[ 36.459022][ T49] device bridge_slave_0 left promiscuous mode [ 36.465195][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.472875][ T49] device bridge_slave_1 left promiscuous mode [ 36.479051][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.486469][ T49] device bridge_slave_0 left promiscuous mode [ 36.492546][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.500343][ T49] device veth1_macvtap left promiscuous mode [ 36.506365][ T49] device veth0_vlan left promiscuous mode [ 36.512189][ T49] device veth1_macvtap left promiscuous mode [ 36.518358][ T49] device veth0_vlan left promiscuous mode Warning: Permanently added '10.128.0.211' (ED25519) to the list of known hosts. 2025/08/24 14:22:12 parsed 1 programs [ 54.715925][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 54.715936][ T24] audit: type=1400 audit(1756045333.570:105): avc: denied { unlink } for pid=419 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 54.777258][ T419] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.225700][ T24] audit: type=1400 audit(1756045334.080:106): avc: denied { create } for pid=428 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 55.292744][ T24] audit: type=1401 audit(1756045334.120:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 55.504703][ T439] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.511775][ T439] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.519363][ T439] device bridge_slave_0 entered promiscuous mode [ 55.527507][ T439] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.535040][ T439] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.542423][ T439] device bridge_slave_1 entered promiscuous mode [ 55.612831][ T439] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.619927][ T439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.627217][ T439] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.634241][ T439] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.802497][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.825981][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.834448][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.885010][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.893180][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.925661][ T439] device veth0_vlan entered promiscuous mode [ 55.934541][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.942912][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.951532][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.963335][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.975306][ T439] device veth1_macvtap entered promiscuous mode [ 55.990296][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.000956][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.009800][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready 2025/08/24 14:22:14 executed programs: 0 [ 56.198087][ T487] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.205267][ T487] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.212527][ T487] device bridge_slave_0 entered promiscuous mode [ 56.220430][ T487] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.227515][ T487] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.234900][ T487] device bridge_slave_1 entered promiscuous mode [ 56.262061][ T488] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.269239][ T488] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.276719][ T488] device bridge_slave_0 entered promiscuous mode [ 56.295005][ T488] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.302163][ T488] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.309554][ T488] device bridge_slave_1 entered promiscuous mode [ 56.333647][ T491] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.340709][ T491] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.348218][ T491] device bridge_slave_0 entered promiscuous mode [ 56.355345][ T491] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.362375][ T491] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.371943][ T491] device bridge_slave_1 entered promiscuous mode [ 56.409536][ T493] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.416834][ T493] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.424080][ T493] device bridge_slave_0 entered promiscuous mode [ 56.433039][ T493] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.440116][ T493] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.447611][ T493] device bridge_slave_1 entered promiscuous mode [ 56.467783][ T492] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.474882][ T492] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.482244][ T492] device bridge_slave_0 entered promiscuous mode [ 56.509757][ T492] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.516868][ T492] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.524143][ T492] device bridge_slave_1 entered promiscuous mode [ 56.643575][ T493] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.650751][ T493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.658093][ T493] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.665131][ T493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.690015][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.697572][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.705704][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.713057][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.749522][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.757698][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.766344][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.774781][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.781908][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.789284][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.797624][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.805926][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.812934][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.820315][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.831455][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.839230][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.850376][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.858721][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.866254][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.888436][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.897102][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.904115][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.911496][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.921031][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.929315][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.936428][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.943876][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.952239][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.959450][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.966958][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.975381][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.983509][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.990645][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.998171][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.006148][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.014109][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.022090][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.030259][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.038693][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.046939][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.053946][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.061336][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.069007][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.076724][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.101943][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.110527][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.119086][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.126161][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.134006][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.142216][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.149255][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.156593][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.164835][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.171854][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.190847][ T488] device veth0_vlan entered promiscuous mode [ 57.198788][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.207558][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.215891][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.223605][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.231071][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.239017][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.247106][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.255014][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.262867][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.271305][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.279328][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.297296][ T492] device veth0_vlan entered promiscuous mode [ 57.305466][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.313803][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.322724][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.330428][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.338211][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.356762][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.377752][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.386099][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.393441][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.401461][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.412545][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 57.421012][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.433602][ T492] device veth1_macvtap entered promiscuous mode [ 57.440640][ T491] device veth0_vlan entered promiscuous mode [ 57.448529][ T488] device veth1_macvtap entered promiscuous mode [ 57.455325][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.463450][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.472027][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.479833][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.488068][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.496235][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.507027][ T487] device veth0_vlan entered promiscuous mode [ 57.517733][ T493] device veth0_vlan entered promiscuous mode [ 57.528849][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.536819][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.544955][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.552985][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.561035][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.569641][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.578345][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.586308][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.593656][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.601113][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.610467][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.618853][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.634395][ T487] device veth1_macvtap entered promiscuous mode [ 57.642288][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.650949][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.659589][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.667844][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.676315][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.684676][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.692858][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.701042][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.709105][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.726567][ T491] device veth1_macvtap entered promiscuous mode [ 57.757437][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.765444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.773691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.782349][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.791116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.802915][ T493] device veth1_macvtap entered promiscuous mode [ 57.817451][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.826273][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.854686][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.862338][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.883587][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.922239][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.945286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.989455][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.015167][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.043858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.064057][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.777888][ T510] ====================================================== [ 58.777888][ T510] WARNING: the mand mount option is being deprecated and [ 58.777888][ T510] will be removed in v5.15! [ 58.777888][ T510] ====================================================== [ 58.824818][ T510] F2FS-fs (loop5): invalid crc value [ 58.855818][ T510] F2FS-fs (loop5): Found nat_bits in checkpoint [ 58.975237][ T7] device bridge_slave_1 left promiscuous mode [ 58.981609][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.994948][ T7] device bridge_slave_0 left promiscuous mode [ 58.997264][ T510] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 59.001092][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.024520][ T24] audit: type=1400 audit(1756045337.880:108): avc: denied { mount } for pid=509 comm="syz.5.18" name="/" dev="loop5" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 59.064366][ T510] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 59.081282][ T510] CPU: 0 PID: 510 Comm: syz.5.18 Not tainted syzkaller #0 [ 59.088419][ T510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 59.098489][ T510] Call Trace: [ 59.101796][ T510] __dump_stack+0x21/0x24 [ 59.106244][ T510] dump_stack_lvl+0x169/0x1d8 [ 59.110932][ T510] ? _raw_spin_trylock_bh+0x130/0x130 [ 59.116315][ T510] ? show_regs_print_info+0x18/0x18 [ 59.121521][ T510] ? memcpy+0x56/0x70 [ 59.125509][ T510] dump_stack+0x15/0x1c [ 59.129670][ T510] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 59.135144][ T510] f2fs_iget+0x1eb6/0x4dc0 [ 59.139576][ T510] f2fs_lookup+0x3ee/0xce0 [ 59.144002][ T510] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 59.150066][ T510] ? d_hash_and_lookup+0x1f0/0x1f0 [ 59.155169][ T510] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 59.160704][ T510] ? lockref_get_not_dead+0xe6/0x1c0 [ 59.165978][ T510] __lookup_slow+0x2aa/0x3e0 [ 59.170558][ T510] ? lookup_one_len+0x2c0/0x2c0 [ 59.175398][ T510] ? lookup_fast+0x2fa/0x700 [ 59.180061][ T510] ? link_path_walk+0x915/0xb80 [ 59.184903][ T510] ? __kasan_check_write+0x14/0x20 [ 59.190079][ T510] lookup_slow+0x57/0x70 [ 59.194313][ T510] walk_component+0x325/0x460 [ 59.198979][ T510] path_lookupat+0x180/0x490 [ 59.203554][ T510] filename_lookup+0x1d5/0x600 [ 59.208307][ T510] ? hashlen_string+0x120/0x120 [ 59.213143][ T510] ? getname_flags+0x206/0x500 [ 59.217896][ T510] user_path_at_empty+0x43/0x50 [ 59.222733][ T510] do_sys_truncate+0xa3/0x190 [ 59.227418][ T510] ? locks_verify_truncate+0x170/0x170 [ 59.232863][ T510] __x64_sys_truncate+0x5b/0x70 [ 59.237700][ T510] do_syscall_64+0x31/0x40 [ 59.242103][ T510] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.247983][ T510] RIP: 0033:0x7f42d4abbbe9 [ 59.252386][ T510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.272322][ T510] RSP: 002b:00007f42d492c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 59.280814][ T510] RAX: ffffffffffffffda RBX: 00007f42d4ce2fa0 RCX: 00007f42d4abbbe9 [ 59.288777][ T510] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 59.296737][ T510] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 59.304698][ T510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.312780][ T510] R13: 00007f42d4ce3038 R14: 00007f42d4ce2fa0 R15: 00007ffdd2800b68 [ 59.322330][ T7] device veth1_macvtap left promiscuous mode [ 59.329139][ T7] device veth0_vlan left promiscuous mode [ 59.354728][ T510] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.405282][ T536] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 59.418278][ T519] F2FS-fs (loop4): invalid crc value [ 59.424146][ T536] CPU: 1 PID: 536 Comm: syz.5.18 Not tainted syzkaller #0 [ 59.431361][ T536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 59.441508][ T536] Call Trace: [ 59.444895][ T536] __dump_stack+0x21/0x24 [ 59.449231][ T536] dump_stack_lvl+0x169/0x1d8 [ 59.453914][ T536] ? _raw_spin_trylock_bh+0x130/0x130 [ 59.459288][ T536] ? show_regs_print_info+0x18/0x18 [ 59.464488][ T536] dump_stack+0x15/0x1c [ 59.468650][ T536] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 59.474028][ T536] f2fs_iget+0x1eb6/0x4dc0 [ 59.478474][ T536] f2fs_lookup+0x3ee/0xce0 [ 59.482907][ T536] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 59.488981][ T536] ? d_hash_and_lookup+0x1f0/0x1f0 [ 59.494102][ T536] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 59.500178][ T536] path_openat+0x1127/0x3160 [ 59.504784][ T536] ? do_filp_open+0x3e0/0x3e0 [ 59.509474][ T536] do_filp_open+0x1b3/0x3e0 [ 59.513984][ T536] ? vfs_tmpfile+0x2c0/0x2c0 [ 59.518592][ T536] ? get_unused_fd_flags+0x92/0xa0 [ 59.523716][ T536] do_sys_openat2+0x14c/0x6d0 [ 59.528398][ T536] ? do_sys_open+0xe0/0xe0 [ 59.532851][ T536] ? __kasan_check_write+0x14/0x20 [ 59.537975][ T536] ? switch_fpu_return+0x197/0x340 [ 59.543097][ T536] ? fpu__clear_all+0x20/0x20 [ 59.547780][ T536] ? do_kern_addr_fault+0x80/0x80 [ 59.552828][ T536] __x64_sys_openat+0x136/0x160 [ 59.557687][ T536] do_syscall_64+0x31/0x40 [ 59.562115][ T536] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.568016][ T536] RIP: 0033:0x7f42d4abbbe9 [ 59.572438][ T536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.592572][ T536] RSP: 002b:00007f42d490b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 59.601088][ T536] RAX: ffffffffffffffda RBX: 00007f42d4ce3090 RCX: 00007f42d4abbbe9 [ 59.609070][ T536] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 59.617056][ T536] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 59.625043][ T536] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 59.633032][ T536] R13: 00007f42d4ce3128 R14: 00007f42d4ce3090 R15: 00007ffdd2800b68 [ 59.644363][ T536] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.654857][ T519] F2FS-fs (loop4): Found nat_bits in checkpoint [ 59.691317][ T519] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 59.736543][ T519] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 59.743315][ T519] CPU: 0 PID: 519 Comm: syz.4.21 Not tainted syzkaller #0 [ 59.750423][ T519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 59.760504][ T519] Call Trace: [ 59.763892][ T519] __dump_stack+0x21/0x24 [ 59.768226][ T519] dump_stack_lvl+0x169/0x1d8 [ 59.772904][ T519] ? _raw_spin_trylock_bh+0x130/0x130 [ 59.778279][ T519] ? show_regs_print_info+0x18/0x18 [ 59.783585][ T519] ? memcpy+0x56/0x70 [ 59.787578][ T519] dump_stack+0x15/0x1c [ 59.791738][ T519] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 59.796350][ T515] F2FS-fs (loop0): invalid crc value [ 59.797118][ T519] f2fs_iget+0x1eb6/0x4dc0 [ 59.802673][ T513] F2FS-fs (loop3): invalid crc value [ 59.806868][ T519] f2fs_lookup+0x3ee/0xce0 [ 59.806879][ T519] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 59.806897][ T519] ? d_hash_and_lookup+0x1f0/0x1f0 [ 59.827725][ T519] ? lockref_get_not_dead+0xe6/0x1c0 [ 59.833037][ T519] __lookup_slow+0x2aa/0x3e0 [ 59.837630][ T519] ? lookup_one_len+0x2c0/0x2c0 [ 59.842490][ T519] ? lookup_fast+0x2fa/0x700 [ 59.847083][ T519] ? link_path_walk+0x915/0xb80 [ 59.851925][ T519] ? __kasan_check_write+0x14/0x20 [ 59.857026][ T519] lookup_slow+0x57/0x70 [ 59.861255][ T519] walk_component+0x325/0x460 [ 59.865941][ T519] path_lookupat+0x180/0x490 [ 59.870516][ T519] filename_lookup+0x1d5/0x600 [ 59.875266][ T519] ? hashlen_string+0x120/0x120 [ 59.880196][ T519] ? getname_flags+0x206/0x500 [ 59.884951][ T519] user_path_at_empty+0x43/0x50 [ 59.889788][ T519] do_sys_truncate+0xa3/0x190 [ 59.894459][ T519] ? locks_verify_truncate+0x170/0x170 [ 59.899903][ T519] __x64_sys_truncate+0x5b/0x70 [ 59.904739][ T519] do_syscall_64+0x31/0x40 [ 59.909234][ T519] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.915111][ T519] RIP: 0033:0x7fbfb0c08be9 [ 59.919622][ T519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.939474][ T519] RSP: 002b:00007fbfb0a79038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 59.947887][ T519] RAX: ffffffffffffffda RBX: 00007fbfb0e2ffa0 RCX: 00007fbfb0c08be9 [ 59.956020][ T519] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 59.963979][ T519] RBP: 00007fbfb0c8be19 R08: 0000000000000000 R09: 0000000000000000 [ 59.972025][ T519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.980098][ T519] R13: 00007fbfb0e30038 R14: 00007fbfb0e2ffa0 R15: 00007fffb27343b8 [ 59.988936][ T519] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.003566][ T519] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 60.015246][ T517] F2FS-fs (loop6): invalid crc value [ 60.024483][ T515] F2FS-fs (loop0): Found nat_bits in checkpoint [ 60.044564][ T517] F2FS-fs (loop6): Found nat_bits in checkpoint [ 60.055398][ T513] F2FS-fs (loop3): Found nat_bits in checkpoint [ 60.096967][ T519] CPU: 1 PID: 519 Comm: syz.4.21 Not tainted syzkaller #0 [ 60.104201][ T519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 60.114260][ T519] Call Trace: [ 60.117556][ T519] __dump_stack+0x21/0x24 [ 60.118559][ T517] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 60.122064][ T519] dump_stack_lvl+0x169/0x1d8 [ 60.129628][ T513] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 60.134173][ T519] ? _raw_spin_trylock_bh+0x130/0x130 [ 60.146961][ T519] ? show_regs_print_info+0x18/0x18 [ 60.152157][ T519] ? memcpy+0x56/0x70 [ 60.156136][ T519] dump_stack+0x15/0x1c [ 60.160286][ T519] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 60.162450][ T517] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 60.165698][ T519] f2fs_iget+0x1eb6/0x4dc0 [ 60.165712][ T519] f2fs_lookup+0x3ee/0xce0 [ 60.165724][ T519] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 60.165735][ T519] ? d_hash_and_lookup+0x1f0/0x1f0 [ 60.165747][ T519] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 60.165757][ T519] path_openat+0x1127/0x3160 [ 60.165772][ T519] ? do_filp_open+0x3e0/0x3e0 [ 60.165783][ T519] do_filp_open+0x1b3/0x3e0 [ 60.165792][ T519] ? vfs_tmpfile+0x2c0/0x2c0 [ 60.165807][ T519] ? get_unused_fd_flags+0x92/0xa0 [ 60.165817][ T519] do_sys_openat2+0x14c/0x6d0 [ 60.165828][ T519] ? __se_sys_futex+0x2b4/0x360 [ 60.165837][ T519] ? do_sys_open+0xe0/0xe0 [ 60.165849][ T519] ? switch_fpu_return+0x197/0x340 [ 60.165859][ T519] ? fpu__clear_all+0x20/0x20 [ 60.165869][ T519] __x64_sys_openat+0x136/0x160 [ 60.165879][ T519] do_syscall_64+0x31/0x40 [ 60.165889][ T519] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.165905][ T519] RIP: 0033:0x7fbfb0c08be9 [ 60.173716][ T513] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 60.176992][ T519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.177000][ T519] RSP: 002b:00007fbfb0a79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 60.177014][ T519] RAX: ffffffffffffffda RBX: 00007fbfb0e2ffa0 RCX: 00007fbfb0c08be9 [ 60.177021][ T519] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 60.177036][ T519] RBP: 00007fbfb0c8be19 R08: 0000000000000000 R09: 0000000000000000 [ 60.324793][ T519] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 60.332775][ T519] R13: 00007fbfb0e30038 R14: 00007fbfb0e2ffa0 R15: 00007fffb27343b8 [ 60.340748][ T517] CPU: 0 PID: 517 Comm: syz.6.19 Not tainted syzkaller #0 [ 60.347866][ T517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 60.353812][ T515] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 60.358022][ T517] Call Trace: [ 60.358041][ T517] __dump_stack+0x21/0x24 [ 60.358050][ T517] dump_stack_lvl+0x169/0x1d8 [ 60.358069][ T517] ? _raw_spin_trylock_bh+0x130/0x130 [ 60.383143][ T517] ? show_regs_print_info+0x18/0x18 [ 60.386402][ T515] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 60.388339][ T517] ? memcpy+0x56/0x70 [ 60.388351][ T517] dump_stack+0x15/0x1c [ 60.388363][ T517] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 60.388374][ T517] f2fs_iget+0x1eb6/0x4dc0 [ 60.388388][ T517] f2fs_lookup+0x3ee/0xce0 [ 60.388400][ T517] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 60.388412][ T517] ? d_hash_and_lookup+0x1f0/0x1f0 [ 60.388425][ T517] ? lockref_get_not_dead+0xe6/0x1c0 [ 60.388437][ T517] __lookup_slow+0x2aa/0x3e0 [ 60.388447][ T517] ? lookup_one_len+0x2c0/0x2c0 [ 60.388457][ T517] ? lookup_fast+0x2fa/0x700 [ 60.388468][ T517] ? link_path_walk+0x915/0xb80 [ 60.388480][ T517] ? __kasan_check_write+0x14/0x20 [ 60.388490][ T517] lookup_slow+0x57/0x70 [ 60.388501][ T517] walk_component+0x325/0x460 [ 60.388512][ T517] path_lookupat+0x180/0x490 [ 60.388523][ T517] filename_lookup+0x1d5/0x600 [ 60.388534][ T517] ? hashlen_string+0x120/0x120 [ 60.388548][ T517] ? getname_flags+0x206/0x500 [ 60.388559][ T517] user_path_at_empty+0x43/0x50 [ 60.388571][ T517] do_sys_truncate+0xa3/0x190 [ 60.388590][ T517] ? locks_verify_truncate+0x170/0x170 [ 60.388602][ T517] __x64_sys_truncate+0x5b/0x70 [ 60.388612][ T517] do_syscall_64+0x31/0x40 [ 60.388624][ T517] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.388633][ T517] RIP: 0033:0x7f99df941be9 [ 60.388644][ T517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.388651][ T517] RSP: 002b:00007f99df7b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.388666][ T517] RAX: ffffffffffffffda RBX: 00007f99dfb68fa0 RCX: 00007f99df941be9 [ 60.388673][ T517] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.388679][ T517] RBP: 00007f99df9c4e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.388686][ T517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.388693][ T517] R13: 00007f99dfb69038 R14: 00007f99dfb68fa0 R15: 00007ffe29a98538 [ 60.564763][ T513] CPU: 0 PID: 513 Comm: syz.3.20 Not tainted syzkaller #0 [ 60.597168][ T513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 60.607210][ T513] Call Trace: [ 60.610496][ T513] __dump_stack+0x21/0x24 [ 60.614820][ T513] dump_stack_lvl+0x169/0x1d8 [ 60.619488][ T513] ? _raw_spin_trylock_bh+0x130/0x130 [ 60.624867][ T513] ? show_regs_print_info+0x18/0x18 [ 60.630053][ T513] ? memcpy+0x56/0x70 [ 60.634022][ T513] dump_stack+0x15/0x1c [ 60.638168][ T513] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 60.643547][ T513] f2fs_iget+0x1eb6/0x4dc0 [ 60.647954][ T513] f2fs_lookup+0x3ee/0xce0 [ 60.652361][ T513] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 60.658505][ T513] ? d_hash_and_lookup+0x1f0/0x1f0 [ 60.663632][ T513] ? lockref_get_not_dead+0xe6/0x1c0 [ 60.668911][ T513] __lookup_slow+0x2aa/0x3e0 [ 60.673575][ T513] ? lookup_one_len+0x2c0/0x2c0 [ 60.678516][ T513] ? lookup_fast+0x2fa/0x700 [ 60.683092][ T513] ? link_path_walk+0x915/0xb80 [ 60.687936][ T513] ? __kasan_check_write+0x14/0x20 [ 60.693032][ T513] lookup_slow+0x57/0x70 [ 60.697264][ T513] walk_component+0x325/0x460 [ 60.701932][ T513] path_lookupat+0x180/0x490 [ 60.706518][ T513] filename_lookup+0x1d5/0x600 [ 60.711271][ T513] ? hashlen_string+0x120/0x120 [ 60.716124][ T513] ? getname_flags+0x206/0x500 [ 60.720887][ T513] user_path_at_empty+0x43/0x50 [ 60.725735][ T513] do_sys_truncate+0xa3/0x190 [ 60.730399][ T513] ? locks_verify_truncate+0x170/0x170 [ 60.735856][ T513] __x64_sys_truncate+0x5b/0x70 [ 60.740717][ T513] do_syscall_64+0x31/0x40 [ 60.745139][ T513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.751135][ T513] RIP: 0033:0x7f41ea729be9 [ 60.755567][ T513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.764738][ T517] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.775260][ T513] RSP: 002b:00007f41ea59a038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.775275][ T513] RAX: ffffffffffffffda RBX: 00007f41ea950fa0 RCX: 00007f41ea729be9 [ 60.775282][ T513] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.775297][ T513] RBP: 00007f41ea7ace19 R08: 0000000000000000 R09: 0000000000000000 [ 60.820135][ T513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.828241][ T513] R13: 00007f41ea951038 R14: 00007f41ea950fa0 R15: 00007ffedbca1938 [ 60.836583][ T560] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 60.836959][ T519] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.843342][ T515] CPU: 1 PID: 515 Comm: syz.0.17 Not tainted syzkaller #0 [ 60.858224][ T513] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.862806][ T515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 60.875411][ T561] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 60.885167][ T515] Call Trace: [ 60.885185][ T515] __dump_stack+0x21/0x24 [ 60.885196][ T515] dump_stack_lvl+0x169/0x1d8 [ 60.885207][ T515] ? _raw_spin_trylock_bh+0x130/0x130 [ 60.885218][ T515] ? show_regs_print_info+0x18/0x18 [ 60.885235][ T515] ? memcpy+0x56/0x70 [ 60.918665][ T515] dump_stack+0x15/0x1c [ 60.922811][ T515] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 60.928175][ T515] f2fs_iget+0x1eb6/0x4dc0 [ 60.932598][ T515] f2fs_lookup+0x3ee/0xce0 [ 60.937003][ T515] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 60.943058][ T515] ? d_hash_and_lookup+0x1f0/0x1f0 [ 60.948162][ T515] ? lockref_get_not_dead+0xe6/0x1c0 [ 60.953438][ T515] __lookup_slow+0x2aa/0x3e0 [ 60.958018][ T515] ? lookup_one_len+0x2c0/0x2c0 [ 60.962943][ T515] ? lookup_fast+0x2fa/0x700 [ 60.967520][ T515] ? link_path_walk+0x915/0xb80 [ 60.972359][ T515] ? __kasan_check_write+0x14/0x20 [ 60.977562][ T515] lookup_slow+0x57/0x70 [ 60.981802][ T515] walk_component+0x325/0x460 [ 60.986465][ T515] path_lookupat+0x180/0x490 [ 60.991040][ T515] filename_lookup+0x1d5/0x600 [ 60.995791][ T515] ? hashlen_string+0x120/0x120 [ 61.000646][ T515] ? getname_flags+0x206/0x500 [ 61.005418][ T515] user_path_at_empty+0x43/0x50 [ 61.010267][ T515] do_sys_truncate+0xa3/0x190 [ 61.014940][ T515] ? locks_verify_truncate+0x170/0x170 [ 61.020396][ T515] __x64_sys_truncate+0x5b/0x70 [ 61.025290][ T515] do_syscall_64+0x31/0x40 [ 61.029702][ T515] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.035581][ T515] RIP: 0033:0x7f58f7264be9 [ 61.039985][ T515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.059748][ T515] RSP: 002b:00007f58f70d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 61.068151][ T515] RAX: ffffffffffffffda RBX: 00007f58f748bfa0 RCX: 00007f58f7264be9 [ 61.076113][ T515] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 61.084082][ T515] RBP: 00007f58f72e7e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.092050][ T515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.100009][ T515] R13: 00007f58f748c038 R14: 00007f58f748bfa0 R15: 00007ffcff14a618 [ 61.114573][ T561] CPU: 1 PID: 561 Comm: syz.3.20 Not tainted syzkaller #0 [ 61.121719][ T561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 61.131941][ T561] Call Trace: [ 61.135224][ T561] __dump_stack+0x21/0x24 [ 61.139553][ T561] dump_stack_lvl+0x169/0x1d8 [ 61.144218][ T561] ? _raw_write_trylock+0x140/0x140 [ 61.149403][ T561] ? show_regs_print_info+0x18/0x18 [ 61.154585][ T561] dump_stack+0x15/0x1c [ 61.158726][ T561] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 61.164087][ T561] f2fs_iget+0x1eb6/0x4dc0 [ 61.168510][ T561] f2fs_lookup+0x3ee/0xce0 [ 61.172911][ T561] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 61.178992][ T561] ? d_hash_and_lookup+0x1f0/0x1f0 [ 61.184090][ T561] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 61.190144][ T561] path_openat+0x1127/0x3160 [ 61.194814][ T561] ? do_filp_open+0x3e0/0x3e0 [ 61.199914][ T561] do_filp_open+0x1b3/0x3e0 [ 61.204413][ T561] ? vfs_tmpfile+0x2c0/0x2c0 [ 61.208998][ T561] ? get_unused_fd_flags+0x92/0xa0 [ 61.214096][ T561] do_sys_openat2+0x14c/0x6d0 [ 61.218762][ T561] ? do_sys_open+0xe0/0xe0 [ 61.223166][ T561] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 61.228702][ T561] __x64_sys_openat+0x136/0x160 [ 61.233538][ T561] do_syscall_64+0x31/0x40 [ 61.237945][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.243822][ T561] RIP: 0033:0x7f41ea729be9 [ 61.248227][ T561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.267909][ T561] RSP: 002b:00007f41ea579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.276398][ T561] RAX: ffffffffffffffda RBX: 00007f41ea951090 RCX: 00007f41ea729be9 [ 61.284360][ T561] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.292318][ T561] RBP: 00007f41ea7ace19 R08: 0000000000000000 R09: 0000000000000000 2025/08/24 14:22:19 executed programs: 16 [ 61.300277][ T561] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.308251][ T561] R13: 00007f41ea951128 R14: 00007f41ea951090 R15: 00007ffedbca1938 [ 61.316490][ T515] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.317049][ T24] audit: type=1400 audit(1756045339.970:109): avc: denied { write } for pid=411 comm="syz-execprog" path="pipe:[15720]" dev="pipefs" ino=15720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 61.329765][ T561] ================================================================== [ 61.360157][ T561] BUG: KASAN: use-after-free in f2fs_iget+0x43aa/0x4dc0 [ 61.367107][ T561] Read of size 4 at addr ffff888125bef418 by task syz.3.20/561 [ 61.374651][ T561] [ 61.376990][ T561] CPU: 0 PID: 561 Comm: syz.3.20 Not tainted syzkaller #0 [ 61.384103][ T561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 61.394158][ T561] Call Trace: [ 61.397451][ T561] __dump_stack+0x21/0x24 [ 61.401836][ T561] dump_stack_lvl+0x169/0x1d8 [ 61.406522][ T561] ? show_regs_print_info+0x18/0x18 [ 61.411730][ T561] ? thaw_kernel_threads+0x220/0x220 [ 61.417019][ T561] print_address_description+0x7f/0x2c0 [ 61.422576][ T561] ? f2fs_iget+0x43aa/0x4dc0 [ 61.427201][ T561] kasan_report+0xe2/0x130 [ 61.431640][ T561] ? f2fs_iget+0x43aa/0x4dc0 [ 61.436247][ T561] __asan_report_load4_noabort+0x14/0x20 [ 61.441880][ T561] f2fs_iget+0x43aa/0x4dc0 [ 61.446484][ T561] f2fs_lookup+0x3ee/0xce0 [ 61.450907][ T561] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 61.457004][ T561] ? d_hash_and_lookup+0x1f0/0x1f0 [ 61.462121][ T561] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 61.468203][ T561] path_openat+0x1127/0x3160 [ 61.472806][ T561] ? do_filp_open+0x3e0/0x3e0 [ 61.477494][ T561] do_filp_open+0x1b3/0x3e0 [ 61.482006][ T561] ? vfs_tmpfile+0x2c0/0x2c0 [ 61.486628][ T561] ? get_unused_fd_flags+0x92/0xa0 [ 61.491734][ T561] do_sys_openat2+0x14c/0x6d0 [ 61.496399][ T561] ? do_sys_open+0xe0/0xe0 [ 61.500808][ T561] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 61.506428][ T561] __x64_sys_openat+0x136/0x160 [ 61.511267][ T561] do_syscall_64+0x31/0x40 [ 61.515673][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.521554][ T561] RIP: 0033:0x7f41ea729be9 [ 61.526131][ T561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.545735][ T561] RSP: 002b:00007f41ea579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.554151][ T561] RAX: ffffffffffffffda RBX: 00007f41ea951090 RCX: 00007f41ea729be9 [ 61.562138][ T561] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.570198][ T561] RBP: 00007f41ea7ace19 R08: 0000000000000000 R09: 0000000000000000 [ 61.578167][ T561] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.586336][ T561] R13: 00007f41ea951128 R14: 00007f41ea951090 R15: 00007ffedbca1938 [ 61.594408][ T561] [ 61.594419][ T560] CPU: 1 PID: 560 Comm: syz.6.19 Not tainted syzkaller #0 [ 61.594432][ T560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 61.596744][ T561] Allocated by task 513: [ 61.603839][ T560] Call Trace: [ 61.613886][ T561] __kasan_slab_alloc+0xbd/0xf0 [ 61.618109][ T560] __dump_stack+0x21/0x24 [ 61.621376][ T561] slab_post_alloc_hook+0x5d/0x2f0 [ 61.626203][ T560] dump_stack_lvl+0x169/0x1d8 [ 61.630510][ T561] kmem_cache_alloc+0x165/0x2e0 [ 61.635601][ T560] ? _raw_write_trylock+0x140/0x140 [ 61.640258][ T561] f2fs_init_extent_tree+0x4bd/0xc40 [ 61.645089][ T560] ? show_regs_print_info+0x18/0x18 [ 61.650265][ T561] f2fs_iget+0x1225/0x4dc0 [ 61.655535][ T560] dump_stack+0x15/0x1c [ 61.660710][ T561] f2fs_lookup+0x3ee/0xce0 [ 61.665102][ T560] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 61.669236][ T561] __lookup_slow+0x2aa/0x3e0 [ 61.673632][ T560] f2fs_iget+0x1eb6/0x4dc0 [ 61.678982][ T561] lookup_slow+0x57/0x70 [ 61.683550][ T560] f2fs_lookup+0x3ee/0xce0 [ 61.687948][ T561] walk_component+0x325/0x460 [ 61.692180][ T560] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 61.696580][ T561] path_lookupat+0x180/0x490 [ 61.701232][ T560] ? d_hash_and_lookup+0x1f0/0x1f0 [ 61.707275][ T561] filename_lookup+0x1d5/0x600 [ 61.711851][ T560] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 61.716941][ T561] user_path_at_empty+0x43/0x50 [ 61.721683][ T560] path_openat+0x1127/0x3160 [ 61.727732][ T561] do_sys_truncate+0xa3/0x190 [ 61.732574][ T560] ? do_filp_open+0x3e0/0x3e0 [ 61.737149][ T561] __x64_sys_truncate+0x5b/0x70 [ 61.741805][ T560] do_filp_open+0x1b3/0x3e0 [ 61.746459][ T561] do_syscall_64+0x31/0x40 [ 61.751289][ T560] ? vfs_tmpfile+0x2c0/0x2c0 [ 61.755771][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.760259][ T560] ? get_unused_fd_flags+0x92/0xa0 [ 61.764917][ T561] [ 61.770800][ T560] do_sys_openat2+0x14c/0x6d0 [ 61.775888][ T561] Freed by task 513: [ 61.778212][ T560] ? do_sys_open+0xe0/0xe0 [ 61.782869][ T561] kasan_set_track+0x4a/0x70 [ 61.786743][ T560] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 61.791222][ T561] kasan_set_free_info+0x23/0x40 [ 61.795791][ T560] __x64_sys_openat+0x136/0x160 [ 61.801314][ T561] ____kasan_slab_free+0x125/0x160 [ 61.806231][ T560] do_syscall_64+0x31/0x40 [ 61.811059][ T561] __kasan_slab_free+0x11/0x20 [ 61.816149][ T560] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.820540][ T561] slab_free_freelist_hook+0xc5/0x190 [ 61.825279][ T560] RIP: 0033:0x7f99df941be9 [ 61.831156][ T561] kmem_cache_free+0x100/0x2d0 [ 61.836507][ T560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.840911][ T561] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 61.845652][ T560] RSP: 002b:00007f99df791038 EFLAGS: 00000246 [ 61.865326][ T561] f2fs_evict_inode+0x430/0x1420 [ 61.870851][ T560] ORIG_RAX: 0000000000000101 [ 61.876906][ T561] evict+0x478/0x910 [ 61.881827][ T560] RAX: ffffffffffffffda RBX: 00007f99dfb69090 RCX: 00007f99df941be9 [ 61.886480][ T561] iput+0x638/0x7c0 [ 61.890437][ T560] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.898397][ T561] iget_failed+0x17a/0x1c0 [ 61.902178][ T560] RBP: 00007f99df9c4e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.910133][ T561] f2fs_iget+0x2571/0x4dc0 [ 61.914611][ T560] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.922652][ T561] f2fs_lookup+0x3ee/0xce0 [ 61.927044][ T560] R13: 00007f99dfb69128 R14: 00007f99dfb69090 R15: 00007ffe29a98538 [ 61.935176][ T561] __lookup_slow+0x2aa/0x3e0 [ 61.939705][ T560] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.947528][ T561] lookup_slow+0x57/0x70 [ 61.947538][ T561] walk_component+0x325/0x460 [ 61.947546][ T561] path_lookupat+0x180/0x490 [ 61.947560][ T561] filename_lookup+0x1d5/0x600 [ 61.982669][ T561] user_path_at_empty+0x43/0x50 [ 61.987511][ T561] do_sys_truncate+0xa3/0x190 [ 61.992305][ T561] __x64_sys_truncate+0x5b/0x70 [ 61.997154][ T561] do_syscall_64+0x31/0x40 [ 62.001557][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.007431][ T561] [ 62.009743][ T561] The buggy address belongs to the object at ffff888125bef3f0 [ 62.009743][ T561] which belongs to the cache f2fs_extent_tree of size 80 [ 62.024122][ T561] The buggy address is located 40 bytes inside of [ 62.024122][ T561] 80-byte region [ffff888125bef3f0, ffff888125bef440) [ 62.037615][ T561] The buggy address belongs to the page: [ 62.043709][ T561] page:ffffea000496fbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125bef [ 62.053930][ T561] flags: 0x4000000000000200(slab) [ 62.058951][ T561] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810278e180 [ 62.067641][ T561] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 62.076302][ T561] page dumped because: kasan: bad access detected [ 62.082696][ T561] page_owner tracks the page as allocated [ 62.088529][ T561] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 510, ts 59064324644, free_ts 0 [ 62.106567][ T561] prep_new_page+0x179/0x180 [ 62.111146][ T561] get_page_from_freelist+0x2235/0x23d0 [ 62.116672][ T561] __alloc_pages_nodemask+0x268/0x5f0 [ 62.122022][ T561] new_slab+0x84/0x3f0 [ 62.126069][ T561] ___slab_alloc+0x2a6/0x450 [ 62.130637][ T561] __slab_alloc+0x63/0xa0 [ 62.134959][ T561] kmem_cache_alloc+0x1af/0x2e0 [ 62.139794][ T561] f2fs_init_extent_tree+0x4bd/0xc40 [ 62.145056][ T561] f2fs_iget+0x1225/0x4dc0 [ 62.149449][ T561] f2fs_lookup+0x3ee/0xce0 [ 62.153866][ T561] __lookup_slow+0x2aa/0x3e0 [ 62.158460][ T561] lookup_slow+0x57/0x70 [ 62.162700][ T561] walk_component+0x325/0x460 [ 62.167377][ T561] path_lookupat+0x180/0x490 [ 62.171955][ T561] filename_lookup+0x1d5/0x600 [ 62.176696][ T561] user_path_at_empty+0x43/0x50 [ 62.181519][ T561] page_owner free stack trace missing [ 62.186863][ T561] [ 62.189167][ T561] Memory state around the buggy address: [ 62.194777][ T561] ffff888125bef300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.202910][ T561] ffff888125bef380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb [ 62.210961][ T561] >ffff888125bef400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 62.219178][ T561] ^ [ 62.224011][ T561] ffff888125bef480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.232067][ T561] ffff888125bef500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.240118][ T561] ================================================================== [ 62.248154][ T561] Disabling lock debugging due to kernel taint [ 62.254326][ T560] ================================================================== [ 62.262411][ T560] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x2d0 [ 62.271085][ T560] [ 62.273422][ T560] CPU: 1 PID: 560 Comm: syz.6.19 Tainted: G B syzkaller #0 [ 62.281970][ T560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 62.292019][ T560] Call Trace: [ 62.295311][ T560] __dump_stack+0x21/0x24 [ 62.299631][ T560] dump_stack_lvl+0x169/0x1d8 [ 62.304335][ T560] ? show_regs_print_info+0x18/0x18 [ 62.309522][ T560] ? thaw_kernel_threads+0x220/0x220 [ 62.314796][ T560] print_address_description+0x7f/0x2c0 [ 62.320331][ T560] ? kmem_cache_free+0x100/0x2d0 [ 62.325255][ T560] kasan_report_invalid_free+0x3f/0x70 [ 62.330893][ T560] ? kmem_cache_free+0x100/0x2d0 [ 62.335830][ T560] ____kasan_slab_free+0x13d/0x160 [ 62.340930][ T560] __kasan_slab_free+0x11/0x20 [ 62.345693][ T560] slab_free_freelist_hook+0xc5/0x190 [ 62.351050][ T560] ? f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 62.356754][ T560] kmem_cache_free+0x100/0x2d0 [ 62.361506][ T560] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 62.367041][ T560] f2fs_evict_inode+0x430/0x1420 [ 62.371967][ T560] ? f2fs_write_inode+0x7f0/0x7f0 [ 62.376981][ T560] ? bit_waitqueue+0x30/0x30 [ 62.381730][ T560] ? printk+0xcc/0x110 [ 62.385790][ T560] ? f2fs_write_inode+0x7f0/0x7f0 [ 62.390808][ T560] evict+0x478/0x910 [ 62.394691][ T560] ? mode_strip_sgid+0x160/0x160 [ 62.399628][ T560] ? ktime_get_coarse_real_ts64+0xe1/0xf0 [ 62.405339][ T560] ? __kasan_check_read+0x11/0x20 [ 62.410456][ T560] ? f2fs_drop_inode+0x174/0x960 [ 62.415384][ T560] iput+0x638/0x7c0 [ 62.419182][ T560] iget_failed+0x17a/0x1c0 [ 62.423593][ T560] f2fs_iget+0x2571/0x4dc0 [ 62.428000][ T560] f2fs_lookup+0x3ee/0xce0 [ 62.432405][ T560] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 62.438464][ T560] ? d_hash_and_lookup+0x1f0/0x1f0 [ 62.443568][ T560] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 62.449630][ T560] path_openat+0x1127/0x3160 [ 62.454208][ T560] ? do_filp_open+0x3e0/0x3e0 [ 62.458874][ T560] do_filp_open+0x1b3/0x3e0 [ 62.463360][ T560] ? vfs_tmpfile+0x2c0/0x2c0 [ 62.467960][ T560] ? get_unused_fd_flags+0x92/0xa0 [ 62.473055][ T560] do_sys_openat2+0x14c/0x6d0 [ 62.477723][ T560] ? do_sys_open+0xe0/0xe0 [ 62.482139][ T560] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 62.487673][ T560] __x64_sys_openat+0x136/0x160 [ 62.492511][ T560] do_syscall_64+0x31/0x40 [ 62.496914][ T560] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.502794][ T560] RIP: 0033:0x7f99df941be9 [ 62.507210][ T560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.526889][ T560] RSP: 002b:00007f99df791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.535293][ T560] RAX: ffffffffffffffda RBX: 00007f99dfb69090 RCX: 00007f99df941be9 [ 62.543253][ T560] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.551213][ T560] RBP: 00007f99df9c4e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.559179][ T560] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 62.567147][ T560] R13: 00007f99dfb69128 R14: 00007f99dfb69090 R15: 00007ffe29a98538 [ 62.575133][ T560] [ 62.577448][ T560] Allocated by task 517: [ 62.581690][ T560] __kasan_slab_alloc+0xbd/0xf0 [ 62.586529][ T560] slab_post_alloc_hook+0x5d/0x2f0 [ 62.591634][ T560] kmem_cache_alloc+0x165/0x2e0 [ 62.596483][ T560] f2fs_init_extent_tree+0x4bd/0xc40 [ 62.601759][ T560] f2fs_iget+0x1225/0x4dc0 [ 62.606164][ T560] f2fs_lookup+0x3ee/0xce0 [ 62.610571][ T560] __lookup_slow+0x2aa/0x3e0 [ 62.615149][ T560] lookup_slow+0x57/0x70 [ 62.619399][ T560] walk_component+0x325/0x460 [ 62.624064][ T560] path_lookupat+0x180/0x490 [ 62.628644][ T560] filename_lookup+0x1d5/0x600 [ 62.633410][ T560] user_path_at_empty+0x43/0x50 [ 62.638254][ T560] do_sys_truncate+0xa3/0x190 [ 62.642916][ T560] __x64_sys_truncate+0x5b/0x70 [ 62.647757][ T560] do_syscall_64+0x31/0x40 [ 62.652337][ T560] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.658210][ T560] [ 62.660524][ T560] Freed by task 517: [ 62.664412][ T560] kasan_set_track+0x4a/0x70 [ 62.668995][ T560] kasan_set_free_info+0x23/0x40 [ 62.674011][ T560] ____kasan_slab_free+0x125/0x160 [ 62.679141][ T560] __kasan_slab_free+0x11/0x20 [ 62.683888][ T560] slab_free_freelist_hook+0xc5/0x190 [ 62.689336][ T560] kmem_cache_free+0x100/0x2d0 [ 62.694084][ T560] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 62.699649][ T560] f2fs_evict_inode+0x430/0x1420 [ 62.704575][ T560] evict+0x478/0x910 [ 62.708459][ T560] iput+0x638/0x7c0 [ 62.712251][ T560] iget_failed+0x17a/0x1c0 [ 62.716650][ T560] f2fs_iget+0x2571/0x4dc0 [ 62.721139][ T560] f2fs_lookup+0x3ee/0xce0 [ 62.725538][ T560] __lookup_slow+0x2aa/0x3e0 [ 62.730140][ T560] lookup_slow+0x57/0x70 [ 62.734369][ T560] walk_component+0x325/0x460 [ 62.739032][ T560] path_lookupat+0x180/0x490 [ 62.743627][ T560] filename_lookup+0x1d5/0x600 [ 62.748376][ T560] user_path_at_empty+0x43/0x50 [ 62.753211][ T560] do_sys_truncate+0xa3/0x190 [ 62.757879][ T560] __x64_sys_truncate+0x5b/0x70 [ 62.762801][ T560] do_syscall_64+0x31/0x40 [ 62.767213][ T560] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.773087][ T560] [ 62.775404][ T560] The buggy address belongs to the object at ffff888125befbd0 [ 62.775404][ T560] which belongs to the cache f2fs_extent_tree of size 80 [ 62.789792][ T560] The buggy address is located 0 bytes inside of [ 62.789792][ T560] 80-byte region [ffff888125befbd0, ffff888125befc20) [ 62.802784][ T560] The buggy address belongs to the page: [ 62.808407][ T560] page:ffffea000496fbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125bef [ 62.818635][ T560] flags: 0x4000000000000200(slab) [ 62.823659][ T560] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810278e180 [ 62.832324][ T560] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 62.840887][ T560] page dumped because: kasan: bad access detected [ 62.847282][ T560] page_owner tracks the page as allocated [ 62.853079][ T560] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 510, ts 59064324644, free_ts 0 [ 62.871219][ T560] prep_new_page+0x179/0x180 [ 62.875914][ T560] get_page_from_freelist+0x2235/0x23d0 [ 62.881717][ T560] __alloc_pages_nodemask+0x268/0x5f0 [ 62.887084][ T560] new_slab+0x84/0x3f0 [ 62.891148][ T560] ___slab_alloc+0x2a6/0x450 [ 62.895732][ T560] __slab_alloc+0x63/0xa0 [ 62.900050][ T560] kmem_cache_alloc+0x1af/0x2e0 [ 62.904989][ T560] f2fs_init_extent_tree+0x4bd/0xc40 [ 62.910261][ T560] f2fs_iget+0x1225/0x4dc0 [ 62.914693][ T560] f2fs_lookup+0x3ee/0xce0 [ 62.919120][ T560] __lookup_slow+0x2aa/0x3e0 [ 62.923713][ T560] lookup_slow+0x57/0x70 [ 62.927947][ T560] walk_component+0x325/0x460 [ 62.932613][ T560] path_lookupat+0x180/0x490 [ 62.937191][ T560] filename_lookup+0x1d5/0x600 [ 62.941941][ T560] user_path_at_empty+0x43/0x50 [ 62.946771][ T560] page_owner free stack trace missing [ 62.952127][ T560] [ 62.954442][ T560] Memory state around the buggy address: [ 62.960058][ T560] ffff888125befa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.968114][ T560] ffff888125befb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.976171][ T560] >ffff888125befb80: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 62.984350][ T560] ^ [ 62.991027][ T560] ffff888125befc00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 62.999087][ T560] ffff888125befc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.007132][ T560] ================================================================== [ 63.016117][ T561] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 63.019098][ T24] audit: type=1400 audit(1756045341.110:110): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 63.029523][ T561] ================================================================== [ 63.058599][ T561] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x2d0 [ 63.067004][ T561] [ 63.069328][ T561] CPU: 0 PID: 561 Comm: syz.3.20 Tainted: G B syzkaller #0 [ 63.077808][ T561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 63.087853][ T561] Call Trace: [ 63.091133][ T561] __dump_stack+0x21/0x24 [ 63.095453][ T561] dump_stack_lvl+0x169/0x1d8 [ 63.100116][ T561] ? show_regs_print_info+0x18/0x18 [ 63.105298][ T561] ? thaw_kernel_threads+0x220/0x220 [ 63.110568][ T561] print_address_description+0x7f/0x2c0 [ 63.116111][ T561] ? kmem_cache_free+0x100/0x2d0 [ 63.121033][ T561] kasan_report_invalid_free+0x3f/0x70 [ 63.126660][ T561] ? kmem_cache_free+0x100/0x2d0 [ 63.131633][ T561] ____kasan_slab_free+0x13d/0x160 [ 63.136733][ T561] __kasan_slab_free+0x11/0x20 [ 63.141577][ T561] slab_free_freelist_hook+0xc5/0x190 [ 63.146940][ T561] ? f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 63.152649][ T561] kmem_cache_free+0x100/0x2d0 [ 63.157488][ T561] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 63.163021][ T561] f2fs_evict_inode+0x430/0x1420 [ 63.168048][ T561] ? f2fs_write_inode+0x7f0/0x7f0 [ 63.173062][ T561] ? bit_waitqueue+0x30/0x30 [ 63.177944][ T561] ? printk+0xcc/0x110 [ 63.182019][ T561] ? f2fs_write_inode+0x7f0/0x7f0 [ 63.187048][ T561] evict+0x478/0x910 [ 63.190938][ T561] ? mode_strip_sgid+0x160/0x160 [ 63.196312][ T561] ? ktime_get_coarse_real_ts64+0xe1/0xf0 [ 63.202281][ T561] ? __kasan_check_read+0x11/0x20 [ 63.207295][ T561] ? f2fs_drop_inode+0x174/0x960 [ 63.212227][ T561] iput+0x638/0x7c0 [ 63.216026][ T561] iget_failed+0x17a/0x1c0 [ 63.220426][ T561] f2fs_iget+0x2571/0x4dc0 [ 63.224918][ T561] f2fs_lookup+0x3ee/0xce0 [ 63.229319][ T561] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 63.235373][ T561] ? d_hash_and_lookup+0x1f0/0x1f0 [ 63.240473][ T561] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 63.246539][ T561] path_openat+0x1127/0x3160 [ 63.251121][ T561] ? do_filp_open+0x3e0/0x3e0 [ 63.255811][ T561] do_filp_open+0x1b3/0x3e0 [ 63.260299][ T561] ? vfs_tmpfile+0x2c0/0x2c0 [ 63.264877][ T561] ? get_unused_fd_flags+0x92/0xa0 [ 63.269970][ T561] do_sys_openat2+0x14c/0x6d0 [ 63.274638][ T561] ? do_sys_open+0xe0/0xe0 [ 63.279130][ T561] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 63.284660][ T561] __x64_sys_openat+0x136/0x160 [ 63.289496][ T561] do_syscall_64+0x31/0x40 [ 63.293906][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.299782][ T561] RIP: 0033:0x7f41ea729be9 [ 63.304209][ T561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.323890][ T561] RSP: 002b:00007f41ea579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 63.332296][ T561] RAX: ffffffffffffffda RBX: 00007f41ea951090 RCX: 00007f41ea729be9 [ 63.340257][ T561] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 63.348217][ T561] RBP: 00007f41ea7ace19 R08: 0000000000000000 R09: 0000000000000000 [ 63.356178][ T561] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 63.364152][ T561] R13: 00007f41ea951128 R14: 00007f41ea951090 R15: 00007ffedbca1938 [ 63.372113][ T561] [ 63.374434][ T561] Allocated by task 513: [ 63.378666][ T561] __kasan_slab_alloc+0xbd/0xf0 [ 63.383506][ T561] slab_post_alloc_hook+0x5d/0x2f0 [ 63.388603][ T561] kmem_cache_alloc+0x165/0x2e0 [ 63.393442][ T561] f2fs_init_extent_tree+0x4bd/0xc40 [ 63.398717][ T561] f2fs_iget+0x1225/0x4dc0 [ 63.403209][ T561] f2fs_lookup+0x3ee/0xce0 [ 63.407612][ T561] __lookup_slow+0x2aa/0x3e0 [ 63.412191][ T561] lookup_slow+0x57/0x70 [ 63.416433][ T561] walk_component+0x325/0x460 [ 63.421093][ T561] path_lookupat+0x180/0x490 [ 63.425670][ T561] filename_lookup+0x1d5/0x600 [ 63.430419][ T561] user_path_at_empty+0x43/0x50 [ 63.435254][ T561] do_sys_truncate+0xa3/0x190 [ 63.439915][ T561] __x64_sys_truncate+0x5b/0x70 [ 63.444752][ T561] do_syscall_64+0x31/0x40 [ 63.449157][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.455113][ T561] [ 63.457428][ T561] Freed by task 513: [ 63.461307][ T561] kasan_set_track+0x4a/0x70 [ 63.465889][ T561] kasan_set_free_info+0x23/0x40 [ 63.470821][ T561] ____kasan_slab_free+0x125/0x160 [ 63.475915][ T561] __kasan_slab_free+0x11/0x20 [ 63.480662][ T561] slab_free_freelist_hook+0xc5/0x190 [ 63.486016][ T561] kmem_cache_free+0x100/0x2d0 [ 63.490762][ T561] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 63.496296][ T561] f2fs_evict_inode+0x430/0x1420 [ 63.501221][ T561] evict+0x478/0x910 [ 63.505099][ T561] iput+0x638/0x7c0 [ 63.508924][ T561] iget_failed+0x17a/0x1c0 [ 63.513327][ T561] f2fs_iget+0x2571/0x4dc0 [ 63.517843][ T561] f2fs_lookup+0x3ee/0xce0 [ 63.522258][ T561] __lookup_slow+0x2aa/0x3e0 [ 63.526858][ T561] lookup_slow+0x57/0x70 [ 63.531096][ T561] walk_component+0x325/0x460 [ 63.535770][ T561] path_lookupat+0x180/0x490 [ 63.540351][ T561] filename_lookup+0x1d5/0x600 [ 63.545102][ T561] user_path_at_empty+0x43/0x50 [ 63.549949][ T561] do_sys_truncate+0xa3/0x190 [ 63.554614][ T561] __x64_sys_truncate+0x5b/0x70 [ 63.559451][ T561] do_syscall_64+0x31/0x40 [ 63.563853][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.569728][ T561] [ 63.572224][ T561] The buggy address belongs to the object at ffff888125bef3f0 [ 63.572224][ T561] which belongs to the cache f2fs_extent_tree of size 80 [ 63.586681][ T561] The buggy address is located 0 bytes inside of [ 63.586681][ T561] 80-byte region [ffff888125bef3f0, ffff888125bef440) [ 63.599674][ T561] The buggy address belongs to the page: [ 63.605300][ T561] page:ffffea000496fbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125bef [ 63.615522][ T561] flags: 0x4000000000000200(slab) [ 63.620536][ T561] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810278e180 [ 63.629109][ T561] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 63.637847][ T561] page dumped because: kasan: bad access detected [ 63.644245][ T561] page_owner tracks the page as allocated [ 63.649961][ T561] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 510, ts 59064324644, free_ts 0 [ 63.667993][ T561] prep_new_page+0x179/0x180 [ 63.672593][ T561] get_page_from_freelist+0x2235/0x23d0 [ 63.678132][ T561] __alloc_pages_nodemask+0x268/0x5f0 [ 63.683505][ T561] new_slab+0x84/0x3f0 [ 63.687579][ T561] ___slab_alloc+0x2a6/0x450 [ 63.692164][ T561] __slab_alloc+0x63/0xa0 [ 63.696477][ T561] kmem_cache_alloc+0x1af/0x2e0 [ 63.701313][ T561] f2fs_init_extent_tree+0x4bd/0xc40 [ 63.706580][ T561] f2fs_iget+0x1225/0x4dc0 [ 63.710989][ T561] f2fs_lookup+0x3ee/0xce0 [ 63.715388][ T561] __lookup_slow+0x2aa/0x3e0 [ 63.719961][ T561] lookup_slow+0x57/0x70 [ 63.724189][ T561] walk_component+0x325/0x460 [ 63.728851][ T561] path_lookupat+0x180/0x490 [ 63.733425][ T561] filename_lookup+0x1d5/0x600 [ 63.738172][ T561] user_path_at_empty+0x43/0x50 [ 63.743033][ T561] page_owner free stack trace missing [ 63.748388][ T561] [ 63.750734][ T561] Memory state around the buggy address: [ 63.756375][ T561] ffff888125bef280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.764436][ T561] ffff888125bef300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.772583][ T561] >ffff888125bef380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb [ 63.780636][ T561] ^ [ 63.788342][ T561] ffff888125bef400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 63.796397][ T561] ffff888125bef480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.804446][ T561] ================================================================== [ 63.814103][ T563] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 63.819925][ T24] audit: type=1400 audit(1756045341.110:111): avc: denied { search } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 63.845053][ T24] audit: type=1400 audit(1756045341.110:112): avc: denied { write } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 63.855475][ T563] CPU: 0 PID: 563 Comm: syz.0.17 Tainted: G B syzkaller #0 [ 63.866969][ T24] audit: type=1400 audit(1756045341.110:113): avc: denied { add_name } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 63.874839][ T563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 63.874843][ T563] Call Trace: [ 63.874862][ T563] __dump_stack+0x21/0x24 [ 63.874871][ T563] dump_stack_lvl+0x169/0x1d8 [ 63.874890][ T563] ? _raw_spin_trylock_bh+0x130/0x130 [ 63.895391][ T24] audit: type=1400 audit(1756045341.110:114): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.905385][ T563] ? show_regs_print_info+0x18/0x18 [ 63.905396][ T563] ? memcpy+0x56/0x70 [ 63.905412][ T563] dump_stack+0x15/0x1c [ 63.908699][ T24] audit: type=1400 audit(1756045341.110:115): avc: denied { append open } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.912984][ T563] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 63.913000][ T563] f2fs_iget+0x1eb6/0x4dc0 [ 63.917689][ T24] audit: type=1400 audit(1756045341.110:116): avc: denied { getattr } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.923017][ T563] f2fs_lookup+0x3ee/0xce0 [ 63.923034][ T563] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 64.022243][ T563] ? d_hash_and_lookup+0x1f0/0x1f0 [ 64.027442][ T563] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 64.033666][ T563] path_openat+0x1127/0x3160 [ 64.038332][ T563] ? do_filp_open+0x3e0/0x3e0 [ 64.042992][ T563] do_filp_open+0x1b3/0x3e0 [ 64.047481][ T563] ? vfs_tmpfile+0x2c0/0x2c0 [ 64.052071][ T563] ? get_unused_fd_flags+0x92/0xa0 [ 64.057170][ T563] do_sys_openat2+0x14c/0x6d0 [ 64.061852][ T563] ? do_sys_open+0xe0/0xe0 [ 64.066255][ T563] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 64.071789][ T563] __x64_sys_openat+0x136/0x160 [ 64.076628][ T563] do_syscall_64+0x31/0x40 [ 64.081036][ T563] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.086932][ T563] RIP: 0033:0x7f58f7264be9 [ 64.091333][ T563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.110928][ T563] RSP: 002b:00007f58f70b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.119319][ T563] RAX: ffffffffffffffda RBX: 00007f58f748c090 RCX: 00007f58f7264be9 [ 64.127276][ T563] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.135229][ T563] RBP: 00007f58f72e7e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.143267][ T563] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.151223][ T563] R13: 00007f58f748c128 R14: 00007f58f748c090 R15: 00007ffcff14a618 [ 64.166626][ T563] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.637818][ T566] F2FS-fs (loop5): invalid crc value [ 65.665074][ T566] F2FS-fs (loop5): Found nat_bits in checkpoint [ 65.778188][ T566] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 65.809824][ T566] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 65.819206][ T566] CPU: 0 PID: 566 Comm: syz.5.26 Tainted: G B syzkaller #0 [ 65.827723][ T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 65.837790][ T566] Call Trace: [ 65.841100][ T566] __dump_stack+0x21/0x24 [ 65.845441][ T566] dump_stack_lvl+0x169/0x1d8 [ 65.850220][ T566] ? _raw_spin_trylock_bh+0x130/0x130 [ 65.855739][ T566] ? show_regs_print_info+0x18/0x18 [ 65.861029][ T566] ? memcpy+0x56/0x70 [ 65.865032][ T566] dump_stack+0x15/0x1c [ 65.869195][ T566] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 65.874578][ T566] f2fs_iget+0x1eb6/0x4dc0 [ 65.879003][ T566] f2fs_lookup+0x3ee/0xce0 [ 65.883428][ T566] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 65.889509][ T566] ? d_hash_and_lookup+0x1f0/0x1f0 [ 65.894633][ T566] ? lockref_get_not_dead+0xe6/0x1c0 [ 65.899924][ T566] __lookup_slow+0x2aa/0x3e0 [ 65.904525][ T566] ? lookup_one_len+0x2c0/0x2c0 [ 65.909391][ T566] ? lookup_fast+0x2fa/0x700 [ 65.914015][ T566] ? link_path_walk+0x915/0xb80 [ 65.918998][ T566] ? __kasan_check_write+0x14/0x20 [ 65.924209][ T566] lookup_slow+0x57/0x70 [ 65.928468][ T566] walk_component+0x325/0x460 [ 65.933250][ T566] path_lookupat+0x180/0x490 [ 65.937866][ T566] filename_lookup+0x1d5/0x600 [ 65.942645][ T566] ? hashlen_string+0x120/0x120 [ 65.947512][ T566] ? getname_flags+0x206/0x500 [ 65.952301][ T566] user_path_at_empty+0x43/0x50 [ 65.957159][ T566] do_sys_truncate+0xa3/0x190 [ 65.961849][ T566] ? locks_verify_truncate+0x170/0x170 [ 65.967407][ T566] __x64_sys_truncate+0x5b/0x70 [ 65.972266][ T566] do_syscall_64+0x31/0x40 [ 65.976692][ T566] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.982591][ T566] RIP: 0033:0x7f42d4abbbe9 [ 65.987013][ T566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.006716][ T566] RSP: 002b:00007f42d492c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 66.015156][ T566] RAX: ffffffffffffffda RBX: 00007f42d4ce2fa0 RCX: 00007f42d4abbbe9 [ 66.023222][ T566] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 66.031202][ T566] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 66.039182][ T566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 66.047164][ T566] R13: 00007f42d4ce3038 R14: 00007f42d4ce2fa0 R15: 00007ffdd2800b68 [ 66.058369][ T566] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 66.071103][ T581] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 66.078184][ T581] CPU: 0 PID: 581 Comm: syz.5.26 Tainted: G B syzkaller #0 [ 66.086777][ T581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 66.096846][ T581] Call Trace: [ 66.100148][ T581] __dump_stack+0x21/0x24 [ 66.104496][ T581] dump_stack_lvl+0x169/0x1d8 [ 66.109185][ T581] ? _raw_write_trylock+0x140/0x140 [ 66.114385][ T581] ? pagecache_get_page+0x848/0x930 [ 66.119594][ T581] ? show_regs_print_info+0x18/0x18 [ 66.124895][ T581] dump_stack+0x15/0x1c [ 66.129162][ T581] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 66.134554][ T581] f2fs_iget+0x1eb6/0x4dc0 [ 66.139066][ T581] f2fs_lookup+0x3ee/0xce0 [ 66.143501][ T581] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 66.149623][ T581] ? d_hash_and_lookup+0x1f0/0x1f0 [ 66.154833][ T581] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 66.160912][ T581] path_openat+0x1127/0x3160 [ 66.165503][ T581] ? do_filp_open+0x3e0/0x3e0 [ 66.170257][ T581] do_filp_open+0x1b3/0x3e0 [ 66.174749][ T581] ? vfs_tmpfile+0x2c0/0x2c0 [ 66.179328][ T581] ? get_unused_fd_flags+0x92/0xa0 [ 66.184587][ T581] do_sys_openat2+0x14c/0x6d0 [ 66.189258][ T581] ? do_sys_open+0xe0/0xe0 [ 66.193695][ T581] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 66.199225][ T581] __x64_sys_openat+0x136/0x160 [ 66.204065][ T581] do_syscall_64+0x31/0x40 [ 66.208470][ T581] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.214347][ T581] RIP: 0033:0x7f42d4abbbe9 [ 66.218748][ T581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.238336][ T581] RSP: 002b:00007f42d490b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 66.246733][ T581] RAX: ffffffffffffffda RBX: 00007f42d4ce3090 RCX: 00007f42d4abbbe9 [ 66.254687][ T581] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 66.262644][ T581] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 66.270624][ T581] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 66.278575][ T581] R13: 00007f42d4ce3128 R14: 00007f42d4ce3090 R15: 00007ffdd2800b68 [ 66.289586][ T581] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 66.303086][ T581] ================================================================== [ 66.303236][ T568] F2FS-fs (loop4): invalid crc value [ 66.311170][ T581] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x2d0 [ 66.311173][ T581] [ 66.311187][ T581] CPU: 1 PID: 581 Comm: syz.5.26 Tainted: G B syzkaller #0 [ 66.311192][ T581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 66.311196][ T581] Call Trace: [ 66.311216][ T581] __dump_stack+0x21/0x24 [ 66.318519][ T568] F2FS-fs (loop4): Found nat_bits in checkpoint [ 66.325326][ T581] dump_stack_lvl+0x169/0x1d8 [ 66.325338][ T581] ? show_regs_print_info+0x18/0x18 [ 66.325348][ T581] ? thaw_kernel_threads+0x220/0x220 [ 66.325359][ T581] print_address_description+0x7f/0x2c0 [ 66.325372][ T581] ? kmem_cache_free+0x100/0x2d0 [ 66.325381][ T581] kasan_report_invalid_free+0x3f/0x70 [ 66.325398][ T581] ? kmem_cache_free+0x100/0x2d0 [ 66.350908][ T568] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 66.353835][ T581] ____kasan_slab_free+0x13d/0x160 [ 66.353858][ T581] __kasan_slab_free+0x11/0x20 [ 66.413269][ T581] slab_free_freelist_hook+0xc5/0x190 [ 66.418721][ T581] ? f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 66.424435][ T581] kmem_cache_free+0x100/0x2d0 [ 66.429179][ T581] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 66.434704][ T581] f2fs_evict_inode+0x430/0x1420 [ 66.439623][ T581] ? f2fs_write_inode+0x7f0/0x7f0 [ 66.444637][ T581] ? bit_waitqueue+0x30/0x30 [ 66.449203][ T581] ? printk+0xcc/0x110 [ 66.453247][ T581] ? f2fs_write_inode+0x7f0/0x7f0 [ 66.458248][ T581] evict+0x478/0x910 [ 66.462120][ T581] ? mode_strip_sgid+0x160/0x160 [ 66.467122][ T581] ? ktime_get_coarse_real_ts64+0xe1/0xf0 [ 66.472902][ T581] ? __kasan_check_read+0x11/0x20 [ 66.477916][ T581] ? f2fs_drop_inode+0x174/0x960 [ 66.482830][ T581] iput+0x638/0x7c0 [ 66.486636][ T581] iget_failed+0x17a/0x1c0 [ 66.491030][ T581] f2fs_iget+0x2571/0x4dc0 [ 66.495441][ T581] f2fs_lookup+0x3ee/0xce0 [ 66.499833][ T581] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 66.505884][ T581] ? d_hash_and_lookup+0x1f0/0x1f0 [ 66.510976][ T581] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 66.517019][ T581] path_openat+0x1127/0x3160 [ 66.521592][ T581] ? do_filp_open+0x3e0/0x3e0 [ 66.526443][ T581] do_filp_open+0x1b3/0x3e0 [ 66.530924][ T581] ? vfs_tmpfile+0x2c0/0x2c0 [ 66.535495][ T581] ? get_unused_fd_flags+0x92/0xa0 [ 66.540602][ T581] do_sys_openat2+0x14c/0x6d0 [ 66.545261][ T581] ? do_sys_open+0xe0/0xe0 [ 66.549656][ T581] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 66.555185][ T581] __x64_sys_openat+0x136/0x160 [ 66.560011][ T581] do_syscall_64+0x31/0x40 [ 66.564405][ T581] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.570274][ T581] RIP: 0033:0x7f42d4abbbe9 [ 66.574670][ T581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.594344][ T581] RSP: 002b:00007f42d490b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 66.602733][ T581] RAX: ffffffffffffffda RBX: 00007f42d4ce3090 RCX: 00007f42d4abbbe9 [ 66.610700][ T581] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 66.618760][ T581] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 66.626717][ T581] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 66.634675][ T581] R13: 00007f42d4ce3128 R14: 00007f42d4ce3090 R15: 00007ffdd2800b68 [ 66.642631][ T581] [ 66.644942][ T581] Allocated by task 566: [ 66.649176][ T581] __kasan_slab_alloc+0xbd/0xf0 [ 66.654102][ T581] slab_post_alloc_hook+0x5d/0x2f0 [ 66.659192][ T581] kmem_cache_alloc+0x165/0x2e0 [ 66.664021][ T581] f2fs_init_extent_tree+0x4bd/0xc40 [ 66.669289][ T581] f2fs_iget+0x1225/0x4dc0 [ 66.673681][ T581] f2fs_lookup+0x3ee/0xce0 [ 66.678074][ T581] __lookup_slow+0x2aa/0x3e0 [ 66.682660][ T581] lookup_slow+0x57/0x70 [ 66.686881][ T581] walk_component+0x325/0x460 [ 66.691671][ T581] path_lookupat+0x180/0x490 [ 66.696256][ T581] filename_lookup+0x1d5/0x600 [ 66.701175][ T581] user_path_at_empty+0x43/0x50 [ 66.706009][ T581] do_sys_truncate+0xa3/0x190 [ 66.710663][ T581] __x64_sys_truncate+0x5b/0x70 [ 66.715492][ T581] do_syscall_64+0x31/0x40 [ 66.719888][ T581] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.725857][ T581] [ 66.728164][ T581] Freed by task 566: [ 66.732073][ T581] kasan_set_track+0x4a/0x70 [ 66.736641][ T581] kasan_set_free_info+0x23/0x40 [ 66.741563][ T581] ____kasan_slab_free+0x125/0x160 [ 66.746684][ T581] __kasan_slab_free+0x11/0x20 [ 66.751426][ T581] slab_free_freelist_hook+0xc5/0x190 [ 66.756776][ T581] kmem_cache_free+0x100/0x2d0 [ 66.761622][ T581] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 66.767172][ T581] f2fs_evict_inode+0x430/0x1420 [ 66.772099][ T581] evict+0x478/0x910 [ 66.776086][ T581] iput+0x638/0x7c0 [ 66.779875][ T581] iget_failed+0x17a/0x1c0 [ 66.784269][ T581] f2fs_iget+0x2571/0x4dc0 [ 66.788671][ T581] f2fs_lookup+0x3ee/0xce0 [ 66.793062][ T581] __lookup_slow+0x2aa/0x3e0 [ 66.797631][ T581] lookup_slow+0x57/0x70 [ 66.801854][ T581] walk_component+0x325/0x460 [ 66.806511][ T581] path_lookupat+0x180/0x490 [ 66.811082][ T581] filename_lookup+0x1d5/0x600 [ 66.815823][ T581] user_path_at_empty+0x43/0x50 [ 66.820655][ T581] do_sys_truncate+0xa3/0x190 [ 66.825309][ T581] __x64_sys_truncate+0x5b/0x70 [ 66.830191][ T581] do_syscall_64+0x31/0x40 [ 66.834631][ T581] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.840516][ T581] [ 66.842832][ T581] The buggy address belongs to the object at ffff888125bef380 [ 66.842832][ T581] which belongs to the cache f2fs_extent_tree of size 80 [ 66.857358][ T581] The buggy address is located 0 bytes inside of [ 66.857358][ T581] 80-byte region [ffff888125bef380, ffff888125bef3d0) [ 66.870446][ T581] The buggy address belongs to the page: [ 66.876075][ T581] page:ffffea000496fbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125bef [ 66.886305][ T581] flags: 0x4000000000000200(slab) [ 66.891330][ T581] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810278e180 [ 66.899913][ T581] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 66.908480][ T581] page dumped because: kasan: bad access detected [ 66.914886][ T581] page_owner tracks the page as allocated [ 66.920591][ T581] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 510, ts 59064324644, free_ts 0 [ 66.938636][ T581] prep_new_page+0x179/0x180 [ 66.943207][ T581] get_page_from_freelist+0x2235/0x23d0 [ 66.948733][ T581] __alloc_pages_nodemask+0x268/0x5f0 [ 66.954077][ T581] new_slab+0x84/0x3f0 [ 66.958151][ T581] ___slab_alloc+0x2a6/0x450 [ 66.962719][ T581] __slab_alloc+0x63/0xa0 [ 66.967025][ T581] kmem_cache_alloc+0x1af/0x2e0 [ 66.971938][ T581] f2fs_init_extent_tree+0x4bd/0xc40 [ 66.977203][ T581] f2fs_iget+0x1225/0x4dc0 [ 66.981594][ T581] f2fs_lookup+0x3ee/0xce0 [ 66.985991][ T581] __lookup_slow+0x2aa/0x3e0 [ 66.990680][ T581] lookup_slow+0x57/0x70 [ 66.994929][ T581] walk_component+0x325/0x460 [ 66.999603][ T581] path_lookupat+0x180/0x490 [ 67.004179][ T581] filename_lookup+0x1d5/0x600 [ 67.008923][ T581] user_path_at_empty+0x43/0x50 [ 67.013756][ T581] page_owner free stack trace missing [ 67.019116][ T581] [ 67.021551][ T581] Memory state around the buggy address: [ 67.027171][ T581] ffff888125bef280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.035234][ T581] ffff888125bef300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.043459][ T581] >ffff888125bef380: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb [ 67.051662][ T581] ^ [ 67.055721][ T581] ffff888125bef400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.063860][ T581] ffff888125bef480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.071900][ T581] ================================================================== 2025/08/24 14:22:25 executed programs: 21 [ 67.102983][ T572] F2FS-fs (loop6): invalid crc value [ 67.109925][ T572] F2FS-fs (loop6): Found nat_bits in checkpoint [ 67.131347][ T572] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 67.241085][ T568] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 67.245962][ T570] F2FS-fs (loop3): invalid crc value [ 67.247994][ T572] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 67.253117][ T574] F2FS-fs (loop0): invalid crc value [ 67.259853][ T568] CPU: 1 PID: 568 Comm: syz.4.23 Tainted: G B syzkaller #0 [ 67.273543][ T568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 67.283602][ T568] Call Trace: [ 67.286905][ T568] __dump_stack+0x21/0x24 [ 67.291246][ T568] dump_stack_lvl+0x169/0x1d8 [ 67.295935][ T568] ? _raw_spin_trylock_bh+0x130/0x130 [ 67.301327][ T568] ? show_regs_print_info+0x18/0x18 [ 67.306544][ T568] ? memcpy+0x56/0x70 [ 67.310533][ T568] dump_stack+0x15/0x1c [ 67.314707][ T568] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 67.320087][ T568] f2fs_iget+0x1eb6/0x4dc0 [ 67.324514][ T568] f2fs_lookup+0x3ee/0xce0 [ 67.328942][ T568] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 67.335015][ T568] ? d_hash_and_lookup+0x1f0/0x1f0 [ 67.340131][ T568] ? lockref_get_not_dead+0xe6/0x1c0 [ 67.345421][ T568] __lookup_slow+0x2aa/0x3e0 [ 67.350013][ T568] ? lookup_one_len+0x2c0/0x2c0 [ 67.354894][ T568] ? lookup_fast+0x2fa/0x700 [ 67.359510][ T568] ? link_path_walk+0x915/0xb80 [ 67.364366][ T568] ? __kasan_check_write+0x14/0x20 [ 67.369600][ T568] lookup_slow+0x57/0x70 [ 67.373935][ T568] walk_component+0x325/0x460 [ 67.378612][ T568] path_lookupat+0x180/0x490 [ 67.383208][ T568] filename_lookup+0x1d5/0x600 [ 67.387982][ T568] ? hashlen_string+0x120/0x120 [ 67.392866][ T568] ? getname_flags+0x206/0x500 [ 67.397651][ T568] user_path_at_empty+0x43/0x50 [ 67.402524][ T568] do_sys_truncate+0xa3/0x190 [ 67.407208][ T568] ? locks_verify_truncate+0x170/0x170 [ 67.412670][ T568] __x64_sys_truncate+0x5b/0x70 [ 67.417536][ T568] do_syscall_64+0x31/0x40 [ 67.421949][ T568] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 67.427927][ T568] RIP: 0033:0x7fbfb0c08be9 [ 67.432516][ T568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.452305][ T568] RSP: 002b:00007fbfb0a79038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 67.460728][ T568] RAX: ffffffffffffffda RBX: 00007fbfb0e2ffa0 RCX: 00007fbfb0c08be9 [ 67.468709][ T568] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 67.476689][ T568] RBP: 00007fbfb0c8be19 R08: 0000000000000000 R09: 0000000000000000 [ 67.484670][ T568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.492649][ T568] R13: 00007fbfb0e30038 R14: 00007fbfb0e2ffa0 R15: 00007fffb27343b8 [ 67.516652][ T572] CPU: 1 PID: 572 Comm: syz.6.25 Tainted: G B syzkaller #0 [ 67.525184][ T572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 67.535248][ T572] Call Trace: [ 67.538550][ T572] __dump_stack+0x21/0x24 [ 67.542980][ T572] dump_stack_lvl+0x169/0x1d8 [ 67.544328][ T568] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 67.547721][ T572] ? _raw_spin_trylock_bh+0x130/0x130 [ 67.547731][ T572] ? show_regs_print_info+0x18/0x18 [ 67.547748][ T572] ? memcpy+0x56/0x70 [ 67.574629][ T572] dump_stack+0x15/0x1c [ 67.578993][ T572] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 67.584383][ T572] f2fs_iget+0x1eb6/0x4dc0 [ 67.588807][ T572] f2fs_lookup+0x3ee/0xce0 [ 67.593231][ T572] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 67.599305][ T572] ? d_hash_and_lookup+0x1f0/0x1f0 [ 67.604436][ T572] ? lockref_get_not_dead+0xe6/0x1c0 [ 67.609723][ T572] __lookup_slow+0x2aa/0x3e0 [ 67.614317][ T572] ? lookup_one_len+0x2c0/0x2c0 [ 67.619168][ T572] ? lookup_fast+0x2fa/0x700 [ 67.623762][ T572] ? link_path_walk+0x915/0xb80 [ 67.628609][ T572] ? __kasan_check_write+0x14/0x20 [ 67.633720][ T572] lookup_slow+0x57/0x70 [ 67.637965][ T572] walk_component+0x325/0x460 [ 67.642642][ T572] path_lookupat+0x180/0x490 [ 67.647231][ T572] filename_lookup+0x1d5/0x600 [ 67.651990][ T572] ? hashlen_string+0x120/0x120 [ 67.656845][ T572] ? getname_flags+0x206/0x500 [ 67.661608][ T572] user_path_at_empty+0x43/0x50 [ 67.666550][ T572] do_sys_truncate+0xa3/0x190 [ 67.671237][ T572] ? locks_verify_truncate+0x170/0x170 [ 67.676730][ T572] __x64_sys_truncate+0x5b/0x70 [ 67.681586][ T572] do_syscall_64+0x31/0x40 [ 67.686011][ T572] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 67.691946][ T572] RIP: 0033:0x7f99df941be9 [ 67.696358][ T572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.715966][ T572] RSP: 002b:00007f99df7b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 67.724386][ T572] RAX: ffffffffffffffda RBX: 00007f99dfb68fa0 RCX: 00007f99df941be9 [ 67.732362][ T572] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 67.740449][ T572] RBP: 00007f99df9c4e19 R08: 0000000000000000 R09: 0000000000000000 [ 67.748425][ T572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.756667][ T572] R13: 00007f99dfb69038 R14: 00007f99dfb68fa0 R15: 00007ffe29a98538 [ 67.778146][ T572] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 67.788374][ T574] F2FS-fs (loop0): Found nat_bits in checkpoint [ 67.797199][ T597] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 67.814354][ T597] CPU: 1 PID: 597 Comm: syz.6.25 Tainted: G B syzkaller #0 [ 67.822876][ T597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 67.832937][ T597] Call Trace: [ 67.836241][ T597] __dump_stack+0x21/0x24 [ 67.840666][ T597] dump_stack_lvl+0x169/0x1d8 [ 67.845349][ T597] ? _raw_spin_trylock_bh+0x130/0x130 [ 67.850737][ T597] ? show_regs_print_info+0x18/0x18 [ 67.855955][ T597] ? memcpy+0x56/0x70 [ 67.859951][ T597] dump_stack+0x15/0x1c [ 67.864116][ T597] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 67.869509][ T597] f2fs_iget+0x1eb6/0x4dc0 [ 67.873945][ T597] f2fs_lookup+0x3ee/0xce0 [ 67.878371][ T597] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 67.883357][ T570] F2FS-fs (loop3): Found nat_bits in checkpoint [ 67.884459][ T597] ? d_hash_and_lookup+0x1f0/0x1f0 [ 67.884472][ T597] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 67.884483][ T597] path_openat+0x1127/0x3160 [ 67.884496][ T597] ? do_filp_open+0x3e0/0x3e0 [ 67.884509][ T597] do_filp_open+0x1b3/0x3e0 [ 67.884519][ T597] ? vfs_tmpfile+0x2c0/0x2c0 [ 67.884534][ T597] ? get_unused_fd_flags+0x92/0xa0 [ 67.884544][ T597] do_sys_openat2+0x14c/0x6d0 [ 67.884554][ T597] ? do_sys_open+0xe0/0xe0 [ 67.884567][ T597] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 67.884579][ T597] __x64_sys_openat+0x136/0x160 [ 67.884590][ T597] do_syscall_64+0x31/0x40 [ 67.884602][ T597] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 67.884611][ T597] RIP: 0033:0x7f99df941be9 [ 67.884629][ T597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.979649][ T597] RSP: 002b:00007f99df791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 67.988156][ T597] RAX: ffffffffffffffda RBX: 00007f99dfb69090 RCX: 00007f99df941be9 [ 67.996131][ T597] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 68.004106][ T597] RBP: 00007f99df9c4e19 R08: 0000000000000000 R09: 0000000000000000 [ 68.012085][ T597] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 68.020066][ T597] R13: 00007f99dfb69128 R14: 00007f99dfb69090 R15: 00007ffe29a98538 [ 68.046687][ T597] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 68.357849][ T599] F2FS-fs (loop5): invalid crc value [ 68.425073][ T599] F2FS-fs (loop5): Found nat_bits in checkpoint [ 68.544676][ T599] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 68.575084][ T599] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 68.581812][ T599] CPU: 1 PID: 599 Comm: syz.5.28 Tainted: G B syzkaller #0 [ 68.590309][ T599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 68.600370][ T599] Call Trace: [ 68.603668][ T599] __dump_stack+0x21/0x24 [ 68.608001][ T599] dump_stack_lvl+0x169/0x1d8 [ 68.612677][ T599] ? _raw_spin_trylock_bh+0x130/0x130 [ 68.618060][ T599] ? show_regs_print_info+0x18/0x18 [ 68.623261][ T599] ? memcpy+0x56/0x70 [ 68.627255][ T599] dump_stack+0x15/0x1c [ 68.631406][ T599] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 68.636776][ T599] f2fs_iget+0x1eb6/0x4dc0 [ 68.641196][ T599] f2fs_lookup+0x3ee/0xce0 [ 68.645642][ T599] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 68.651709][ T599] ? d_hash_and_lookup+0x1f0/0x1f0 [ 68.656820][ T599] ? lockref_get_not_dead+0xe6/0x1c0 [ 68.662102][ T599] __lookup_slow+0x2aa/0x3e0 [ 68.666689][ T599] ? lookup_one_len+0x2c0/0x2c0 [ 68.671553][ T599] ? lookup_fast+0x2fa/0x700 [ 68.676145][ T599] ? link_path_walk+0x915/0xb80 [ 68.681003][ T599] ? __kasan_check_write+0x14/0x20 [ 68.686121][ T599] lookup_slow+0x57/0x70 [ 68.690375][ T599] walk_component+0x325/0x460 [ 68.695243][ T599] path_lookupat+0x180/0x490 [ 68.699941][ T599] filename_lookup+0x1d5/0x600 [ 68.704715][ T599] ? hashlen_string+0x120/0x120 [ 68.709583][ T599] ? getname_flags+0x206/0x500 [ 68.714356][ T599] user_path_at_empty+0x43/0x50 [ 68.719214][ T599] do_sys_truncate+0xa3/0x190 [ 68.723898][ T599] ? locks_verify_truncate+0x170/0x170 [ 68.729368][ T599] __x64_sys_truncate+0x5b/0x70 [ 68.734232][ T599] do_syscall_64+0x31/0x40 [ 68.738656][ T599] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 68.744560][ T599] RIP: 0033:0x7f42d4abbbe9 [ 68.748985][ T599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.768594][ T599] RSP: 002b:00007f42d492c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 68.777023][ T599] RAX: ffffffffffffffda RBX: 00007f42d4ce2fa0 RCX: 00007f42d4abbbe9 [ 68.784998][ T599] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 68.792958][ T599] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 68.800917][ T599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.808905][ T599] R13: 00007f42d4ce3038 R14: 00007f42d4ce2fa0 R15: 00007ffdd2800b68 [ 68.984326][ T599] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 69.074617][ T615] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 69.091485][ T615] CPU: 0 PID: 615 Comm: syz.5.28 Tainted: G B syzkaller #0 [ 69.100095][ T615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 69.110152][ T615] Call Trace: [ 69.113446][ T615] __dump_stack+0x21/0x24 [ 69.117771][ T615] dump_stack_lvl+0x169/0x1d8 [ 69.122447][ T615] ? _raw_spin_trylock_bh+0x130/0x130 [ 69.127959][ T615] ? show_regs_print_info+0x18/0x18 [ 69.133166][ T615] ? memcpy+0x56/0x70 [ 69.137168][ T615] dump_stack+0x15/0x1c [ 69.141329][ T615] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 69.146708][ T615] f2fs_iget+0x1eb6/0x4dc0 [ 69.151129][ T615] f2fs_lookup+0x3ee/0xce0 [ 69.155547][ T615] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 69.161716][ T615] ? d_hash_and_lookup+0x1f0/0x1f0 [ 69.166858][ T615] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 69.172936][ T615] path_openat+0x1127/0x3160 [ 69.177536][ T615] ? do_filp_open+0x3e0/0x3e0 [ 69.182215][ T615] do_filp_open+0x1b3/0x3e0 [ 69.186800][ T615] ? vfs_tmpfile+0x2c0/0x2c0 [ 69.191392][ T615] ? get_unused_fd_flags+0x92/0xa0 [ 69.196499][ T615] do_sys_openat2+0x14c/0x6d0 [ 69.201179][ T615] ? do_sys_open+0xe0/0xe0 [ 69.205608][ T615] ? __kasan_check_write+0x14/0x20 [ 69.210718][ T615] ? switch_fpu_return+0x197/0x340 [ 69.215836][ T615] ? fpu__clear_all+0x20/0x20 [ 69.220511][ T615] ? do_kern_addr_fault+0x80/0x80 [ 69.225533][ T615] __x64_sys_openat+0x136/0x160 [ 69.230385][ T615] do_syscall_64+0x31/0x40 [ 69.234802][ T615] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 69.240692][ T615] RIP: 0033:0x7f42d4abbbe9 [ 69.245106][ T615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.264713][ T615] RSP: 002b:00007f42d490b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 69.273126][ T615] RAX: ffffffffffffffda RBX: 00007f42d4ce3090 RCX: 00007f42d4abbbe9 [ 69.281094][ T615] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 69.289223][ T615] RBP: 00007f42d4b3ee19 R08: 0000000000000000 R09: 0000000000000000 [ 69.297201][ T615] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 69.305177][ T615] R13: 00007f42d4ce3128 R14: 00007f42d4ce3090 R15: 00007ffdd2800b68 [ 69.314504][ T615] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 69.485610][ T606] F2FS-fs (loop4): invalid crc value [ 69.555086][ T606] F2FS-fs (loop4): Found nat_bits in checkpoint [ 69.639408][ T613] F2FS-fs (loop0): invalid crc value [ 69.672570][ T606] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 69.688491][ T606] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 69.704335][ T606] CPU: 1 PID: 606 Comm: syz.4.29 Tainted: G B syzkaller #0 [ 69.712856][ T606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 69.723181][ T606] Call Trace: [ 69.726504][ T606] __dump_stack+0x21/0x24 [ 69.730851][ T606] dump_stack_lvl+0x169/0x1d8 [ 69.735552][ T606] ? _raw_spin_trylock_bh+0x130/0x130 [ 69.740944][ T606] ? show_regs_print_info+0x18/0x18 [ 69.746150][ T606] ? memcpy+0x56/0x70 [ 69.750137][ T606] dump_stack+0x15/0x1c [ 69.754289][ T606] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 69.759758][ T606] f2fs_iget+0x1eb6/0x4dc0 [ 69.764189][ T606] f2fs_lookup+0x3ee/0xce0 [ 69.768771][ T606] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 69.774867][ T606] ? d_hash_and_lookup+0x1f0/0x1f0 [ 69.780186][ T606] ? lockref_get_not_dead+0xe6/0x1c0 [ 69.785493][ T606] __lookup_slow+0x2aa/0x3e0 [ 69.790223][ T606] ? lookup_one_len+0x2c0/0x2c0 [ 69.795077][ T606] ? lookup_fast+0x2fa/0x700 [ 69.799681][ T606] ? link_path_walk+0x915/0xb80 [ 69.804538][ T606] ? __kasan_check_write+0x14/0x20 [ 69.809661][ T606] lookup_slow+0x57/0x70 [ 69.814000][ T606] walk_component+0x325/0x460 [ 69.818686][ T606] path_lookupat+0x180/0x490 [ 69.823282][ T606] filename_lookup+0x1d5/0x600 [ 69.828051][ T606] ? hashlen_string+0x120/0x120 [ 69.833093][ T606] ? getname_flags+0x206/0x500 [ 69.837871][ T606] user_path_at_empty+0x43/0x50 [ 69.842732][ T606] do_sys_truncate+0xa3/0x190 [ 69.847460][ T606] ? locks_verify_truncate+0x170/0x170 [ 69.852985][ T606] __x64_sys_truncate+0x5b/0x70 [ 69.858015][ T606] do_syscall_64+0x31/0x40 [ 69.862439][ T606] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 69.868334][ T606] RIP: 0033:0x7fbfb0c08be9 [ 69.871930][ T619] F2FS-fs (loop6): invalid crc value [ 69.872756][ T606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.872764][ T606] RSP: 002b:00007fbfb0a79038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 69.906063][ T606] RAX: ffffffffffffffda RBX: 00007fbfb0e2ffa0 RCX: 00007fbfb0c08be9 [ 69.914030][ T606] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 69.921992][ T606] RBP: 00007fbfb0c8be19 R08: 0000000000000000 R09: 0000000000000000 [ 69.929962][ T606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.937926][ T606] R13: 00007fbfb0e30038 R14: 00007fbfb0e2ffa0 R15: 00007fffb27343b8 [ 69.954621][ T613] F2FS-fs (loop0): Found nat_bits in checkpoint [ 69.973940][ T619] F2FS-fs (loop6): Found nat_bits in checkpoint [ 70.004351][ T617] F2FS-fs (loop3): invalid crc value [ 70.021610][ T606] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 70.041775][ T627] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 70.048963][ T627] CPU: 0 PID: 627 Comm: syz.4.29 Tainted: G B syzkaller #0 [ 70.055080][ T617] F2FS-fs (loop3): Found nat_bits in checkpoint [ 70.057471][ T627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 70.064633][ T613] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 70.073739][ T627] Call Trace: [ 70.084572][ T627] __dump_stack+0x21/0x24 [ 70.088906][ T627] dump_stack_lvl+0x169/0x1d8 [ 70.093584][ T627] ? _raw_write_trylock+0x140/0x140 [ 70.098779][ T627] ? pagecache_get_page+0x848/0x930 [ 70.104059][ T627] ? show_regs_print_info+0x18/0x18 [ 70.109257][ T627] dump_stack+0x15/0x1c [ 70.113412][ T627] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 70.118782][ T627] f2fs_iget+0x1eb6/0x4dc0 [ 70.123211][ T627] f2fs_lookup+0x3ee/0xce0 [ 70.127636][ T627] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 70.133711][ T627] ? d_hash_and_lookup+0x1f0/0x1f0 [ 70.138910][ T627] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 70.144977][ T627] path_openat+0x1127/0x3160 [ 70.149626][ T627] ? do_filp_open+0x3e0/0x3e0 [ 70.154307][ T627] do_filp_open+0x1b3/0x3e0 [ 70.158814][ T627] ? vfs_tmpfile+0x2c0/0x2c0 [ 70.162167][ T613] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 70.163418][ T627] ? get_unused_fd_flags+0x92/0xa0 [ 70.175210][ T627] do_sys_openat2+0x14c/0x6d0 [ 70.179884][ T627] ? do_sys_open+0xe0/0xe0 [ 70.184393][ T627] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 70.189938][ T627] __x64_sys_openat+0x136/0x160 [ 70.194782][ T627] do_syscall_64+0x31/0x40 [ 70.199193][ T627] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 70.205074][ T627] RIP: 0033:0x7fbfb0c08be9 [ 70.209485][ T627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.229263][ T627] RSP: 002b:00007fbfb0a58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 70.237676][ T627] RAX: ffffffffffffffda RBX: 00007fbfb0e30090 RCX: 00007fbfb0c08be9 [ 70.245644][ T627] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 70.253617][ T627] RBP: 00007fbfb0c8be19 R08: 0000000000000000 R09: 0000000000000000 [ 70.261594][ T627] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 70.269572][ T627] R13: 00007fbfb0e30128 R14: 00007fbfb0e30090 R15: 00007fffb27343b8 [ 70.277759][ T627] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 70.277888][ T619] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 70.290182][ T627] ================================================================== [ 70.297959][ T617] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 70.305792][ T627] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x2d0 [ 70.305802][ T627] [ 70.313279][ T613] CPU: 1 PID: 613 Comm: syz.0.32 Tainted: G B syzkaller #0 [ 70.332419][ T613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 70.342458][ T613] Call Trace: [ 70.345739][ T613] __dump_stack+0x21/0x24 [ 70.350165][ T613] dump_stack_lvl+0x169/0x1d8 [ 70.354836][ T613] ? _raw_spin_trylock_bh+0x130/0x130 [ 70.360193][ T613] ? show_regs_print_info+0x18/0x18 [ 70.365378][ T613] ? memcpy+0x56/0x70 [ 70.369345][ T613] dump_stack+0x15/0x1c [ 70.373487][ T613] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 70.378852][ T613] f2fs_iget+0x1eb6/0x4dc0 [ 70.383264][ T613] f2fs_lookup+0x3ee/0xce0 [ 70.387672][ T613] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 70.393730][ T613] ? d_hash_and_lookup+0x1f0/0x1f0 [ 70.398834][ T613] ? lockref_get_not_dead+0xe6/0x1c0 [ 70.404109][ T613] __lookup_slow+0x2aa/0x3e0 [ 70.408683][ T613] ? lookup_one_len+0x2c0/0x2c0 [ 70.413540][ T613] ? lookup_fast+0x2fa/0x700 [ 70.418119][ T613] ? link_path_walk+0x915/0xb80 [ 70.422957][ T613] ? __kasan_check_write+0x14/0x20 [ 70.428062][ T613] lookup_slow+0x57/0x70 [ 70.432294][ T613] walk_component+0x325/0x460 [ 70.436956][ T613] path_lookupat+0x180/0x490 [ 70.441533][ T613] filename_lookup+0x1d5/0x600 [ 70.446286][ T613] ? hashlen_string+0x120/0x120 [ 70.451123][ T613] ? getname_flags+0x206/0x500 [ 70.455872][ T613] user_path_at_empty+0x43/0x50 [ 70.460719][ T613] do_sys_truncate+0xa3/0x190 [ 70.465381][ T613] ? locks_verify_truncate+0x170/0x170 [ 70.470826][ T613] __x64_sys_truncate+0x5b/0x70 [ 70.475661][ T613] do_syscall_64+0x31/0x40 [ 70.480065][ T613] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 70.485943][ T613] RIP: 0033:0x7f58f7264be9 [ 70.490347][ T613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.510027][ T613] RSP: 002b:00007f58f70d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 70.518438][ T613] RAX: ffffffffffffffda RBX: 00007f58f748bfa0 RCX: 00007f58f7264be9 [ 70.526397][ T613] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 70.534360][ T613] RBP: 00007f58f72e7e19 R08: 0000000000000000 R09: 0000000000000000 [ 70.542318][ T613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.550277][ T613] R13: 00007f58f748c038 R14: 00007f58f748bfa0 R15: 00007ffcff14a618 [ 70.558252][ T627] CPU: 0 PID: 627 Comm: syz.4.29 Tainted: G B syzkaller #0 [ 70.566751][ T627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 70.576808][ T627] Call Trace: [ 70.580101][ T627] __dump_stack+0x21/0x24 [ 70.584686][ T627] dump_stack_lvl+0x169/0x1d8 [ 70.585005][ T617] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 70.589374][ T627] ? show_regs_print_info+0x18/0x18 [ 70.601305][ T627] ? thaw_kernel_threads+0x220/0x220 [ 70.606767][ T627] print_address_description+0x7f/0x2c0 [ 70.612320][ T627] ? kmem_cache_free+0x100/0x2d0 [ 70.617269][ T627] kasan_report_invalid_free+0x3f/0x70 [ 70.622729][ T627] ? kmem_cache_free+0x100/0x2d0 [ 70.627668][ T627] ____kasan_slab_free+0x13d/0x160 [ 70.632786][ T627] __kasan_slab_free+0x11/0x20 [ 70.637550][ T627] slab_free_freelist_hook+0xc5/0x190 [ 70.642918][ T627] ? f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 70.648636][ T627] kmem_cache_free+0x100/0x2d0 [ 70.653398][ T627] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 70.658943][ T627] f2fs_evict_inode+0x430/0x1420 [ 70.663879][ T627] ? f2fs_write_inode+0x7f0/0x7f0 [ 70.668905][ T627] ? bit_waitqueue+0x30/0x30 [ 70.673486][ T627] ? printk+0xcc/0x110 [ 70.675513][ T619] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 70.677550][ T627] ? f2fs_write_inode+0x7f0/0x7f0 [ 70.689252][ T627] evict+0x478/0x910 [ 70.693148][ T627] ? mode_strip_sgid+0x160/0x160 [ 70.698080][ T627] ? ktime_get_coarse_real_ts64+0xe1/0xf0 [ 70.703787][ T627] ? __kasan_check_read+0x11/0x20 [ 70.708890][ T627] ? f2fs_drop_inode+0x174/0x960 [ 70.713822][ T627] iput+0x638/0x7c0 [ 70.717634][ T627] iget_failed+0x17a/0x1c0 [ 70.722044][ T627] f2fs_iget+0x2571/0x4dc0 [ 70.726469][ T627] f2fs_lookup+0x3ee/0xce0 [ 70.730903][ T627] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 70.736987][ T627] ? d_hash_and_lookup+0x1f0/0x1f0 [ 70.742203][ T627] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 70.748266][ T627] path_openat+0x1127/0x3160 [ 70.752854][ T627] ? do_filp_open+0x3e0/0x3e0 [ 70.757546][ T627] do_filp_open+0x1b3/0x3e0 [ 70.762071][ T627] ? vfs_tmpfile+0x2c0/0x2c0 [ 70.766657][ T627] ? get_unused_fd_flags+0x92/0xa0 [ 70.771762][ T627] do_sys_openat2+0x14c/0x6d0 [ 70.776428][ T627] ? do_sys_open+0xe0/0xe0 [ 70.780857][ T627] ? __x64_sys_rt_sigprocmask+0xb0/0xb0 [ 70.786404][ T627] __x64_sys_openat+0x136/0x160 [ 70.791456][ T627] do_syscall_64+0x31/0x40 [ 70.795882][ T627] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 70.801774][ T627] RIP: 0033:0x7fbfb0c08be9 [ 70.806202][ T627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.825895][ T627] RSP: 002b:00007fbfb0a58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 70.834321][ T627] RAX: ffffffffffffffda RBX: 00007fbfb0e30090 RCX: 00007fbfb0c08be9 [ 70.842294][ T627] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 70.850262][ T627] RBP: 00007fbfb0c8be19 R08: 0000000000000000 R09: 0000000000000000 [ 70.858243][ T627] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 70.866238][ T627] R13: 00007fbfb0e30128 R14: 00007fbfb0e30090 R15: 00007fffb27343b8 [ 70.874202][ T627] [ 70.874213][ T617] CPU: 1 PID: 617 Comm: syz.3.31 Tainted: G B syzkaller #0 [ 70.874225][ T617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 70.876533][ T627] Allocated by task 606: [ 70.885019][ T617] Call Trace: [ 70.895156][ T627] __kasan_slab_alloc+0xbd/0xf0 [ 70.899375][ T617] __dump_stack+0x21/0x24 [ 70.902643][ T627] slab_post_alloc_hook+0x5d/0x2f0 [ 70.907470][ T617] dump_stack_lvl+0x169/0x1d8 [ 70.911803][ T627] kmem_cache_alloc+0x165/0x2e0 [ 70.911821][ T627] f2fs_init_extent_tree+0x4bd/0xc40 [ 70.916913][ T617] ? _raw_spin_trylock_bh+0x130/0x130 [ 70.921573][ T627] f2fs_iget+0x1225/0x4dc0 [ 70.926416][ T617] ? show_regs_print_info+0x18/0x18 [ 70.931773][ T627] f2fs_lookup+0x3ee/0xce0 [ 70.937141][ T617] ? memcpy+0x56/0x70 [ 70.941545][ T627] __lookup_slow+0x2aa/0x3e0 [ 70.941559][ T627] lookup_slow+0x57/0x70 [ 70.946831][ T617] dump_stack+0x15/0x1c [ 70.951226][ T627] walk_component+0x325/0x460 [ 70.955187][ T617] f2fs_is_valid_blkaddr+0xc8c/0x1360 [ 70.959759][ T627] path_lookupat+0x180/0x490 [ 70.963981][ T617] f2fs_iget+0x1eb6/0x4dc0 [ 70.968115][ T627] filename_lookup+0x1d5/0x600 [ 70.972770][ T617] f2fs_lookup+0x3ee/0xce0 [ 70.978122][ T627] user_path_at_empty+0x43/0x50 [ 70.982696][ T617] ? f2fs_encrypted_symlink_getattr+0x40/0x40 [ 70.987093][ T627] do_sys_truncate+0xa3/0x190 [ 70.991835][ T617] ? d_hash_and_lookup+0x1f0/0x1f0 [ 70.996234][ T627] __x64_sys_truncate+0x5b/0x70 [ 71.001066][ T617] ? lockref_get_not_dead+0xe6/0x1c0 [ 71.007114][ T627] do_syscall_64+0x31/0x40 [ 71.011769][ T617] __lookup_slow+0x2aa/0x3e0 [ 71.016878][ T627] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 71.021707][ T617] ? lookup_one_len+0x2c0/0x2c0 [ 71.026963][ T627] [ 71.031449][ T617] ? lookup_fast+0x2fa/0x700 [ 71.036012][ T627] Freed by task 606: [ 71.041891][ T617] ? link_path_walk+0x915/0xb80 [ 71.046855][ T627] kasan_set_track+0x4a/0x70 [ 71.049179][ T617] ? __kasan_check_write+0x14/0x20 [ 71.053754][ T627] kasan_set_free_info+0x23/0x40 [ 71.057645][ T617] lookup_slow+0x57/0x70 [ 71.062481][ T627] ____kasan_slab_free+0x125/0x160 [ 71.067210][ T617] walk_component+0x325/0x460 [ 71.072341][ T627] __kasan_slab_free+0x11/0x20 [ 71.077261][ T617] path_lookupat+0x180/0x490 [ 71.081493][ T627] slab_free_freelist_hook+0xc5/0x190 [ 71.086586][ T617] filename_lookup+0x1d5/0x600 [ 71.091244][ T627] kmem_cache_free+0x100/0x2d0 [ 71.095986][ T617] ? hashlen_string+0x120/0x120 [ 71.100579][ T627] f2fs_destroy_extent_tree+0x2c0/0x4b0 [ 71.105975][ T617] ? getname_flags+0x206/0x500 [ 71.110721][ T627] f2fs_evict_inode+0x430/0x1420 [ 71.115460][ T617] user_path_at_empty+0x43/0x50 [ 71.115478][ T617] do_sys_truncate+0xa3/0x190 [ 71.120325][ T627] evict+0x478/0x910 [ 71.125853][ T617] ? locks_verify_truncate+0x170/0x170 [ 71.130595][ T627] iput+0x638/0x7c0 [ 71.135515][ T617] __x64_sys_truncate+0x5b/0x70 [ 71.140342][ T627] iget_failed+0x17a/0x1c0 [ 71.145000][ T617] do_syscall_64+0x31/0x40 [ 71.148877][ T627] f2fs_iget+0x2571/0x4dc0 [ 71.154315][ T617] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 71.158102][ T627] f2fs_lookup+0x3ee/0xce0 [ 71.163016][ T617] RIP: 0033:0x7f41ea729be9 [ 71.167416][ T627] __lookup_slow+0x2aa/0x3e0 [ 71.171810][ T617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.176202][ T627] lookup_slow+0x57/0x70 [ 71.182076][ T617] RSP: 002b:00007f41ea59a038 EFLAGS: 00000246 [ 71.186474][ T627] walk_component+0x325/0x460 [ 71.190883][ T617] ORIG_RAX: 000000000000004c [ 71.195476][ T627] path_lookupat+0x180/0x490 [ 71.215160][ T617] RAX: ffffffffffffffda RBX: 00007f41ea950fa0 RCX: 00007f41ea729be9 [ 71.219385][ T627] filename_lookup+0x1d5/0x600 [ 71.225429][ T617] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 71.230084][ T627] user_path_at_empty+0x43/0x50 [ 71.234735][ T617] RBP: 00007f41ea7ace19 R08: 0000000000000000 R09: 0000000000000000 [ 71.239309][ T627] do_sys_truncate+0xa3/0x190 [ 71.247267][ T617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.252100][ T627] __x64_sys_truncate+0x5b/0x70 [ 71.260078][ T617] R13: 00007f41ea951038 R14: 00007f41ea950fa0 R15: 00007ffedbca1938 [ 71.264923][ T627] do_syscall_64+0x31/0x40 [ 71.278067][ T619] CPU: 1 PID: 619 Comm: syz.6.30 Tainted: G B syzkaller #0 [ 71.285529][ T627] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 71.290443][ T619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 71.298402][ T627] [ 71.298419][ T627] The buggy address belongs to the object at ffff888110741e70 [ 71.298419][ T627] which belongs to the cache f2fs_extent_tree of size 80 [ 71.302812][ T619] Call Trace: [ 71.311293][ T627] The buggy address is located 0 bytes inside of [ 71.311293][ T627] 80-byte region [ffff888110741e70, ffff888110741ec0) [ 71.317171][ T619] __dump_stack+0x21/0x24 [ 71.327225][ T627] The buggy address belongs to the page: [ 71.329552][ T619] dump_stack_lvl+0x169/0x1d8