8c/0x480 [ 61.468025][ T519] user_path_at_empty+0xa2/0xf0 [ 61.472862][ T519] do_sys_truncate.part.0+0x85/0x100 [ 61.478129][ T519] ? vfs_truncate+0x540/0x540 [ 61.482790][ T519] ? __kasan_check_write+0x14/0x20 [ 61.487883][ T519] ? switch_fpu_return+0xbf/0x1b0 [ 61.492894][ T519] __x64_sys_truncate+0x54/0x80 [ 61.497733][ T519] do_syscall_64+0x32/0x50 [ 61.502132][ T519] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.508025][ T519] RIP: 0033:0x7f0e5a623be9 [ 61.512444][ T519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.532037][ T519] RSP: 002b:00007f0e5a494038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 61.540473][ T519] RAX: ffffffffffffffda RBX: 00007f0e5a84afa0 RCX: 00007f0e5a623be9 [ 61.548448][ T519] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 61.556405][ T519] RBP: 00007f0e5a6a6e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.564359][ T519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.572310][ T519] R13: 00007f0e5a84b038 R14: 00007f0e5a84afa0 R15: 00007ffdb1f00de8 [ 61.581057][ T523] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 61.581298][ T542] CPU: 0 PID: 542 Comm: syz.1.22 Tainted: G B syzkaller #0 [ 61.596226][ T542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.606270][ T542] Call Trace: [ 61.609549][ T542] dump_stack_lvl+0x81/0xac [ 61.614057][ T542] dump_stack+0x10/0x12 [ 61.618193][ T542] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.623720][ T542] f2fs_iget+0x351e/0x4a00 [ 61.628119][ T542] f2fs_lookup+0x491/0xc20 [ 61.632523][ T542] ? __recover_dot_dentries+0x530/0x530 [ 61.638054][ T542] path_openat+0x1024/0x3950 [ 61.642636][ T542] ? path_lookupat+0x6a0/0x6a0 [ 61.647400][ T542] ? __kasan_check_read+0x11/0x20 [ 61.652410][ T542] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.658308][ T542] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.664271][ T542] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.669972][ T542] ? __mod_node_page_state+0xa6/0x110 [ 61.675329][ T542] do_filp_open+0x193/0x3d0 [ 61.679817][ T542] ? may_open_dev+0xd0/0xd0 [ 61.684308][ T542] ? __check_object_size+0x1df/0x270 [ 61.689579][ T542] ? _raw_spin_unlock+0x41/0x70 [ 61.694416][ T542] do_sys_openat2+0x135/0x810 [ 61.699075][ T542] ? recalc_sigpending+0x7c/0xb0 [ 61.703992][ T542] ? build_open_flags+0x490/0x490 [ 61.708997][ T542] ? __kasan_check_write+0x14/0x20 [ 61.714093][ T542] ? __handle_speculative_fault+0xee/0x280 [ 61.720238][ T542] __x64_sys_openat+0x124/0x200 [ 61.725179][ T542] ? __ia32_sys_open+0x1b0/0x1b0 [ 61.730104][ T542] ? exit_to_user_mode_prepare+0x36/0x160 [ 61.735989][ T542] ? irqentry_exit_to_user_mode+0xe/0x10 [ 61.741631][ T542] do_syscall_64+0x32/0x50 [ 61.746033][ T542] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.751248][ T519] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.751913][ T542] RIP: 0033:0x7f0d971d0be9 [ 61.768640][ T542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.768654][ T544] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 61.788230][ T542] RSP: 002b:00007f0d97020038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.788236][ T542] RAX: ffffffffffffffda RBX: 00007f0d973f8090 RCX: 00007f0d971d0be9 [ 61.788239][ T542] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.788242][ T542] RBP: 00007f0d97253e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.788244][ T542] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.788247][ T542] R13: 00007f0d973f8128 R14: 00007f0d973f8090 R15: 00007ffe96489fb8 [ 61.790885][ T529] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.795676][ T544] CPU: 1 PID: 544 Comm: syz.2.26 Tainted: G B syzkaller #0 [ 61.830896][ T529] ================================================================== [ 61.835208][ T544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.843207][ T529] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 61.855495][ T544] Call Trace: [ 61.863988][ T529] [ 61.872033][ T544] dump_stack_lvl+0x81/0xac [ 61.900540][ T544] dump_stack+0x10/0x12 [ 61.904678][ T544] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.910208][ T544] f2fs_iget+0x351e/0x4a00 [ 61.914611][ T544] f2fs_lookup+0x491/0xc20 [ 61.919007][ T544] ? __recover_dot_dentries+0x530/0x530 [ 61.924540][ T544] path_openat+0x1024/0x3950 [ 61.929119][ T544] ? path_lookupat+0x6a0/0x6a0 [ 61.933867][ T544] ? __kasan_check_read+0x11/0x20 [ 61.938873][ T544] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.945097][ T544] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.951060][ T544] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.956760][ T544] ? __mod_node_page_state+0xa6/0x110 [ 61.962119][ T544] do_filp_open+0x193/0x3d0 [ 61.966606][ T544] ? may_open_dev+0xd0/0xd0 [ 61.971141][ T544] ? __check_object_size+0x1df/0x270 [ 61.976415][ T544] ? _raw_spin_unlock+0x41/0x70 [ 61.981253][ T544] do_sys_openat2+0x135/0x810 [ 61.985931][ T544] ? recalc_sigpending+0x7c/0xb0 [ 61.990852][ T544] ? build_open_flags+0x490/0x490 [ 61.995860][ T544] ? __kasan_check_write+0x14/0x20 [ 62.000952][ T544] ? __handle_speculative_fault+0xee/0x280 [ 62.006762][ T544] __x64_sys_openat+0x124/0x200 [ 62.011598][ T544] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.016517][ T544] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.022216][ T544] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.027831][ T544] do_syscall_64+0x32/0x50 [ 62.032230][ T544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.038110][ T544] RIP: 0033:0x7f0e5a623be9 [ 62.042513][ T544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.062103][ T544] RSP: 002b:00007f0e5a473038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.070499][ T544] RAX: ffffffffffffffda RBX: 00007f0e5a84b090 RCX: 00007f0e5a623be9 [ 62.078460][ T544] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.086415][ T544] RBP: 00007f0e5a6a6e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.094375][ T544] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 62.102331][ T544] R13: 00007f0e5a84b128 R14: 00007f0e5a84b090 R15: 00007ffdb1f00de8 [ 62.110314][ T529] CPU: 0 PID: 529 Comm: syz.5.23 Tainted: G B syzkaller #0 [ 62.111249][ T542] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.118811][ T529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.141162][ T529] Call Trace: [ 62.144432][ T529] dump_stack_lvl+0x81/0xac [ 62.148914][ T529] print_address_description.constprop.0+0x24/0x160 [ 62.155478][ T529] ? kmem_cache_free+0x106/0x440 [ 62.160432][ T529] kasan_report_invalid_free+0x56/0x80 [ 62.165866][ T529] ? kmem_cache_free+0x106/0x440 [ 62.170784][ T529] __kasan_slab_free+0x134/0x150 [ 62.175699][ T529] slab_free_freelist_hook+0x9b/0x1a0 [ 62.181046][ T529] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 62.186742][ T529] kmem_cache_free+0x106/0x440 [ 62.191484][ T529] f2fs_destroy_extent_tree+0x174/0x4b0 [ 62.197122][ T529] f2fs_evict_inode+0x335/0x1680 [ 62.202052][ T529] ? irq_work_queue+0x3c/0x50 [ 62.206709][ T529] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 62.212668][ T529] ? f2fs_write_inode+0x1010/0x1010 [ 62.217848][ T529] ? var_wake_function+0x130/0x130 [ 62.222956][ T529] ? _raw_spin_lock_bh+0x110/0x110 [ 62.228130][ T529] ? vprintk_func+0x5a/0x150 [ 62.232697][ T529] ? _raw_spin_lock_bh+0x110/0x110 [ 62.237785][ T529] evict+0x372/0x940 [ 62.241657][ T529] ? new_inode+0x2f0/0x2f0 [ 62.246146][ T529] ? _raw_spin_lock+0x86/0x110 [ 62.250888][ T529] ? _raw_spin_lock_bh+0x110/0x110 [ 62.255977][ T529] ? __kasan_check_read+0x11/0x20 [ 62.261011][ T529] ? f2fs_drop_inode+0x71/0x910 [ 62.265838][ T529] iput.part.0+0x33b/0x640 [ 62.270253][ T529] iput+0x3f/0x50 [ 62.273872][ T529] iget_failed+0x1e/0x30 [ 62.278093][ T529] f2fs_iget+0x22be/0x4a00 [ 62.282486][ T529] f2fs_lookup+0x491/0xc20 [ 62.287051][ T529] ? __recover_dot_dentries+0x530/0x530 [ 62.292575][ T529] path_openat+0x1024/0x3950 [ 62.297153][ T529] ? path_lookupat+0x6a0/0x6a0 [ 62.301894][ T529] ? __kasan_check_read+0x11/0x20 [ 62.306894][ T529] ? pagevec_add_and_need_flush+0x216/0x290 [ 62.312773][ T529] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 62.318814][ T529] ? __mod_memcg_lruvec_state+0x118/0x330 [ 62.324513][ T529] ? __mod_node_page_state+0xa6/0x110 [ 62.329886][ T529] do_filp_open+0x193/0x3d0 [ 62.334363][ T529] ? may_open_dev+0xd0/0xd0 [ 62.338859][ T529] ? __check_object_size+0x1df/0x270 [ 62.344128][ T529] ? _raw_spin_unlock+0x41/0x70 [ 62.349054][ T529] do_sys_openat2+0x135/0x810 [ 62.353722][ T529] ? recalc_sigpending+0x7c/0xb0 [ 62.358814][ T529] ? build_open_flags+0x490/0x490 [ 62.364164][ T529] ? __kasan_check_write+0x14/0x20 [ 62.369282][ T529] ? __handle_speculative_fault+0xee/0x280 [ 62.375081][ T529] __x64_sys_openat+0x124/0x200 [ 62.379926][ T529] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.384845][ T529] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.390541][ T529] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.396156][ T529] do_syscall_64+0x32/0x50 [ 62.400559][ T529] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.406542][ T529] RIP: 0033:0x7fe2d0761be9 [ 62.410944][ T529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.430623][ T529] RSP: 002b:00007fe2d05b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.439010][ T529] RAX: ffffffffffffffda RBX: 00007fe2d0989090 RCX: 00007fe2d0761be9 [ 62.446974][ T529] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.454934][ T529] RBP: 00007fe2d07e4e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.462893][ T529] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 62.470843][ T529] R13: 00007fe2d0989128 R14: 00007fe2d0989090 R15: 00007ffe4949ac98 [ 62.478811][ T529] [ 62.481124][ T529] Allocated by task 509: [ 62.485352][ T529] kasan_save_stack+0x26/0x50 [ 62.490002][ T529] __kasan_slab_alloc+0x94/0xc0 [ 62.494836][ T529] kmem_cache_alloc+0x15d/0x4f0 [ 62.499656][ T529] f2fs_init_extent_tree+0x98f/0xdf0 [ 62.504924][ T529] f2fs_iget+0xa75/0x4a00 [ 62.509226][ T529] f2fs_lookup+0x491/0xc20 [ 62.513878][ T529] __lookup_slow+0x19b/0x3d0 [ 62.518441][ T529] walk_component+0x3ad/0x710 [ 62.523090][ T529] path_lookupat+0x112/0x6a0 [ 62.527738][ T529] filename_lookup+0x17f/0x510 [ 62.532475][ T529] user_path_at_empty+0xa2/0xf0 [ 62.537298][ T529] do_sys_truncate.part.0+0x85/0x100 [ 62.542551][ T529] __x64_sys_truncate+0x54/0x80 [ 62.547378][ T529] do_syscall_64+0x32/0x50 [ 62.551767][ T529] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.557714][ T529] [ 62.560023][ T529] Freed by task 509: [ 62.563893][ T529] kasan_save_stack+0x26/0x50 [ 62.568544][ T529] kasan_set_track+0x25/0x30 [ 62.573112][ T529] kasan_set_free_info+0x24/0x40 [ 62.578023][ T529] __kasan_slab_free+0x111/0x150 [ 62.582936][ T529] slab_free_freelist_hook+0x9b/0x1a0 [ 62.588281][ T529] kmem_cache_free+0x106/0x440 [ 62.593020][ T529] f2fs_destroy_extent_tree+0x174/0x4b0 [ 62.598555][ T529] f2fs_evict_inode+0x335/0x1680 [ 62.603469][ T529] evict+0x372/0x940 [ 62.607343][ T529] iput.part.0+0x33b/0x640 [ 62.611735][ T529] iput+0x3f/0x50 [ 62.615343][ T529] iget_failed+0x1e/0x30 [ 62.619570][ T529] f2fs_iget+0x22be/0x4a00 [ 62.623992][ T529] f2fs_lookup+0x491/0xc20 [ 62.628385][ T529] __lookup_slow+0x19b/0x3d0 [ 62.632972][ T529] walk_component+0x3ad/0x710 [ 62.637622][ T529] path_lookupat+0x112/0x6a0 [ 62.642212][ T529] filename_lookup+0x17f/0x510 [ 62.646950][ T529] user_path_at_empty+0xa2/0xf0 [ 62.651805][ T529] do_sys_truncate.part.0+0x85/0x100 [ 62.657159][ T529] __x64_sys_truncate+0x54/0x80 [ 62.661988][ T529] do_syscall_64+0x32/0x50 [ 62.666379][ T529] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.672244][ T529] [ 62.674550][ T529] The buggy address belongs to the object at ffff8881227ce690 [ 62.674550][ T529] which belongs to the cache f2fs_extent_tree of size 80 [ 62.688949][ T529] The buggy address is located 0 bytes inside of [ 62.688949][ T529] 80-byte region [ffff8881227ce690, ffff8881227ce6e0) [ 62.701933][ T529] The buggy address belongs to the page: [ 62.707546][ T529] page:ffffea000489f380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1227ce [ 62.717893][ T529] flags: 0x4000000000000200(slab) [ 62.722903][ T529] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888104580300 [ 62.731475][ T529] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 62.740040][ T529] page dumped because: kasan: bad access detected [ 62.746453][ T529] page_owner tracks the page as allocated [ 62.752165][ T529] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 480, ts 56174743788, free_ts 0 [ 62.770300][ T529] get_page_from_freelist+0x1fee/0x2ad0 [ 62.775818][ T529] __alloc_pages_nodemask+0x2ae/0x2530 [ 62.781434][ T529] allocate_slab+0x30f/0x460 [ 62.786012][ T529] ___slab_alloc.constprop.0+0x32b/0x730 [ 62.791622][ T529] kmem_cache_alloc+0x491/0x4f0 [ 62.796451][ T529] f2fs_init_extent_tree+0x98f/0xdf0 [ 62.801709][ T529] f2fs_iget+0xa75/0x4a00 [ 62.806015][ T529] f2fs_lookup+0x491/0xc20 [ 62.810407][ T529] __lookup_slow+0x19b/0x3d0 [ 62.814977][ T529] walk_component+0x3ad/0x710 [ 62.819637][ T529] path_lookupat+0x112/0x6a0 [ 62.824213][ T529] filename_lookup+0x17f/0x510 [ 62.828949][ T529] user_path_at_empty+0xa2/0xf0 [ 62.833781][ T529] do_sys_truncate.part.0+0x85/0x100 [ 62.839046][ T529] __x64_sys_truncate+0x54/0x80 [ 62.843874][ T529] do_syscall_64+0x32/0x50 [ 62.848264][ T529] page_owner free stack trace missing [ 62.853609][ T529] [ 62.855916][ T529] Memory state around the buggy address: [ 62.861524][ T529] ffff8881227ce580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.869564][ T529] ffff8881227ce600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.877603][ T529] >ffff8881227ce680: fc fc fa fb fb fb fb fb fb fb fb fb fc fc fc fc [ 62.885638][ T529] ^ [ 62.890203][ T529] ffff8881227ce700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.898239][ T529] ffff8881227ce780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.906640][ T529] ================================================================== [ 62.914733][ T542] ================================================================== [ 62.915295][ T523] CPU: 0 PID: 523 Comm: syz.3.25 Tainted: G B syzkaller #0 [ 62.922807][ T542] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 62.931286][ T523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.939684][ T542] [ 62.949734][ T523] Call Trace: [ 62.955942][ T523] dump_stack_lvl+0x81/0xac [ 62.960428][ T523] dump_stack+0x10/0x12 [ 62.964568][ T523] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.970185][ T523] f2fs_iget+0x351e/0x4a00 [ 62.974596][ T523] f2fs_lookup+0x491/0xc20 [ 62.979008][ T523] ? __recover_dot_dentries+0x530/0x530 [ 62.984544][ T523] ? __legitimize_path+0x6c/0x170 [ 62.989550][ T523] __lookup_slow+0x19b/0x3d0 [ 62.994119][ T523] ? page_put_link+0x80/0x80 [ 62.998691][ T523] ? inode_permission.part.0+0xc2/0x320 [ 63.004219][ T523] walk_component+0x3ad/0x710 [ 63.008883][ T523] ? handle_dots.part.0+0x11c0/0x11c0 [ 63.014239][ T523] ? walk_component+0x710/0x710 [ 63.019074][ T523] path_lookupat+0x112/0x6a0 [ 63.023642][ T523] ? _atomic_dec_and_lock+0x19/0xa0 [ 63.028824][ T523] filename_lookup+0x17f/0x510 [ 63.033588][ T523] ? may_linkat+0x200/0x200 [ 63.038075][ T523] ? __check_object_size+0x1df/0x270 [ 63.043354][ T523] ? kmem_cache_alloc+0x17f/0x4f0 [ 63.048361][ T523] ? getname_flags.part.0+0x8c/0x480 [ 63.053629][ T523] user_path_at_empty+0xa2/0xf0 [ 63.058464][ T523] do_sys_truncate.part.0+0x85/0x100 [ 63.063811][ T523] ? vfs_truncate+0x540/0x540 [ 63.068465][ T523] ? __kasan_check_write+0x14/0x20 [ 63.073577][ T523] ? switch_fpu_return+0xbf/0x1b0 [ 63.078615][ T523] __x64_sys_truncate+0x54/0x80 [ 63.083448][ T523] do_syscall_64+0x32/0x50 [ 63.087866][ T523] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.093738][ T523] RIP: 0033:0x7f968f5e9be9 [ 63.098137][ T523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.117734][ T523] RSP: 002b:00007f968f45a038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 63.126233][ T523] RAX: ffffffffffffffda RBX: 00007f968f810fa0 RCX: 00007f968f5e9be9 [ 63.134201][ T523] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 63.142160][ T523] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 63.150116][ T523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.158160][ T523] R13: 00007f968f811038 R14: 00007f968f810fa0 R15: 00007ffca8eaddd8 [ 63.166127][ T542] CPU: 1 PID: 542 Comm: syz.1.22 Tainted: G B syzkaller #0 [ 63.172573][ T523] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 63.174628][ T542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 63.174631][ T542] Call Trace: [ 63.174640][ T542] dump_stack_lvl+0x81/0xac [ 63.174650][ T542] print_address_description.constprop.0+0x24/0x160 [ 63.187198][ T547] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 63.197151][ T542] ? kmem_cache_free+0x106/0x440 [ 63.197157][ T542] kasan_report_invalid_free+0x56/0x80 [ 63.197160][ T542] ? kmem_cache_free+0x106/0x440 [ 63.197165][ T542] __kasan_slab_free+0x134/0x150 [ 63.197176][ T542] slab_free_freelist_hook+0x9b/0x1a0 [ 63.244187][ T542] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 63.249896][ T542] kmem_cache_free+0x106/0x440 [ 63.254653][ T542] f2fs_destroy_extent_tree+0x174/0x4b0 [ 63.260181][ T542] f2fs_evict_inode+0x335/0x1680 [ 63.265100][ T542] ? irq_work_queue+0x3c/0x50 [ 63.269760][ T542] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 63.275549][ T542] ? f2fs_write_inode+0x1010/0x1010 [ 63.280724][ T542] ? var_wake_function+0x130/0x130 [ 63.285821][ T542] ? _raw_spin_lock_bh+0x110/0x110 [ 63.290916][ T542] ? vprintk_func+0x5a/0x150 [ 63.295510][ T542] ? _raw_spin_lock_bh+0x110/0x110 [ 63.300602][ T542] evict+0x372/0x940 [ 63.304478][ T542] ? new_inode+0x2f0/0x2f0 [ 63.308877][ T542] ? _raw_spin_lock+0x86/0x110 [ 63.313634][ T542] ? _raw_spin_lock_bh+0x110/0x110 [ 63.318732][ T542] ? __kasan_check_read+0x11/0x20 [ 63.323749][ T542] ? f2fs_drop_inode+0x71/0x910 [ 63.328582][ T542] iput.part.0+0x33b/0x640 [ 63.332981][ T542] iput+0x3f/0x50 [ 63.336595][ T542] iget_failed+0x1e/0x30 [ 63.340819][ T542] f2fs_iget+0x22be/0x4a00 [ 63.345224][ T542] f2fs_lookup+0x491/0xc20 [ 63.349623][ T542] ? __recover_dot_dentries+0x530/0x530 [ 63.355153][ T542] path_openat+0x1024/0x3950 [ 63.359729][ T542] ? path_lookupat+0x6a0/0x6a0 [ 63.364479][ T542] ? __kasan_check_read+0x11/0x20 [ 63.369488][ T542] ? pagevec_add_and_need_flush+0x216/0x290 [ 63.375365][ T542] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 63.381328][ T542] ? __mod_memcg_lruvec_state+0x118/0x330 [ 63.387043][ T542] ? __mod_node_page_state+0xa6/0x110 [ 63.392401][ T542] do_filp_open+0x193/0x3d0 [ 63.396984][ T542] ? may_open_dev+0xd0/0xd0 [ 63.401476][ T542] ? __check_object_size+0x1df/0x270 [ 63.406746][ T542] ? _raw_spin_unlock+0x41/0x70 [ 63.411580][ T542] do_sys_openat2+0x135/0x810 [ 63.416240][ T542] ? recalc_sigpending+0x7c/0xb0 [ 63.421161][ T542] ? build_open_flags+0x490/0x490 [ 63.426168][ T542] ? __kasan_check_write+0x14/0x20 [ 63.431283][ T542] ? __handle_speculative_fault+0xee/0x280 [ 63.437075][ T542] __x64_sys_openat+0x124/0x200 [ 63.441918][ T542] ? __ia32_sys_open+0x1b0/0x1b0 [ 63.446839][ T542] ? exit_to_user_mode_prepare+0x36/0x160 [ 63.452566][ T542] ? irqentry_exit_to_user_mode+0xe/0x10 [ 63.458176][ T542] do_syscall_64+0x32/0x50 [ 63.462577][ T542] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.468453][ T542] RIP: 0033:0x7f0d971d0be9 [ 63.472855][ T542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.492452][ T542] RSP: 002b:00007f0d97020038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 63.500847][ T542] RAX: ffffffffffffffda RBX: 00007f0d973f8090 RCX: 00007f0d971d0be9 [ 63.508802][ T542] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 63.516755][ T542] RBP: 00007f0d97253e19 R08: 0000000000000000 R09: 0000000000000000 [ 63.524706][ T542] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 63.532657][ T542] R13: 00007f0d973f8128 R14: 00007f0d973f8090 R15: 00007ffe96489fb8 [ 63.540611][ T542] [ 63.542923][ T542] Allocated by task 513: [ 63.547149][ T542] kasan_save_stack+0x26/0x50 [ 63.551803][ T542] __kasan_slab_alloc+0x94/0xc0 [ 63.556630][ T542] kmem_cache_alloc+0x15d/0x4f0 [ 63.561464][ T542] f2fs_init_extent_tree+0x98f/0xdf0 [ 63.566728][ T542] f2fs_iget+0xa75/0x4a00 [ 63.571037][ T542] f2fs_lookup+0x491/0xc20 [ 63.575446][ T542] __lookup_slow+0x19b/0x3d0 [ 63.580015][ T542] walk_component+0x3ad/0x710 [ 63.584667][ T542] path_lookupat+0x112/0x6a0 [ 63.589236][ T542] filename_lookup+0x17f/0x510 [ 63.593981][ T542] user_path_at_empty+0xa2/0xf0 [ 63.598827][ T542] do_sys_truncate.part.0+0x85/0x100 [ 63.604102][ T542] __x64_sys_truncate+0x54/0x80 [ 63.608930][ T542] do_syscall_64+0x32/0x50 [ 63.613325][ T542] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.619190][ T542] [ 63.621521][ T542] Freed by task 513: [ 63.625391][ T542] kasan_save_stack+0x26/0x50 [ 63.630042][ T542] kasan_set_track+0x25/0x30 [ 63.634614][ T542] kasan_set_free_info+0x24/0x40 [ 63.639530][ T542] __kasan_slab_free+0x111/0x150 [ 63.644451][ T542] slab_free_freelist_hook+0x9b/0x1a0 [ 63.649803][ T542] kmem_cache_free+0x106/0x440 [ 63.654546][ T542] f2fs_destroy_extent_tree+0x174/0x4b0 [ 63.660072][ T542] f2fs_evict_inode+0x335/0x1680 [ 63.664991][ T542] evict+0x372/0x940 [ 63.668869][ T542] iput.part.0+0x33b/0x640 [ 63.673262][ T542] iput+0x3f/0x50 [ 63.676874][ T542] iget_failed+0x1e/0x30 [ 63.681100][ T542] f2fs_iget+0x22be/0x4a00 [ 63.685511][ T542] f2fs_lookup+0x491/0xc20 [ 63.689905][ T542] __lookup_slow+0x19b/0x3d0 [ 63.694474][ T542] walk_component+0x3ad/0x710 [ 63.699127][ T542] path_lookupat+0x112/0x6a0 [ 63.703695][ T542] filename_lookup+0x17f/0x510 [ 63.708437][ T542] user_path_at_empty+0xa2/0xf0 [ 63.713265][ T542] do_sys_truncate.part.0+0x85/0x100 [ 63.718525][ T542] __x64_sys_truncate+0x54/0x80 [ 63.723361][ T542] do_syscall_64+0x32/0x50 [ 63.727760][ T542] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.733630][ T542] [ 63.735945][ T542] The buggy address belongs to the object at ffff8881227ce380 [ 63.735945][ T542] which belongs to the cache f2fs_extent_tree of size 80 [ 63.750344][ T542] The buggy address is located 0 bytes inside of [ 63.750344][ T542] 80-byte region [ffff8881227ce380, ffff8881227ce3d0) [ 63.763333][ T542] The buggy address belongs to the page: [ 63.768959][ T542] page:ffffea000489f380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1227ce [ 63.779170][ T542] flags: 0x4000000000000200(slab) [ 63.784175][ T542] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888104580300 [ 63.792840][ T542] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 63.801401][ T542] page dumped because: kasan: bad access detected [ 63.807793][ T542] page_owner tracks the page as allocated [ 63.813489][ T542] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 480, ts 56174743788, free_ts 0 [ 63.831523][ T542] get_page_from_freelist+0x1fee/0x2ad0 [ 63.837043][ T542] __alloc_pages_nodemask+0x2ae/0x2530 [ 63.842502][ T542] allocate_slab+0x30f/0x460 [ 63.847084][ T542] ___slab_alloc.constprop.0+0x32b/0x730 [ 63.852695][ T542] kmem_cache_alloc+0x491/0x4f0 [ 63.857524][ T542] f2fs_init_extent_tree+0x98f/0xdf0 [ 63.862840][ T542] f2fs_iget+0xa75/0x4a00 [ 63.867147][ T542] f2fs_lookup+0x491/0xc20 [ 63.871553][ T542] __lookup_slow+0x19b/0x3d0 [ 63.876119][ T542] walk_component+0x3ad/0x710 [ 63.880787][ T542] path_lookupat+0x112/0x6a0 [ 63.885354][ T542] filename_lookup+0x17f/0x510 [ 63.890098][ T542] user_path_at_empty+0xa2/0xf0 [ 63.894932][ T542] do_sys_truncate.part.0+0x85/0x100 [ 63.900191][ T542] __x64_sys_truncate+0x54/0x80 [ 63.905019][ T542] do_syscall_64+0x32/0x50 [ 63.909425][ T542] page_owner free stack trace missing [ 63.914950][ T542] [ 63.917260][ T542] Memory state around the buggy address: [ 63.922878][ T542] ffff8881227ce280: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc [ 63.930926][ T542] ffff8881227ce300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.938984][ T542] >ffff8881227ce380: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 63.947023][ T542] ^ [ 63.951073][ T542] ffff8881227ce400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.959114][ T542] ffff8881227ce480: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 63.967162][ T542] ================================================================== [ 63.977359][ T547] CPU: 1 PID: 547 Comm: syz.3.25 Tainted: G B syzkaller #0 [ 63.985870][ T547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 63.995935][ T547] Call Trace: [ 63.999208][ T547] dump_stack_lvl+0x81/0xac [ 64.003687][ T547] dump_stack+0x10/0x12 [ 64.007820][ T547] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.013343][ T547] f2fs_iget+0x351e/0x4a00 [ 64.017758][ T547] f2fs_lookup+0x491/0xc20 [ 64.022192][ T547] ? __recover_dot_dentries+0x530/0x530 [ 64.027719][ T547] path_openat+0x1024/0x3950 [ 64.032290][ T547] ? path_lookupat+0x6a0/0x6a0 [ 64.037035][ T547] ? __kasan_check_read+0x11/0x20 [ 64.042134][ T547] ? pagevec_add_and_need_flush+0x216/0x290 [ 64.048003][ T547] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 64.053962][ T547] ? __mod_memcg_lruvec_state+0x118/0x330 [ 64.059667][ T547] ? __mod_node_page_state+0xa6/0x110 [ 64.065122][ T547] do_filp_open+0x193/0x3d0 [ 64.069606][ T547] ? may_open_dev+0xd0/0xd0 [ 64.074089][ T547] ? __check_object_size+0x1df/0x270 [ 64.079350][ T547] ? _raw_spin_unlock+0x41/0x70 [ 64.084183][ T547] do_sys_openat2+0x135/0x810 [ 64.088844][ T547] ? recalc_sigpending+0x7c/0xb0 [ 64.093763][ T547] ? build_open_flags+0x490/0x490 [ 64.098769][ T547] ? __kasan_check_write+0x14/0x20 [ 64.103860][ T547] ? __handle_speculative_fault+0xee/0x280 [ 64.109675][ T547] __x64_sys_openat+0x124/0x200 [ 64.114504][ T547] ? __ia32_sys_open+0x1b0/0x1b0 [ 64.119419][ T547] ? exit_to_user_mode_prepare+0x36/0x160 [ 64.125118][ T547] ? irqentry_exit_to_user_mode+0xe/0x10 [ 64.130729][ T547] do_syscall_64+0x32/0x50 [ 64.135141][ T547] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.141031][ T547] RIP: 0033:0x7f968f5e9be9 [ 64.145433][ T547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.165021][ T547] RSP: 002b:00007f968f439038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.173411][ T547] RAX: ffffffffffffffda RBX: 00007f968f811090 RCX: 00007f968f5e9be9 [ 64.181366][ T547] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.189326][ T547] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 64.197287][ T547] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.205339][ T547] R13: 00007f968f811128 R14: 00007f968f811090 R15: 00007ffca8eaddd8 [ 64.213681][ T547] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.214227][ T544] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.231069][ T547] ================================================================== [ 64.246677][ T547] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 64.255106][ T547] [ 64.257431][ T547] CPU: 1 PID: 547 Comm: syz.3.25 Tainted: G B syzkaller #0 [ 64.265913][ T547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 64.275957][ T547] Call Trace: [ 64.279232][ T547] dump_stack_lvl+0x81/0xac [ 64.283713][ T547] print_address_description.constprop.0+0x24/0x160 [ 64.290274][ T547] ? kmem_cache_free+0x106/0x440 [ 64.295199][ T547] kasan_report_invalid_free+0x56/0x80 [ 64.300632][ T547] ? kmem_cache_free+0x106/0x440 [ 64.305549][ T547] __kasan_slab_free+0x134/0x150 [ 64.310467][ T547] slab_free_freelist_hook+0x9b/0x1a0 [ 64.315818][ T547] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 64.321609][ T547] kmem_cache_free+0x106/0x440 [ 64.326349][ T547] f2fs_destroy_extent_tree+0x174/0x4b0 [ 64.331870][ T547] f2fs_evict_inode+0x335/0x1680 [ 64.336784][ T547] ? preempt_count_add+0x7a/0x100 [ 64.341784][ T547] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 64.347572][ T547] ? f2fs_write_inode+0x1010/0x1010 [ 64.352764][ T547] ? var_wake_function+0x130/0x130 [ 64.357854][ T547] ? _raw_spin_lock_bh+0x110/0x110 [ 64.362942][ T547] ? vprintk_func+0x5a/0x150 [ 64.367505][ T547] ? _raw_spin_lock_bh+0x110/0x110 [ 64.372602][ T547] evict+0x372/0x940 [ 64.376471][ T547] ? irqentry_exit+0x53/0x60 [ 64.381035][ T547] ? new_inode+0x2f0/0x2f0 [ 64.385438][ T547] ? _raw_spin_lock+0x86/0x110 [ 64.390191][ T547] ? _raw_spin_lock_bh+0x110/0x110 [ 64.395309][ T547] ? __kasan_check_read+0x11/0x20 [ 64.400316][ T547] ? f2fs_drop_inode+0x71/0x910 [ 64.405147][ T547] iput.part.0+0x33b/0x640 [ 64.409557][ T547] iput+0x3f/0x50 [ 64.413172][ T547] iget_failed+0x1e/0x30 [ 64.417399][ T547] f2fs_iget+0x22be/0x4a00 [ 64.421793][ T547] f2fs_lookup+0x491/0xc20 [ 64.426202][ T547] ? __recover_dot_dentries+0x530/0x530 [ 64.431728][ T547] path_openat+0x1024/0x3950 [ 64.436297][ T547] ? path_lookupat+0x6a0/0x6a0 [ 64.441049][ T547] ? __kasan_check_read+0x11/0x20 [ 64.446066][ T547] ? pagevec_add_and_need_flush+0x216/0x290 [ 64.451934][ T547] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 64.457889][ T547] ? __mod_memcg_lruvec_state+0x118/0x330 [ 64.463582][ T547] ? __mod_node_page_state+0xa6/0x110 [ 64.468931][ T547] do_filp_open+0x193/0x3d0 [ 64.473409][ T547] ? may_open_dev+0xd0/0xd0 [ 64.477888][ T547] ? __check_object_size+0x1df/0x270 [ 64.483149][ T547] ? _raw_spin_unlock+0x41/0x70 [ 64.487978][ T547] do_sys_openat2+0x135/0x810 [ 64.492651][ T547] ? recalc_sigpending+0x7c/0xb0 [ 64.497566][ T547] ? build_open_flags+0x490/0x490 [ 64.502567][ T547] ? __kasan_check_write+0x14/0x20 [ 64.507652][ T547] ? __handle_speculative_fault+0xee/0x280 [ 64.513434][ T547] __x64_sys_openat+0x124/0x200 [ 64.518259][ T547] ? __ia32_sys_open+0x1b0/0x1b0 [ 64.523179][ T547] ? exit_to_user_mode_prepare+0x36/0x160 [ 64.528878][ T547] ? irqentry_exit_to_user_mode+0xe/0x10 [ 64.534488][ T547] do_syscall_64+0x32/0x50 [ 64.538881][ T547] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.544758][ T547] RIP: 0033:0x7f968f5e9be9 [ 64.549151][ T547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.568824][ T547] RSP: 002b:00007f968f439038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.577213][ T547] RAX: ffffffffffffffda RBX: 00007f968f811090 RCX: 00007f968f5e9be9 [ 64.585160][ T547] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.593395][ T547] RBP: 00007f968f66ce19 R08: 0000000000000000 R09: 0000000000000000 [ 64.601351][ T547] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.609301][ T547] R13: 00007f968f811128 R14: 00007f968f811090 R15: 00007ffca8eaddd8 [ 64.617254][ T547] [ 64.619559][ T547] Allocated by task 523: [ 64.623784][ T547] kasan_save_stack+0x26/0x50 [ 64.628451][ T547] __kasan_slab_alloc+0x94/0xc0 [ 64.633285][ T547] kmem_cache_alloc+0x15d/0x4f0 [ 64.638113][ T547] f2fs_init_extent_tree+0x98f/0xdf0 [ 64.643389][ T547] f2fs_iget+0xa75/0x4a00 [ 64.647715][ T547] f2fs_lookup+0x491/0xc20 [ 64.652105][ T547] __lookup_slow+0x19b/0x3d0 [ 64.656673][ T547] walk_component+0x3ad/0x710 [ 64.661355][ T547] path_lookupat+0x112/0x6a0 [ 64.665921][ T547] filename_lookup+0x17f/0x510 [ 64.670746][ T547] user_path_at_empty+0xa2/0xf0 [ 64.675570][ T547] do_sys_truncate.part.0+0x85/0x100 [ 64.680828][ T547] __x64_sys_truncate+0x54/0x80 [ 64.685670][ T547] do_syscall_64+0x32/0x50 [ 64.690066][ T547] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.695932][ T547] [ 64.698237][ T547] Freed by task 523: [ 64.702109][ T547] kasan_save_stack+0x26/0x50 [ 64.706763][ T547] kasan_set_track+0x25/0x30 [ 64.711329][ T547] kasan_set_free_info+0x24/0x40 [ 64.716243][ T547] __kasan_slab_free+0x111/0x150 [ 64.721163][ T547] slab_free_freelist_hook+0x9b/0x1a0 [ 64.726519][ T547] kmem_cache_free+0x106/0x440 [ 64.731259][ T547] f2fs_destroy_extent_tree+0x174/0x4b0 [ 64.736778][ T547] f2fs_evict_inode+0x335/0x1680 [ 64.741693][ T547] evict+0x372/0x940 [ 64.745562][ T547] iput.part.0+0x33b/0x640 [ 64.749954][ T547] iput+0x3f/0x50 [ 64.753582][ T547] iget_failed+0x1e/0x30 [ 64.757799][ T547] f2fs_iget+0x22be/0x4a00 [ 64.762188][ T547] f2fs_lookup+0x491/0xc20 [ 64.766577][ T547] __lookup_slow+0x19b/0x3d0 [ 64.771146][ T547] walk_component+0x3ad/0x710 [ 64.775804][ T547] path_lookupat+0x112/0x6a0 [ 64.780370][ T547] filename_lookup+0x17f/0x510 [ 64.785109][ T547] user_path_at_empty+0xa2/0xf0 [ 64.789944][ T547] do_sys_truncate.part.0+0x85/0x100 [ 64.795201][ T547] __x64_sys_truncate+0x54/0x80 [ 64.800053][ T547] do_syscall_64+0x32/0x50 [ 64.804443][ T547] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.810305][ T547] [ 64.812614][ T547] The buggy address belongs to the object at ffff88810dee4f50 [ 64.812614][ T547] which belongs to the cache f2fs_extent_tree of size 80 [ 64.826985][ T547] The buggy address is located 0 bytes inside of [ 64.826985][ T547] 80-byte region [ffff88810dee4f50, ffff88810dee4fa0) [ 64.839971][ T547] The buggy address belongs to the page: [ 64.845583][ T547] page:ffffea000437b900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dee4 [ 64.855791][ T547] flags: 0x4000000000000200(slab) [ 64.860792][ T547] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888104580300 [ 64.869358][ T547] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 64.877915][ T547] page dumped because: kasan: bad access detected [ 64.884405][ T547] page_owner tracks the page as allocated [ 64.890115][ T547] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 499, ts 56542183092, free_ts 55763625825 [ 64.909006][ T547] get_page_from_freelist+0x1fee/0x2ad0 [ 64.914535][ T547] __alloc_pages_nodemask+0x2ae/0x2530 [ 64.919969][ T547] allocate_slab+0x30f/0x460 [ 64.924537][ T547] ___slab_alloc.constprop.0+0x32b/0x730 [ 64.930151][ T547] kmem_cache_alloc+0x491/0x4f0 [ 64.934980][ T547] f2fs_init_extent_tree+0x98f/0xdf0 [ 64.940243][ T547] f2fs_iget+0xa75/0x4a00 [ 64.944546][ T547] f2fs_lookup+0x491/0xc20 [ 64.948938][ T547] path_openat+0x1024/0x3950 [ 64.953501][ T547] do_filp_open+0x193/0x3d0 [ 64.957976][ T547] do_sys_openat2+0x135/0x810 [ 64.962624][ T547] __x64_sys_openat+0x124/0x200 [ 64.967449][ T547] do_syscall_64+0x32/0x50 [ 64.971837][ T547] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.977703][ T547] page last free stack trace: [ 64.982355][ T547] free_pcp_prepare+0x1a7/0x230 [ 64.987188][ T547] free_unref_page+0x19/0x270 [ 64.991840][ T547] __free_pages+0xba/0xf0 [ 64.996150][ T547] __free_slab+0xde/0x1d0 [ 65.000454][ T547] discard_slab+0x2b/0x40 [ 65.004782][ T547] unfreeze_partials+0x1e1/0x240 [ 65.009695][ T547] put_cpu_partial+0xce/0x120 [ 65.014345][ T547] __slab_free+0x23f/0x560 [ 65.018736][ T547] ___cache_free+0x255/0x2b0 [ 65.023302][ T547] qlist_free_all+0x71/0x150 [ 65.027905][ T547] kasan_quarantine_reduce+0x15f/0x1c0 [ 65.033341][ T547] __kasan_slab_alloc+0xaa/0xc0 [ 65.038186][ T547] kmem_cache_alloc+0x15d/0x4f0 [ 65.043011][ T547] __alloc_skb+0x41/0x4d0 [ 65.047313][ T547] rtmsg_ifinfo_build_skb+0x70/0x160 [ 65.052572][ T547] unregister_netdevice_many+0xe93/0x14c0 [ 65.058262][ T547] [ 65.060582][ T547] Memory state around the buggy address: [ 65.066194][ T547] ffff88810dee4e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.074233][ T547] ffff88810dee4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.082265][ T547] >ffff88810dee4f00: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 65.090302][ T547] ^ [ 65.096949][ T547] ffff88810dee4f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 65.104982][ T547] ffff88810dee5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.113015][ T547] ================================================================== [ 65.121114][ T544] ================================================================== [ 65.129214][ T544] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 65.137617][ T544] [ 65.139934][ T544] CPU: 0 PID: 544 Comm: syz.2.26 Tainted: G B syzkaller #0 [ 65.148406][ T544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 65.158566][ T544] Call Trace: [ 65.161846][ T544] dump_stack_lvl+0x81/0xac [ 65.166334][ T544] print_address_description.constprop.0+0x24/0x160 [ 65.172912][ T544] ? kmem_cache_free+0x106/0x440 [ 65.177832][ T544] kasan_report_invalid_free+0x56/0x80 [ 65.183271][ T544] ? kmem_cache_free+0x106/0x440 [ 65.188192][ T544] __kasan_slab_free+0x134/0x150 [ 65.193117][ T544] slab_free_freelist_hook+0x9b/0x1a0 [ 65.198472][ T544] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.204174][ T544] kmem_cache_free+0x106/0x440 [ 65.208921][ T544] f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.214452][ T544] f2fs_evict_inode+0x335/0x1680 [ 65.219414][ T544] ? irq_work_queue+0x3c/0x50 [ 65.224083][ T544] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 65.230049][ T544] ? f2fs_write_inode+0x1010/0x1010 [ 65.235231][ T544] ? var_wake_function+0x130/0x130 [ 65.240329][ T544] ? _raw_spin_lock_bh+0x110/0x110 [ 65.245425][ T544] ? vprintk_func+0x5a/0x150 [ 65.250003][ T544] ? _raw_spin_lock_bh+0x110/0x110 [ 65.255103][ T544] evict+0x372/0x940 [ 65.258985][ T544] ? new_inode+0x2f0/0x2f0 [ 65.263389][ T544] ? _raw_spin_lock+0x86/0x110 [ 65.268135][ T544] ? _raw_spin_lock_bh+0x110/0x110 [ 65.273231][ T544] ? __kasan_check_read+0x11/0x20 [ 65.278254][ T544] ? f2fs_drop_inode+0x71/0x910 [ 65.283088][ T544] iput.part.0+0x33b/0x640 [ 65.287488][ T544] iput+0x3f/0x50 [ 65.291103][ T544] iget_failed+0x1e/0x30 [ 65.295325][ T544] f2fs_iget+0x22be/0x4a00 [ 65.299723][ T544] f2fs_lookup+0x491/0xc20 [ 65.304123][ T544] ? __recover_dot_dentries+0x530/0x530 [ 65.309655][ T544] path_openat+0x1024/0x3950 [ 65.314250][ T544] ? path_lookupat+0x6a0/0x6a0 [ 65.318997][ T544] ? __kasan_check_read+0x11/0x20 [ 65.324029][ T544] ? pagevec_add_and_need_flush+0x216/0x290 [ 65.329915][ T544] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 65.335874][ T544] ? __mod_memcg_lruvec_state+0x118/0x330 [ 65.341661][ T544] ? __mod_node_page_state+0xa6/0x110 [ 65.347018][ T544] do_filp_open+0x193/0x3d0 [ 65.351499][ T544] ? may_open_dev+0xd0/0xd0 [ 65.356013][ T544] ? __check_object_size+0x1df/0x270 [ 65.361280][ T544] ? _raw_spin_unlock+0x41/0x70 [ 65.366114][ T544] do_sys_openat2+0x135/0x810 [ 65.370770][ T544] ? recalc_sigpending+0x7c/0xb0 [ 65.375686][ T544] ? build_open_flags+0x490/0x490 [ 65.380691][ T544] ? __kasan_check_write+0x14/0x20 [ 65.385792][ T544] ? __handle_speculative_fault+0xee/0x280 [ 65.391668][ T544] __x64_sys_openat+0x124/0x200 [ 65.396498][ T544] ? __ia32_sys_open+0x1b0/0x1b0 [ 65.401507][ T544] ? exit_to_user_mode_prepare+0x36/0x160 [ 65.407203][ T544] ? irqentry_exit_to_user_mode+0xe/0x10 [ 65.412949][ T544] do_syscall_64+0x32/0x50 [ 65.417349][ T544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.423223][ T544] RIP: 0033:0x7f0e5a623be9 [ 65.427636][ T544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.447310][ T544] RSP: 002b:00007f0e5a473038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 65.455703][ T544] RAX: ffffffffffffffda RBX: 00007f0e5a84b090 RCX: 00007f0e5a623be9 [ 65.463744][ T544] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 65.471700][ T544] RBP: 00007f0e5a6a6e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.479668][ T544] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 65.487631][ T544] R13: 00007f0e5a84b128 R14: 00007f0e5a84b090 R15: 00007ffdb1f00de8 [ 65.495588][ T544] [ 65.497903][ T544] Allocated by task 519: [ 65.502132][ T544] kasan_save_stack+0x26/0x50 [ 65.506794][ T544] __kasan_slab_alloc+0x94/0xc0 [ 65.511625][ T544] kmem_cache_alloc+0x15d/0x4f0 [ 65.516455][ T544] f2fs_init_extent_tree+0x98f/0xdf0 [ 65.521759][ T544] f2fs_iget+0xa75/0x4a00 [ 65.526067][ T544] f2fs_lookup+0x491/0xc20 [ 65.530472][ T544] __lookup_slow+0x19b/0x3d0 [ 65.535072][ T544] walk_component+0x3ad/0x710 [ 65.539721][ T544] path_lookupat+0x112/0x6a0 [ 65.544288][ T544] filename_lookup+0x17f/0x510 [ 65.549027][ T544] user_path_at_empty+0xa2/0xf0 [ 65.553861][ T544] do_sys_truncate.part.0+0x85/0x100 [ 65.559126][ T544] __x64_sys_truncate+0x54/0x80 [ 65.563955][ T544] do_syscall_64+0x32/0x50 [ 65.568356][ T544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.574253][ T544] [ 65.576589][ T544] Freed by task 519: [ 65.580467][ T544] kasan_save_stack+0x26/0x50 [ 65.585120][ T544] kasan_set_track+0x25/0x30 [ 65.589688][ T544] kasan_set_free_info+0x24/0x40 [ 65.594952][ T544] __kasan_slab_free+0x111/0x150 [ 65.599867][ T544] slab_free_freelist_hook+0x9b/0x1a0 [ 65.605227][ T544] kmem_cache_free+0x106/0x440 [ 65.609971][ T544] f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.615501][ T544] f2fs_evict_inode+0x335/0x1680 [ 65.620415][ T544] evict+0x372/0x940 [ 65.624285][ T544] iput.part.0+0x33b/0x640 [ 65.628703][ T544] iput+0x3f/0x50 [ 65.632317][ T544] iget_failed+0x1e/0x30 [ 65.636538][ T544] f2fs_iget+0x22be/0x4a00 [ 65.640930][ T544] f2fs_lookup+0x491/0xc20 [ 65.645321][ T544] __lookup_slow+0x19b/0x3d0 [ 65.649890][ T544] walk_component+0x3ad/0x710 [ 65.654572][ T544] path_lookupat+0x112/0x6a0 [ 65.659169][ T544] filename_lookup+0x17f/0x510 [ 65.663909][ T544] user_path_at_empty+0xa2/0xf0 [ 65.668739][ T544] do_sys_truncate.part.0+0x85/0x100 [ 65.674013][ T544] __x64_sys_truncate+0x54/0x80 [ 65.678946][ T544] do_syscall_64+0x32/0x50 [ 65.683341][ T544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.689209][ T544] [ 65.691523][ T544] The buggy address belongs to the object at ffff8881227ce4d0 [ 65.691523][ T544] which belongs to the cache f2fs_extent_tree of size 80 [ 65.706032][ T544] The buggy address is located 0 bytes inside of [ 65.706032][ T544] 80-byte region [ffff8881227ce4d0, ffff8881227ce520) [ 65.719020][ T544] The buggy address belongs to the page: [ 65.724633][ T544] page:ffffea000489f380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1227ce [ 65.734931][ T544] flags: 0x4000000000000200(slab) [ 65.739937][ T544] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888104580300 [ 65.748498][ T544] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 65.757057][ T544] page dumped because: kasan: bad access detected [ 65.763446][ T544] page_owner tracks the page as allocated [ 65.769145][ T544] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 480, ts 56174743788, free_ts 0 [ 65.787199][ T544] get_page_from_freelist+0x1fee/0x2ad0 [ 65.792721][ T544] __alloc_pages_nodemask+0x2ae/0x2530 [ 65.798162][ T544] allocate_slab+0x30f/0x460 [ 65.802732][ T544] ___slab_alloc.constprop.0+0x32b/0x730 [ 65.808351][ T544] kmem_cache_alloc+0x491/0x4f0 [ 65.813270][ T544] f2fs_init_extent_tree+0x98f/0xdf0 [ 65.818535][ T544] f2fs_iget+0xa75/0x4a00 [ 65.822841][ T544] f2fs_lookup+0x491/0xc20 [ 65.827232][ T544] __lookup_slow+0x19b/0x3d0 [ 65.831799][ T544] walk_component+0x3ad/0x710 [ 65.836478][ T544] path_lookupat+0x112/0x6a0 [ 65.841060][ T544] filename_lookup+0x17f/0x510 [ 65.845803][ T544] user_path_at_empty+0xa2/0xf0 [ 65.850645][ T544] do_sys_truncate.part.0+0x85/0x100 [ 65.855915][ T544] __x64_sys_truncate+0x54/0x80 [ 65.860759][ T544] do_syscall_64+0x32/0x50 [ 65.865177][ T544] page_owner free stack trace missing [ 65.870524][ T544] [ 65.872836][ T544] Memory state around the buggy address: [ 65.878463][ T544] ffff8881227ce380: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc 2025/12/11 13:28:55 executed programs: 21 [ 65.886512][ T544] ffff8881227ce400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.894556][ T544] >ffff8881227ce480: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 65.902598][ T544] ^ [ 65.909251][ T544] ffff8881227ce500: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 65.917293][ T544] ffff8881227ce580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.925364][ T544] ==================================================================