Warning: Permanently added '10.128.1.225' (ED25519) to the list of known hosts. 2025/09/29 13:11:59 parsed 1 programs [ 52.166100][ T23] audit: type=1400 audit(1759151519.990:109): avc: denied { unlink } for pid=388 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 52.234696][ T388] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.642758][ T23] audit: type=1401 audit(1759151520.470:110): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 52.761794][ T404] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.769442][ T404] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.776770][ T404] device bridge_slave_0 entered promiscuous mode [ 52.786375][ T404] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.793483][ T404] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.800849][ T404] device bridge_slave_1 entered promiscuous mode [ 52.868100][ T404] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.875185][ T404] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.882477][ T404] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.889616][ T404] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.909485][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.917792][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.926156][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.933921][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.950243][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.958485][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.965542][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.973029][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.981764][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.995154][ T404] device veth0_vlan entered promiscuous mode [ 53.003187][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.012012][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.020347][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.027952][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.039323][ T404] device veth1_macvtap entered promiscuous mode [ 53.052644][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready 2025/09/29 13:12:00 executed programs: 0 [ 53.062652][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.072075][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.177469][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.184748][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.192327][ T441] device bridge_slave_0 entered promiscuous mode [ 53.215662][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.222958][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.230357][ T441] device bridge_slave_1 entered promiscuous mode [ 53.261126][ T442] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.268251][ T442] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.275959][ T442] device bridge_slave_0 entered promiscuous mode [ 53.282746][ T442] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.289806][ T442] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.297474][ T442] device bridge_slave_1 entered promiscuous mode [ 53.313418][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.320522][ T448] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.327926][ T448] device bridge_slave_0 entered promiscuous mode [ 53.340052][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.347075][ T448] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.354375][ T448] device bridge_slave_1 entered promiscuous mode [ 53.395397][ T446] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.402491][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.409996][ T446] device bridge_slave_0 entered promiscuous mode [ 53.416792][ T446] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.423858][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.431424][ T446] device bridge_slave_1 entered promiscuous mode [ 53.463915][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.470981][ T441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.478213][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.485421][ T441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.512223][ T447] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.519293][ T447] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.526865][ T447] device bridge_slave_0 entered promiscuous mode [ 53.537599][ T447] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.544769][ T447] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.552026][ T447] device bridge_slave_1 entered promiscuous mode [ 53.591574][ T442] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.598647][ T442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.606053][ T442] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.613135][ T442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.636027][ T446] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.643350][ T446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.650597][ T446] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.657600][ T446] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.668543][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.676138][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.683308][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.690635][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.697708][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.705245][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.712519][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.726184][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.750659][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.758776][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.765902][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.773570][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.781992][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.789003][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.815743][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.823363][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.831520][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.840259][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.848276][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.855309][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.862868][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.871310][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.879981][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.887198][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.894678][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.903026][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.911131][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.918222][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.925808][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.934049][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.942164][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.949272][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.956680][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.964714][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.972585][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.979856][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.987193][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.995357][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.003841][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.012066][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.020184][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.027197][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.034618][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.042756][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.050745][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.089327][ T446] device veth0_vlan entered promiscuous mode [ 54.095971][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.104595][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.112646][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.120570][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.127838][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.135907][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.144150][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.152194][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.160067][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.168294][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.176527][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.183573][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.191001][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.199007][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.206940][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.214885][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.223053][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.231597][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.245573][ T442] device veth0_vlan entered promiscuous mode [ 54.260349][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.267679][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.275834][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.284305][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.292862][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.301262][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.309446][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.316642][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.324184][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.332490][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.340588][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.347584][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.354913][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.362684][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.370717][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.378206][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.385627][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.394242][ T441] device veth0_vlan entered promiscuous mode [ 54.406441][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.414253][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.422113][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.430987][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.438900][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.446750][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.458020][ T442] device veth1_macvtap entered promiscuous mode [ 54.466945][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.475240][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 54.483482][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.491787][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 54.500610][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.511410][ T446] device veth1_macvtap entered promiscuous mode [ 54.518806][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.527270][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.540093][ T448] device veth0_vlan entered promiscuous mode [ 54.550901][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.558854][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.566508][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.574283][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.582824][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.590624][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.597879][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.605457][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 54.613709][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.621782][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.630013][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.638584][ T441] device veth1_macvtap entered promiscuous mode [ 54.647139][ T447] device veth0_vlan entered promiscuous mode [ 54.662886][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 54.670557][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.678927][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.687460][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.696224][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.716262][ T447] device veth1_macvtap entered promiscuous mode [ 54.725708][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.734439][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.743140][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.751784][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.760182][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.768388][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.778128][ T448] device veth1_macvtap entered promiscuous mode [ 54.796618][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.818803][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.849881][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.862391][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.909815][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.928180][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.973862][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.988208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.120576][ T47] device bridge_slave_1 left promiscuous mode [ 55.127560][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.147988][ T47] device bridge_slave_0 left promiscuous mode [ 55.167859][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.195361][ T47] device veth1_macvtap left promiscuous mode [ 55.211723][ T47] device veth0_vlan left promiscuous mode [ 55.649568][ T465] ====================================================== [ 55.649568][ T465] WARNING: the mand mount option is being deprecated and [ 55.649568][ T465] will be removed in v5.15! [ 55.649568][ T465] ====================================================== [ 55.703110][ T465] F2FS-fs (loop2): invalid crc value [ 55.764605][ T465] F2FS-fs (loop2): Found nat_bits in checkpoint [ 55.859737][ T465] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 55.888155][ T23] audit: type=1400 audit(1759151523.710:111): avc: denied { mount } for pid=464 comm="syz.2.19" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 55.922478][ T469] F2FS-fs (loop6): invalid crc value [ 55.922541][ T465] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 55.946410][ T469] F2FS-fs (loop6): Found nat_bits in checkpoint [ 55.971297][ T465] CPU: 0 PID: 465 Comm: syz.2.19 Not tainted syzkaller #0 [ 55.977220][ T469] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 55.978524][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 55.996411][ T465] Call Trace: [ 55.999719][ T465] dump_stack_lvl+0x81/0xac [ 56.004375][ T465] dump_stack+0x10/0x12 [ 56.008544][ T465] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.014094][ T465] f2fs_iget+0x35eb/0x4b10 [ 56.018517][ T465] f2fs_lookup+0x491/0xc20 [ 56.022937][ T465] ? __recover_dot_dentries+0x530/0x530 [ 56.028671][ T465] ? __legitimize_path+0x6c/0x170 [ 56.033695][ T465] __lookup_slow+0x19b/0x3d0 [ 56.038399][ T465] ? page_put_link+0x80/0x80 [ 56.042990][ T465] ? inode_permission.part.0+0xc2/0x320 [ 56.048627][ T465] walk_component+0x3ad/0x710 [ 56.053315][ T465] ? handle_dots.part.0+0x11c0/0x11c0 [ 56.058774][ T465] ? walk_component+0x710/0x710 [ 56.063846][ T465] path_lookupat+0x112/0x6a0 [ 56.068435][ T465] ? _atomic_dec_and_lock+0x19/0xa0 [ 56.073724][ T465] filename_lookup+0x17f/0x510 [ 56.078704][ T465] ? may_linkat+0x200/0x200 [ 56.083219][ T465] ? __check_object_size+0x1df/0x270 [ 56.088592][ T465] ? kmem_cache_alloc+0x17f/0x4f0 [ 56.093603][ T465] ? getname_flags.part.0+0x8c/0x480 [ 56.098951][ T465] user_path_at_empty+0xa2/0xf0 [ 56.103789][ T465] do_sys_truncate.part.0+0x85/0x100 [ 56.109215][ T465] ? vfs_truncate+0x540/0x540 [ 56.113960][ T465] ? __kasan_check_write+0x14/0x20 [ 56.119044][ T465] ? switch_fpu_return+0xbf/0x1b0 [ 56.124043][ T465] __x64_sys_truncate+0x54/0x80 [ 56.128904][ T465] do_syscall_64+0x32/0x50 [ 56.133309][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.139270][ T465] RIP: 0033:0x7f2b99190be9 [ 56.143753][ T465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.163429][ T465] RSP: 002b:00007f2b99001038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 56.171930][ T465] RAX: ffffffffffffffda RBX: 00007f2b993b7fa0 RCX: 00007f2b99190be9 [ 56.179932][ T465] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 56.188212][ T465] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.196172][ T465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.204126][ T465] R13: 00007f2b993b8038 R14: 00007f2b993b7fa0 R15: 00007fff97bc7208 [ 56.214382][ T465] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 56.227113][ T500] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 56.234163][ T500] CPU: 0 PID: 500 Comm: syz.2.19 Not tainted syzkaller #0 [ 56.241481][ T500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 56.251720][ T500] Call Trace: [ 56.254997][ T500] dump_stack_lvl+0x81/0xac [ 56.259477][ T500] dump_stack+0x10/0x12 [ 56.263690][ T500] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.269213][ T500] f2fs_iget+0x35eb/0x4b10 [ 56.273605][ T500] f2fs_lookup+0x491/0xc20 [ 56.277991][ T500] ? __recover_dot_dentries+0x530/0x530 [ 56.283516][ T500] path_openat+0x1024/0x3950 [ 56.288212][ T500] ? path_lookupat+0x6a0/0x6a0 [ 56.293104][ T500] ? __kasan_check_read+0x11/0x20 [ 56.298132][ T500] ? pagevec_add_and_need_flush+0x216/0x290 [ 56.304008][ T500] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 56.310080][ T500] ? __mod_memcg_lruvec_state+0x118/0x330 [ 56.315784][ T500] ? __mod_node_page_state+0xa6/0x110 [ 56.321241][ T500] do_filp_open+0x193/0x3d0 [ 56.325833][ T500] ? may_open_dev+0xd0/0xd0 [ 56.330611][ T500] ? __check_object_size+0x1df/0x270 [ 56.335896][ T500] ? _raw_spin_unlock+0x41/0x70 [ 56.340742][ T500] do_sys_openat2+0x135/0x810 [ 56.345404][ T500] ? recalc_sigpending+0x7c/0xb0 [ 56.350338][ T500] ? build_open_flags+0x490/0x490 [ 56.355338][ T500] ? __kasan_check_write+0x14/0x20 [ 56.360425][ T500] ? __handle_speculative_fault+0xee/0x280 [ 56.366211][ T500] __x64_sys_openat+0x124/0x200 [ 56.371039][ T500] ? __ia32_sys_open+0x1b0/0x1b0 [ 56.375952][ T500] ? exit_to_user_mode_prepare+0x36/0x160 [ 56.381644][ T500] ? irqentry_exit_to_user_mode+0xe/0x10 [ 56.387277][ T500] do_syscall_64+0x32/0x50 [ 56.391666][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.397531][ T500] RIP: 0033:0x7f2b99190be9 [ 56.402026][ T500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.421904][ T500] RSP: 002b:00007f2b98fe0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 56.430479][ T500] RAX: ffffffffffffffda RBX: 00007f2b993b8090 RCX: 00007f2b99190be9 [ 56.438528][ T500] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 56.446487][ T500] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.454455][ T500] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 56.462412][ T500] R13: 00007f2b993b8128 R14: 00007f2b993b8090 R15: 00007fff97bc7208 [ 56.471584][ T500] ================================================================== [ 56.479678][ T500] BUG: KASAN: use-after-free in f2fs_iget+0x49fe/0x4b10 [ 56.486598][ T500] Read of size 4 at addr ffff88811e355024 by task syz.2.19/500 [ 56.494148][ T500] [ 56.496466][ T500] CPU: 1 PID: 500 Comm: syz.2.19 Not tainted syzkaller #0 [ 56.503647][ T500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 56.513680][ T500] Call Trace: [ 56.516950][ T500] dump_stack_lvl+0x81/0xac [ 56.521609][ T500] print_address_description.constprop.0+0x24/0x160 [ 56.528173][ T500] ? f2fs_iget+0x49fe/0x4b10 [ 56.532744][ T500] kasan_report.cold+0x82/0xdb [ 56.537488][ T500] ? f2fs_iget+0x49fe/0x4b10 [ 56.542145][ T500] __asan_report_load4_noabort+0x14/0x20 [ 56.547755][ T500] f2fs_iget+0x49fe/0x4b10 [ 56.552244][ T500] f2fs_lookup+0x491/0xc20 [ 56.556653][ T500] ? __recover_dot_dentries+0x530/0x530 [ 56.562190][ T500] path_openat+0x1024/0x3950 [ 56.566767][ T500] ? path_lookupat+0x6a0/0x6a0 [ 56.571604][ T500] ? __kasan_check_read+0x11/0x20 [ 56.576611][ T500] ? pagevec_add_and_need_flush+0x216/0x290 [ 56.582569][ T500] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 56.588638][ T500] ? __mod_memcg_lruvec_state+0x118/0x330 [ 56.594461][ T500] ? __mod_node_page_state+0xa6/0x110 [ 56.599816][ T500] do_filp_open+0x193/0x3d0 [ 56.604308][ T500] ? may_open_dev+0xd0/0xd0 [ 56.608796][ T500] ? __check_object_size+0x1df/0x270 [ 56.614234][ T500] ? _raw_spin_unlock+0x41/0x70 [ 56.619063][ T500] do_sys_openat2+0x135/0x810 [ 56.623716][ T500] ? recalc_sigpending+0x7c/0xb0 [ 56.628718][ T500] ? build_open_flags+0x490/0x490 [ 56.633811][ T500] ? __kasan_check_write+0x14/0x20 [ 56.638991][ T500] ? __handle_speculative_fault+0xee/0x280 [ 56.644780][ T500] __x64_sys_openat+0x124/0x200 [ 56.649608][ T500] ? __ia32_sys_open+0x1b0/0x1b0 [ 56.654527][ T500] ? exit_to_user_mode_prepare+0x36/0x160 [ 56.660232][ T500] ? irqentry_exit_to_user_mode+0xe/0x10 [ 56.665931][ T500] do_syscall_64+0x32/0x50 [ 56.670325][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.676198][ T500] RIP: 0033:0x7f2b99190be9 [ 56.680683][ T500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.700397][ T500] RSP: 002b:00007f2b98fe0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 56.708907][ T500] RAX: ffffffffffffffda RBX: 00007f2b993b8090 RCX: 00007f2b99190be9 [ 56.716958][ T500] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 56.724918][ T500] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.732960][ T500] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 56.741002][ T500] R13: 00007f2b993b8128 R14: 00007f2b993b8090 R15: 00007fff97bc7208 [ 56.748965][ T500] [ 56.751287][ T500] Allocated by task 465: [ 56.755594][ T500] kasan_save_stack+0x26/0x50 [ 56.760244][ T500] __kasan_slab_alloc+0x94/0xc0 [ 56.765071][ T500] kmem_cache_alloc+0x15d/0x4f0 [ 56.769909][ T500] f2fs_init_extent_tree+0x98f/0xdf0 [ 56.775259][ T500] f2fs_iget+0xa71/0x4b10 [ 56.779586][ T500] f2fs_lookup+0x491/0xc20 [ 56.783987][ T500] __lookup_slow+0x19b/0x3d0 [ 56.788566][ T500] walk_component+0x3ad/0x710 [ 56.793325][ T500] path_lookupat+0x112/0x6a0 [ 56.797901][ T500] filename_lookup+0x17f/0x510 [ 56.802645][ T500] user_path_at_empty+0xa2/0xf0 [ 56.807475][ T500] do_sys_truncate.part.0+0x85/0x100 [ 56.812841][ T500] __x64_sys_truncate+0x54/0x80 [ 56.817855][ T500] do_syscall_64+0x32/0x50 [ 56.822263][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.828140][ T500] [ 56.830451][ T500] Freed by task 465: [ 56.834435][ T500] kasan_save_stack+0x26/0x50 [ 56.839109][ T500] kasan_set_track+0x25/0x30 [ 56.843703][ T500] kasan_set_free_info+0x24/0x40 [ 56.848630][ T500] __kasan_slab_free+0x111/0x150 [ 56.853552][ T500] slab_free_freelist_hook+0x9b/0x1a0 [ 56.858956][ T500] kmem_cache_free+0x106/0x440 [ 56.863699][ T500] f2fs_destroy_extent_tree+0x174/0x4b0 [ 56.869226][ T500] f2fs_evict_inode+0x335/0x1680 [ 56.874228][ T500] evict+0x372/0x940 [ 56.878199][ T500] iput.part.0+0x33b/0x640 [ 56.882593][ T500] iput+0x3f/0x50 [ 56.886206][ T500] iget_failed+0x1e/0x30 [ 56.890431][ T500] f2fs_iget+0x22f6/0x4b10 [ 56.894824][ T500] f2fs_lookup+0x491/0xc20 [ 56.899218][ T500] __lookup_slow+0x19b/0x3d0 [ 56.903784][ T500] walk_component+0x3ad/0x710 [ 56.908436][ T500] path_lookupat+0x112/0x6a0 [ 56.913102][ T500] filename_lookup+0x17f/0x510 [ 56.917845][ T500] user_path_at_empty+0xa2/0xf0 [ 56.922773][ T500] do_sys_truncate.part.0+0x85/0x100 [ 56.928127][ T500] __x64_sys_truncate+0x54/0x80 [ 56.932955][ T500] do_syscall_64+0x32/0x50 [ 56.937392][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.943259][ T500] [ 56.945572][ T500] The buggy address belongs to the object at ffff88811e355000 [ 56.945572][ T500] which belongs to the cache f2fs_extent_tree of size 80 [ 56.960061][ T500] The buggy address is located 36 bytes inside of [ 56.960061][ T500] 80-byte region [ffff88811e355000, ffff88811e355050) [ 56.973222][ T500] The buggy address belongs to the page: [ 56.978832][ T500] page:ffffea000478d540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e355 [ 56.989044][ T500] flags: 0x4000000000000200(slab) [ 56.994049][ T500] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047d1e00 [ 57.002631][ T500] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 57.011207][ T500] page dumped because: kasan: bad access detected [ 57.017711][ T500] page_owner tracks the page as allocated [ 57.023412][ T500] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 465, ts 55922513414, free_ts 0 [ 57.041651][ T500] get_page_from_freelist+0x1fee/0x2ad0 [ 57.047184][ T500] __alloc_pages_nodemask+0x2ae/0x2530 [ 57.052942][ T500] allocate_slab+0x30f/0x460 [ 57.057510][ T500] ___slab_alloc.constprop.0+0x32b/0x730 [ 57.063116][ T500] kmem_cache_alloc+0x491/0x4f0 [ 57.067973][ T500] f2fs_init_extent_tree+0x98f/0xdf0 [ 57.073329][ T500] f2fs_iget+0xa71/0x4b10 [ 57.077641][ T500] f2fs_lookup+0x491/0xc20 [ 57.082037][ T500] __lookup_slow+0x19b/0x3d0 [ 57.086614][ T500] walk_component+0x3ad/0x710 [ 57.091354][ T500] path_lookupat+0x112/0x6a0 [ 57.096105][ T500] filename_lookup+0x17f/0x510 [ 57.101509][ T500] user_path_at_empty+0xa2/0xf0 [ 57.106353][ T500] do_sys_truncate.part.0+0x85/0x100 [ 57.111725][ T500] __x64_sys_truncate+0x54/0x80 [ 57.116643][ T500] do_syscall_64+0x32/0x50 [ 57.121036][ T500] page_owner free stack trace missing [ 57.126409][ T500] [ 57.128720][ T500] Memory state around the buggy address: [ 57.134427][ T500] ffff88811e354f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.142668][ T500] ffff88811e354f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.150825][ T500] >ffff88811e355000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 57.159069][ T500] ^ [ 57.164170][ T500] ffff88811e355080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.172298][ T500] ffff88811e355100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.180509][ T500] ================================================================== [ 57.189371][ T500] Disabling lock debugging due to kernel taint [ 57.197033][ T500] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.209996][ T23] audit: type=1400 audit(1759151525.030:112): avc: denied { read } for pid=73 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 57.218940][ T469] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 57.232242][ T23] audit: type=1400 audit(1759151525.030:113): avc: denied { search } for pid=73 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 57.238821][ T500] ================================================================== [ 57.260393][ T23] audit: type=1400 audit(1759151525.030:114): avc: denied { write } for pid=73 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 57.268309][ T500] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 57.289802][ T23] audit: type=1400 audit(1759151525.030:115): avc: denied { add_name } for pid=73 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 57.298129][ T500] [ 57.298143][ T500] CPU: 1 PID: 500 Comm: syz.2.19 Tainted: G B syzkaller #0 [ 57.318784][ T23] audit: type=1400 audit(1759151525.030:116): avc: denied { create } for pid=73 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 57.320935][ T500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 57.320937][ T500] Call Trace: [ 57.320949][ T500] dump_stack_lvl+0x81/0xac [ 57.320959][ T500] print_address_description.constprop.0+0x24/0x160 [ 57.329692][ T23] audit: type=1400 audit(1759151525.030:117): avc: denied { append open } for pid=73 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 57.350158][ T500] ? kmem_cache_free+0x106/0x440 [ 57.350163][ T500] kasan_report_invalid_free+0x56/0x80 [ 57.350168][ T500] ? kmem_cache_free+0x106/0x440 [ 57.350172][ T500] __kasan_slab_free+0x134/0x150 [ 57.350177][ T500] slab_free_freelist_hook+0x9b/0x1a0 [ 57.350184][ T500] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 57.350188][ T500] kmem_cache_free+0x106/0x440 [ 57.350193][ T500] f2fs_destroy_extent_tree+0x174/0x4b0 [ 57.350199][ T500] f2fs_evict_inode+0x335/0x1680 [ 57.350204][ T500] ? irq_work_queue+0x3c/0x50 [ 57.350209][ T500] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 57.350214][ T500] ? f2fs_write_inode+0x1010/0x1010 [ 57.350219][ T500] ? var_wake_function+0x130/0x130 [ 57.350224][ T500] ? _raw_spin_lock_bh+0x110/0x110 [ 57.350230][ T500] ? vprintk_func+0x5a/0x150 [ 57.350233][ T500] ? _raw_spin_lock_bh+0x110/0x110 [ 57.350238][ T500] evict+0x372/0x940 [ 57.350242][ T500] ? new_inode+0x2f0/0x2f0 [ 57.350246][ T500] ? _raw_spin_lock+0x86/0x110 [ 57.350249][ T500] ? _raw_spin_lock_bh+0x110/0x110 [ 57.350255][ T500] ? __kasan_check_read+0x11/0x20 [ 57.350259][ T500] ? f2fs_drop_inode+0x71/0x910 [ 57.350263][ T500] iput.part.0+0x33b/0x640 [ 57.350268][ T500] iput+0x3f/0x50 [ 57.350272][ T500] iget_failed+0x1e/0x30 [ 57.350276][ T500] f2fs_iget+0x22f6/0x4b10 [ 57.350284][ T500] f2fs_lookup+0x491/0xc20 [ 57.350289][ T500] ? __recover_dot_dentries+0x530/0x530 [ 57.350297][ T500] path_openat+0x1024/0x3950 [ 57.350303][ T500] ? path_lookupat+0x6a0/0x6a0 [ 57.350308][ T500] ? __kasan_check_read+0x11/0x20 [ 57.350314][ T500] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.350319][ T500] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.350324][ T500] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.350328][ T500] ? __mod_node_page_state+0xa6/0x110 [ 57.350333][ T500] do_filp_open+0x193/0x3d0 [ 57.350336][ T500] ? may_open_dev+0xd0/0xd0 [ 57.350343][ T500] ? __check_object_size+0x1df/0x270 [ 57.350347][ T500] ? _raw_spin_unlock+0x41/0x70 [ 57.350354][ T500] do_sys_openat2+0x135/0x810 [ 57.350359][ T500] ? recalc_sigpending+0x7c/0xb0 [ 57.350364][ T500] ? build_open_flags+0x490/0x490 [ 57.350368][ T500] ? __kasan_check_write+0x14/0x20 [ 57.350373][ T500] ? __handle_speculative_fault+0xee/0x280 [ 57.350378][ T500] __x64_sys_openat+0x124/0x200 [ 57.350383][ T500] ? __ia32_sys_open+0x1b0/0x1b0 [ 57.350388][ T500] ? exit_to_user_mode_prepare+0x36/0x160 [ 57.350394][ T500] ? irqentry_exit_to_user_mode+0xe/0x10 [ 57.350399][ T500] do_syscall_64+0x32/0x50 [ 57.350404][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.350408][ T500] RIP: 0033:0x7f2b99190be9 [ 57.350414][ T500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.350417][ T500] RSP: 002b:00007f2b98fe0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 57.350425][ T500] RAX: ffffffffffffffda RBX: 00007f2b993b8090 RCX: 00007f2b99190be9 [ 57.350428][ T500] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 57.350430][ T500] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.350433][ T500] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 57.350435][ T500] R13: 00007f2b993b8128 R14: 00007f2b993b8090 R15: 00007fff97bc7208 [ 57.350440][ T500] [ 57.350443][ T500] Allocated by task 465: [ 57.350448][ T500] kasan_save_stack+0x26/0x50 [ 57.350452][ T500] __kasan_slab_alloc+0x94/0xc0 [ 57.350455][ T500] kmem_cache_alloc+0x15d/0x4f0 [ 57.350459][ T500] f2fs_init_extent_tree+0x98f/0xdf0 [ 57.350462][ T500] f2fs_iget+0xa71/0x4b10 [ 57.350466][ T500] f2fs_lookup+0x491/0xc20 [ 57.350469][ T500] __lookup_slow+0x19b/0x3d0 [ 57.350472][ T500] walk_component+0x3ad/0x710 [ 57.350475][ T500] path_lookupat+0x112/0x6a0 [ 57.350478][ T500] filename_lookup+0x17f/0x510 [ 57.350481][ T500] user_path_at_empty+0xa2/0xf0 [ 57.350484][ T500] do_sys_truncate.part.0+0x85/0x100 [ 57.350487][ T500] __x64_sys_truncate+0x54/0x80 [ 57.350491][ T500] do_syscall_64+0x32/0x50 [ 57.350495][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.350496][ T500] [ 57.350498][ T500] Freed by task 465: [ 57.350502][ T500] kasan_save_stack+0x26/0x50 [ 57.350505][ T500] kasan_set_track+0x25/0x30 [ 57.350509][ T500] kasan_set_free_info+0x24/0x40 [ 57.350512][ T500] __kasan_slab_free+0x111/0x150 [ 57.350515][ T500] slab_free_freelist_hook+0x9b/0x1a0 [ 57.350519][ T500] kmem_cache_free+0x106/0x440 [ 57.350522][ T500] f2fs_destroy_extent_tree+0x174/0x4b0 [ 57.350526][ T500] f2fs_evict_inode+0x335/0x1680 [ 57.350528][ T500] evict+0x372/0x940 [ 57.350535][ T500] iput.part.0+0x33b/0x640 [ 57.360885][ T23] audit: type=1400 audit(1759151525.030:118): avc: denied { getattr } for pid=73 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 57.363899][ T500] iput+0x3f/0x50 [ 57.368444][ T469] CPU: 0 PID: 469 Comm: syz.6.17 Tainted: G B syzkaller #0 [ 57.375040][ T500] iget_failed+0x1e/0x30 [ 57.398027][ T469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 57.403310][ T500] f2fs_iget+0x22f6/0x4b10 [ 57.408837][ T469] Call Trace: [ 57.413840][ T500] f2fs_lookup+0x491/0xc20 [ 57.418755][ T469] dump_stack_lvl+0x81/0xac [ 57.424367][ T500] __lookup_slow+0x19b/0x3d0 [ 57.430260][ T469] dump_stack+0x10/0x12 [ 57.434997][ T500] walk_component+0x3ad/0x710 [ 57.440601][ T469] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.445693][ T500] path_lookupat+0x112/0x6a0 [ 57.450344][ T469] f2fs_iget+0x35eb/0x4b10 [ 57.456123][ T500] filename_lookup+0x17f/0x510 [ 57.461304][ T469] f2fs_lookup+0x491/0xc20 [ 57.466388][ T500] user_path_at_empty+0xa2/0xf0 [ 57.471573][ T469] ? __recover_dot_dentries+0x530/0x530 [ 57.476135][ T500] do_sys_truncate.part.0+0x85/0x100 [ 57.481395][ T469] ? __legitimize_path+0x6c/0x170 [ 57.485265][ T500] __x64_sys_truncate+0x54/0x80 [ 57.489658][ T469] __lookup_slow+0x19b/0x3d0 [ 57.494405][ T500] do_syscall_64+0x32/0x50 [ 57.500095][ T469] ? page_put_link+0x80/0x80 [ 57.505107][ T500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.510289][ T469] ? inode_permission.part.0+0xc2/0x320 [ 57.514767][ T500] [ 57.518382][ T469] walk_component+0x3ad/0x710 [ 57.522599][ T500] The buggy address belongs to the object at ffff88811e355000 [ 57.522599][ T500] which belongs to the cache f2fs_extent_tree of size 80 [ 57.526987][ T469] ? handle_dots.part.0+0x11c0/0x11c0 [ 57.531378][ T500] The buggy address is located 0 bytes inside of [ 57.531378][ T500] 80-byte region [ffff88811e355000, ffff88811e355050) [ 57.536929][ T469] ? walk_component+0x710/0x710 [ 57.541584][ T500] The buggy address belongs to the page: [ 57.546327][ T469] path_lookupat+0x112/0x6a0 [ 57.551327][ T500] page:ffffea000478d540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e355 [ 57.557204][ T469] ? _atomic_dec_and_lock+0x19/0xa0 [ 57.563154][ T500] flags: 0x4000000000000200(slab) [ 57.568979][ T469] filename_lookup+0x17f/0x510 [ 57.574426][ T500] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047d1e00 [ 57.579083][ T469] ? may_linkat+0x200/0x200 [ 57.583696][ T500] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 57.588958][ T469] ? __check_object_size+0x1df/0x270 [ 57.593782][ T500] page dumped because: kasan: bad access detected [ 57.598450][ T469] ? kmem_cache_alloc+0x17f/0x4f0 [ 57.603509][ T500] page_owner tracks the page as allocated [ 57.608604][ T469] ? getname_flags.part.0+0x8c/0x480 [ 57.613701][ T500] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 465, ts 55922513414, free_ts 0 [ 57.619478][ T469] user_path_at_empty+0xa2/0xf0 [ 57.624307][ T500] get_page_from_freelist+0x1fee/0x2ad0 [ 57.629225][ T469] do_sys_truncate.part.0+0x85/0x100 [ 57.634942][ T500] __alloc_pages_nodemask+0x2ae/0x2530 [ 57.640570][ T469] ? vfs_truncate+0x540/0x540 [ 57.644964][ T500] allocate_slab+0x30f/0x460 [ 57.650934][ T469] ? __kasan_check_write+0x14/0x20 [ 57.655325][ T500] ___slab_alloc.constprop.0+0x32b/0x730 [ 57.675084][ T469] ? switch_fpu_return+0xbf/0x1b0 [ 57.683477][ T500] kmem_cache_alloc+0x491/0x4f0 [ 57.683484][ T500] f2fs_init_extent_tree+0x98f/0xdf0 [ 57.691432][ T469] __x64_sys_truncate+0x54/0x80 [ 57.699535][ T500] f2fs_iget+0xa71/0x4b10 [ 57.707496][ T469] do_syscall_64+0x32/0x50 [ 57.715442][ T500] f2fs_lookup+0x491/0xc20 [ 57.723406][ T469] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.725712][ T500] __lookup_slow+0x19b/0x3d0 [ 57.729926][ T469] RIP: 0033:0x7f56b86b3be9 [ 57.729934][ T469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.734612][ T500] walk_component+0x3ad/0x710 [ 57.739439][ T469] RSP: 002b:00007f56b8524038 EFLAGS: 00000246 [ 57.744267][ T500] path_lookupat+0x112/0x6a0 [ 57.749540][ T469] ORIG_RAX: 000000000000004c [ 57.754100][ T500] filename_lookup+0x17f/0x510 [ 57.758792][ T469] RAX: ffffffffffffffda RBX: 00007f56b88dafa0 RCX: 00007f56b86b3be9 [ 57.763358][ T500] user_path_at_empty+0xa2/0xf0 [ 57.768019][ T469] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 57.772583][ T500] do_sys_truncate.part.0+0x85/0x100 [ 57.777325][ T469] RBP: 00007f56b8736e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.782154][ T500] __x64_sys_truncate+0x54/0x80 [ 57.787419][ T469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.792244][ T500] do_syscall_64+0x32/0x50 [ 57.796645][ T469] R13: 00007f56b88db038 R14: 00007f56b88dafa0 R15: 00007ffe15289f48 [ 57.802574][ T500] page_owner free stack trace missing [ 57.802577][ T500] [ 57.802579][ T500] Memory state around the buggy address: [ 57.802587][ T500] ffff88811e354f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.802590][ T500] ffff88811e354f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.802593][ T500] >ffff88811e355000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 57.802595][ T500] ^ [ 57.802603][ T500] ffff88811e355080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.805153][ T469] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.808827][ T500] ffff88811e355100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.808830][ T500] ================================================================== [ 57.816233][ T471] F2FS-fs (loop4): invalid crc value [ 57.861226][ T503] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 57.887444][ T473] F2FS-fs (loop5): invalid crc value [ 57.910766][ T503] CPU: 0 PID: 503 Comm: syz.6.17 Tainted: G B syzkaller #0 [ 57.915557][ T473] F2FS-fs (loop5): Found nat_bits in checkpoint [ 57.917390][ T503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 57.917393][ T503] Call Trace: [ 57.917404][ T503] dump_stack_lvl+0x81/0xac [ 57.917409][ T503] dump_stack+0x10/0x12 [ 57.917413][ T503] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.917420][ T503] f2fs_iget+0x35eb/0x4b10 [ 57.917428][ T503] f2fs_lookup+0x491/0xc20 [ 57.941847][ T473] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 57.945401][ T503] ? __recover_dot_dentries+0x530/0x530 [ 57.945409][ T503] path_openat+0x1024/0x3950 [ 57.945415][ T503] ? path_lookupat+0x6a0/0x6a0 [ 57.945422][ T503] ? __kasan_check_read+0x11/0x20 [ 57.945428][ T503] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.945433][ T503] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.945442][ T503] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.950250][ T471] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-12) [ 57.954530][ T503] ? __mod_node_page_state+0xa6/0x110 [ 57.954535][ T503] do_filp_open+0x193/0x3d0 [ 57.954539][ T503] ? may_open_dev+0xd0/0xd0 [ 57.954546][ T503] ? __check_object_size+0x1df/0x270 [ 57.954552][ T503] ? _raw_spin_unlock+0x41/0x70 [ 57.954561][ T503] do_sys_openat2+0x135/0x810 [ 58.585897][ T503] ? recalc_sigpending+0x7c/0xb0 [ 58.590990][ T503] ? build_open_flags+0x490/0x490 [ 58.595994][ T503] ? __kasan_check_write+0x14/0x20 [ 58.601177][ T503] ? __handle_speculative_fault+0xee/0x280 [ 58.607192][ T503] __x64_sys_openat+0x124/0x200 [ 58.612039][ T503] ? __ia32_sys_open+0x1b0/0x1b0 [ 58.616958][ T503] ? exit_to_user_mode_prepare+0x36/0x160 [ 58.622652][ T503] ? irqentry_exit_to_user_mode+0xe/0x10 [ 58.628445][ T503] do_syscall_64+0x32/0x50 [ 58.632896][ T503] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.638770][ T503] RIP: 0033:0x7f56b86b3be9 [ 58.643168][ T503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.662942][ T503] RSP: 002b:00007f56b8503038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 58.671397][ T503] RAX: ffffffffffffffda RBX: 00007f56b88db090 RCX: 00007f56b86b3be9 2025/09/29 13:12:06 executed programs: 17 [ 58.679358][ T503] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 58.687321][ T503] RBP: 00007f56b8736e19 R08: 0000000000000000 R09: 0000000000000000 [ 58.695283][ T503] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 58.703335][ T503] R13: 00007f56b88db128 R14: 00007f56b88db090 R15: 00007ffe15289f48 [ 58.713686][ T503] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.880589][ T513] F2FS-fs (loop4): invalid crc value [ 59.920124][ T513] F2FS-fs (loop4): Found nat_bits in checkpoint [ 59.987982][ T513] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 60.002303][ T510] F2FS-fs (loop5): invalid crc value [ 60.008659][ T510] F2FS-fs (loop5): Found nat_bits in checkpoint [ 60.040966][ T513] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 60.048529][ T516] F2FS-fs (loop1): invalid crc value [ 60.055249][ T513] CPU: 0 PID: 513 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 60.058104][ T510] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 60.063759][ T513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 60.063761][ T513] Call Trace: [ 60.063773][ T513] dump_stack_lvl+0x81/0xac [ 60.063777][ T513] dump_stack+0x10/0x12 [ 60.063781][ T513] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.063792][ T513] f2fs_iget+0x35eb/0x4b10 [ 60.072103][ T516] F2FS-fs (loop1): Found nat_bits in checkpoint [ 60.081300][ T513] f2fs_lookup+0x491/0xc20 [ 60.081306][ T513] ? __recover_dot_dentries+0x530/0x530 [ 60.081314][ T513] ? __legitimize_path+0x6c/0x170 [ 60.081318][ T513] __lookup_slow+0x19b/0x3d0 [ 60.081322][ T513] ? page_put_link+0x80/0x80 [ 60.081332][ T513] ? inode_permission.part.0+0xc2/0x320 [ 60.104887][ T516] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 60.109931][ T513] walk_component+0x3ad/0x710 [ 60.109939][ T513] ? handle_dots.part.0+0x11c0/0x11c0 [ 60.109943][ T513] ? walk_component+0x710/0x710 [ 60.109948][ T513] path_lookupat+0x112/0x6a0 [ 60.109954][ T513] ? _atomic_dec_and_lock+0x19/0xa0 [ 60.109958][ T513] filename_lookup+0x17f/0x510 [ 60.109962][ T513] ? may_linkat+0x200/0x200 [ 60.109968][ T513] ? __check_object_size+0x1df/0x270 [ 60.109974][ T513] ? kmem_cache_alloc+0x17f/0x4f0 [ 60.109979][ T513] ? getname_flags.part.0+0x8c/0x480 [ 60.109984][ T513] user_path_at_empty+0xa2/0xf0 [ 60.109988][ T513] do_sys_truncate.part.0+0x85/0x100 [ 60.109992][ T513] ? vfs_truncate+0x540/0x540 [ 60.109996][ T513] ? __kasan_check_write+0x14/0x20 [ 60.110001][ T513] ? switch_fpu_return+0xbf/0x1b0 [ 60.110011][ T513] __x64_sys_truncate+0x54/0x80 [ 60.226951][ T513] do_syscall_64+0x32/0x50 [ 60.231456][ T513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.237376][ T513] RIP: 0033:0x7f364bdf4be9 [ 60.241774][ T513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.261449][ T513] RSP: 002b:00007f364bc65038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.269844][ T513] RAX: ffffffffffffffda RBX: 00007f364c01bfa0 RCX: 00007f364bdf4be9 [ 60.277792][ T513] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.285737][ T513] RBP: 00007f364be77e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.293789][ T513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.301787][ T513] R13: 00007f364c01c038 R14: 00007f364c01bfa0 R15: 00007ffdbc038c08 [ 60.310478][ T513] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.323382][ T537] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 60.326692][ T518] F2FS-fs (loop2): invalid crc value [ 60.336098][ T516] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 60.337226][ T537] CPU: 0 PID: 537 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 60.343180][ T510] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 60.351266][ T537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 60.351268][ T537] Call Trace: [ 60.351279][ T537] dump_stack_lvl+0x81/0xac [ 60.351288][ T537] dump_stack+0x10/0x12 [ 60.380011][ T537] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.385980][ T537] f2fs_iget+0x35eb/0x4b10 [ 60.390388][ T537] f2fs_lookup+0x491/0xc20 [ 60.394973][ T537] ? __recover_dot_dentries+0x530/0x530 [ 60.400605][ T537] path_openat+0x1024/0x3950 [ 60.405208][ T537] ? path_lookupat+0x6a0/0x6a0 [ 60.410015][ T537] ? get_random_u64+0x310/0x310 [ 60.414856][ T537] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 60.420816][ T537] ? __mod_memcg_lruvec_state+0x118/0x330 [ 60.426613][ T537] ? setup_object.isra.0+0x22/0xd0 [ 60.431810][ T537] ? allocate_slab+0x228/0x460 [ 60.436646][ T537] do_filp_open+0x193/0x3d0 [ 60.441129][ T537] ? may_open_dev+0xd0/0xd0 [ 60.445614][ T537] ? __check_object_size+0x1df/0x270 [ 60.450889][ T537] ? _raw_spin_unlock+0x41/0x70 [ 60.455835][ T537] do_sys_openat2+0x135/0x810 [ 60.460507][ T537] ? recalc_sigpending+0x7c/0xb0 [ 60.465427][ T537] ? build_open_flags+0x490/0x490 [ 60.470643][ T537] ? __kasan_check_write+0x14/0x20 [ 60.475736][ T537] ? __handle_speculative_fault+0xee/0x280 [ 60.480783][ T518] F2FS-fs (loop2): Found nat_bits in checkpoint [ 60.481736][ T537] __x64_sys_openat+0x124/0x200 [ 60.481745][ T537] ? __ia32_sys_open+0x1b0/0x1b0 [ 60.497940][ T537] ? exit_to_user_mode_prepare+0x36/0x160 [ 60.503649][ T537] ? irqentry_exit_to_user_mode+0xe/0x10 [ 60.509269][ T537] do_syscall_64+0x32/0x50 [ 60.513685][ T537] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.519562][ T537] RIP: 0033:0x7f364bdf4be9 [ 60.523984][ T537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.543672][ T537] RSP: 002b:00007f364bc44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 60.552247][ T537] RAX: ffffffffffffffda RBX: 00007f364c01c090 RCX: 00007f364bdf4be9 [ 60.560299][ T537] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 60.568356][ T537] RBP: 00007f364be77e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.576328][ T537] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 60.584568][ T537] R13: 00007f364c01c128 R14: 00007f364c01c090 R15: 00007ffdbc038c08 [ 60.592529][ T516] CPU: 1 PID: 516 Comm: syz.1.23 Tainted: G B syzkaller #0 [ 60.593581][ T537] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.601293][ T516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 60.601296][ T516] Call Trace: [ 60.601307][ T516] dump_stack_lvl+0x81/0xac [ 60.601312][ T516] dump_stack+0x10/0x12 [ 60.601316][ T516] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.601322][ T516] f2fs_iget+0x35eb/0x4b10 [ 60.601331][ T516] f2fs_lookup+0x491/0xc20 [ 60.650369][ T516] ? __recover_dot_dentries+0x530/0x530 [ 60.655988][ T516] ? __legitimize_path+0x6c/0x170 [ 60.661002][ T516] __lookup_slow+0x19b/0x3d0 [ 60.665575][ T516] ? page_put_link+0x80/0x80 [ 60.670149][ T516] ? inode_permission.part.0+0xc2/0x320 [ 60.675762][ T516] walk_component+0x3ad/0x710 [ 60.680511][ T516] ? handle_dots.part.0+0x11c0/0x11c0 [ 60.685872][ T516] ? walk_component+0x710/0x710 [ 60.690705][ T516] path_lookupat+0x112/0x6a0 [ 60.695284][ T516] ? _atomic_dec_and_lock+0x19/0xa0 [ 60.700549][ T516] filename_lookup+0x17f/0x510 [ 60.705296][ T516] ? may_linkat+0x200/0x200 [ 60.709786][ T516] ? __check_object_size+0x1df/0x270 [ 60.715057][ T516] ? kmem_cache_alloc+0x17f/0x4f0 [ 60.720064][ T516] ? getname_flags.part.0+0x8c/0x480 [ 60.725338][ T516] user_path_at_empty+0xa2/0xf0 [ 60.730273][ T516] do_sys_truncate.part.0+0x85/0x100 [ 60.735538][ T516] ? vfs_truncate+0x540/0x540 [ 60.740198][ T516] ? __kasan_check_write+0x14/0x20 [ 60.745290][ T516] ? switch_fpu_return+0xbf/0x1b0 [ 60.750296][ T516] __x64_sys_truncate+0x54/0x80 [ 60.755129][ T516] do_syscall_64+0x32/0x50 [ 60.759529][ T516] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.765423][ T516] RIP: 0033:0x7f8c56cdfbe9 [ 60.769479][ T518] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 60.769930][ T516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.796962][ T516] RSP: 002b:00007f8c56b50038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.805531][ T516] RAX: ffffffffffffffda RBX: 00007f8c56f06fa0 RCX: 00007f8c56cdfbe9 [ 60.813936][ T516] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.821913][ T516] RBP: 00007f8c56d62e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.829874][ T516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.837829][ T516] R13: 00007f8c56f07038 R14: 00007f8c56f06fa0 R15: 00007fffb0b07668 [ 60.845797][ T510] CPU: 0 PID: 510 Comm: syz.5.24 Tainted: G B syzkaller #0 [ 60.854289][ T510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 60.864699][ T510] Call Trace: [ 60.867982][ T510] dump_stack_lvl+0x81/0xac [ 60.872471][ T510] dump_stack+0x10/0x12 [ 60.876700][ T510] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.882251][ T510] f2fs_iget+0x35eb/0x4b10 [ 60.886648][ T510] f2fs_lookup+0x491/0xc20 [ 60.891045][ T510] ? __recover_dot_dentries+0x530/0x530 [ 60.896571][ T510] ? __legitimize_path+0x6c/0x170 [ 60.901572][ T510] __lookup_slow+0x19b/0x3d0 [ 60.906136][ T510] ? page_put_link+0x80/0x80 [ 60.910701][ T510] ? inode_permission.part.0+0xc2/0x320 [ 60.916223][ T510] walk_component+0x3ad/0x710 [ 60.920886][ T510] ? handle_dots.part.0+0x11c0/0x11c0 [ 60.926249][ T510] ? walk_component+0x710/0x710 [ 60.931105][ T510] path_lookupat+0x112/0x6a0 [ 60.935702][ T510] ? _atomic_dec_and_lock+0x19/0xa0 [ 60.940894][ T510] filename_lookup+0x17f/0x510 [ 60.945634][ T510] ? may_linkat+0x200/0x200 [ 60.950675][ T510] ? __check_object_size+0x1df/0x270 [ 60.956032][ T510] ? kmem_cache_alloc+0x17f/0x4f0 [ 60.961035][ T510] ? getname_flags.part.0+0x8c/0x480 [ 60.966300][ T510] user_path_at_empty+0xa2/0xf0 [ 60.971153][ T510] do_sys_truncate.part.0+0x85/0x100 [ 60.976518][ T510] ? vfs_truncate+0x540/0x540 [ 60.981174][ T510] ? __kasan_check_write+0x14/0x20 [ 60.986265][ T510] ? switch_fpu_return+0xbf/0x1b0 [ 60.991358][ T510] __x64_sys_truncate+0x54/0x80 [ 60.996284][ T510] do_syscall_64+0x32/0x50 [ 61.000681][ T510] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.006764][ T510] RIP: 0033:0x7f11ecc47be9 [ 61.011257][ T510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.030853][ T510] RSP: 002b:00007f11ecab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 61.039249][ T510] RAX: ffffffffffffffda RBX: 00007f11ece6efa0 RCX: 00007f11ecc47be9 [ 61.047206][ T510] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 61.055157][ T510] RBP: 00007f11ecccae19 R08: 0000000000000000 R09: 0000000000000000 [ 61.063141][ T510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.071106][ T510] R13: 00007f11ece6f038 R14: 00007f11ece6efa0 R15: 00007ffc55344c58 [ 61.079327][ T516] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.079910][ T510] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.092666][ T541] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 61.116296][ T518] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 61.127679][ T520] F2FS-fs (loop6): invalid crc value [ 61.129916][ T518] CPU: 0 PID: 518 Comm: syz.2.22 Tainted: G B syzkaller #0 [ 61.141484][ T518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 61.151633][ T518] Call Trace: [ 61.155080][ T518] dump_stack_lvl+0x81/0xac [ 61.159587][ T518] dump_stack+0x10/0x12 [ 61.163739][ T518] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.169269][ T518] f2fs_iget+0x35eb/0x4b10 [ 61.173667][ T518] f2fs_lookup+0x491/0xc20 [ 61.178062][ T518] ? __recover_dot_dentries+0x530/0x530 [ 61.183676][ T518] ? __legitimize_path+0x6c/0x170 [ 61.188688][ T518] __lookup_slow+0x19b/0x3d0 [ 61.193257][ T518] ? page_put_link+0x80/0x80 [ 61.198358][ T518] ? inode_permission.part.0+0xc2/0x320 [ 61.203880][ T518] walk_component+0x3ad/0x710 [ 61.208630][ T518] ? handle_dots.part.0+0x11c0/0x11c0 [ 61.214414][ T518] ? walk_component+0x710/0x710 [ 61.219243][ T518] path_lookupat+0x112/0x6a0 [ 61.223826][ T518] filename_lookup+0x17f/0x510 [ 61.228663][ T518] ? may_linkat+0x200/0x200 [ 61.229992][ T544] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 61.233149][ T518] ? ___slab_alloc.constprop.0+0x4bf/0x730 [ 61.233155][ T518] ? __check_object_size+0x1df/0x270 [ 61.233162][ T518] ? kmem_cache_alloc+0x17f/0x4f0 [ 61.240225][ T520] F2FS-fs (loop6): Found nat_bits in checkpoint [ 61.245609][ T518] ? getname_flags.part.0+0x8c/0x480 [ 61.245614][ T518] user_path_at_empty+0xa2/0xf0 [ 61.245621][ T518] do_sys_truncate.part.0+0x85/0x100 [ 61.278014][ T518] ? vfs_truncate+0x540/0x540 [ 61.282678][ T518] ? __kasan_check_write+0x14/0x20 [ 61.287775][ T518] ? switch_fpu_return+0xbf/0x1b0 [ 61.292783][ T518] __x64_sys_truncate+0x54/0x80 [ 61.297623][ T518] do_syscall_64+0x32/0x50 [ 61.302019][ T518] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.307891][ T518] RIP: 0033:0x7f2b99190be9 [ 61.312295][ T518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.331894][ T518] RSP: 002b:00007f2b99001038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 61.340300][ T518] RAX: ffffffffffffffda RBX: 00007f2b993b7fa0 RCX: 00007f2b99190be9 [ 61.348253][ T518] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 61.356306][ T518] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.364776][ T518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.372825][ T518] R13: 00007f2b993b8038 R14: 00007f2b993b7fa0 R15: 00007fff97bc7208 [ 61.380797][ T544] CPU: 1 PID: 544 Comm: syz.5.24 Tainted: G B syzkaller #0 [ 61.389298][ T544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 61.399434][ T544] Call Trace: [ 61.402715][ T544] dump_stack_lvl+0x81/0xac [ 61.407250][ T544] dump_stack+0x10/0x12 [ 61.411406][ T544] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.416941][ T544] f2fs_iget+0x35eb/0x4b10 [ 61.421466][ T544] f2fs_lookup+0x491/0xc20 [ 61.426060][ T544] ? __recover_dot_dentries+0x530/0x530 [ 61.431695][ T544] path_openat+0x1024/0x3950 [ 61.436357][ T544] ? path_lookupat+0x6a0/0x6a0 [ 61.439427][ T518] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.441113][ T544] ? __kasan_check_read+0x11/0x20 [ 61.458428][ T544] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.464306][ T544] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.470268][ T544] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.476033][ T544] ? __mod_node_page_state+0xa6/0x110 [ 61.481382][ T544] do_filp_open+0x193/0x3d0 [ 61.486305][ T544] ? may_open_dev+0xd0/0xd0 [ 61.490785][ T544] ? __check_object_size+0x1df/0x270 [ 61.496161][ T544] ? _raw_spin_unlock+0x41/0x70 [ 61.500990][ T544] do_sys_openat2+0x135/0x810 [ 61.505646][ T544] ? recalc_sigpending+0x7c/0xb0 [ 61.510562][ T544] ? build_open_flags+0x490/0x490 [ 61.515570][ T544] ? __kasan_check_write+0x14/0x20 [ 61.520670][ T544] ? __handle_speculative_fault+0xee/0x280 [ 61.526453][ T544] __x64_sys_openat+0x124/0x200 [ 61.531285][ T544] ? __ia32_sys_open+0x1b0/0x1b0 [ 61.536289][ T544] ? exit_to_user_mode_prepare+0x36/0x160 [ 61.542125][ T544] ? irqentry_exit_to_user_mode+0xe/0x10 [ 61.547762][ T544] do_syscall_64+0x32/0x50 [ 61.552245][ T544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.558202][ T544] RIP: 0033:0x7f11ecc47be9 [ 61.562607][ T544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.582364][ T544] RSP: 002b:00007f11eca97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.590753][ T544] RAX: ffffffffffffffda RBX: 00007f11ece6f090 RCX: 00007f11ecc47be9 [ 61.598867][ T544] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.606817][ T544] RBP: 00007f11ecccae19 R08: 0000000000000000 R09: 0000000000000000 [ 61.614769][ T544] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.622730][ T544] R13: 00007f11ece6f128 R14: 00007f11ece6f090 R15: 00007ffc55344c58 [ 61.630965][ T520] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 61.631727][ T541] CPU: 0 PID: 541 Comm: syz.1.23 Tainted: G B syzkaller #0 [ 61.639605][ T548] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 61.646897][ T541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 61.663856][ T541] Call Trace: [ 61.667132][ T541] dump_stack_lvl+0x81/0xac [ 61.671615][ T541] dump_stack+0x10/0x12 [ 61.675836][ T541] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.681515][ T541] f2fs_iget+0x35eb/0x4b10 [ 61.686008][ T541] f2fs_lookup+0x491/0xc20 [ 61.690423][ T541] ? __recover_dot_dentries+0x530/0x530 [ 61.695956][ T541] path_openat+0x1024/0x3950 [ 61.700616][ T541] ? path_lookupat+0x6a0/0x6a0 [ 61.705361][ T541] ? __kasan_check_read+0x11/0x20 [ 61.710454][ T541] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.716335][ T541] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.722299][ T541] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.727998][ T541] ? __mod_node_page_state+0xa6/0x110 [ 61.733350][ T541] do_filp_open+0x193/0x3d0 [ 61.737832][ T541] ? may_open_dev+0xd0/0xd0 [ 61.742413][ T541] ? __check_object_size+0x1df/0x270 [ 61.747674][ T541] ? _raw_spin_unlock+0x41/0x70 [ 61.752505][ T541] do_sys_openat2+0x135/0x810 [ 61.757162][ T541] ? recalc_sigpending+0x7c/0xb0 [ 61.762084][ T541] ? build_open_flags+0x490/0x490 [ 61.767092][ T541] ? __kasan_check_write+0x14/0x20 [ 61.772189][ T541] ? __handle_speculative_fault+0xee/0x280 [ 61.778023][ T541] __x64_sys_openat+0x124/0x200 [ 61.782857][ T541] ? __ia32_sys_open+0x1b0/0x1b0 [ 61.787777][ T541] ? exit_to_user_mode_prepare+0x36/0x160 [ 61.793571][ T541] ? irqentry_exit_to_user_mode+0xe/0x10 [ 61.799188][ T541] do_syscall_64+0x32/0x50 [ 61.803585][ T541] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.809457][ T541] RIP: 0033:0x7f8c56cdfbe9 [ 61.813869][ T541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.833631][ T541] RSP: 002b:00007f8c56b2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.842277][ T541] RAX: ffffffffffffffda RBX: 00007f8c56f07090 RCX: 00007f8c56cdfbe9 [ 61.850236][ T541] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.858289][ T541] RBP: 00007f8c56d62e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.866343][ T541] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.874405][ T541] R13: 00007f8c56f07128 R14: 00007f8c56f07090 R15: 00007fffb0b07668 [ 61.882455][ T548] CPU: 1 PID: 548 Comm: syz.2.22 Tainted: G B syzkaller #0 [ 61.890951][ T548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 61.901301][ T548] Call Trace: [ 61.904589][ T548] dump_stack_lvl+0x81/0xac [ 61.909074][ T548] dump_stack+0x10/0x12 [ 61.913276][ T548] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.918903][ T548] f2fs_iget+0x35eb/0x4b10 [ 61.923316][ T548] f2fs_lookup+0x491/0xc20 [ 61.927719][ T548] ? __recover_dot_dentries+0x530/0x530 [ 61.933254][ T548] path_openat+0x1024/0x3950 [ 61.937825][ T548] ? path_lookupat+0x6a0/0x6a0 [ 61.942567][ T548] ? __kasan_check_read+0x11/0x20 [ 61.947567][ T548] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.953442][ T548] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.959402][ T548] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.965104][ T548] ? __mod_node_page_state+0xa6/0x110 [ 61.970539][ T548] do_filp_open+0x193/0x3d0 [ 61.975016][ T548] ? may_open_dev+0xd0/0xd0 [ 61.979497][ T548] ? __check_object_size+0x1df/0x270 [ 61.984764][ T548] ? _raw_spin_unlock+0x41/0x70 [ 61.989686][ T548] do_sys_openat2+0x135/0x810 [ 61.994341][ T548] ? recalc_sigpending+0x7c/0xb0 [ 61.999273][ T548] ? build_open_flags+0x490/0x490 [ 62.004290][ T548] ? __kasan_check_write+0x14/0x20 [ 62.009390][ T548] ? __handle_speculative_fault+0xee/0x280 [ 62.015177][ T548] __x64_sys_openat+0x124/0x200 [ 62.020008][ T548] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.024927][ T548] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.030635][ T548] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.036260][ T548] do_syscall_64+0x32/0x50 [ 62.040663][ T548] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.046549][ T548] RIP: 0033:0x7f2b99190be9 [ 62.051121][ T548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.070709][ T548] RSP: 002b:00007f2b98fe0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.079198][ T548] RAX: ffffffffffffffda RBX: 00007f2b993b8090 RCX: 00007f2b99190be9 [ 62.087164][ T548] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.095171][ T548] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.103137][ T548] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 62.111180][ T548] R13: 00007f2b993b8128 R14: 00007f2b993b8090 R15: 00007fff97bc7208 [ 62.119518][ T544] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.119991][ T541] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.133415][ T548] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.158237][ T541] ================================================================== [ 62.166328][ T541] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 62.174864][ T541] [ 62.177205][ T541] CPU: 0 PID: 541 Comm: syz.1.23 Tainted: G B syzkaller #0 [ 62.185710][ T541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 62.196147][ T541] Call Trace: [ 62.199438][ T541] dump_stack_lvl+0x81/0xac [ 62.204197][ T541] print_address_description.constprop.0+0x24/0x160 [ 62.210792][ T541] ? kmem_cache_free+0x106/0x440 [ 62.215736][ T541] kasan_report_invalid_free+0x56/0x80 [ 62.221401][ T541] ? kmem_cache_free+0x106/0x440 [ 62.226345][ T541] __kasan_slab_free+0x134/0x150 [ 62.231296][ T541] slab_free_freelist_hook+0x9b/0x1a0 [ 62.236754][ T541] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 62.242500][ T541] kmem_cache_free+0x106/0x440 [ 62.247264][ T541] f2fs_destroy_extent_tree+0x174/0x4b0 [ 62.252810][ T541] f2fs_evict_inode+0x335/0x1680 [ 62.257751][ T541] ? preempt_count_add+0x7a/0x100 [ 62.262864][ T541] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 62.268672][ T541] ? f2fs_write_inode+0x1010/0x1010 [ 62.273890][ T541] ? var_wake_function+0x130/0x130 [ 62.278995][ T541] ? _raw_spin_lock_bh+0x110/0x110 [ 62.284119][ T541] ? vprintk_func+0x5a/0x150 [ 62.288711][ T541] ? _raw_spin_lock_bh+0x110/0x110 [ 62.294092][ T541] evict+0x372/0x940 [ 62.297982][ T541] ? new_inode+0x2f0/0x2f0 [ 62.302393][ T541] ? _raw_spin_lock+0x86/0x110 [ 62.307153][ T541] ? _raw_spin_lock_bh+0x110/0x110 [ 62.312258][ T541] ? __kasan_check_read+0x11/0x20 [ 62.317449][ T541] ? f2fs_drop_inode+0x71/0x910 [ 62.322286][ T541] iput.part.0+0x33b/0x640 [ 62.326783][ T541] iput+0x3f/0x50 [ 62.330411][ T541] iget_failed+0x1e/0x30 [ 62.334650][ T541] f2fs_iget+0x22f6/0x4b10 [ 62.339063][ T541] f2fs_lookup+0x491/0xc20 [ 62.343467][ T541] ? __recover_dot_dentries+0x530/0x530 [ 62.349003][ T541] path_openat+0x1024/0x3950 [ 62.353591][ T541] ? path_lookupat+0x6a0/0x6a0 [ 62.358780][ T541] ? __kasan_check_read+0x11/0x20 [ 62.363836][ T541] ? pagevec_add_and_need_flush+0x216/0x290 [ 62.369820][ T541] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 62.375800][ T541] ? __mod_memcg_lruvec_state+0x118/0x330 [ 62.381879][ T541] ? __mod_node_page_state+0xa6/0x110 [ 62.387236][ T541] do_filp_open+0x193/0x3d0 [ 62.391724][ T541] ? may_open_dev+0xd0/0xd0 [ 62.396221][ T541] ? __check_object_size+0x1df/0x270 [ 62.401588][ T541] ? _raw_spin_unlock+0x41/0x70 [ 62.406424][ T541] do_sys_openat2+0x135/0x810 [ 62.411187][ T541] ? recalc_sigpending+0x7c/0xb0 [ 62.416116][ T541] ? build_open_flags+0x490/0x490 [ 62.421140][ T541] ? __kasan_check_write+0x14/0x20 [ 62.426419][ T541] ? __handle_speculative_fault+0xee/0x280 [ 62.432313][ T541] __x64_sys_openat+0x124/0x200 [ 62.437151][ T541] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.442083][ T541] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.447797][ T541] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.453415][ T541] do_syscall_64+0x32/0x50 [ 62.457816][ T541] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.463700][ T541] RIP: 0033:0x7f8c56cdfbe9 [ 62.468104][ T541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.487820][ T541] RSP: 002b:00007f8c56b2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.496234][ T541] RAX: ffffffffffffffda RBX: 00007f8c56f07090 RCX: 00007f8c56cdfbe9 [ 62.504201][ T541] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.512160][ T541] RBP: 00007f8c56d62e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.520395][ T541] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 62.528472][ T541] R13: 00007f8c56f07128 R14: 00007f8c56f07090 R15: 00007fffb0b07668 [ 62.536446][ T541] [ 62.538782][ T541] Allocated by task 516: [ 62.543011][ T541] kasan_save_stack+0x26/0x50 [ 62.547829][ T541] __kasan_slab_alloc+0x94/0xc0 [ 62.552686][ T541] kmem_cache_alloc+0x15d/0x4f0 [ 62.557550][ T541] f2fs_init_extent_tree+0x98f/0xdf0 [ 62.562838][ T541] f2fs_iget+0xa71/0x4b10 [ 62.567173][ T541] f2fs_lookup+0x491/0xc20 [ 62.571762][ T541] __lookup_slow+0x19b/0x3d0 [ 62.576352][ T541] walk_component+0x3ad/0x710 [ 62.581041][ T541] path_lookupat+0x112/0x6a0 [ 62.585629][ T541] filename_lookup+0x17f/0x510 [ 62.590395][ T541] user_path_at_empty+0xa2/0xf0 [ 62.595252][ T541] do_sys_truncate.part.0+0x85/0x100 [ 62.600536][ T541] __x64_sys_truncate+0x54/0x80 [ 62.605387][ T541] do_syscall_64+0x32/0x50 [ 62.609857][ T541] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.615748][ T541] [ 62.618107][ T541] Freed by task 516: [ 62.622000][ T541] kasan_save_stack+0x26/0x50 [ 62.626781][ T541] kasan_set_track+0x25/0x30 [ 62.631382][ T541] kasan_set_free_info+0x24/0x40 [ 62.636322][ T541] __kasan_slab_free+0x111/0x150 [ 62.641258][ T541] slab_free_freelist_hook+0x9b/0x1a0 [ 62.646756][ T541] kmem_cache_free+0x106/0x440 [ 62.651521][ T541] f2fs_destroy_extent_tree+0x174/0x4b0 [ 62.657223][ T541] f2fs_evict_inode+0x335/0x1680 [ 62.662151][ T541] evict+0x372/0x940 [ 62.666064][ T541] iput.part.0+0x33b/0x640 [ 62.670464][ T541] iput+0x3f/0x50 [ 62.674067][ T541] iget_failed+0x1e/0x30 [ 62.678291][ T541] f2fs_iget+0x22f6/0x4b10 [ 62.682701][ T541] f2fs_lookup+0x491/0xc20 [ 62.687088][ T541] __lookup_slow+0x19b/0x3d0 [ 62.691749][ T541] walk_component+0x3ad/0x710 [ 62.696494][ T541] path_lookupat+0x112/0x6a0 [ 62.701055][ T541] filename_lookup+0x17f/0x510 [ 62.705789][ T541] user_path_at_empty+0xa2/0xf0 [ 62.710709][ T541] do_sys_truncate.part.0+0x85/0x100 [ 62.715967][ T541] __x64_sys_truncate+0x54/0x80 [ 62.720973][ T541] do_syscall_64+0x32/0x50 [ 62.725363][ T541] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.731237][ T541] [ 62.733550][ T541] The buggy address belongs to the object at ffff88811e357070 [ 62.733550][ T541] which belongs to the cache f2fs_extent_tree of size 80 [ 62.747920][ T541] The buggy address is located 0 bytes inside of [ 62.747920][ T541] 80-byte region [ffff88811e357070, ffff88811e3570c0) [ 62.761041][ T541] The buggy address belongs to the page: [ 62.766675][ T541] page:ffffea000478d5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e357 [ 62.776973][ T541] flags: 0x4000000000000200(slab) [ 62.782055][ T541] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047d1e00 [ 62.790636][ T541] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 62.799302][ T541] page dumped because: kasan: bad access detected [ 62.805844][ T541] page_owner tracks the page as allocated [ 62.811543][ T541] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 469, ts 57218910274, free_ts 0 [ 62.829559][ T541] get_page_from_freelist+0x1fee/0x2ad0 [ 62.835080][ T541] __alloc_pages_nodemask+0x2ae/0x2530 [ 62.840593][ T541] allocate_slab+0x30f/0x460 [ 62.845152][ T541] ___slab_alloc.constprop.0+0x32b/0x730 [ 62.850768][ T541] kmem_cache_alloc+0x491/0x4f0 [ 62.855600][ T541] f2fs_init_extent_tree+0x98f/0xdf0 [ 62.860888][ T541] f2fs_iget+0xa71/0x4b10 [ 62.865190][ T541] f2fs_lookup+0x491/0xc20 [ 62.869590][ T541] __lookup_slow+0x19b/0x3d0 [ 62.874150][ T541] walk_component+0x3ad/0x710 [ 62.878796][ T541] path_lookupat+0x112/0x6a0 [ 62.883354][ T541] filename_lookup+0x17f/0x510 [ 62.888190][ T541] user_path_at_empty+0xa2/0xf0 [ 62.893118][ T541] do_sys_truncate.part.0+0x85/0x100 [ 62.898374][ T541] __x64_sys_truncate+0x54/0x80 [ 62.903213][ T541] do_syscall_64+0x32/0x50 [ 62.907613][ T541] page_owner free stack trace missing [ 62.912954][ T541] [ 62.915255][ T541] Memory state around the buggy address: [ 62.920878][ T541] ffff88811e356f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.928938][ T541] ffff88811e356f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.936997][ T541] >ffff88811e357000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb [ 62.945042][ T541] ^ [ 62.952756][ T541] ffff88811e357080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 62.960794][ T541] ffff88811e357100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.968913][ T541] ================================================================== [ 63.209569][ T551] F2FS-fs (loop4): invalid crc value [ 63.235349][ T551] F2FS-fs (loop4): Found nat_bits in checkpoint [ 63.399482][ T551] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 63.429868][ T551] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 63.436671][ T551] CPU: 1 PID: 551 Comm: syz.4.27 Tainted: G B syzkaller #0 [ 63.445367][ T551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 63.455908][ T551] Call Trace: [ 63.459201][ T551] dump_stack_lvl+0x81/0xac [ 63.463691][ T551] dump_stack+0x10/0x12 [ 63.467887][ T551] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 63.473430][ T551] f2fs_iget+0x35eb/0x4b10 [ 63.477904][ T551] f2fs_lookup+0x491/0xc20 [ 63.482605][ T551] ? __recover_dot_dentries+0x530/0x530 [ 63.488149][ T551] ? __legitimize_path+0x6c/0x170 [ 63.493248][ T551] __lookup_slow+0x19b/0x3d0 [ 63.498047][ T551] ? page_put_link+0x80/0x80 [ 63.502732][ T551] ? inode_permission.part.0+0xc2/0x320 [ 63.508358][ T551] walk_component+0x3ad/0x710 [ 63.513020][ T551] ? handle_dots.part.0+0x11c0/0x11c0 [ 63.518462][ T551] ? walk_component+0x710/0x710 [ 63.523297][ T551] path_lookupat+0x112/0x6a0 [ 63.527874][ T551] ? _atomic_dec_and_lock+0x19/0xa0 [ 63.533185][ T551] filename_lookup+0x17f/0x510 [ 63.537936][ T551] ? may_linkat+0x200/0x200 [ 63.542441][ T551] ? __check_object_size+0x1df/0x270 [ 63.547719][ T551] ? kmem_cache_alloc+0x17f/0x4f0 [ 63.552732][ T551] ? getname_flags.part.0+0x8c/0x480 [ 63.558089][ T551] user_path_at_empty+0xa2/0xf0 [ 63.562929][ T551] do_sys_truncate.part.0+0x85/0x100 [ 63.568227][ T551] ? vfs_truncate+0x540/0x540 [ 63.572978][ T551] ? __kasan_check_write+0x14/0x20 [ 63.578081][ T551] ? switch_fpu_return+0xbf/0x1b0 [ 63.583184][ T551] __x64_sys_truncate+0x54/0x80 [ 63.588023][ T551] do_syscall_64+0x32/0x50 [ 63.592434][ T551] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.598315][ T551] RIP: 0033:0x7f364bdf4be9 [ 63.602894][ T551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.622885][ T551] RSP: 002b:00007f364bc65038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 63.631380][ T551] RAX: ffffffffffffffda RBX: 00007f364c01bfa0 RCX: 00007f364bdf4be9 [ 63.639345][ T551] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 63.647305][ T551] RBP: 00007f364be77e19 R08: 0000000000000000 R09: 0000000000000000 [ 63.655360][ T551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.663323][ T551] R13: 00007f364c01c038 R14: 00007f364c01bfa0 R15: 00007ffdbc038c08 [ 64.049440][ T551] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.072219][ T565] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 64.078929][ T565] CPU: 0 PID: 565 Comm: syz.4.27 Tainted: G B syzkaller #0 [ 64.081963][ T554] F2FS-fs (loop2): invalid crc value [ 64.087418][ T565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 64.102733][ T565] Call Trace: [ 64.106021][ T565] dump_stack_lvl+0x81/0xac [ 64.110509][ T565] dump_stack+0x10/0x12 [ 64.114648][ T565] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.120180][ T565] f2fs_iget+0x35eb/0x4b10 [ 64.124594][ T565] f2fs_lookup+0x491/0xc20 [ 64.129092][ T565] ? __recover_dot_dentries+0x530/0x530 [ 64.134727][ T565] path_openat+0x1024/0x3950 [ 64.139393][ T565] ? path_lookupat+0x6a0/0x6a0 [ 64.144264][ T565] ? __kasan_check_read+0x11/0x20 [ 64.149471][ T565] ? pagevec_add_and_need_flush+0x216/0x290 [ 64.155370][ T565] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 64.161477][ T565] ? __mod_memcg_lruvec_state+0x118/0x330 [ 64.167433][ T565] ? __mod_node_page_state+0xa6/0x110 [ 64.172990][ T565] do_filp_open+0x193/0x3d0 [ 64.177898][ T565] ? may_open_dev+0xd0/0xd0 [ 64.182407][ T565] ? __check_object_size+0x1df/0x270 [ 64.187677][ T565] ? _raw_spin_unlock+0x41/0x70 [ 64.192510][ T565] do_sys_openat2+0x135/0x810 [ 64.197167][ T565] ? recalc_sigpending+0x7c/0xb0 [ 64.202144][ T565] ? build_open_flags+0x490/0x490 [ 64.207180][ T565] ? __kasan_check_write+0x14/0x20 [ 64.212374][ T565] ? __handle_speculative_fault+0xee/0x280 [ 64.218178][ T565] __x64_sys_openat+0x124/0x200 [ 64.223113][ T565] ? __ia32_sys_open+0x1b0/0x1b0 [ 64.228135][ T565] ? exit_to_user_mode_prepare+0x36/0x160 [ 64.233858][ T565] ? irqentry_exit_to_user_mode+0xe/0x10 [ 64.239483][ T565] do_syscall_64+0x32/0x50 [ 64.243882][ T565] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.250032][ T565] RIP: 0033:0x7f364bdf4be9 [ 64.254430][ T565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.274107][ T565] RSP: 002b:00007f364bc44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.282593][ T565] RAX: ffffffffffffffda RBX: 00007f364c01c090 RCX: 00007f364bdf4be9 [ 64.290980][ T565] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.299551][ T565] RBP: 00007f364be77e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.307502][ T565] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.315456][ T565] R13: 00007f364c01c128 R14: 00007f364c01c090 R15: 00007ffdbc038c08 [ 64.350454][ T554] F2FS-fs (loop2): Found nat_bits in checkpoint [ 64.376212][ T565] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.388819][ T565] ================================================================== [ 64.397071][ T565] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 64.405574][ T565] [ 64.407912][ T565] CPU: 0 PID: 565 Comm: syz.4.27 Tainted: G B syzkaller #0 [ 64.416417][ T565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 64.426567][ T565] Call Trace: [ 64.429859][ T565] dump_stack_lvl+0x81/0xac [ 64.434371][ T565] print_address_description.constprop.0+0x24/0x160 [ 64.440519][ T554] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 64.440983][ T565] ? kmem_cache_free+0x106/0x440 [ 64.453354][ T565] kasan_report_invalid_free+0x56/0x80 [ 64.458905][ T565] ? kmem_cache_free+0x106/0x440 [ 64.463849][ T565] __kasan_slab_free+0x134/0x150 [ 64.468878][ T565] slab_free_freelist_hook+0x9b/0x1a0 [ 64.474255][ T565] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 64.480120][ T565] kmem_cache_free+0x106/0x440 [ 64.485074][ T565] f2fs_destroy_extent_tree+0x174/0x4b0 [ 64.490629][ T565] f2fs_evict_inode+0x335/0x1680 [ 64.495575][ T565] ? irq_work_queue+0x3c/0x50 [ 64.500262][ T565] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 64.506071][ T565] ? f2fs_write_inode+0x1010/0x1010 [ 64.511278][ T565] ? var_wake_function+0x130/0x130 [ 64.516393][ T565] ? _raw_spin_lock_bh+0x110/0x110 [ 64.521517][ T565] ? vprintk_func+0x5a/0x150 [ 64.526109][ T565] ? _raw_spin_lock_bh+0x110/0x110 [ 64.531220][ T565] evict+0x372/0x940 [ 64.535094][ T565] ? new_inode+0x2f0/0x2f0 [ 64.539492][ T565] ? _raw_spin_lock+0x86/0x110 [ 64.544416][ T565] ? _raw_spin_lock_bh+0x110/0x110 [ 64.549518][ T565] ? __kasan_check_read+0x11/0x20 [ 64.554532][ T565] ? f2fs_drop_inode+0x71/0x910 [ 64.559458][ T565] iput.part.0+0x33b/0x640 [ 64.563866][ T565] iput+0x3f/0x50 [ 64.567578][ T565] iget_failed+0x1e/0x30 [ 64.571800][ T565] f2fs_iget+0x22f6/0x4b10 [ 64.576203][ T565] f2fs_lookup+0x491/0xc20 [ 64.580600][ T565] ? __recover_dot_dentries+0x530/0x530 [ 64.586308][ T565] path_openat+0x1024/0x3950 [ 64.591052][ T565] ? path_lookupat+0x6a0/0x6a0 [ 64.595796][ T565] ? __kasan_check_read+0x11/0x20 [ 64.600892][ T565] ? pagevec_add_and_need_flush+0x216/0x290 [ 64.606952][ T565] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 64.612918][ T565] ? __mod_memcg_lruvec_state+0x118/0x330 [ 64.618911][ T565] ? __mod_node_page_state+0xa6/0x110 [ 64.624449][ T565] do_filp_open+0x193/0x3d0 [ 64.628939][ T565] ? may_open_dev+0xd0/0xd0 [ 64.633420][ T565] ? __check_object_size+0x1df/0x270 [ 64.638685][ T565] ? _raw_spin_unlock+0x41/0x70 [ 64.643611][ T565] do_sys_openat2+0x135/0x810 [ 64.648267][ T565] ? recalc_sigpending+0x7c/0xb0 [ 64.653186][ T565] ? build_open_flags+0x490/0x490 [ 64.658198][ T565] ? __kasan_check_write+0x14/0x20 [ 64.663285][ T565] ? __handle_speculative_fault+0xee/0x280 [ 64.669068][ T565] __x64_sys_openat+0x124/0x200 [ 64.673902][ T565] ? __ia32_sys_open+0x1b0/0x1b0 [ 64.678853][ T565] ? exit_to_user_mode_prepare+0x36/0x160 [ 64.684550][ T565] ? irqentry_exit_to_user_mode+0xe/0x10 [ 64.690251][ T565] do_syscall_64+0x32/0x50 [ 64.694647][ T565] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.700537][ T565] RIP: 0033:0x7f364bdf4be9 [ 64.705046][ T565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.724651][ T565] RSP: 002b:00007f364bc44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.733056][ T565] RAX: ffffffffffffffda RBX: 00007f364c01c090 RCX: 00007f364bdf4be9 [ 64.741017][ T565] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.749054][ T565] RBP: 00007f364be77e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.757098][ T565] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.765139][ T565] R13: 00007f364c01c128 R14: 00007f364c01c090 R15: 00007ffdbc038c08 [ 64.773102][ T565] [ 64.775415][ T565] Allocated by task 551: [ 64.779672][ T565] kasan_save_stack+0x26/0x50 [ 64.784434][ T565] __kasan_slab_alloc+0x94/0xc0 [ 64.789264][ T565] kmem_cache_alloc+0x15d/0x4f0 [ 64.794190][ T565] f2fs_init_extent_tree+0x98f/0xdf0 [ 64.799578][ T565] f2fs_iget+0xa71/0x4b10 [ 64.804056][ T565] f2fs_lookup+0x491/0xc20 [ 64.808447][ T565] __lookup_slow+0x19b/0x3d0 [ 64.813017][ T565] walk_component+0x3ad/0x710 [ 64.817678][ T565] path_lookupat+0x112/0x6a0 [ 64.822241][ T565] filename_lookup+0x17f/0x510 [ 64.826982][ T565] user_path_at_empty+0xa2/0xf0 [ 64.831832][ T565] do_sys_truncate.part.0+0x85/0x100 [ 64.837094][ T565] __x64_sys_truncate+0x54/0x80 [ 64.842013][ T565] do_syscall_64+0x32/0x50 [ 64.846550][ T565] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.852424][ T565] [ 64.854745][ T565] Freed by task 551: [ 64.858641][ T565] kasan_save_stack+0x26/0x50 [ 64.863305][ T565] kasan_set_track+0x25/0x30 [ 64.867887][ T565] kasan_set_free_info+0x24/0x40 [ 64.872841][ T565] __kasan_slab_free+0x111/0x150 [ 64.877757][ T565] slab_free_freelist_hook+0x9b/0x1a0 [ 64.883106][ T565] kmem_cache_free+0x106/0x440 [ 64.887945][ T565] f2fs_destroy_extent_tree+0x174/0x4b0 [ 64.893474][ T565] f2fs_evict_inode+0x335/0x1680 [ 64.898478][ T565] evict+0x372/0x940 [ 64.902350][ T565] iput.part.0+0x33b/0x640 [ 64.906743][ T565] iput+0x3f/0x50 [ 64.910367][ T565] iget_failed+0x1e/0x30 [ 64.914587][ T565] f2fs_iget+0x22f6/0x4b10 [ 64.918987][ T565] f2fs_lookup+0x491/0xc20 [ 64.923382][ T565] __lookup_slow+0x19b/0x3d0 [ 64.927953][ T565] walk_component+0x3ad/0x710 [ 64.932622][ T565] path_lookupat+0x112/0x6a0 [ 64.937187][ T565] filename_lookup+0x17f/0x510 [ 64.941929][ T565] user_path_at_empty+0xa2/0xf0 [ 64.946771][ T565] do_sys_truncate.part.0+0x85/0x100 [ 64.952121][ T565] __x64_sys_truncate+0x54/0x80 [ 64.956949][ T565] do_syscall_64+0x32/0x50 [ 64.961438][ T565] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.967580][ T565] [ 64.970156][ T565] The buggy address belongs to the object at ffff88811e357540 [ 64.970156][ T565] which belongs to the cache f2fs_extent_tree of size 80 [ 64.984817][ T565] The buggy address is located 0 bytes inside of [ 64.984817][ T565] 80-byte region [ffff88811e357540, ffff88811e357590) [ 64.997992][ T565] The buggy address belongs to the page: [ 65.003675][ T565] page:ffffea000478d5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e357 [ 65.014171][ T565] flags: 0x4000000000000200(slab) [ 65.019171][ T565] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047d1e00 [ 65.027747][ T565] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 65.036318][ T565] page dumped because: kasan: bad access detected [ 65.042839][ T565] page_owner tracks the page as allocated [ 65.048542][ T565] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 469, ts 57218910274, free_ts 0 [ 65.066743][ T565] get_page_from_freelist+0x1fee/0x2ad0 [ 65.072266][ T565] __alloc_pages_nodemask+0x2ae/0x2530 [ 65.077797][ T565] allocate_slab+0x30f/0x460 [ 65.082364][ T565] ___slab_alloc.constprop.0+0x32b/0x730 [ 65.087974][ T565] kmem_cache_alloc+0x491/0x4f0 [ 65.092803][ T565] f2fs_init_extent_tree+0x98f/0xdf0 [ 65.098121][ T565] f2fs_iget+0xa71/0x4b10 [ 65.102536][ T565] f2fs_lookup+0x491/0xc20 [ 65.107148][ T565] __lookup_slow+0x19b/0x3d0 [ 65.111713][ T565] walk_component+0x3ad/0x710 [ 65.116363][ T565] path_lookupat+0x112/0x6a0 [ 65.120940][ T565] filename_lookup+0x17f/0x510 [ 65.125684][ T565] user_path_at_empty+0xa2/0xf0 [ 65.130510][ T565] do_sys_truncate.part.0+0x85/0x100 [ 65.135825][ T565] __x64_sys_truncate+0x54/0x80 [ 65.140658][ T565] do_syscall_64+0x32/0x50 [ 65.145058][ T565] page_owner free stack trace missing [ 65.150408][ T565] [ 65.152730][ T565] Memory state around the buggy address: [ 65.158352][ T565] ffff88811e357400: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 65.166498][ T565] ffff88811e357480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 65.174568][ T565] >ffff88811e357500: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 65.182931][ T565] ^ [ 65.189087][ T565] ffff88811e357580: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc 2025/09/29 13:12:13 executed programs: 25 [ 65.197135][ T565] ffff88811e357600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.205184][ T565] ================================================================== [ 65.275406][ T554] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 65.282147][ T554] CPU: 1 PID: 554 Comm: syz.2.29 Tainted: G B syzkaller #0 [ 65.290631][ T554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 65.300846][ T554] Call Trace: [ 65.304219][ T554] dump_stack_lvl+0x81/0xac [ 65.308813][ T554] dump_stack+0x10/0x12 [ 65.312945][ T554] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 65.318463][ T554] f2fs_iget+0x35eb/0x4b10 [ 65.322937][ T554] f2fs_lookup+0x491/0xc20 [ 65.327339][ T554] ? __recover_dot_dentries+0x530/0x530 [ 65.332885][ T554] ? __legitimize_path+0x6c/0x170 [ 65.337887][ T554] __lookup_slow+0x19b/0x3d0 [ 65.342452][ T554] ? page_put_link+0x80/0x80 [ 65.347021][ T554] ? inode_permission.part.0+0xc2/0x320 [ 65.352654][ T554] walk_component+0x3ad/0x710 [ 65.357401][ T554] ? handle_dots.part.0+0x11c0/0x11c0 [ 65.362756][ T554] ? walk_component+0x710/0x710 [ 65.367579][ T554] path_lookupat+0x112/0x6a0 [ 65.372260][ T554] ? setup_object.isra.0+0x22/0xd0 [ 65.377354][ T554] filename_lookup+0x17f/0x510 [ 65.382108][ T554] ? may_linkat+0x200/0x200 [ 65.386587][ T554] ? ___slab_alloc.constprop.0+0x32b/0x730 [ 65.392493][ T554] ? __check_object_size+0x1df/0x270 [ 65.397868][ T554] ? kmem_cache_alloc+0x17f/0x4f0 [ 65.402884][ T554] ? getname_flags.part.0+0x8c/0x480 [ 65.408144][ T554] user_path_at_empty+0xa2/0xf0 [ 65.412974][ T554] do_sys_truncate.part.0+0x85/0x100 [ 65.418321][ T554] ? vfs_truncate+0x540/0x540 [ 65.423077][ T554] ? __kasan_check_write+0x14/0x20 [ 65.428175][ T554] ? switch_fpu_return+0xbf/0x1b0 [ 65.433185][ T554] __x64_sys_truncate+0x54/0x80 [ 65.438016][ T554] do_syscall_64+0x32/0x50 [ 65.442416][ T554] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.448281][ T554] RIP: 0033:0x7f2b99190be9 [ 65.452673][ T554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.472449][ T554] RSP: 002b:00007f2b99001038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 65.480839][ T554] RAX: ffffffffffffffda RBX: 00007f2b993b7fa0 RCX: 00007f2b99190be9 [ 65.488885][ T554] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 65.497182][ T554] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.505225][ T554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.513357][ T554] R13: 00007f2b993b8038 R14: 00007f2b993b7fa0 R15: 00007fff97bc7208 [ 65.522305][ T554] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.534825][ T574] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 65.538024][ T561] F2FS-fs (loop1): invalid crc value [ 65.541997][ T574] CPU: 1 PID: 574 Comm: syz.2.29 Tainted: G B syzkaller #0 [ 65.555841][ T574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 65.556989][ T561] F2FS-fs (loop1): Found nat_bits in checkpoint [ 65.565980][ T574] Call Trace: [ 65.565993][ T574] dump_stack_lvl+0x81/0xac [ 65.565998][ T574] dump_stack+0x10/0x12 [ 65.566003][ T574] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 65.566009][ T574] f2fs_iget+0x35eb/0x4b10 [ 65.566015][ T574] f2fs_lookup+0x491/0xc20 [ 65.566020][ T574] ? __recover_dot_dentries+0x530/0x530 [ 65.566028][ T574] path_openat+0x1024/0x3950 [ 65.566034][ T574] ? path_lookupat+0x6a0/0x6a0 [ 65.566040][ T574] ? __kasan_check_read+0x11/0x20 [ 65.566046][ T574] ? pagevec_add_and_need_flush+0x216/0x290 [ 65.566050][ T574] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 65.566060][ T574] ? __mod_memcg_lruvec_state+0x118/0x330 [ 65.592376][ T561] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 65.594495][ T574] ? __mod_node_page_state+0xa6/0x110 [ 65.594503][ T574] do_filp_open+0x193/0x3d0 [ 65.594507][ T574] ? may_open_dev+0xd0/0xd0 [ 65.594516][ T574] ? __check_object_size+0x1df/0x270 [ 65.666966][ T574] ? _raw_spin_unlock+0x41/0x70 [ 65.671794][ T574] do_sys_openat2+0x135/0x810 [ 65.676455][ T574] ? recalc_sigpending+0x7c/0xb0 [ 65.681365][ T574] ? build_open_flags+0x490/0x490 [ 65.686361][ T574] ? __kasan_check_write+0x14/0x20 [ 65.691471][ T574] ? __handle_speculative_fault+0xee/0x280 [ 65.697352][ T574] __x64_sys_openat+0x124/0x200 [ 65.702182][ T574] ? __ia32_sys_open+0x1b0/0x1b0 [ 65.707126][ T574] ? exit_to_user_mode_prepare+0x36/0x160 [ 65.713024][ T574] ? irqentry_exit_to_user_mode+0xe/0x10 [ 65.718761][ T574] do_syscall_64+0x32/0x50 [ 65.723245][ T574] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.729303][ T574] RIP: 0033:0x7f2b99190be9 [ 65.733819][ T574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.753408][ T574] RSP: 002b:00007f2b98fe0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 65.761799][ T574] RAX: ffffffffffffffda RBX: 00007f2b993b8090 RCX: 00007f2b99190be9 [ 65.769779][ T574] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 65.777849][ T574] RBP: 00007f2b99213e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.785860][ T574] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 65.794019][ T574] R13: 00007f2b993b8128 R14: 00007f2b993b8090 R15: 00007fff97bc7208 [ 65.802206][ T574] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.917709][ T559] F2FS-fs (loop5): invalid crc value [ 65.934129][ T559] F2FS-fs (loop5): Found nat_bits in checkpoint [ 65.965612][ T559] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 65.978633][ T561] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 65.985613][ T564] F2FS-fs (loop6): invalid crc value [ 66.003494][ T559] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 66.009695][ T561] CPU: 0 PID: 561 Comm: syz.1.31 Tainted: G B syzkaller #0 [ 66.019342][ T561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 66.029408][ T561] Call Trace: [ 66.032707][ T561] dump_stack_lvl+0x81/0xac [ 66.037310][ T561] dump_stack+0x10/0x12 [ 66.041456][ T561] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 66.046996][ T561] f2fs_iget+0x35eb/0x4b10 [ 66.051395][ T561] f2fs_lookup+0x491/0xc20 [ 66.055995][ T561] ? __recover_dot_dentries+0x530/0x530 [ 66.061713][ T561] ? __legitimize_path+0x6c/0x170 [ 66.066737][ T561] __lookup_slow+0x19b/0x3d0 [ 66.071317][ T561] ? page_put_link+0x80/0x80 [ 66.072007][ T564] F2FS-fs (loop6): Found nat_bits in checkpoint [ 66.076368][ T561] ? inode_permission.part.0+0xc2/0x320 [ 66.076372][ T561] walk_component+0x3ad/0x710 [ 66.076380][ T561] ? handle_dots.part.0+0x11c0/0x11c0 [ 66.098392][ T561] ? walk_component+0x710/0x710 [ 66.103243][ T561] path_lookupat+0x112/0x6a0 [ 66.107847][ T561] ? _atomic_dec_and_lock+0x19/0xa0 [ 66.113047][ T561] filename_lookup+0x17f/0x510 [ 66.117806][ T561] ? may_linkat+0x200/0x200 [ 66.122317][ T561] ? __check_object_size+0x1df/0x270 [ 66.127748][ T561] ? kmem_cache_alloc+0x17f/0x4f0 [ 66.132800][ T561] ? getname_flags.part.0+0x8c/0x480 [ 66.138177][ T561] user_path_at_empty+0xa2/0xf0 [ 66.143031][ T561] do_sys_truncate.part.0+0x85/0x100 [ 66.148445][ T561] ? vfs_truncate+0x540/0x540 [ 66.153233][ T561] ? __kasan_check_write+0x14/0x20 [ 66.158432][ T561] ? switch_fpu_return+0xbf/0x1b0 [ 66.163441][ T561] __x64_sys_truncate+0x54/0x80 [ 66.168283][ T561] do_syscall_64+0x32/0x50 [ 66.172818][ T561] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.178819][ T561] RIP: 0033:0x7f8c56cdfbe9 [ 66.183332][ T561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.203278][ T561] RSP: 002b:00007f8c56b50038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 66.211862][ T561] RAX: ffffffffffffffda RBX: 00007f8c56f06fa0 RCX: 00007f8c56cdfbe9 [ 66.219837][ T561] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 66.227794][ T561] RBP: 00007f8c56d62e19 R08: 0000000000000000 R09: 0000000000000000 [ 66.236201][ T561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 66.244521][ T561] R13: 00007f8c56f07038 R14: 00007f8c56f06fa0 R15: 00007fffb0b07668 [ 66.259733][ T559] CPU: 1 PID: 559 Comm: syz.5.28 Tainted: G B syzkaller #0 [ 66.268240][ T559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 66.278290][ T559] Call Trace: [ 66.281571][ T559] dump_stack_lvl+0x81/0xac [ 66.286060][ T559] dump_stack+0x10/0x12 [ 66.290224][ T559] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 66.295753][ T559] f2fs_iget+0x35eb/0x4b10 [ 66.300244][ T559] f2fs_lookup+0x491/0xc20 [ 66.304644][ T559] ? __recover_dot_dentries+0x530/0x530 [ 66.310179][ T559] ? __legitimize_path+0x6c/0x170 [ 66.310213][ T564] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 66.315360][ T559] __lookup_slow+0x19b/0x3d0 [ 66.327360][ T559] ? page_put_link+0x80/0x80 [ 66.331934][ T559] ? inode_permission.part.0+0xc2/0x320 [ 66.337481][ T559] walk_component+0x3ad/0x710 [ 66.342237][ T559] ? handle_dots.part.0+0x11c0/0x11c0 [ 66.347839][ T559] ? walk_component+0x710/0x710 [ 66.352728][ T559] path_lookupat+0x112/0x6a0 [ 66.357306][ T559] ? _atomic_dec_and_lock+0x19/0xa0 [ 66.362503][ T559] filename_lookup+0x17f/0x510 [ 66.367364][ T559] ? may_linkat+0x200/0x200 [ 66.371863][ T559] ? __check_object_size+0x1df/0x270 [ 66.377144][ T559] ? kmem_cache_alloc+0x17f/0x4f0 [ 66.382152][ T559] ? getname_flags.part.0+0x8c/0x480 [ 66.387433][ T559] user_path_at_empty+0xa2/0xf0 [ 66.392443][ T559] do_sys_truncate.part.0+0x85/0x100 [ 66.397714][ T559] ? vfs_truncate+0x540/0x540 [ 66.402462][ T559] ? __kasan_check_write+0x14/0x20 [ 66.407734][ T559] ? switch_fpu_return+0xbf/0x1b0 [ 66.412758][ T559] __x64_sys_truncate+0x54/0x80 [ 66.417633][ T559] do_syscall_64+0x32/0x50 [ 66.422049][ T559] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.427937][ T559] RIP: 0033:0x7f11ecc47be9 [ 66.432344][ T559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.437479][ T561] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 66.452506][ T559] RSP: 002b:00007f11ecab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 66.452515][ T559] RAX: ffffffffffffffda RBX: 00007f11ece6efa0 RCX: 00007f11ecc47be9 [ 66.452518][ T559] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 66.452521][ T559] RBP: 00007f11ecccae19 R08: 0000000000000000 R09: 0000000000000000 [ 66.452524][ T559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 66.452526][ T559] R13: 00007f11ece6f038 R14: 00007f11ece6efa0 R15: 00007ffc55344c58