Warning: Permanently added '10.128.1.220' (ED25519) to the list of known hosts.
2026/01/20 05:05:58 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 47.334102][ T30] audit: type=1400 audit(1768885559.077:105): avc: denied { unlink } for pid=400 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 47.399863][ T400] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 47.938772][ T30] audit: type=1401 audit(1768885559.677:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 48.365600][ T428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.388731][ T428] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.446281][ T428] device bridge_slave_0 entered promiscuous mode
[ 48.476057][ T428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.483944][ T428] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.491532][ T428] device bridge_slave_1 entered promiscuous mode
[ 48.669561][ T428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.680755][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.689701][ T428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.697252][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.728488][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.737066][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.745048][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 48.753483][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.770998][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.780110][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.788519][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.798344][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.807990][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.815882][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.834540][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.845746][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.869154][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.885647][ T428] device veth0_vlan entered promiscuous mode
[ 48.892271][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.901773][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.910916][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.927360][ T428] device veth1_macvtap entered promiscuous mode
[ 48.934789][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.947861][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 48.969487][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/01/20 05:06:00 executed programs: 0
[ 49.272208][ T474] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.279846][ T474] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.287799][ T474] device bridge_slave_0 entered promiscuous mode
[ 49.295818][ T474] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.303238][ T474] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.310923][ T474] device bridge_slave_1 entered promiscuous mode
[ 49.352299][ T480] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.359974][ T480] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.367712][ T480] device bridge_slave_0 entered promiscuous mode
[ 49.382231][ T480] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.390171][ T480] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.397688][ T480] device bridge_slave_1 entered promiscuous mode
[ 49.464023][ T481] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.471186][ T481] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.479248][ T481] device bridge_slave_0 entered promiscuous mode
[ 49.489489][ T476] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.496802][ T476] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.505001][ T476] device bridge_slave_0 entered promiscuous mode
[ 49.512000][ T476] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.519246][ T476] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.526730][ T476] device bridge_slave_1 entered promiscuous mode
[ 49.533649][ T479] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.541235][ T479] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.549143][ T479] device bridge_slave_0 entered promiscuous mode
[ 49.556218][ T481] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.563377][ T481] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.571145][ T481] device bridge_slave_1 entered promiscuous mode
[ 49.589990][ T479] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.597129][ T479] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.604831][ T479] device bridge_slave_1 entered promiscuous mode
[ 49.825249][ T480] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.832421][ T480] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.839898][ T480] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.847341][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.880260][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.887647][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.897442][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 49.906232][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.944423][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.953162][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.960498][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.968291][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.977316][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.985008][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.992607][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.001308][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.035869][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 50.045174][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.067032][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.076263][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 50.085629][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.094421][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.101928][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.109984][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 50.119234][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.127926][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.135020][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.142555][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.150750][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.158910][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 50.187167][ T480] device veth0_vlan entered promiscuous mode
[ 50.196377][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.205096][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 50.213587][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 50.232589][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.241827][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.255822][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.265936][ T480] device veth1_macvtap entered promiscuous mode
[ 50.287773][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.297809][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.307269][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.314630][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.324508][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.333126][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.340485][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.348416][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.356954][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.366644][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 50.375031][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 50.383402][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 50.415364][ T474] device veth0_vlan entered promiscuous mode
[ 50.427809][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.437480][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.447919][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 50.455942][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.463996][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 50.473076][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.481259][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.488338][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.496173][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 50.504854][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.513193][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.520518][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.528918][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 50.538726][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.546754][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 50.556536][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.565305][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.572614][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.580512][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 50.589342][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.598166][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.605357][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.613208][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.621927][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.630733][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 50.638499][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 50.671418][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.680491][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.692114][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 50.700801][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.709191][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 50.718964][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.734567][ T479] device veth0_vlan entered promiscuous mode
[ 50.743221][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 50.751316][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.778807][ T474] device veth1_macvtap entered promiscuous mode
[ 50.785818][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 50.794544][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 50.802202][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 50.811947][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.821035][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 50.829873][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 50.838704][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.847722][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 50.856464][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.865208][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.874082][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.882553][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.891764][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.914417][ T479] device veth1_macvtap entered promiscuous mode
[ 50.923001][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 50.931147][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.941432][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 50.950544][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.959137][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 50.967312][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.976139][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.985158][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.993818][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.004509][ T476] device veth0_vlan entered promiscuous mode
[ 51.014870][ T481] device veth0_vlan entered promiscuous mode
[ 51.027094][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.035318][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.043641][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 51.052091][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.075038][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.105015][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.113281][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 51.132527][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.142162][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 51.161690][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.227582][ T476] device veth1_macvtap entered promiscuous mode
[ 51.243380][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 51.261826][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.271894][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 51.304245][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 51.323328][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.359026][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 51.373124][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.399504][ T481] device veth1_macvtap entered promiscuous mode
[ 51.433806][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 51.452973][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 51.472233][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.505155][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 51.532113][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.562417][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 51.582630][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.818236][ T528] loop2: detected capacity change from 0 to 131072
[ 51.853228][ T528] =======================================================
[ 51.853228][ T528] WARNING: The mand mount option has been deprecated and
[ 51.853228][ T528] and is ignored by this kernel. Remove the mand
[ 51.853228][ T528] option from the mount to silence this warning.
[ 51.853228][ T528] =======================================================
[ 51.963712][ T528] F2FS-fs (loop2): invalid crc value
[ 51.983941][ T8] device bridge_slave_1 left promiscuous mode
[ 51.992971][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.011529][ T528] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 52.018450][ T8] device bridge_slave_0 left promiscuous mode
[ 52.042913][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.081994][ T8] device veth1_macvtap left promiscuous mode
[ 52.091291][ T8] device veth0_vlan left promiscuous mode
[ 52.132451][ T528] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 52.153533][ T30] audit: type=1400 audit(1768885563.897:107): avc: denied { mount } for pid=527 comm="syz.2.19" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 52.192266][ T528] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 52.213156][ T528] CPU: 1 PID: 528 Comm: syz.2.19 Not tainted syzkaller #0
[ 52.220527][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 52.231078][ T528] Call Trace:
[ 52.234386][ T528]
[ 52.237338][ T528] __dump_stack+0x21/0x30
[ 52.241708][ T528] dump_stack_lvl+0x110/0x170
[ 52.246989][ T528] ? show_regs_print_info+0x20/0x20
[ 52.252397][ T528] ? memcpy+0x56/0x70
[ 52.256546][ T528] dump_stack+0x15/0x20
[ 52.260654][ T531] loop4: detected capacity change from 0 to 131072
[ 52.260762][ T528] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 52.273282][ T528] f2fs_iget+0x216c/0x5230
[ 52.277792][ T528] f2fs_lookup+0x3a9/0xab0
[ 52.282461][ T528] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 52.288686][ T528] ? d_hash_and_lookup+0x1f0/0x1f0
[ 52.293934][ T528] ? lockref_get_not_dead+0xe6/0x1c0
[ 52.299485][ T528] ? downgrade_write+0x430/0x430
[ 52.304465][ T528] __lookup_slow+0x2b8/0x410
[ 52.309535][ T528] ? lookup_one_len+0x2d0/0x2d0
[ 52.315184][ T528] ? down_read+0xab/0x100
[ 52.320086][ T528] ? handle_dots+0xe10/0xe10
[ 52.324753][ T528] lookup_slow+0x57/0x70
[ 52.329139][ T528] walk_component+0x325/0x460
[ 52.333859][ T528] path_lookupat+0x180/0x490
[ 52.338485][ T528] filename_lookup+0x214/0x540
[ 52.343280][ T528] ? hashlen_string+0x120/0x120
[ 52.348271][ T528] user_path_at_empty+0x47/0x1c0
[ 52.354072][ T528] do_sys_truncate+0xb6/0x1c0
[ 52.358897][ T528] ? unlock_page_memcg+0x130/0x130
[ 52.364058][ T528] ? break_lease+0xd0/0xd0
[ 52.368504][ T528] ? __kasan_check_write+0x14/0x20
[ 52.373650][ T528] ? switch_fpu_return+0x15d/0x2c0
[ 52.378967][ T528] __x64_sys_truncate+0x5b/0x70
[ 52.383860][ T528] x64_sys_call+0x212/0x9a0
[ 52.388395][ T528] do_syscall_64+0x4c/0xa0
[ 52.392843][ T528] ? clear_bhb_loop+0x50/0xa0
[ 52.398121][ T528] ? clear_bhb_loop+0x50/0xa0
[ 52.402836][ T528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.408965][ T528] RIP: 0033:0x7efe29798ef9
[ 52.413595][ T528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 52.434114][ T528] RSP: 002b:00007efe295fd028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 52.442891][ T528] RAX: ffffffffffffffda RBX: 00007efe29a03fa0 RCX: 00007efe29798ef9
[ 52.451644][ T528] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 52.459651][ T528] RBP: 00007efe2982dee0 R08: 0000000000000000 R09: 0000000000000000
[ 52.468488][ T528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 52.476992][ T528] R13: 00007efe29a04038 R14: 00007efe29a03fa0 R15: 00007ffd532ab128
[ 52.485232][ T528]
[ 52.513178][ T528] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 52.537353][ T531] F2FS-fs (loop4): invalid crc value
[ 52.577695][ T531] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 52.603253][ T528] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 52.627810][ T528] CPU: 0 PID: 528 Comm: syz.2.19 Not tainted syzkaller #0
[ 52.635087][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 52.645435][ T528] Call Trace:
[ 52.648834][ T528]
[ 52.651793][ T528] __dump_stack+0x21/0x30
[ 52.656170][ T528] dump_stack_lvl+0x110/0x170
[ 52.661169][ T528] ? show_regs_print_info+0x20/0x20
[ 52.667403][ T528] ? memcpy+0x56/0x70
[ 52.672184][ T528] dump_stack+0x15/0x20
[ 52.676487][ T528] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 52.681990][ T528] f2fs_iget+0x216c/0x5230
[ 52.687768][ T528] f2fs_lookup+0x3a9/0xab0
[ 52.692442][ T528] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 52.698931][ T528] ? d_hash_and_lookup+0x1f0/0x1f0
[ 52.704390][ T528] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 52.710625][ T528] path_openat+0xfc9/0x2f20
[ 52.715257][ T528] ? do_filp_open+0x410/0x410
[ 52.720428][ T528] do_filp_open+0x1e2/0x410
[ 52.725102][ T528] ? vfs_tmpfile+0x2d0/0x2d0
[ 52.730043][ T528] do_sys_openat2+0x15e/0x7f0
[ 52.734772][ T528] ? __se_sys_futex+0x135/0x330
[ 52.739756][ T528] ? do_sys_open+0xe0/0xe0
[ 52.744343][ T528] ? __x64_sys_futex+0x100/0x100
[ 52.749808][ T528] ? do_sys_truncate+0x14a/0x1c0
[ 52.754880][ T528] __x64_sys_openat+0x136/0x160
[ 52.760042][ T528] x64_sys_call+0x219/0x9a0
[ 52.764571][ T528] do_syscall_64+0x4c/0xa0
[ 52.769248][ T528] ? clear_bhb_loop+0x50/0xa0
[ 52.774065][ T528] ? clear_bhb_loop+0x50/0xa0
[ 52.779478][ T528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.785419][ T528] RIP: 0033:0x7efe29798ef9
[ 52.789874][ T528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 52.810822][ T528] RSP: 002b:00007efe295fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 52.819478][ T528] RAX: ffffffffffffffda RBX: 00007efe29a03fa0 RCX: 00007efe29798ef9
[ 52.827915][ T528] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 52.835967][ T528] RBP: 00007efe2982dee0 R08: 0000000000000000 R09: 0000000000000000
[ 52.844083][ T528] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 52.852912][ T528] R13: 00007efe29a04038 R14: 00007efe29a03fa0 R15: 00007ffd532ab128
[ 52.861009][ T528]
[ 52.873221][ T531] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 52.939359][ T531] F2FS-fs (loop4): access invalid blkaddr:2147563524
[ 52.952232][ T531] CPU: 1 PID: 531 Comm: syz.4.21 Not tainted syzkaller #0
[ 52.959582][ T531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 52.970130][ T531] Call Trace:
[ 52.973531][ T531]
[ 52.976498][ T531] __dump_stack+0x21/0x30
[ 52.981647][ T531] dump_stack_lvl+0x110/0x170
[ 52.986358][ T531] ? show_regs_print_info+0x20/0x20
[ 52.991675][ T531] ? memcpy+0x56/0x70
[ 52.995689][ T531] dump_stack+0x15/0x20
[ 52.999969][ T531] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 53.005373][ T531] f2fs_iget+0x216c/0x5230
[ 53.010223][ T531] f2fs_lookup+0x3a9/0xab0
[ 53.014668][ T531] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 53.020797][ T531] ? d_hash_and_lookup+0x1f0/0x1f0
[ 53.026561][ T531] ? lockref_get_not_dead+0xe6/0x1c0
[ 53.031876][ T531] ? downgrade_write+0x430/0x430
[ 53.036938][ T531] __lookup_slow+0x2b8/0x410
[ 53.037958][ T533] loop0: detected capacity change from 0 to 131072
[ 53.041556][ T531] ? lookup_one_len+0x2d0/0x2d0
[ 53.053044][ T531] ? down_read+0xab/0x100
[ 53.057412][ T531] ? handle_dots+0xe10/0xe10
[ 53.062428][ T531] lookup_slow+0x57/0x70
[ 53.066825][ T531] walk_component+0x325/0x460
[ 53.071560][ T531] path_lookupat+0x180/0x490
[ 53.076397][ T531] filename_lookup+0x214/0x540
[ 53.081208][ T531] ? hashlen_string+0x120/0x120
[ 53.087362][ T531] user_path_at_empty+0x47/0x1c0
[ 53.092544][ T531] do_sys_truncate+0xb6/0x1c0
[ 53.097273][ T531] ? unlock_page_memcg+0x130/0x130
[ 53.102442][ T531] ? break_lease+0xd0/0xd0
[ 53.106987][ T531] ? __kasan_check_write+0x14/0x20
[ 53.112139][ T531] ? switch_fpu_return+0x15d/0x2c0
[ 53.117678][ T531] __x64_sys_truncate+0x5b/0x70
[ 53.122855][ T531] x64_sys_call+0x212/0x9a0
[ 53.127852][ T531] do_syscall_64+0x4c/0xa0
[ 53.132395][ T531] ? clear_bhb_loop+0x50/0xa0
[ 53.137895][ T531] ? clear_bhb_loop+0x50/0xa0
[ 53.142605][ T531] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.148770][ T531] RIP: 0033:0x7fe262f1fef9
[ 53.153307][ T531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 53.173602][ T531] RSP: 002b:00007fe262d84028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 53.182855][ T531] RAX: ffffffffffffffda RBX: 00007fe26318afa0 RCX: 00007fe262f1fef9
[ 53.191213][ T531] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 53.199722][ T531] RBP: 00007fe262fb4ee0 R08: 0000000000000000 R09: 0000000000000000
[ 53.207834][ T531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 53.216122][ T531] R13: 00007fe26318b038 R14: 00007fe26318afa0 R15: 00007ffd9af4f6f8
[ 53.224810][ T531]
[ 53.230785][ T531] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 53.244650][ T546] F2FS-fs (loop4): access invalid blkaddr:2147563524
[ 53.251502][ T546] CPU: 1 PID: 546 Comm: syz.4.21 Not tainted syzkaller #0
[ 53.259157][ T546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 53.269244][ T546] Call Trace:
[ 53.272810][ T546]
[ 53.276303][ T546] __dump_stack+0x21/0x30
[ 53.280705][ T546] dump_stack_lvl+0x110/0x170
[ 53.285419][ T546] ? show_regs_print_info+0x20/0x20
[ 53.290653][ T546] ? _raw_spin_lock+0x94/0xf0
[ 53.296209][ T546] ? radix_tree_lookup+0x248/0x290
[ 53.301362][ T546] dump_stack+0x15/0x20
[ 53.305876][ T546] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 53.311380][ T546] f2fs_iget+0x216c/0x5230
[ 53.316286][ T546] f2fs_lookup+0x3a9/0xab0
[ 53.320817][ T546] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 53.327105][ T546] ? d_hash_and_lookup+0x1f0/0x1f0
[ 53.332432][ T546] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 53.339372][ T546] path_openat+0xfc9/0x2f20
[ 53.344294][ T546] ? do_filp_open+0x410/0x410
[ 53.349214][ T546] do_filp_open+0x1e2/0x410
[ 53.353843][ T546] ? vfs_tmpfile+0x2d0/0x2d0
[ 53.359127][ T546] do_sys_openat2+0x15e/0x7f0
[ 53.363932][ T546] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 53.369613][ T546] ? do_sys_open+0xe0/0xe0
[ 53.374276][ T546] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 53.380338][ T546] __x64_sys_openat+0x136/0x160
[ 53.385284][ T546] x64_sys_call+0x219/0x9a0
[ 53.389968][ T546] do_syscall_64+0x4c/0xa0
[ 53.392850][ T528] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 53.394510][ T546] ? clear_bhb_loop+0x50/0xa0
[ 53.394535][ T546] ? clear_bhb_loop+0x50/0xa0
[ 53.417314][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.423460][ T546] RIP: 0033:0x7fe262f1fef9
[ 53.428022][ T546] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 53.448750][ T546] RSP: 002b:00007fe262d63028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 53.457312][ T546] RAX: ffffffffffffffda RBX: 00007fe26318b090 RCX: 00007fe262f1fef9
[ 53.465364][ T546] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 53.474046][ T546] RBP: 00007fe262fb4ee0 R08: 0000000000000000 R09: 0000000000000000
[ 53.482079][ T546] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 53.490767][ T546] R13: 00007fe26318b128 R14: 00007fe26318b090 R15: 00007ffd9af4f6f8
[ 53.499173][ T546]
[ 53.507809][ T533] F2FS-fs (loop0): invalid crc value
[ 53.522074][ T546] ==================================================================
[ 53.530801][ T546] BUG: KASAN: use-after-free in f2fs_iget+0x487b/0x5230
[ 53.538218][ T546] Read of size 4 at addr ffff88811ffe2f78 by task syz.4.21/546
[ 53.546407][ T546]
[ 53.548780][ T546] CPU: 1 PID: 546 Comm: syz.4.21 Not tainted syzkaller #0
[ 53.556092][ T546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 53.566387][ T546] Call Trace:
[ 53.569701][ T546]
[ 53.572820][ T546] __dump_stack+0x21/0x30
[ 53.577202][ T546] dump_stack_lvl+0x110/0x170
[ 53.581907][ T546] ? show_regs_print_info+0x20/0x20
[ 53.587662][ T546] ? load_image+0x3e0/0x3e0
[ 53.592284][ T546] ? dump_stack_lvl+0x144/0x170
[ 53.597150][ T546] print_address_description+0x7f/0x2c0
[ 53.602987][ T546] ? f2fs_iget+0x487b/0x5230
[ 53.607689][ T546] kasan_report+0xf1/0x140
[ 53.612130][ T546] ? dump_stack+0x15/0x20
[ 53.616712][ T546] ? f2fs_iget+0x487b/0x5230
[ 53.621502][ T546] __asan_report_load4_noabort+0x14/0x20
[ 53.627328][ T546] f2fs_iget+0x487b/0x5230
[ 53.631859][ T546] f2fs_lookup+0x3a9/0xab0
[ 53.636289][ T546] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 53.642389][ T546] ? d_hash_and_lookup+0x1f0/0x1f0
[ 53.648057][ T546] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 53.654400][ T546] path_openat+0xfc9/0x2f20
[ 53.659008][ T546] ? do_filp_open+0x410/0x410
[ 53.663736][ T546] do_filp_open+0x1e2/0x410
[ 53.668391][ T546] ? vfs_tmpfile+0x2d0/0x2d0
[ 53.673440][ T546] do_sys_openat2+0x15e/0x7f0
[ 53.678229][ T546] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 53.684076][ T546] ? do_sys_open+0xe0/0xe0
[ 53.688511][ T546] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 53.694623][ T546] __x64_sys_openat+0x136/0x160
[ 53.699569][ T546] x64_sys_call+0x219/0x9a0
[ 53.704094][ T546] do_syscall_64+0x4c/0xa0
[ 53.708537][ T546] ? clear_bhb_loop+0x50/0xa0
[ 53.713323][ T546] ? clear_bhb_loop+0x50/0xa0
[ 53.718011][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.723919][ T546] RIP: 0033:0x7fe262f1fef9
[ 53.728454][ T546] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 53.748553][ T546] RSP: 002b:00007fe262d63028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 53.756984][ T546] RAX: ffffffffffffffda RBX: 00007fe26318b090 RCX: 00007fe262f1fef9
[ 53.764967][ T546] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 53.772960][ T546] RBP: 00007fe262fb4ee0 R08: 0000000000000000 R09: 0000000000000000
[ 53.780949][ T546] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 53.789126][ T546] R13: 00007fe26318b128 R14: 00007fe26318b090 R15: 00007ffd9af4f6f8
[ 53.797116][ T546]
[ 53.800150][ T546]
[ 53.802661][ T546] Allocated by task 531:
[ 53.807087][ T546] __kasan_slab_alloc+0xbd/0xf0
[ 53.812161][ T546] slab_post_alloc_hook+0x4f/0x2b0
[ 53.817328][ T546] kmem_cache_alloc+0xf7/0x260
[ 53.822109][ T546] f2fs_init_extent_tree+0x4e7/0xcb0
[ 53.827585][ T546] f2fs_iget+0x13c8/0x5230
[ 53.832024][ T546] f2fs_lookup+0x3a9/0xab0
[ 53.836542][ T546] __lookup_slow+0x2b8/0x410
[ 53.841144][ T546] lookup_slow+0x57/0x70
[ 53.845662][ T546] walk_component+0x325/0x460
[ 53.850704][ T546] path_lookupat+0x180/0x490
[ 53.855341][ T546] filename_lookup+0x214/0x540
[ 53.860123][ T546] user_path_at_empty+0x47/0x1c0
[ 53.865422][ T546] do_sys_truncate+0xb6/0x1c0
[ 53.870585][ T546] __x64_sys_truncate+0x5b/0x70
[ 53.875620][ T546] x64_sys_call+0x212/0x9a0
[ 53.880150][ T546] do_syscall_64+0x4c/0xa0
[ 53.884669][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.890680][ T546]
[ 53.893013][ T546] Freed by task 531:
[ 53.896962][ T546] kasan_set_track+0x4a/0x70
[ 53.901569][ T546] kasan_set_free_info+0x23/0x40
[ 53.906583][ T546] ____kasan_slab_free+0x125/0x160
[ 53.911808][ T546] __kasan_slab_free+0x11/0x20
[ 53.916608][ T546] slab_free_freelist_hook+0xc2/0x190
[ 53.922005][ T546] kmem_cache_free+0x100/0x320
[ 53.926881][ T546] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 53.932540][ T546] f2fs_evict_inode+0x4dd/0x15b0
[ 53.937598][ T546] evict+0x4c9/0x8d0
[ 53.941642][ T546] iput+0x635/0x7c0
[ 53.945552][ T546] iget_failed+0x178/0x1c0
[ 53.950135][ T546] f2fs_iget+0x1aea/0x5230
[ 53.954561][ T546] f2fs_lookup+0x3a9/0xab0
[ 53.958988][ T546] __lookup_slow+0x2b8/0x410
[ 53.963700][ T546] lookup_slow+0x57/0x70
[ 53.967950][ T546] walk_component+0x325/0x460
[ 53.973296][ T546] path_lookupat+0x180/0x490
[ 53.977904][ T546] filename_lookup+0x214/0x540
[ 53.982681][ T546] user_path_at_empty+0x47/0x1c0
[ 53.987639][ T546] do_sys_truncate+0xb6/0x1c0
[ 53.992571][ T546] __x64_sys_truncate+0x5b/0x70
[ 53.997441][ T546] x64_sys_call+0x212/0x9a0
[ 54.002240][ T546] do_syscall_64+0x4c/0xa0
[ 54.006876][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.013078][ T546]
[ 54.015417][ T546] The buggy address belongs to the object at ffff88811ffe2f50
[ 54.015417][ T546] which belongs to the cache f2fs_extent_tree of size 80
[ 54.030020][ T546] The buggy address is located 40 bytes inside of
[ 54.030020][ T546] 80-byte region [ffff88811ffe2f50, ffff88811ffe2fa0)
[ 54.043353][ T546] The buggy address belongs to the page:
[ 54.049201][ T546] page:ffffea00047ff880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ffe2
[ 54.059783][ T546] flags: 0x4000000000000200(slab|zone=1)
[ 54.065754][ T546] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f9200
[ 54.074791][ T546] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 54.083507][ T546] page dumped because: kasan: bad access detected
[ 54.090244][ T546] page_owner tracks the page as allocated
[ 54.096075][ T546] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 528, ts 52192236508, free_ts 0
[ 54.115386][ T546] post_alloc_hook+0x192/0x1b0
[ 54.120307][ T546] prep_new_page+0x1c/0x110
[ 54.125082][ T546] get_page_from_freelist+0x2d3a/0x2dc0
[ 54.130906][ T546] __alloc_pages+0x1a2/0x460
[ 54.135519][ T546] new_slab+0xa1/0x4d0
[ 54.139713][ T546] ___slab_alloc+0x381/0x810
[ 54.144336][ T546] __slab_alloc+0x49/0x90
[ 54.148872][ T546] kmem_cache_alloc+0x138/0x260
[ 54.153824][ T546] f2fs_init_extent_tree+0x4e7/0xcb0
[ 54.159143][ T546] f2fs_iget+0x13c8/0x5230
[ 54.163679][ T546] f2fs_lookup+0x3a9/0xab0
[ 54.168114][ T546] __lookup_slow+0x2b8/0x410
[ 54.172723][ T546] lookup_slow+0x57/0x70
[ 54.177074][ T546] walk_component+0x325/0x460
[ 54.181870][ T546] path_lookupat+0x180/0x490
[ 54.186618][ T546] filename_lookup+0x214/0x540
[ 54.191420][ T546] page_owner free stack trace missing
[ 54.196820][ T546]
[ 54.199159][ T546] Memory state around the buggy address:
[ 54.204806][ T546] ffff88811ffe2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.212976][ T546] ffff88811ffe2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.221241][ T546] >ffff88811ffe2f00: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 54.229428][ T546] ^
[ 54.237782][ T546] ffff88811ffe2f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.245869][ T546] ffff88811ffe3000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.254072][ T546] ==================================================================
[ 54.262172][ T546] Disabling lock debugging due to kernel taint
[ 54.269510][ T533] F2FS-fs (loop0): Failed to start F2FS issue_checkpoint_thread (-12)
[ 54.284151][ T30] audit: type=1400 audit(1768885566.027:108): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
2026/01/20 05:06:06 executed programs: 16
[ 54.327161][ T30] audit: type=1400 audit(1768885566.027:109): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 54.414249][ T30] audit: type=1400 audit(1768885566.027:110): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 54.436511][ T535] loop5: detected capacity change from 0 to 131072
[ 54.479908][ T535] F2FS-fs (loop5): invalid crc value
[ 54.506386][ T30] audit: type=1400 audit(1768885566.027:111): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 54.527501][ T535] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 54.568437][ T537] loop6: detected capacity change from 0 to 131072
[ 54.595850][ T30] audit: type=1400 audit(1768885566.027:112): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.617754][ T537] F2FS-fs (loop6): invalid crc value
[ 54.643822][ T537] F2FS-fs (loop6): Failed to initialize F2FS segment manager (-4)
[ 54.692817][ T30] audit: type=1400 audit(1768885566.027:113): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.762858][ T30] audit: type=1400 audit(1768885566.027:114): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.803672][ T546] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 54.836630][ T546] ==================================================================
[ 54.844783][ T546] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 54.853248][ T546]
[ 54.855640][ T546] CPU: 0 PID: 546 Comm: syz.4.21 Tainted: G B syzkaller #0
[ 54.864596][ T546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 54.874972][ T546] Call Trace:
[ 54.878308][ T546]
[ 54.881285][ T546] __dump_stack+0x21/0x30
[ 54.885673][ T546] dump_stack_lvl+0x110/0x170
[ 54.890665][ T546] ? show_regs_print_info+0x20/0x20
[ 54.895970][ T546] ? load_image+0x3e0/0x3e0
[ 54.900657][ T546] ? truncate_inode_pages_range+0xce1/0xe00
[ 54.906606][ T546] ? __switch_to_asm+0x3a/0x60
[ 54.911508][ T546] print_address_description+0x7f/0x2c0
[ 54.917181][ T546] ? kmem_cache_free+0x100/0x320
[ 54.922251][ T546] kasan_report_invalid_free+0x58/0x90
[ 54.927749][ T546] ? kmem_cache_free+0x100/0x320
[ 54.932811][ T546] ____kasan_slab_free+0x13d/0x160
[ 54.938084][ T546] __kasan_slab_free+0x11/0x20
[ 54.942879][ T546] slab_free_freelist_hook+0xc2/0x190
[ 54.948435][ T546] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 54.954273][ T546] kmem_cache_free+0x100/0x320
[ 54.959083][ T546] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 54.964671][ T546] f2fs_evict_inode+0x4dd/0x15b0
[ 54.969652][ T546] ? f2fs_write_inode+0x850/0x850
[ 54.974710][ T546] ? bit_waitqueue+0x30/0x30
[ 54.979333][ T546] ? f2fs_write_inode+0x850/0x850
[ 54.984734][ T546] evict+0x4c9/0x8d0
[ 54.988706][ T546] ? proc_nr_inodes+0x310/0x310
[ 54.993695][ T546] ? _raw_spin_lock+0x94/0xf0
[ 54.998408][ T546] ? __kasan_check_read+0x11/0x20
[ 55.003552][ T546] ? f2fs_drop_inode+0x174/0x980
[ 55.008616][ T546] ? __kasan_check_write+0x14/0x20
[ 55.014021][ T546] iput+0x635/0x7c0
[ 55.018079][ T546] iget_failed+0x178/0x1c0
[ 55.022566][ T546] f2fs_iget+0x1aea/0x5230
[ 55.027547][ T546] f2fs_lookup+0x3a9/0xab0
[ 55.031990][ T546] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 55.038094][ T546] ? d_hash_and_lookup+0x1f0/0x1f0
[ 55.043327][ T546] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 55.049734][ T546] path_openat+0xfc9/0x2f20
[ 55.054639][ T546] ? do_filp_open+0x410/0x410
[ 55.059454][ T546] do_filp_open+0x1e2/0x410
[ 55.064243][ T546] ? vfs_tmpfile+0x2d0/0x2d0
[ 55.068866][ T546] do_sys_openat2+0x15e/0x7f0
[ 55.073686][ T546] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 55.079360][ T546] ? do_sys_open+0xe0/0xe0
[ 55.083817][ T546] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 55.089401][ T546] __x64_sys_openat+0x136/0x160
[ 55.094400][ T546] x64_sys_call+0x219/0x9a0
[ 55.098937][ T546] do_syscall_64+0x4c/0xa0
[ 55.103500][ T546] ? clear_bhb_loop+0x50/0xa0
[ 55.108201][ T546] ? clear_bhb_loop+0x50/0xa0
[ 55.112914][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.118932][ T546] RIP: 0033:0x7fe262f1fef9
[ 55.123370][ T546] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 55.143470][ T546] RSP: 002b:00007fe262d63028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 55.152030][ T546] RAX: ffffffffffffffda RBX: 00007fe26318b090 RCX: 00007fe262f1fef9
[ 55.160143][ T546] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 55.168607][ T546] RBP: 00007fe262fb4ee0 R08: 0000000000000000 R09: 0000000000000000
[ 55.176717][ T546] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 55.185119][ T546] R13: 00007fe26318b128 R14: 00007fe26318b090 R15: 00007ffd9af4f6f8
[ 55.193320][ T546]
[ 55.196368][ T546]
[ 55.198803][ T546] Allocated by task 531:
[ 55.203082][ T546] __kasan_slab_alloc+0xbd/0xf0
[ 55.208061][ T546] slab_post_alloc_hook+0x4f/0x2b0
[ 55.213652][ T546] kmem_cache_alloc+0xf7/0x260
[ 55.218468][ T546] f2fs_init_extent_tree+0x4e7/0xcb0
[ 55.223881][ T546] f2fs_iget+0x13c8/0x5230
[ 55.229130][ T546] f2fs_lookup+0x3a9/0xab0
[ 55.233716][ T546] __lookup_slow+0x2b8/0x410
[ 55.238330][ T546] lookup_slow+0x57/0x70
[ 55.242617][ T546] walk_component+0x325/0x460
[ 55.247438][ T546] path_lookupat+0x180/0x490
[ 55.252070][ T546] filename_lookup+0x214/0x540
[ 55.256856][ T546] user_path_at_empty+0x47/0x1c0
[ 55.261819][ T546] do_sys_truncate+0xb6/0x1c0
[ 55.266617][ T546] __x64_sys_truncate+0x5b/0x70
[ 55.271501][ T546] x64_sys_call+0x212/0x9a0
[ 55.276042][ T546] do_syscall_64+0x4c/0xa0
[ 55.280488][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.286502][ T546]
[ 55.288979][ T546] Freed by task 531:
[ 55.292997][ T546] kasan_set_track+0x4a/0x70
[ 55.297636][ T546] kasan_set_free_info+0x23/0x40
[ 55.302621][ T546] ____kasan_slab_free+0x125/0x160
[ 55.307973][ T546] __kasan_slab_free+0x11/0x20
[ 55.312951][ T546] slab_free_freelist_hook+0xc2/0x190
[ 55.318376][ T546] kmem_cache_free+0x100/0x320
[ 55.323174][ T546] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 55.328916][ T546] f2fs_evict_inode+0x4dd/0x15b0
[ 55.333897][ T546] evict+0x4c9/0x8d0
[ 55.338002][ T546] iput+0x635/0x7c0
[ 55.341955][ T546] iget_failed+0x178/0x1c0
[ 55.346590][ T546] f2fs_iget+0x1aea/0x5230
[ 55.351468][ T546] f2fs_lookup+0x3a9/0xab0
[ 55.356463][ T546] __lookup_slow+0x2b8/0x410
[ 55.361080][ T546] lookup_slow+0x57/0x70
[ 55.365461][ T546] walk_component+0x325/0x460
[ 55.370171][ T546] path_lookupat+0x180/0x490
[ 55.375214][ T546] filename_lookup+0x214/0x540
[ 55.380020][ T546] user_path_at_empty+0x47/0x1c0
[ 55.384995][ T546] do_sys_truncate+0xb6/0x1c0
[ 55.389701][ T546] __x64_sys_truncate+0x5b/0x70
[ 55.394590][ T546] x64_sys_call+0x212/0x9a0
[ 55.399130][ T546] do_syscall_64+0x4c/0xa0
[ 55.403569][ T546] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.409590][ T546]
[ 55.411932][ T546] The buggy address belongs to the object at ffff88811ffe2f50
[ 55.411932][ T546] which belongs to the cache f2fs_extent_tree of size 80
[ 55.426787][ T546] The buggy address is located 0 bytes inside of
[ 55.426787][ T546] 80-byte region [ffff88811ffe2f50, ffff88811ffe2fa0)
[ 55.440182][ T546] The buggy address belongs to the page:
[ 55.446066][ T546] page:ffffea00047ff880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ffe2
[ 55.456462][ T546] flags: 0x4000000000000200(slab|zone=1)
[ 55.462136][ T546] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f9200
[ 55.471128][ T546] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 55.479835][ T546] page dumped because: kasan: bad access detected
[ 55.486453][ T546] page_owner tracks the page as allocated
[ 55.492331][ T546] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 528, ts 52192236508, free_ts 0
[ 55.510825][ T546] post_alloc_hook+0x192/0x1b0
[ 55.515800][ T546] prep_new_page+0x1c/0x110
[ 55.520418][ T546] get_page_from_freelist+0x2d3a/0x2dc0
[ 55.526256][ T546] __alloc_pages+0x1a2/0x460
[ 55.531024][ T546] new_slab+0xa1/0x4d0
[ 55.535221][ T546] ___slab_alloc+0x381/0x810
[ 55.539995][ T546] __slab_alloc+0x49/0x90
[ 55.544774][ T546] kmem_cache_alloc+0x138/0x260
[ 55.549679][ T546] f2fs_init_extent_tree+0x4e7/0xcb0
[ 55.555353][ T546] f2fs_iget+0x13c8/0x5230
[ 55.559901][ T546] f2fs_lookup+0x3a9/0xab0
[ 55.564357][ T546] __lookup_slow+0x2b8/0x410
[ 55.569159][ T546] lookup_slow+0x57/0x70
[ 55.573569][ T546] walk_component+0x325/0x460
[ 55.578364][ T546] path_lookupat+0x180/0x490
[ 55.582978][ T546] filename_lookup+0x214/0x540
[ 55.587779][ T546] page_owner free stack trace missing
[ 55.593169][ T546]
[ 55.595610][ T546] Memory state around the buggy address:
[ 55.601258][ T546] ffff88811ffe2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.609911][ T546] ffff88811ffe2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.618109][ T546] >ffff88811ffe2f00: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 55.626208][ T546] ^
[ 55.633001][ T546] ffff88811ffe2f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.641344][ T546] ffff88811ffe3000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.649743][ T546] ==================================================================
[ 56.259303][ T549] loop0: detected capacity change from 0 to 131072
[ 56.343575][ T558] loop6: detected capacity change from 0 to 131072
[ 56.358357][ T549] F2FS-fs (loop0): invalid crc value
[ 56.385439][ T558] F2FS-fs (loop6): invalid crc value
[ 56.401465][ T560] loop2: detected capacity change from 0 to 131072
[ 56.409819][ T558] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 56.433724][ T549] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 56.449115][ T560] F2FS-fs (loop2): invalid crc value
[ 56.488215][ T560] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 56.563852][ T558] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 56.571504][ T549] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 56.589903][ T558] F2FS-fs (loop6): access invalid blkaddr:2147563524
[ 56.602667][ T549] F2FS-fs (loop0): access invalid blkaddr:2147563524
[ 56.613283][ T549] CPU: 0 PID: 549 Comm: syz.0.23 Tainted: G B syzkaller #0
[ 56.622209][ T549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 56.632393][ T549] Call Trace:
[ 56.635892][ T549]
[ 56.638851][ T549] __dump_stack+0x21/0x30
[ 56.643210][ T549] dump_stack_lvl+0x110/0x170
[ 56.647918][ T549] ? show_regs_print_info+0x20/0x20
[ 56.653256][ T549] ? memcpy+0x56/0x70
[ 56.657439][ T549] dump_stack+0x15/0x20
[ 56.661629][ T549] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 56.667140][ T549] f2fs_iget+0x216c/0x5230
[ 56.671796][ T549] f2fs_lookup+0x3a9/0xab0
[ 56.676503][ T549] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 56.682675][ T549] ? d_hash_and_lookup+0x1f0/0x1f0
[ 56.687812][ T549] ? lockref_get_not_dead+0xe6/0x1c0
[ 56.693129][ T549] ? downgrade_write+0x430/0x430
[ 56.698190][ T549] __lookup_slow+0x2b8/0x410
[ 56.702932][ T549] ? lookup_one_len+0x2d0/0x2d0
[ 56.707820][ T549] ? down_read+0xab/0x100
[ 56.712255][ T549] ? handle_dots+0xe10/0xe10
[ 56.716972][ T549] lookup_slow+0x57/0x70
[ 56.721331][ T549] walk_component+0x325/0x460
[ 56.726221][ T549] path_lookupat+0x180/0x490
[ 56.730848][ T549] filename_lookup+0x214/0x540
[ 56.735735][ T549] ? hashlen_string+0x120/0x120
[ 56.740819][ T549] user_path_at_empty+0x47/0x1c0
[ 56.746301][ T549] do_sys_truncate+0xb6/0x1c0
[ 56.751297][ T549] ? unlock_page_memcg+0x130/0x130
[ 56.756612][ T549] ? break_lease+0xd0/0xd0
[ 56.761151][ T549] ? __kasan_check_write+0x14/0x20
[ 56.766413][ T549] ? switch_fpu_return+0x15d/0x2c0
[ 56.771552][ T549] __x64_sys_truncate+0x5b/0x70
[ 56.776423][ T549] x64_sys_call+0x212/0x9a0
[ 56.781138][ T549] do_syscall_64+0x4c/0xa0
[ 56.786038][ T549] ? clear_bhb_loop+0x50/0xa0
[ 56.790830][ T549] ? clear_bhb_loop+0x50/0xa0
[ 56.795526][ T549] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.801537][ T549] RIP: 0033:0x7ff4771a5ef9
[ 56.806150][ T549] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 56.826772][ T549] RSP: 002b:00007ff47700a028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 56.835894][ T549] RAX: ffffffffffffffda RBX: 00007ff477410fa0 RCX: 00007ff4771a5ef9
[ 56.844100][ T549] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 56.853111][ T549] RBP: 00007ff47723aee0 R08: 0000000000000000 R09: 0000000000000000
[ 56.861305][ T549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 56.869519][ T549] R13: 00007ff477411038 R14: 00007ff477410fa0 R15: 00007fff16076008
[ 56.877529][ T549]
[ 56.880655][ T558] CPU: 1 PID: 558 Comm: syz.6.24 Tainted: G B syzkaller #0
[ 56.889303][ T558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 56.899916][ T558] Call Trace:
[ 56.903252][ T558]
[ 56.906400][ T558] __dump_stack+0x21/0x30
[ 56.910846][ T558] dump_stack_lvl+0x110/0x170
[ 56.915647][ T558] ? show_regs_print_info+0x20/0x20
[ 56.920968][ T558] ? memcpy+0x56/0x70
[ 56.925140][ T558] dump_stack+0x15/0x20
[ 56.929440][ T558] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 56.934839][ T558] f2fs_iget+0x216c/0x5230
[ 56.939374][ T558] f2fs_lookup+0x3a9/0xab0
[ 56.943983][ T558] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 56.950103][ T558] ? d_hash_and_lookup+0x1f0/0x1f0
[ 56.955269][ T558] ? lockref_get_not_dead+0xe6/0x1c0
[ 56.960783][ T558] ? downgrade_write+0x430/0x430
[ 56.965912][ T558] __lookup_slow+0x2b8/0x410
[ 56.970730][ T558] ? lookup_one_len+0x2d0/0x2d0
[ 56.975633][ T558] ? down_read+0xab/0x100
[ 56.980084][ T558] ? handle_dots+0xe10/0xe10
[ 56.984788][ T558] lookup_slow+0x57/0x70
[ 56.989058][ T558] walk_component+0x325/0x460
[ 56.993863][ T558] path_lookupat+0x180/0x490
[ 56.998841][ T558] filename_lookup+0x214/0x540
[ 57.003717][ T558] ? hashlen_string+0x120/0x120
[ 57.008679][ T558] user_path_at_empty+0x47/0x1c0
[ 57.013634][ T558] do_sys_truncate+0xb6/0x1c0
[ 57.018740][ T558] ? unlock_page_memcg+0x130/0x130
[ 57.024358][ T558] ? break_lease+0xd0/0xd0
[ 57.029167][ T558] ? __kasan_check_write+0x14/0x20
[ 57.034541][ T558] ? switch_fpu_return+0x15d/0x2c0
[ 57.039926][ T558] __x64_sys_truncate+0x5b/0x70
[ 57.045061][ T558] x64_sys_call+0x212/0x9a0
[ 57.050029][ T558] do_syscall_64+0x4c/0xa0
[ 57.054818][ T558] ? clear_bhb_loop+0x50/0xa0
[ 57.060470][ T558] ? clear_bhb_loop+0x50/0xa0
[ 57.065287][ T558] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.071370][ T558] RIP: 0033:0x7f1178cf3ef9
[ 57.076262][ T558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 57.098650][ T558] RSP: 002b:00007f1178b58028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 57.107673][ T558] RAX: ffffffffffffffda RBX: 00007f1178f5efa0 RCX: 00007f1178cf3ef9
[ 57.117478][ T558] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 57.126186][ T558] RBP: 00007f1178d88ee0 R08: 0000000000000000 R09: 0000000000000000
[ 57.135308][ T558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 57.144856][ T558] R13: 00007f1178f5f038 R14: 00007f1178f5efa0 R15: 00007fff97a82cb8
[ 57.153132][ T558]
[ 57.159441][ T549] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 57.163815][ T558] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 57.186881][ T560] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 57.203103][ T560] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 57.218544][ T560] CPU: 1 PID: 560 Comm: syz.2.22 Tainted: G B syzkaller #0
[ 57.227451][ T560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 57.235246][ T576] F2FS-fs (loop6): access invalid blkaddr:2147563524
[ 57.239030][ T560] Call Trace:
[ 57.239038][ T560]
[ 57.239045][ T560] __dump_stack+0x21/0x30
[ 57.256774][ T560] dump_stack_lvl+0x110/0x170
[ 57.261667][ T560] ? show_regs_print_info+0x20/0x20
[ 57.267019][ T560] ? memcpy+0x56/0x70
[ 57.271316][ T560] dump_stack+0x15/0x20
[ 57.276128][ T560] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 57.276245][ T577] F2FS-fs (loop0): access invalid blkaddr:2147563524
[ 57.281634][ T560] f2fs_iget+0x216c/0x5230
[ 57.281665][ T560] f2fs_lookup+0x3a9/0xab0
[ 57.298794][ T560] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 57.305643][ T560] ? d_hash_and_lookup+0x1f0/0x1f0
[ 57.311039][ T560] ? lockref_get_not_dead+0xe6/0x1c0
[ 57.316818][ T560] ? downgrade_write+0x430/0x430
[ 57.322667][ T560] __lookup_slow+0x2b8/0x410
[ 57.328950][ T560] ? lookup_one_len+0x2d0/0x2d0
[ 57.334277][ T560] ? down_read+0xab/0x100
[ 57.338905][ T560] ? handle_dots+0xe10/0xe10
[ 57.344255][ T560] lookup_slow+0x57/0x70
[ 57.348716][ T560] walk_component+0x325/0x460
[ 57.354150][ T560] path_lookupat+0x180/0x490
[ 57.359421][ T560] filename_lookup+0x214/0x540
[ 57.364526][ T560] ? hashlen_string+0x120/0x120
[ 57.369518][ T560] user_path_at_empty+0x47/0x1c0
[ 57.375029][ T560] do_sys_truncate+0xb6/0x1c0
[ 57.380248][ T560] ? unlock_page_memcg+0x130/0x130
[ 57.385508][ T560] ? break_lease+0xd0/0xd0
[ 57.390069][ T560] ? __kasan_check_write+0x14/0x20
[ 57.395398][ T560] ? switch_fpu_return+0x15d/0x2c0
[ 57.401301][ T560] __x64_sys_truncate+0x5b/0x70
[ 57.406322][ T560] x64_sys_call+0x212/0x9a0
[ 57.410872][ T560] do_syscall_64+0x4c/0xa0
[ 57.415606][ T560] ? clear_bhb_loop+0x50/0xa0
[ 57.420675][ T560] ? clear_bhb_loop+0x50/0xa0
[ 57.425440][ T560] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.431696][ T560] RIP: 0033:0x7efe29798ef9
[ 57.436330][ T560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 57.456497][ T560] RSP: 002b:00007efe295fd028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 57.465066][ T560] RAX: ffffffffffffffda RBX: 00007efe29a03fa0 RCX: 00007efe29798ef9
[ 57.473623][ T560] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 57.481913][ T560] RBP: 00007efe2982dee0 R08: 0000000000000000 R09: 0000000000000000
[ 57.490429][ T560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 57.499242][ T560] R13: 00007efe29a04038 R14: 00007efe29a03fa0 R15: 00007ffd532ab128
[ 57.507598][ T560]
[ 57.510755][ T577] CPU: 0 PID: 577 Comm: syz.0.23 Tainted: G B syzkaller #0
[ 57.519794][ T577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 57.530295][ T577] Call Trace:
[ 57.533805][ T577]
[ 57.537253][ T577] __dump_stack+0x21/0x30
[ 57.541636][ T577] dump_stack_lvl+0x110/0x170
[ 57.546568][ T577] ? show_regs_print_info+0x20/0x20
[ 57.552292][ T577] ? memcpy+0x56/0x70
[ 57.556338][ T577] dump_stack+0x15/0x20
[ 57.560532][ T577] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 57.566516][ T577] f2fs_iget+0x216c/0x5230
[ 57.571089][ T577] f2fs_lookup+0x3a9/0xab0
[ 57.575717][ T577] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 57.582259][ T577] ? d_hash_and_lookup+0x1f0/0x1f0
[ 57.587583][ T577] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 57.593875][ T577] path_openat+0xfc9/0x2f20
[ 57.598513][ T577] ? do_filp_open+0x410/0x410
[ 57.603308][ T577] do_filp_open+0x1e2/0x410
[ 57.607951][ T577] ? vfs_tmpfile+0x2d0/0x2d0
[ 57.612605][ T577] do_sys_openat2+0x15e/0x7f0
[ 57.617432][ T577] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 57.623513][ T577] ? do_sys_open+0xe0/0xe0
[ 57.628521][ T577] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 57.634300][ T577] __x64_sys_openat+0x136/0x160
[ 57.639656][ T577] x64_sys_call+0x219/0x9a0
[ 57.644219][ T577] do_syscall_64+0x4c/0xa0
[ 57.649272][ T577] ? clear_bhb_loop+0x50/0xa0
[ 57.654084][ T577] ? clear_bhb_loop+0x50/0xa0
[ 57.659053][ T577] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.666460][ T577] RIP: 0033:0x7ff4771a5ef9
[ 57.671306][ T577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 57.692290][ T577] RSP: 002b:00007ff476fe9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 57.701259][ T577] RAX: ffffffffffffffda RBX: 00007ff477411090 RCX: 00007ff4771a5ef9
[ 57.710382][ T577] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 57.718743][ T577] RBP: 00007ff47723aee0 R08: 0000000000000000 R09: 0000000000000000
[ 57.726962][ T577] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 57.735013][ T577] R13: 00007ff477411128 R14: 00007ff477411090 R15: 00007fff16076008
[ 57.743421][ T577]
[ 57.748669][ T560] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 57.761609][ T576] CPU: 0 PID: 576 Comm: syz.6.24 Tainted: G B syzkaller #0
[ 57.770474][ T576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 57.781002][ T576] Call Trace:
[ 57.784399][ T576]
[ 57.787447][ T576] __dump_stack+0x21/0x30
[ 57.792374][ T576] dump_stack_lvl+0x110/0x170
[ 57.797654][ T576] ? show_regs_print_info+0x20/0x20
[ 57.802998][ T576] ? _raw_spin_lock+0x94/0xf0
[ 57.808085][ T576] ? radix_tree_lookup+0x248/0x290
[ 57.813669][ T576] dump_stack+0x15/0x20
[ 57.818167][ T576] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 57.824125][ T576] f2fs_iget+0x216c/0x5230
[ 57.829207][ T576] f2fs_lookup+0x3a9/0xab0
[ 57.834370][ T576] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 57.840792][ T576] ? d_hash_and_lookup+0x1f0/0x1f0
[ 57.847545][ T576] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 57.854828][ T576] path_openat+0xfc9/0x2f20
[ 57.860216][ T576] ? do_filp_open+0x410/0x410
[ 57.865137][ T576] do_filp_open+0x1e2/0x410
[ 57.870469][ T576] ? vfs_tmpfile+0x2d0/0x2d0
[ 57.875571][ T576] do_sys_openat2+0x15e/0x7f0
[ 57.880304][ T576] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 57.885983][ T576] ? do_sys_open+0xe0/0xe0
[ 57.890885][ T576] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 57.897671][ T576] __x64_sys_openat+0x136/0x160
[ 57.903096][ T576] x64_sys_call+0x219/0x9a0
[ 57.907910][ T576] do_syscall_64+0x4c/0xa0
[ 57.913003][ T576] ? clear_bhb_loop+0x50/0xa0
[ 57.918259][ T576] ? clear_bhb_loop+0x50/0xa0
[ 57.923238][ T576] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.929169][ T576] RIP: 0033:0x7f1178cf3ef9
[ 57.933730][ T576] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 57.957433][ T576] RSP: 002b:00007f1178b37028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 57.966573][ T576] RAX: ffffffffffffffda RBX: 00007f1178f5f090 RCX: 00007f1178cf3ef9
[ 57.974583][ T576] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 57.983007][ T576] RBP: 00007f1178d88ee0 R08: 0000000000000000 R09: 0000000000000000
[ 57.991254][ T576] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 57.999443][ T576] R13: 00007f1178f5f128 R14: 00007f1178f5f090 R15: 00007fff97a82cb8
[ 58.007715][ T576]
[ 58.012599][ T576] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 58.025959][ T576] ==================================================================
[ 58.034145][ T576] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 58.042927][ T576]
[ 58.042982][ T577] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 58.045952][ T576] CPU: 0 PID: 576 Comm: syz.6.24 Tainted: G B syzkaller #0
[ 58.045972][ T576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 58.045984][ T576] Call Trace:
[ 58.085571][ T576]
[ 58.089077][ T576] __dump_stack+0x21/0x30
[ 58.094111][ T576] dump_stack_lvl+0x110/0x170
[ 58.099369][ T576] ? show_regs_print_info+0x20/0x20
[ 58.105186][ T576] ? load_image+0x3e0/0x3e0
[ 58.110722][ T576] ? truncate_inode_pages_range+0xce1/0xe00
[ 58.117372][ T576] ? __switch_to_asm+0x3a/0x60
[ 58.122360][ T576] print_address_description+0x7f/0x2c0
[ 58.128133][ T576] ? kmem_cache_free+0x100/0x320
[ 58.133543][ T576] kasan_report_invalid_free+0x58/0x90
[ 58.139208][ T576] ? kmem_cache_free+0x100/0x320
[ 58.144204][ T576] ____kasan_slab_free+0x13d/0x160
[ 58.149437][ T576] __kasan_slab_free+0x11/0x20
[ 58.154882][ T576] slab_free_freelist_hook+0xc2/0x190
[ 58.160537][ T576] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 58.166704][ T576] kmem_cache_free+0x100/0x320
[ 58.172053][ T576] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 58.178410][ T576] f2fs_evict_inode+0x4dd/0x15b0
[ 58.183508][ T576] ? f2fs_write_inode+0x850/0x850
[ 58.188909][ T576] ? bit_waitqueue+0x30/0x30
[ 58.193844][ T576] ? f2fs_write_inode+0x850/0x850
[ 58.199320][ T576] evict+0x4c9/0x8d0
[ 58.203086][ T562] loop5: detected capacity change from 0 to 131072
[ 58.203350][ T576] ? proc_nr_inodes+0x310/0x310
[ 58.215592][ T576] ? _raw_spin_lock+0x94/0xf0
[ 58.221271][ T576] ? __kasan_check_read+0x11/0x20
[ 58.227332][ T576] ? f2fs_drop_inode+0x174/0x980
[ 58.232451][ T576] ? __kasan_check_write+0x14/0x20
[ 58.237617][ T576] iput+0x635/0x7c0
[ 58.241477][ T576] iget_failed+0x178/0x1c0
[ 58.246073][ T576] f2fs_iget+0x1aea/0x5230
[ 58.251191][ T576] f2fs_lookup+0x3a9/0xab0
[ 58.255662][ T576] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 58.261960][ T576] ? d_hash_and_lookup+0x1f0/0x1f0
[ 58.267114][ T576] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 58.273217][ T576] path_openat+0xfc9/0x2f20
[ 58.277855][ T576] ? do_filp_open+0x410/0x410
[ 58.282715][ T576] do_filp_open+0x1e2/0x410
[ 58.287878][ T576] ? vfs_tmpfile+0x2d0/0x2d0
[ 58.292504][ T576] do_sys_openat2+0x15e/0x7f0
[ 58.297476][ T576] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 58.304467][ T576] ? do_sys_open+0xe0/0xe0
[ 58.308912][ T576] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 58.314494][ T576] __x64_sys_openat+0x136/0x160
[ 58.319751][ T576] x64_sys_call+0x219/0x9a0
[ 58.324899][ T576] do_syscall_64+0x4c/0xa0
[ 58.329637][ T576] ? clear_bhb_loop+0x50/0xa0
[ 58.335280][ T576] ? clear_bhb_loop+0x50/0xa0
[ 58.343062][ T576] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.343782][ T580] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 58.350089][ T576] RIP: 0033:0x7f1178cf3ef9
[ 58.362409][ T576] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 58.365400][ T562] F2FS-fs (loop5): invalid crc value
[ 58.383747][ T576] RSP: 002b:00007f1178b37028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 58.383791][ T576] RAX: ffffffffffffffda RBX: 00007f1178f5f090 RCX: 00007f1178cf3ef9
[ 58.383805][ T576] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 58.383817][ T576] RBP: 00007f1178d88ee0 R08: 0000000000000000 R09: 0000000000000000
[ 58.383830][ T576] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 58.383840][ T576] R13: 00007f1178f5f128 R14: 00007f1178f5f090 R15: 00007fff97a82cb8
[ 58.383858][ T576]
[ 58.383874][ T576]
[ 58.414829][ T580] CPU: 1 PID: 580 Comm: syz.2.22 Tainted: G B syzkaller #0
[ 58.416061][ T576] Allocated by task 558:
[ 58.424727][ T580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 58.433313][ T576] __kasan_slab_alloc+0xbd/0xf0
[ 58.442341][ T580] Call Trace:
[ 58.445402][ T576] slab_post_alloc_hook+0x4f/0x2b0
[ 58.448009][ T580]
[ 58.457105][ T576] kmem_cache_alloc+0xf7/0x260
[ 58.461655][ T580] __dump_stack+0x21/0x30
[ 58.471948][ T576] f2fs_init_extent_tree+0x4e7/0xcb0
[ 58.477081][ T580] dump_stack_lvl+0x110/0x170
[ 58.480377][ T576] f2fs_iget+0x13c8/0x5230
[ 58.485498][ T580] ? show_regs_print_info+0x20/0x20
[ 58.488506][ T576] f2fs_lookup+0x3a9/0xab0
[ 58.493465][ T580] ? memcpy+0x56/0x70
[ 58.497903][ T576] __lookup_slow+0x2b8/0x410
[ 58.503463][ T580] dump_stack+0x15/0x20
[ 58.508286][ T576] lookup_slow+0x57/0x70
[ 58.512706][ T580] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 58.518001][ T576] walk_component+0x325/0x460
[ 58.523126][ T580] f2fs_iget+0x216c/0x5230
[ 58.527390][ T576] path_lookupat+0x180/0x490
[ 58.532218][ T580] f2fs_lookup+0x3a9/0xab0
[ 58.536640][ T576] filename_lookup+0x214/0x540
[ 58.540897][ T580] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 58.547195][ T576] user_path_at_empty+0x47/0x1c0
[ 58.552318][ T580] ? d_hash_and_lookup+0x1f0/0x1f0
[ 58.556840][ T576] do_sys_truncate+0xb6/0x1c0
[ 58.561449][ T580] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 58.566050][ T576] __x64_sys_truncate+0x5b/0x70
[ 58.570854][ T580] path_openat+0xfc9/0x2f20
[ 58.577575][ T576] x64_sys_call+0x212/0x9a0
[ 58.582797][ T580] ? do_filp_open+0x410/0x410
[ 58.587905][ T576] do_syscall_64+0x4c/0xa0
[ 58.592681][ T580] do_filp_open+0x1e2/0x410
[ 58.599155][ T576] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.604371][ T580] ? vfs_tmpfile+0x2d0/0x2d0
[ 58.609090][ T576]
[ 58.609096][ T576] Freed by task 558:
[ 58.613782][ T580] do_sys_openat2+0x15e/0x7f0
[ 58.618748][ T576] kasan_set_track+0x4a/0x70
[ 58.623547][ T580] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 58.628330][ T576] kasan_set_free_info+0x23/0x40
[ 58.634409][ T580] ? do_sys_open+0xe0/0xe0
[ 58.639438][ T576] ____kasan_slab_free+0x125/0x160
[ 58.641870][ T580] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 58.646373][ T576] __kasan_slab_free+0x11/0x20
[ 58.651380][ T580] __x64_sys_openat+0x136/0x160
[ 58.656303][ T576] slab_free_freelist_hook+0xc2/0x190
[ 58.662288][ T580] x64_sys_call+0x219/0x9a0
[ 58.667866][ T576] kmem_cache_free+0x100/0x320
[ 58.672930][ T580] do_syscall_64+0x4c/0xa0
[ 58.679253][ T576] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 58.685020][ T580] ? clear_bhb_loop+0x50/0xa0
[ 58.689972][ T576] f2fs_evict_inode+0x4dd/0x15b0
[ 58.695635][ T580] ? clear_bhb_loop+0x50/0xa0
[ 58.701019][ T576] evict+0x4c9/0x8d0
[ 58.705622][ T580] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.710400][ T576] iput+0x635/0x7c0
[ 58.715132][ T580] RIP: 0033:0x7efe29798ef9
[ 58.720738][ T576] iget_failed+0x178/0x1c0
[ 58.726312][ T580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 58.731645][ T576] f2fs_iget+0x1aea/0x5230
[ 58.736937][ T580] RSP: 002b:00007efe295dc028 EFLAGS: 00000246
[ 58.741396][ T576] f2fs_lookup+0x3a9/0xab0
[ 58.747509][ T580] ORIG_RAX: 0000000000000101
[ 58.751541][ T576] __lookup_slow+0x2b8/0x410
[ 58.756222][ T580] RAX: ffffffffffffffda RBX: 00007efe29a04090 RCX: 00007efe29798ef9
[ 58.760667][ T576] lookup_slow+0x57/0x70
[ 58.780717][ T580] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 58.785330][ T576] walk_component+0x325/0x460
[ 58.791490][ T580] RBP: 00007efe2982dee0 R08: 0000000000000000 R09: 0000000000000000
[ 58.795917][ T576] path_lookupat+0x180/0x490
[ 58.800667][ T580] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 58.805271][ T576] filename_lookup+0x214/0x540
[ 58.813414][ T580] R13: 00007efe29a04128 R14: 00007efe29a04090 R15: 00007ffd532ab128
[ 58.817854][ T576] user_path_at_empty+0x47/0x1c0
[ 58.826975][ T580]
[ 58.831851][ T576] do_sys_truncate+0xb6/0x1c0
[ 58.887656][ T576] __x64_sys_truncate+0x5b/0x70
[ 58.893387][ T576] x64_sys_call+0x212/0x9a0
[ 58.899789][ T576] do_syscall_64+0x4c/0xa0
[ 58.904685][ T576] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.911782][ T576]
[ 58.914937][ T576] The buggy address belongs to the object at ffff88811ffe2c40
[ 58.914937][ T576] which belongs to the cache f2fs_extent_tree of size 80
[ 58.932434][ T576] The buggy address is located 0 bytes inside of
[ 58.932434][ T576] 80-byte region [ffff88811ffe2c40, ffff88811ffe2c90)
[ 58.948166][ T576] The buggy address belongs to the page:
[ 58.954032][ T576] page:ffffea00047ff880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ffe2
[ 58.964487][ T576] flags: 0x4000000000000200(slab|zone=1)
[ 58.970560][ T576] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f9200
[ 58.980233][ T576] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 58.989023][ T576] page dumped because: kasan: bad access detected
[ 58.996184][ T576] page_owner tracks the page as allocated
[ 59.002481][ T576] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 528, ts 52192236508, free_ts 0
[ 59.021220][ T576] post_alloc_hook+0x192/0x1b0
[ 59.026473][ T576] prep_new_page+0x1c/0x110
[ 59.031210][ T576] get_page_from_freelist+0x2d3a/0x2dc0
[ 59.036982][ T576] __alloc_pages+0x1a2/0x460
[ 59.041601][ T576] new_slab+0xa1/0x4d0
[ 59.045703][ T576] ___slab_alloc+0x381/0x810
[ 59.050790][ T576] __slab_alloc+0x49/0x90
[ 59.056288][ T576] kmem_cache_alloc+0x138/0x260
[ 59.061196][ T576] f2fs_init_extent_tree+0x4e7/0xcb0
[ 59.067516][ T576] f2fs_iget+0x13c8/0x5230
[ 59.072437][ T576] f2fs_lookup+0x3a9/0xab0
[ 59.077531][ T576] __lookup_slow+0x2b8/0x410
[ 59.083769][ T576] lookup_slow+0x57/0x70
[ 59.089266][ T576] walk_component+0x325/0x460
[ 59.095379][ T576] path_lookupat+0x180/0x490
[ 59.101250][ T576] filename_lookup+0x214/0x540
[ 59.106339][ T576] page_owner free stack trace missing
[ 59.112396][ T576]
[ 59.115030][ T576] Memory state around the buggy address:
[ 59.122832][ T576] ffff88811ffe2b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 59.133530][ T576] ffff88811ffe2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.143460][ T576] >ffff88811ffe2c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 59.153462][ T576] ^
[ 59.160517][ T576] ffff88811ffe2c80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.169266][ T576] ffff88811ffe2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.178930][ T576] ==================================================================
[ 59.190047][ T562] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-4)
[ 59.195987][ T580] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 59.556739][ T579] loop4: detected capacity change from 0 to 131072
[ 59.617042][ T579] F2FS-fs (loop4): invalid crc value
[ 59.662614][ T579] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 59.782825][ T579] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 59.803535][ T579] F2FS-fs (loop4): access invalid blkaddr:2147563524
[ 59.810571][ T579] CPU: 0 PID: 579 Comm: syz.4.26 Tainted: G B syzkaller #0
[ 59.819964][ T579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 59.830181][ T579] Call Trace:
[ 59.833580][ T579]
[ 59.836626][ T579] __dump_stack+0x21/0x30
[ 59.841079][ T579] dump_stack_lvl+0x110/0x170
[ 59.846452][ T579] ? show_regs_print_info+0x20/0x20
[ 59.851877][ T579] ? memcpy+0x56/0x70
[ 59.856363][ T579] dump_stack+0x15/0x20
[ 59.860891][ T579] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 59.866563][ T579] f2fs_iget+0x216c/0x5230
[ 59.871306][ T579] f2fs_lookup+0x3a9/0xab0
[ 59.875993][ T579] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 59.882091][ T579] ? d_hash_and_lookup+0x1f0/0x1f0
[ 59.887263][ T579] ? lockref_get_not_dead+0xe6/0x1c0
[ 59.892738][ T579] ? downgrade_write+0x430/0x430
[ 59.897856][ T579] __lookup_slow+0x2b8/0x410
[ 59.902594][ T579] ? lookup_one_len+0x2d0/0x2d0
[ 59.907761][ T579] ? down_read+0xab/0x100
[ 59.912734][ T579] ? handle_dots+0xe10/0xe10
[ 59.917358][ T579] lookup_slow+0x57/0x70
[ 59.921852][ T579] walk_component+0x325/0x460
[ 59.926694][ T579] path_lookupat+0x180/0x490
[ 59.931594][ T579] filename_lookup+0x214/0x540
[ 59.936699][ T579] ? hashlen_string+0x120/0x120
[ 59.941787][ T579] user_path_at_empty+0x47/0x1c0
[ 59.946917][ T579] do_sys_truncate+0xb6/0x1c0
[ 59.952095][ T579] ? unlock_page_memcg+0x130/0x130
[ 59.958702][ T579] ? break_lease+0xd0/0xd0
[ 59.963399][ T579] ? __kasan_check_write+0x14/0x20
[ 59.968822][ T579] ? switch_fpu_return+0x15d/0x2c0
[ 59.974094][ T579] __x64_sys_truncate+0x5b/0x70
[ 59.979146][ T579] x64_sys_call+0x212/0x9a0
[ 59.983775][ T579] do_syscall_64+0x4c/0xa0
[ 59.988229][ T579] ? clear_bhb_loop+0x50/0xa0
[ 59.993093][ T579] ? clear_bhb_loop+0x50/0xa0
[ 59.998244][ T579] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.004761][ T579] RIP: 0033:0x7fe262f1fef9
[ 60.010082][ T579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 60.031639][ T579] RSP: 002b:00007fe262d84028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 60.041829][ T579] RAX: ffffffffffffffda RBX: 00007fe26318afa0 RCX: 00007fe262f1fef9
[ 60.050305][ T579] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 60.060430][ T579] RBP: 00007fe262fb4ee0 R08: 0000000000000000 R09: 0000000000000000
[ 60.069951][ T579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 60.078621][ T579] R13: 00007fe26318b038 R14: 00007fe26318afa0 R15: 00007ffd9af4f6f8
[ 60.087408][ T579]
[ 60.433176][ T579] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 60.483705][ T595] F2FS-fs (loop4): access invalid blkaddr:2147563524
[ 60.490879][ T595] CPU: 0 PID: 595 Comm: syz.4.26 Tainted: G B syzkaller #0
[ 60.500032][ T595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 60.510384][ T595] Call Trace:
[ 60.513703][ T595]
[ 60.516761][ T595] __dump_stack+0x21/0x30
[ 60.521141][ T595] dump_stack_lvl+0x110/0x170
[ 60.525895][ T595] ? show_regs_print_info+0x20/0x20
[ 60.531226][ T595] ? memcpy+0x56/0x70
[ 60.535686][ T595] dump_stack+0x15/0x20
[ 60.539874][ T595] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 60.545790][ T595] f2fs_iget+0x216c/0x5230
[ 60.550447][ T595] f2fs_lookup+0x3a9/0xab0
[ 60.555286][ T595] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 60.561527][ T595] ? d_hash_and_lookup+0x1f0/0x1f0
[ 60.566772][ T595] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 60.573353][ T595] path_openat+0xfc9/0x2f20
[ 60.578177][ T595] ? do_filp_open+0x410/0x410
[ 60.582979][ T595] do_filp_open+0x1e2/0x410
[ 60.587689][ T595] ? vfs_tmpfile+0x2d0/0x2d0
[ 60.592322][ T595] do_sys_openat2+0x15e/0x7f0
[ 60.597856][ T595] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 60.603998][ T595] ? do_sys_open+0xe0/0xe0
[ 60.608779][ T595] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 60.614479][ T595] __x64_sys_openat+0x136/0x160
[ 60.619883][ T595] x64_sys_call+0x219/0x9a0
[ 60.624505][ T595] do_syscall_64+0x4c/0xa0
[ 60.628962][ T595] ? clear_bhb_loop+0x50/0xa0
[ 60.633710][ T595] ? clear_bhb_loop+0x50/0xa0
[ 60.638604][ T595] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.644542][ T595] RIP: 0033:0x7fe262f1fef9
[ 60.649165][ T595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 60.669841][ T595] RSP: 002b:00007fe262d63028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 60.678399][ T595] RAX: ffffffffffffffda RBX: 00007fe26318b090 RCX: 00007fe262f1fef9
[ 60.686871][ T595] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 60.694943][ T595] RBP: 00007fe262fb4ee0 R08: 0000000000000000 R09: 0000000000000000
[ 60.703229][ T595] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 60.711363][ T595] R13: 00007fe26318b128 R14: 00007fe26318b090 R15: 00007ffd9af4f6f8
[ 60.719484][ T595]
[ 60.814341][ T593] loop0: detected capacity change from 0 to 131072
[ 60.844053][ T593] F2FS-fs (loop0): invalid crc value
[ 60.871483][ T593] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 60.940312][ T593] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 60.973147][ T593] F2FS-fs (loop0): access invalid blkaddr:2147563524
[ 60.992831][ T593] CPU: 1 PID: 593 Comm: syz.0.27 Tainted: G B syzkaller #0
[ 61.003204][ T593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 61.013889][ T593] Call Trace:
[ 61.017211][ T593]
[ 61.020467][ T593] __dump_stack+0x21/0x30
[ 61.024841][ T593] dump_stack_lvl+0x110/0x170
[ 61.029666][ T593] ? show_regs_print_info+0x20/0x20
[ 61.034968][ T593] ? memcpy+0x56/0x70
[ 61.039784][ T593] dump_stack+0x15/0x20
[ 61.043985][ T593] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 61.050578][ T593] f2fs_iget+0x216c/0x5230
[ 61.055516][ T593] f2fs_lookup+0x3a9/0xab0
[ 61.060524][ T593] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 61.066745][ T593] ? d_hash_and_lookup+0x1f0/0x1f0
[ 61.072078][ T593] ? lockref_get_not_dead+0xe6/0x1c0
[ 61.077410][ T593] ? downgrade_write+0x430/0x430
[ 61.082656][ T593] __lookup_slow+0x2b8/0x410
[ 61.087613][ T593] ? lookup_one_len+0x2d0/0x2d0
[ 61.093169][ T593] ? down_read+0xab/0x100
[ 61.097701][ T593] ? handle_dots+0xe10/0xe10
[ 61.102444][ T593] lookup_slow+0x57/0x70
[ 61.107120][ T593] walk_component+0x325/0x460
[ 61.112226][ T593] path_lookupat+0x180/0x490
[ 61.117285][ T593] filename_lookup+0x214/0x540
[ 61.122702][ T593] ? hashlen_string+0x120/0x120
[ 61.128038][ T593] user_path_at_empty+0x47/0x1c0
[ 61.133289][ T593] do_sys_truncate+0xb6/0x1c0
[ 61.138711][ T593] ? unlock_page_memcg+0x130/0x130
[ 61.144520][ T593] ? break_lease+0xd0/0xd0
[ 61.149263][ T593] ? __kasan_check_write+0x14/0x20
[ 61.154995][ T593] ? switch_fpu_return+0x15d/0x2c0
[ 61.161435][ T593] __x64_sys_truncate+0x5b/0x70
[ 61.161977][ T589] loop6: detected capacity change from 0 to 131072
[ 61.166780][ T593] x64_sys_call+0x212/0x9a0
[ 61.166805][ T593] do_syscall_64+0x4c/0xa0
[ 61.166826][ T593] ? clear_bhb_loop+0x50/0xa0
[ 61.166843][ T593] ? clear_bhb_loop+0x50/0xa0
[ 61.166859][ T593] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.196484][ T589] F2FS-fs (loop6): invalid crc value
[ 61.202475][ T593] RIP: 0033:0x7ff4771a5ef9
[ 61.212385][ T593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 61.233262][ T593] RSP: 002b:00007ff47700a028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 61.241956][ T593] RAX: ffffffffffffffda RBX: 00007ff477410fa0 RCX: 00007ff4771a5ef9
[ 61.250165][ T593] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 61.258686][ T593] RBP: 00007ff47723aee0 R08: 0000000000000000 R09: 0000000000000000
[ 61.266860][ T593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 61.275375][ T593] R13: 00007ff477411038 R14: 00007ff477410fa0 R15: 00007fff16076008
[ 61.283797][ T593]
[ 61.297325][ T595] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 61.310573][ T589] F2FS-fs (loop6): Found nat_bits in checkpoint
2026/01/20 05:06:13 executed programs: 24
[ 61.364834][ T589] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 61.424195][ T589] F2FS-fs (loop6): access invalid blkaddr:2147563524
[ 61.439673][ T589] CPU: 0 PID: 589 Comm: syz.6.28 Tainted: G B syzkaller #0
[ 61.450801][ T589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 61.463307][ T589] Call Trace:
[ 61.466939][ T589]
[ 61.470292][ T589] __dump_stack+0x21/0x30
[ 61.474775][ T589] dump_stack_lvl+0x110/0x170
[ 61.479510][ T589] ? show_regs_print_info+0x20/0x20
[ 61.484841][ T589] ? memcpy+0x56/0x70
[ 61.489669][ T589] dump_stack+0x15/0x20
[ 61.494304][ T589] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 61.500430][ T589] f2fs_iget+0x216c/0x5230
[ 61.505536][ T589] f2fs_lookup+0x3a9/0xab0
[ 61.510178][ T589] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 61.516550][ T589] ? d_hash_and_lookup+0x1f0/0x1f0
[ 61.521872][ T589] ? lockref_get_not_dead+0xe6/0x1c0
[ 61.527603][ T589] ? downgrade_write+0x430/0x430
[ 61.532777][ T589] __lookup_slow+0x2b8/0x410
[ 61.537591][ T589] ? lookup_one_len+0x2d0/0x2d0
[ 61.543190][ T589] ? down_read+0xab/0x100
[ 61.547853][ T589] ? handle_dots+0xe10/0xe10
[ 61.552822][ T589] lookup_slow+0x57/0x70
[ 61.557972][ T589] walk_component+0x325/0x460
[ 61.564122][ T589] path_lookupat+0x180/0x490
[ 61.569137][ T589] filename_lookup+0x214/0x540
[ 61.574156][ T589] ? hashlen_string+0x120/0x120
[ 61.580606][ T589] user_path_at_empty+0x47/0x1c0
[ 61.585603][ T589] do_sys_truncate+0xb6/0x1c0
[ 61.590408][ T589] ? unlock_page_memcg+0x130/0x130
[ 61.595559][ T589] ? break_lease+0xd0/0xd0
[ 61.600021][ T589] ? __kasan_check_write+0x14/0x20
[ 61.605363][ T589] ? switch_fpu_return+0x15d/0x2c0
[ 61.610620][ T589] __x64_sys_truncate+0x5b/0x70
[ 61.615780][ T589] x64_sys_call+0x212/0x9a0
[ 61.620646][ T589] do_syscall_64+0x4c/0xa0
[ 61.626328][ T589] ? clear_bhb_loop+0x50/0xa0
[ 61.631599][ T589] ? clear_bhb_loop+0x50/0xa0
[ 61.636852][ T589] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.642802][ T589] RIP: 0033:0x7f1178cf3ef9
[ 61.647582][ T589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 61.670231][ T589] RSP: 002b:00007f1178b58028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 61.679339][ T589] RAX: ffffffffffffffda RBX: 00007f1178f5efa0 RCX: 00007f1178cf3ef9
[ 61.688620][ T589] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 61.697767][ T589] RBP: 00007f1178d88ee0 R08: 0000000000000000 R09: 0000000000000000
[ 61.706316][ T589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 61.714731][ T589] R13: 00007f1178f5f038 R14: 00007f1178f5efa0 R15: 00007fff97a82cb8
[ 61.723110][ T589]
[ 61.727908][ T593] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 61.741848][ T603] F2FS-fs (loop0): access invalid blkaddr:2147563524
[ 61.749067][ T603] CPU: 0 PID: 603 Comm: syz.0.27 Tainted: G B syzkaller #0
[ 61.752241][ T588] loop2: detected capacity change from 0 to 131072
[ 61.758435][ T603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 61.758450][ T603] Call Trace:
[ 61.758455][ T603]
[ 61.758461][ T603] __dump_stack+0x21/0x30
[ 61.758488][ T603] dump_stack_lvl+0x110/0x170
[ 61.758508][ T603] ? show_regs_print_info+0x20/0x20
[ 61.758528][ T603] ? _raw_spin_lock+0x94/0xf0
[ 61.805419][ T603] ? radix_tree_lookup+0x248/0x290
[ 61.811450][ T603] dump_stack+0x15/0x20
[ 61.816660][ T603] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 61.823691][ T603] f2fs_iget+0x216c/0x5230
[ 61.828532][ T603] f2fs_lookup+0x3a9/0xab0
[ 61.833958][ T603] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 61.840180][ T603] ? d_hash_and_lookup+0x1f0/0x1f0
[ 61.845396][ T603] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 61.851789][ T603] path_openat+0xfc9/0x2f20
[ 61.856524][ T603] ? do_filp_open+0x410/0x410
[ 61.861484][ T603] do_filp_open+0x1e2/0x410
[ 61.866584][ T603] ? vfs_tmpfile+0x2d0/0x2d0
[ 61.872334][ T603] do_sys_openat2+0x15e/0x7f0
[ 61.873475][ T591] loop5: detected capacity change from 0 to 131072
[ 61.877323][ T603] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 61.890899][ T603] ? do_sys_open+0xe0/0xe0
[ 61.896300][ T603] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 61.904374][ T603] __x64_sys_openat+0x136/0x160
[ 61.911223][ T603] x64_sys_call+0x219/0x9a0
[ 61.918229][ T603] do_syscall_64+0x4c/0xa0
[ 61.924994][ T603] ? clear_bhb_loop+0x50/0xa0
[ 61.933213][ T603] ? clear_bhb_loop+0x50/0xa0
[ 61.941419][ T603] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.950610][ T603] RIP: 0033:0x7ff4771a5ef9
[ 61.956317][ T603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 61.978206][ T603] RSP: 002b:00007ff476fe9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 61.987052][ T603] RAX: ffffffffffffffda RBX: 00007ff477411090 RCX: 00007ff4771a5ef9
[ 61.995981][ T603] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 62.005770][ T603] RBP: 00007ff47723aee0 R08: 0000000000000000 R09: 0000000000000000
[ 62.015071][ T603] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 62.023508][ T603] R13: 00007ff477411128 R14: 00007ff477411090 R15: 00007fff16076008
[ 62.031997][ T603]
[ 62.035771][ T589] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 62.050848][ T605] F2FS-fs (loop6): access invalid blkaddr:2147563524
[ 62.061017][ T605] CPU: 0 PID: 605 Comm: syz.6.28 Tainted: G B syzkaller #0
[ 62.071284][ T605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 62.083798][ T605] Call Trace:
[ 62.087239][ T605]
[ 62.090370][ T605] __dump_stack+0x21/0x30
[ 62.094965][ T605] dump_stack_lvl+0x110/0x170
[ 62.100370][ T605] ? show_regs_print_info+0x20/0x20
[ 62.106922][ T605] ? _raw_spin_lock+0x94/0xf0
[ 62.112549][ T605] ? radix_tree_lookup+0x248/0x290
[ 62.118479][ T605] dump_stack+0x15/0x20
[ 62.125185][ T605] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 62.130701][ T605] f2fs_iget+0x216c/0x5230
[ 62.135438][ T605] f2fs_lookup+0x3a9/0xab0
[ 62.140142][ T605] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 62.146922][ T605] ? d_hash_and_lookup+0x1f0/0x1f0
[ 62.152969][ T605] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 62.160399][ T605] path_openat+0xfc9/0x2f20
[ 62.166029][ T605] ? do_filp_open+0x410/0x410
[ 62.172179][ T605] do_filp_open+0x1e2/0x410
[ 62.177973][ T605] ? vfs_tmpfile+0x2d0/0x2d0
[ 62.183413][ T605] do_sys_openat2+0x15e/0x7f0
[ 62.189392][ T605] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 62.196824][ T605] ? do_sys_open+0xe0/0xe0
[ 62.201917][ T605] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 62.208103][ T605] __x64_sys_openat+0x136/0x160
[ 62.214034][ T605] x64_sys_call+0x219/0x9a0
[ 62.215050][ T603] F2FS-fs (loop0): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 62.218851][ T605] do_syscall_64+0x4c/0xa0
[ 62.218880][ T605] ? clear_bhb_loop+0x50/0xa0
[ 62.241797][ T605] ? clear_bhb_loop+0x50/0xa0
[ 62.243267][ T603] ==================================================================
[ 62.246948][ T605] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.255648][ T603] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 62.262607][ T605] RIP: 0033:0x7f1178cf3ef9
[ 62.271313][ T603]
[ 62.278501][ T605] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 62.298767][ T605] RSP: 002b:00007f1178b37028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 62.307395][ T605] RAX: ffffffffffffffda RBX: 00007f1178f5f090 RCX: 00007f1178cf3ef9
[ 62.316230][ T605] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 62.326498][ T605] RBP: 00007f1178d88ee0 R08: 0000000000000000 R09: 0000000000000000
[ 62.336350][ T605] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 62.345611][ T605] R13: 00007f1178f5f128 R14: 00007f1178f5f090 R15: 00007fff97a82cb8
[ 62.355435][ T605]
[ 62.359747][ T603] CPU: 1 PID: 603 Comm: syz.0.27 Tainted: G B syzkaller #0
[ 62.367311][ T605] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 62.372146][ T603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 62.400529][ T603] Call Trace:
[ 62.406724][ T603]
[ 62.411286][ T603] __dump_stack+0x21/0x30
[ 62.417595][ T603] dump_stack_lvl+0x110/0x170
[ 62.424769][ T603] ? show_regs_print_info+0x20/0x20
[ 62.432444][ T603] ? load_image+0x3e0/0x3e0
[ 62.439689][ T603] ? truncate_inode_pages_range+0xce1/0xe00
[ 62.449028][ T603] ? __switch_to_asm+0x3a/0x60
[ 62.456408][ T603] print_address_description+0x7f/0x2c0
[ 62.463685][ T603] ? kmem_cache_free+0x100/0x320
[ 62.469491][ T603] kasan_report_invalid_free+0x58/0x90
[ 62.475216][ T603] ? kmem_cache_free+0x100/0x320
[ 62.480474][ T603] ____kasan_slab_free+0x13d/0x160
[ 62.485703][ T603] __kasan_slab_free+0x11/0x20
[ 62.491700][ T603] slab_free_freelist_hook+0xc2/0x190
[ 62.497944][ T603] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 62.505056][ T603] kmem_cache_free+0x100/0x320
[ 62.511128][ T603] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 62.516877][ T603] f2fs_evict_inode+0x4dd/0x15b0
[ 62.522307][ T603] ? f2fs_write_inode+0x850/0x850
[ 62.528240][ T603] ? bit_waitqueue+0x30/0x30
[ 62.534576][ T603] ? f2fs_write_inode+0x850/0x850
[ 62.539992][ T603] evict+0x4c9/0x8d0
[ 62.543998][ T603] ? proc_nr_inodes+0x310/0x310
[ 62.549084][ T603] ? _raw_spin_lock+0x94/0xf0
[ 62.554314][ T603] ? __kasan_check_read+0x11/0x20
[ 62.560215][ T603] ? f2fs_drop_inode+0x174/0x980
[ 62.565717][ T603] ? __kasan_check_write+0x14/0x20
[ 62.571046][ T603] iput+0x635/0x7c0
[ 62.575405][ T603] iget_failed+0x178/0x1c0
[ 62.580000][ T603] f2fs_iget+0x1aea/0x5230
[ 62.585309][ T603] f2fs_lookup+0x3a9/0xab0
[ 62.590038][ T603] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 62.597029][ T603] ? d_hash_and_lookup+0x1f0/0x1f0
[ 62.603455][ T603] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 62.611095][ T603] path_openat+0xfc9/0x2f20
[ 62.616219][ T603] ? do_filp_open+0x410/0x410
[ 62.622463][ T603] do_filp_open+0x1e2/0x410
[ 62.627743][ T603] ? vfs_tmpfile+0x2d0/0x2d0
[ 62.632360][ T603] do_sys_openat2+0x15e/0x7f0
[ 62.637681][ T603] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 62.643513][ T603] ? do_sys_open+0xe0/0xe0
[ 62.648465][ T603] ? __x64_sys_rt_sigprocmask+0xb0/0xb0
[ 62.656697][ T603] __x64_sys_openat+0x136/0x160
[ 62.662622][ T603] x64_sys_call+0x219/0x9a0
[ 62.669639][ T603] do_syscall_64+0x4c/0xa0
[ 62.676017][ T603] ? clear_bhb_loop+0x50/0xa0
[ 62.681496][ T603] ? clear_bhb_loop+0x50/0xa0
[ 62.687519][ T603] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.693953][ T603] RIP: 0033:0x7ff4771a5ef9
[ 62.699001][ T603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 62.722599][ T603] RSP: 002b:00007ff476fe9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 62.731492][ T603] RAX: ffffffffffffffda RBX: 00007ff477411090 RCX: 00007ff4771a5ef9
[ 62.740749][ T603] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 62.749089][ T603] RBP: 00007ff47723aee0 R08: 0000000000000000 R09: 0000000000000000
[ 62.757859][ T603] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 62.766334][ T603] R13: 00007ff477411128 R14: 00007ff477411090 R15: 00007fff16076008
[ 62.774534][ T603]
[ 62.778007][ T603]
[ 62.780904][ T603] Allocated by task 593:
[ 62.785602][ T603] __kasan_slab_alloc+0xbd/0xf0
[ 62.790897][ T603] slab_post_alloc_hook+0x4f/0x2b0
[ 62.796663][ T603] kmem_cache_alloc+0xf7/0x260
[ 62.801540][ T603] f2fs_init_extent_tree+0x4e7/0xcb0
[ 62.808442][ T603] f2fs_iget+0x13c8/0x5230
[ 62.814501][ T603] f2fs_lookup+0x3a9/0xab0
[ 62.819598][ T603] __lookup_slow+0x2b8/0x410
[ 62.826480][ T603] lookup_slow+0x57/0x70
[ 62.831889][ T603] walk_component+0x325/0x460
[ 62.838612][ T603] path_lookupat+0x180/0x490
[ 62.843667][ T603] filename_lookup+0x214/0x540
[ 62.849395][ T603] user_path_at_empty+0x47/0x1c0
[ 62.855680][ T603] do_sys_truncate+0xb6/0x1c0
[ 62.863016][ T603] __x64_sys_truncate+0x5b/0x70
[ 62.868337][ T603] x64_sys_call+0x212/0x9a0
[ 62.873044][ T603] do_syscall_64+0x4c/0xa0
[ 62.877543][ T603] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.883703][ T603]
[ 62.886147][ T603] Freed by task 593:
[ 62.890354][ T603] kasan_set_track+0x4a/0x70
[ 62.894971][ T603] kasan_set_free_info+0x23/0x40
[ 62.900066][ T603] ____kasan_slab_free+0x125/0x160
[ 62.905537][ T603] __kasan_slab_free+0x11/0x20
[ 62.910329][ T603] slab_free_freelist_hook+0xc2/0x190
[ 62.916231][ T603] kmem_cache_free+0x100/0x320
[ 62.921098][ T603] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 62.926832][ T603] f2fs_evict_inode+0x4dd/0x15b0
[ 62.932323][ T603] evict+0x4c9/0x8d0
[ 62.936701][ T603] iput+0x635/0x7c0
[ 62.940533][ T603] iget_failed+0x178/0x1c0
[ 62.945174][ T603] f2fs_iget+0x1aea/0x5230
[ 62.950211][ T603] f2fs_lookup+0x3a9/0xab0
[ 62.954738][ T603] __lookup_slow+0x2b8/0x410
[ 62.959471][ T603] lookup_slow+0x57/0x70
[ 62.963723][ T603] walk_component+0x325/0x460
[ 62.968872][ T603] path_lookupat+0x180/0x490
[ 62.973543][ T603] filename_lookup+0x214/0x540
[ 62.978474][ T603] user_path_at_empty+0x47/0x1c0
[ 62.983516][ T603] do_sys_truncate+0xb6/0x1c0
[ 62.988243][ T603] __x64_sys_truncate+0x5b/0x70
[ 62.993296][ T603] x64_sys_call+0x212/0x9a0
[ 62.998187][ T603] do_syscall_64+0x4c/0xa0
[ 63.002640][ T603] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.008560][ T603]
[ 63.011364][ T603] The buggy address belongs to the object at ffff88811ffe2460
[ 63.011364][ T603] which belongs to the cache f2fs_extent_tree of size 80
[ 63.026248][ T603] The buggy address is located 0 bytes inside of
[ 63.026248][ T603] 80-byte region [ffff88811ffe2460, ffff88811ffe24b0)
[ 63.040194][ T603] The buggy address belongs to the page:
[ 63.046278][ T603] page:ffffea00047ff880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ffe2
[ 63.057171][ T603] flags: 0x4000000000000200(slab|zone=1)
[ 63.062939][ T603] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f9200
[ 63.071963][ T603] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 63.081372][ T603] page dumped because: kasan: bad access detected
[ 63.088203][ T603] page_owner tracks the page as allocated
[ 63.094637][ T603] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 528, ts 52192236508, free_ts 0
[ 63.115487][ T603] post_alloc_hook+0x192/0x1b0
[ 63.120975][ T603] prep_new_page+0x1c/0x110
[ 63.125768][ T603] get_page_from_freelist+0x2d3a/0x2dc0
[ 63.131719][ T603] __alloc_pages+0x1a2/0x460
[ 63.136446][ T603] new_slab+0xa1/0x4d0
[ 63.141122][ T603] ___slab_alloc+0x381/0x810
[ 63.145949][ T603] __slab_alloc+0x49/0x90
[ 63.150386][ T603] kmem_cache_alloc+0x138/0x260
[ 63.155443][ T603] f2fs_init_extent_tree+0x4e7/0xcb0
[ 63.160997][ T603] f2fs_iget+0x13c8/0x5230
[ 63.166031][ T603] f2fs_lookup+0x3a9/0xab0
[ 63.170845][ T603] __lookup_slow+0x2b8/0x410
[ 63.176741][ T603] lookup_slow+0x57/0x70
[ 63.181155][ T603] walk_component+0x325/0x460
[ 63.185854][ T603] path_lookupat+0x180/0x490
[ 63.190459][ T603] filename_lookup+0x214/0x540
[ 63.195320][ T603] page_owner free stack trace missing
[ 63.200684][ T603]
[ 63.203007][ T603] Memory state around the buggy address:
[ 63.208930][ T603] ffff88811ffe2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.218620][ T603] ffff88811ffe2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.227194][ T603] >ffff88811ffe2400: fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb
[ 63.235702][ T603] ^
[ 63.243370][ T603] ffff88811ffe2480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 63.251891][ T603] ffff88811ffe2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.260448][ T603] ==================================================================
[ 63.269638][ T605] ==================================================================
[ 63.278384][ T605] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 63.286949][ T605]
[ 63.289326][ T605] CPU: 0 PID: 605 Comm: syz.6.28 Tainted: G B syzkaller #0
[ 63.298539][ T605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 63.309035][ T605] Call Trace:
[ 63.312640][ T605]
[ 63.316145][ T605] __dump_stack+0x21/0x30
[ 63.320976][ T605] dump_stack_lvl+0x110/0x170
[ 63.326778][ T605] ? show_regs_print_info+0x20/0x20
[ 63.332539][ T605] ? load_image+0x3e0/0x3e0
[ 63.337350][ T605] ? truncate_inode_pages_range+0xce1/0xe00
[ 63.343436][ T605] print_address_description+0x7f/0x2c0
[ 63.349124][ T605] ? kmem_cache_free+0x100/0x320
[ 63.354449][ T605] kasan_report_invalid_free+0x58/0x90
[ 63.360866][ T605] ? kmem_cache_free+0x100/0x320
[ 63.366678][ T605] ____kasan_slab_free+0x13d/0x160
[ 63.371845][ T605] __kasan_slab_free+0x11/0x20
[ 63.376635][ T605] slab_free_freelist_hook+0xc2/0x190
[ 63.383541][ T605] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 63.389420][ T605] kmem_cache_free+0x100/0x320
[ 63.394255][ T605] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 63.400206][ T605] f2fs_evict_inode+0x4dd/0x15b0
[ 63.405455][ T605] ? f2fs_write_inode+0x850/0x850
[ 63.410896][ T605] ? bit_waitqueue+0x30/0x30
[ 63.415732][ T605] ? f2fs_write_inode+0x850/0x850
[ 63.421082][ T605] evict+0x4c9/0x8d0
[ 63.425108][ T605] ? proc_nr_inodes+0x310/0x310
[ 63.431045][ T605] ? _raw_spin_lock+0x94/0xf0
[ 63.437287][ T605] ? __kasan_check_read+0x11/0x20
[ 63.442934][ T605] ? f2fs_drop_inode+0x174/0x980
[ 63.448014][ T605] ? __kasan_check_write+0x14/0x20
[ 63.453205][ T605] iput+0x635/0x7c0
[ 63.457574][ T605] iget_failed+0x178/0x1c0
[ 63.462017][ T605] f2fs_iget+0x1aea/0x5230
[ 63.466570][ T605] f2fs_lookup+0x3a9/0xab0
[ 63.471185][ T605] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 63.477823][ T605] ? d_hash_and_lookup+0x1f0/0x1f0
[ 63.483331][ T605] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 63.489513][ T605] path_openat+0xfc9/0x2f20
[ 63.494046][ T605] ? do_filp_open+0x410/0x410
[ 63.498764][ T605] do_filp_open+0x1e2/0x410
[ 63.503506][ T605] ? vfs_tmpfile+0x2d0/0x2d0
[ 63.508414][ T605] do_sys_openat2+0x15e/0x7f0
[ 63.513524][ T605] ? __se_sys_rt_sigprocmask+0x22c/0x290
[ 63.519577][ T605] ? do_sys_open+0xe0/0xe0
[ 63.524432][ T605] ? __x64_sys_rt_sigprocmask+0xb0/0xb0