[ 472.401066][ T8681] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 472.417539][ T8681] syz.0.400: attempt to access beyond end of device [ 472.417539][ T8681] loop0: rw=2049, sector=45096, nr_sectors = 64 limit=40427 [ 472.437326][ T6431] syz-executor: attempt to access beyond end of device [ 472.437326][ T6431] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427 [ 472.451424][ T6431] CPU: 0 UID: 0 PID: 6431 Comm: syz-executor Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 472.451450][ T6431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 472.451461][ T6431] Call Trace: [ 472.451469][ T6431] [ 472.451478][ T6431] dump_stack_lvl+0x189/0x250 [ 472.451512][ T6431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.451532][ T6431] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 472.451554][ T6431] ? __pfx_queue_work_on+0x10/0x10 [ 472.451580][ T6431] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 472.451600][ T6431] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 472.451622][ T6431] ? f2fs_hw_is_readonly+0x39b/0x470 [ 472.451652][ T6431] f2fs_handle_critical_error+0x37c/0x540 [ 472.451684][ T6431] f2fs_write_end_io+0x495/0x810 [ 472.451700][ T6431] ? blkg_put+0x22/0x240 [ 472.451738][ T6431] __submit_merged_bio+0x27a/0x6a0 [ 472.451770][ T6431] __submit_merged_write_cond+0x255/0x530 [ 472.451807][ T6431] f2fs_write_data_pages+0x261d/0x3000 [ 472.451869][ T6431] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 472.451910][ T6431] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.451976][ T6431] ? do_raw_spin_lock+0x121/0x290 [ 472.452028][ T6431] ? __lock_acquire+0xab9/0xd20 [ 472.452071][ T6431] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 472.452097][ T6431] do_writepages+0x32b/0x550 [ 472.452143][ T6431] ? do_raw_spin_unlock+0x122/0x240 [ 472.452165][ T6431] filemap_fdatawrite+0x191/0x230 [ 472.452189][ T6431] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 472.452251][ T6431] ? do_raw_spin_unlock+0x122/0x240 [ 472.452266][ T6431] f2fs_sync_dirty_inodes+0x31f/0x830 [ 472.452286][ T6431] f2fs_write_checkpoint+0x94a/0x1de0 [ 472.452319][ T6431] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 472.452355][ T6431] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 472.452365][ T6431] ? kfree+0x18e/0x440 [ 472.452378][ T6431] ? kill_f2fs_super+0x298/0x6c0 [ 472.452393][ T6431] kill_f2fs_super+0x2c3/0x6c0 [ 472.452407][ T6431] ? __pfx_kill_f2fs_super+0x10/0x10 [ 472.452416][ T6431] ? radix_tree_delete_item+0x2b6/0x400 [ 472.452434][ T6431] ? shrinker_free+0x2ce/0x3e0 [ 472.452452][ T6431] deactivate_locked_super+0xbc/0x130 [ 472.452464][ T6431] cleanup_mnt+0x425/0x4c0 [ 472.452475][ T6431] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.452489][ T6431] task_work_run+0x1d1/0x260 [ 472.452503][ T6431] ? __pfx_task_work_run+0x10/0x10 [ 472.452513][ T6431] ? __x64_sys_umount+0x122/0x160 [ 472.452529][ T6431] ? exit_to_user_mode_loop+0x40/0x110 [ 472.452546][ T6431] exit_to_user_mode_loop+0xec/0x110 [ 472.452560][ T6431] do_syscall_64+0x2bd/0x3b0 [ 472.452572][ T6431] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.452585][ T6431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.452595][ T6431] ? clear_bhb_loop+0x60/0xb0 [ 472.452608][ T6431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.452617][ T6431] RIP: 0033:0x7fe18938fc97 [ 472.452629][ T6431] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 472.452638][ T6431] RSP: 002b:00007ffd10da7d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 472.452650][ T6431] RAX: 0000000000000000 RBX: 00007fe18941089d RCX: 00007fe18938fc97 [ 472.452657][ T6431] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10da7e40 [ 472.452664][ T6431] RBP: 00007ffd10da7e40 R08: 0000000000000000 R09: 0000000000000000 [ 472.452670][ T6431] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10da8ed0 [ 472.452677][ T6431] R13: 00007fe18941089d R14: 000000000007354f R15: 00007ffd10da8f10 [ 472.452695][ T6431] [ 472.798692][ T6431] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 473.561596][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.633177][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.703197][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.783448][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.882086][ T36] bridge_slave_1: left allmulticast mode [ 473.887801][ T36] bridge_slave_1: left promiscuous mode [ 473.898557][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.914489][ T36] bridge_slave_0: left allmulticast mode [ 473.920154][ T36] bridge_slave_0: left promiscuous mode [ 473.926149][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.151590][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 474.163173][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 474.173052][ T36] bond0 (unregistering): Released all slaves [ 474.456736][ T36] hsr_slave_0: left promiscuous mode [ 474.462974][ T36] hsr_slave_1: left promiscuous mode [ 474.469054][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.477794][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 474.486094][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 474.500337][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 474.520327][ T36] veth1_macvtap: left promiscuous mode [ 474.526117][ T36] veth0_macvtap: left promiscuous mode [ 474.531854][ T36] veth1_vlan: left promiscuous mode [ 474.537768][ T36] veth0_vlan: left promiscuous mode [ 474.861248][ T36] team0 (unregistering): Port device team_slave_1 removed [ 474.893638][ T36] team0 (unregistering): Port device team_slave_0 removed Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts. executing program [ 478.077869][ T8813] loop0: detected capacity change from 0 to 40427 [ 478.089338][ T8813] F2FS-fs (loop0): build fault injection rate: 771 [ 478.098787][ T8813] F2FS-fs (loop0): invalid crc value