Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. 2025/11/08 10:37:48 parsed 1 programs [ 53.046091][ T23] audit: type=1400 audit(1762598268.620:109): avc: denied { unlink } for pid=389 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 53.078816][ T389] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.399566][ T23] audit: type=1400 audit(1762598268.980:110): avc: denied { create } for pid=401 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.541455][ T23] audit: type=1401 audit(1762598269.120:111): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 53.687324][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.694649][ T431] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.703193][ T431] device bridge_slave_0 entered promiscuous mode [ 53.712216][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.720105][ T431] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.727645][ T431] device bridge_slave_1 entered promiscuous mode [ 53.772182][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.779579][ T431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.787288][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.794914][ T431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.814508][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.822231][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.830344][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.838648][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.856891][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.865983][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.873225][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.881237][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.891854][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.899195][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.907000][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.915573][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.929959][ T431] device veth0_vlan entered promiscuous mode [ 53.937874][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.946986][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.955106][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.963204][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready 2025/11/08 10:37:49 executed programs: 0 [ 53.974047][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.986658][ T431] device veth1_macvtap entered promiscuous mode [ 53.995659][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.005949][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.146996][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.154043][ T450] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.161839][ T450] device bridge_slave_0 entered promiscuous mode [ 54.183876][ T447] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.191397][ T447] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.199319][ T447] device bridge_slave_0 entered promiscuous mode [ 54.208300][ T447] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.215629][ T447] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.223458][ T447] device bridge_slave_1 entered promiscuous mode [ 54.230529][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.238216][ T450] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.246230][ T450] device bridge_slave_1 entered promiscuous mode [ 54.277676][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.284942][ T448] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.293497][ T448] device bridge_slave_0 entered promiscuous mode [ 54.301145][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.308697][ T448] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.316413][ T448] device bridge_slave_1 entered promiscuous mode [ 54.326989][ T451] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.334385][ T451] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.342031][ T451] device bridge_slave_0 entered promiscuous mode [ 54.349663][ T451] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.356929][ T451] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.364410][ T451] device bridge_slave_1 entered promiscuous mode [ 54.442434][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.449874][ T448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.457653][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.465329][ T448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.484050][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.493303][ T452] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.500991][ T452] device bridge_slave_0 entered promiscuous mode [ 54.510053][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.517387][ T452] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.525064][ T452] device bridge_slave_1 entered promiscuous mode [ 54.557286][ T447] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.564616][ T447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.572056][ T447] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.579230][ T447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.621930][ T451] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.629508][ T451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.636780][ T451] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.644320][ T451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.671616][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.679134][ T450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.686709][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.694368][ T450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.703307][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.711482][ T440] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.719876][ T440] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.728030][ T440] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.735579][ T440] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.743558][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.752358][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.761189][ T440] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.768676][ T440] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.792444][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.801179][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.810225][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.819061][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.827819][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.835473][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.843012][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.851503][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.859915][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.867031][ T440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.874895][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.883532][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.892625][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.900279][ T440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.915274][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.942580][ T448] device veth0_vlan entered promiscuous mode [ 54.951663][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.959412][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.967527][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.977044][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.985792][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.993945][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.002392][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.011482][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.019508][ T440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.027540][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.035115][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.042877][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.062910][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.072417][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.080862][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.088205][ T440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.097147][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.105811][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.114278][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.123519][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.132744][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.140250][ T440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.148218][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.156683][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.164643][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.173078][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.180386][ T440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.188158][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.196307][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.204189][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.214814][ T448] device veth1_macvtap entered promiscuous mode [ 55.232789][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 55.241204][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.249714][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 55.258444][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.266941][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.275389][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.284377][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.299318][ T447] device veth0_vlan entered promiscuous mode [ 55.311324][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.319795][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.329068][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.337063][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.345274][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.353939][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.361477][ T440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.369510][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.378637][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.387418][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.394620][ T440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.402522][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.410883][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.419266][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.428122][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.436572][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.457939][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.466533][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.481712][ T450] device veth0_vlan entered promiscuous mode [ 55.496939][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.505786][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.514475][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.522844][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.530988][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.539763][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.548082][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.555858][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.581076][ T450] device veth1_macvtap entered promiscuous mode [ 55.588537][ T452] device veth0_vlan entered promiscuous mode [ 55.597967][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.607892][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.618623][ T447] device veth1_macvtap entered promiscuous mode [ 55.630732][ T451] device veth0_vlan entered promiscuous mode [ 55.640382][ T452] device veth1_macvtap entered promiscuous mode [ 55.670209][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.678945][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.687452][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.695195][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.704887][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.713733][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.722985][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.731863][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.740476][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.763168][ T451] device veth1_macvtap entered promiscuous mode [ 55.770506][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.779343][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.788547][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.797813][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.806566][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.815525][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.824026][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.880911][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.903099][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.922354][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.936354][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.056487][ T469] ====================================================== [ 56.056487][ T469] WARNING: the mand mount option is being deprecated and [ 56.056487][ T469] will be removed in v5.15! [ 56.056487][ T469] ====================================================== [ 56.119191][ T469] F2FS-fs (loop1): invalid crc value [ 56.165858][ T469] F2FS-fs (loop1): Found nat_bits in checkpoint [ 56.174200][ T46] device bridge_slave_1 left promiscuous mode [ 56.192150][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.226552][ T46] device bridge_slave_0 left promiscuous mode [ 56.232957][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.276877][ T46] device veth1_macvtap left promiscuous mode [ 56.283290][ T46] device veth0_vlan left promiscuous mode [ 56.316141][ T469] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 56.346255][ T23] audit: type=1400 audit(1762598271.930:112): avc: denied { mount } for pid=468 comm="syz.1.18" name="/" dev="loop1" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.371233][ T469] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 56.391022][ T469] CPU: 1 PID: 469 Comm: syz.1.18 Not tainted syzkaller #0 [ 56.398362][ T469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 56.408778][ T469] Call Trace: [ 56.412171][ T469] dump_stack_lvl+0x81/0xac [ 56.416760][ T469] dump_stack+0x10/0x12 [ 56.421360][ T469] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.427085][ T469] f2fs_iget+0x35eb/0x4b10 [ 56.431503][ T469] f2fs_lookup+0x491/0xc20 [ 56.436268][ T469] ? __recover_dot_dentries+0x530/0x530 [ 56.442207][ T469] ? __legitimize_path+0x6c/0x170 [ 56.447412][ T469] __lookup_slow+0x19b/0x3d0 [ 56.452095][ T469] ? page_put_link+0x80/0x80 [ 56.456946][ T469] ? inode_permission.part.0+0xc2/0x320 [ 56.462752][ T469] walk_component+0x3ad/0x710 [ 56.467421][ T469] ? handle_dots.part.0+0x11c0/0x11c0 [ 56.473054][ T469] ? walk_component+0x710/0x710 [ 56.477996][ T469] path_lookupat+0x112/0x6a0 [ 56.482595][ T469] ? _atomic_dec_and_lock+0x19/0xa0 [ 56.488328][ T469] filename_lookup+0x17f/0x510 [ 56.493339][ T469] ? may_linkat+0x200/0x200 [ 56.498117][ T469] ? __check_object_size+0x1df/0x270 [ 56.503522][ T469] ? kmem_cache_alloc+0x17f/0x4f0 [ 56.508647][ T469] ? getname_flags.part.0+0x8c/0x480 [ 56.514114][ T469] user_path_at_empty+0xa2/0xf0 [ 56.519043][ T469] do_sys_truncate.part.0+0x85/0x100 [ 56.524665][ T469] ? vfs_truncate+0x540/0x540 [ 56.529696][ T469] ? __kasan_check_write+0x14/0x20 [ 56.535097][ T469] ? switch_fpu_return+0xbf/0x1b0 [ 56.540197][ T469] __x64_sys_truncate+0x54/0x80 [ 56.545370][ T469] do_syscall_64+0x32/0x50 [ 56.550039][ T469] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.556546][ T469] RIP: 0033:0x7fba9ad5ebe9 [ 56.560987][ T469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.581229][ T469] RSP: 002b:00007fba9abcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 56.589990][ T469] RAX: ffffffffffffffda RBX: 00007fba9af85fa0 RCX: 00007fba9ad5ebe9 [ 56.598135][ T469] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 56.606358][ T469] RBP: 00007fba9ade1e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.614678][ T469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.623101][ T469] R13: 00007fba9af86038 R14: 00007fba9af85fa0 R15: 00007ffce1f06228 [ 56.676605][ T469] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.036404][ T471] F2FS-fs (loop6): invalid crc value [ 57.076806][ T471] F2FS-fs (loop6): Found nat_bits in checkpoint [ 57.161081][ T471] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 57.203478][ T471] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 57.212058][ T478] F2FS-fs (loop5): invalid crc value [ 57.236325][ T471] CPU: 1 PID: 471 Comm: syz.6.17 Not tainted syzkaller #0 [ 57.243758][ T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 57.254250][ T471] Call Trace: [ 57.257978][ T471] dump_stack_lvl+0x81/0xac [ 57.262647][ T471] dump_stack+0x10/0x12 [ 57.267161][ T471] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.272794][ T471] f2fs_iget+0x35eb/0x4b10 [ 57.277379][ T471] f2fs_lookup+0x491/0xc20 [ 57.282046][ T471] ? __recover_dot_dentries+0x530/0x530 [ 57.287864][ T471] ? __legitimize_path+0x6c/0x170 [ 57.292974][ T471] __lookup_slow+0x19b/0x3d0 [ 57.297819][ T471] ? page_put_link+0x80/0x80 [ 57.302490][ T471] ? inode_permission.part.0+0xc2/0x320 [ 57.308302][ T471] walk_component+0x3ad/0x710 [ 57.313174][ T471] ? handle_dots.part.0+0x11c0/0x11c0 [ 57.318805][ T471] ? walk_component+0x710/0x710 [ 57.323867][ T471] path_lookupat+0x112/0x6a0 [ 57.328558][ T471] ? _atomic_dec_and_lock+0x19/0xa0 [ 57.334032][ T471] filename_lookup+0x17f/0x510 [ 57.338964][ T471] ? may_linkat+0x200/0x200 [ 57.343699][ T471] ? __check_object_size+0x1df/0x270 [ 57.349074][ T471] ? kmem_cache_alloc+0x17f/0x4f0 [ 57.354191][ T471] ? getname_flags.part.0+0x8c/0x480 [ 57.359735][ T471] user_path_at_empty+0xa2/0xf0 [ 57.364583][ T471] do_sys_truncate.part.0+0x85/0x100 [ 57.369868][ T471] ? vfs_truncate+0x540/0x540 [ 57.374708][ T471] ? __kasan_check_write+0x14/0x20 [ 57.379825][ T471] ? switch_fpu_return+0xbf/0x1b0 [ 57.385018][ T471] __x64_sys_truncate+0x54/0x80 [ 57.389969][ T471] do_syscall_64+0x32/0x50 [ 57.394642][ T471] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.400615][ T471] RIP: 0033:0x7f7e1b2d5be9 [ 57.405123][ T471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.425084][ T471] RSP: 002b:00007f7e1b146038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 57.434195][ T471] RAX: ffffffffffffffda RBX: 00007f7e1b4fcfa0 RCX: 00007f7e1b2d5be9 [ 57.442626][ T471] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 57.451293][ T471] RBP: 00007f7e1b358e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.460156][ T471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.469417][ T471] R13: 00007f7e1b4fd038 R14: 00007f7e1b4fcfa0 R15: 00007fff3387aaa8 [ 57.482302][ T471] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.496974][ T478] F2FS-fs (loop5): Found nat_bits in checkpoint [ 57.505692][ T474] F2FS-fs (loop4): invalid crc value [ 57.521765][ T508] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 57.542189][ T476] F2FS-fs (loop2): invalid crc value [ 57.546261][ T508] CPU: 0 PID: 508 Comm: syz.6.17 Not tainted syzkaller #0 [ 57.555197][ T508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 57.565812][ T508] Call Trace: [ 57.569223][ T508] dump_stack_lvl+0x81/0xac [ 57.574193][ T508] dump_stack+0x10/0x12 [ 57.578563][ T508] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.584797][ T508] f2fs_iget+0x35eb/0x4b10 [ 57.589571][ T508] f2fs_lookup+0x491/0xc20 [ 57.593993][ T508] ? __recover_dot_dentries+0x530/0x530 [ 57.597224][ T476] F2FS-fs (loop2): Found nat_bits in checkpoint [ 57.599726][ T508] path_openat+0x1024/0x3950 [ 57.599738][ T508] ? path_lookupat+0x6a0/0x6a0 [ 57.615879][ T508] ? __kasan_check_read+0x11/0x20 [ 57.620930][ T508] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.627036][ T508] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.633119][ T508] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.639113][ T508] ? __mod_node_page_state+0xa6/0x110 [ 57.644585][ T508] do_filp_open+0x193/0x3d0 [ 57.649194][ T508] ? may_open_dev+0xd0/0xd0 [ 57.653707][ T508] ? __check_object_size+0x1df/0x270 [ 57.659348][ T508] ? _raw_spin_unlock+0x41/0x70 [ 57.664376][ T508] do_sys_openat2+0x135/0x810 [ 57.669400][ T508] ? recalc_sigpending+0x7c/0xb0 [ 57.674609][ T508] ? build_open_flags+0x490/0x490 [ 57.680092][ T508] ? __kasan_check_write+0x14/0x20 [ 57.685730][ T508] ? __handle_speculative_fault+0xee/0x280 [ 57.691638][ T508] __x64_sys_openat+0x124/0x200 [ 57.697047][ T508] ? __ia32_sys_open+0x1b0/0x1b0 [ 57.702509][ T508] ? exit_to_user_mode_prepare+0x36/0x160 [ 57.708445][ T508] ? irqentry_exit_to_user_mode+0xe/0x10 [ 57.714585][ T508] do_syscall_64+0x32/0x50 [ 57.719336][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.725795][ T508] RIP: 0033:0x7f7e1b2d5be9 [ 57.730702][ T508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.750469][ T474] F2FS-fs (loop4): Found nat_bits in checkpoint [ 57.751801][ T508] RSP: 002b:00007f7e1b125038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 57.766901][ T508] RAX: ffffffffffffffda RBX: 00007f7e1b4fd090 RCX: 00007f7e1b2d5be9 [ 57.775136][ T508] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 57.783644][ T508] RBP: 00007f7e1b358e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.792527][ T508] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 57.801562][ T508] R13: 00007f7e1b4fd128 R14: 00007f7e1b4fd090 R15: 00007fff3387aaa8 [ 57.812145][ T508] ================================================================== [ 57.820615][ T508] BUG: KASAN: use-after-free in f2fs_iget+0x49fe/0x4b10 [ 57.827963][ T508] Read of size 4 at addr ffff888122f552c4 by task syz.6.17/508 [ 57.836118][ T508] [ 57.836145][ T478] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 57.838544][ T508] CPU: 1 PID: 508 Comm: syz.6.17 Not tainted syzkaller #0 [ 57.853978][ T508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 57.856171][ T476] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 57.864695][ T508] Call Trace: [ 57.864709][ T508] dump_stack_lvl+0x81/0xac [ 57.864723][ T508] print_address_description.constprop.0+0x24/0x160 [ 57.887495][ T508] ? f2fs_iget+0x49fe/0x4b10 [ 57.892470][ T508] kasan_report.cold+0x82/0xdb [ 57.897342][ T508] ? f2fs_iget+0x49fe/0x4b10 [ 57.902029][ T508] __asan_report_load4_noabort+0x14/0x20 [ 57.903117][ T478] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 57.907924][ T508] f2fs_iget+0x49fe/0x4b10 [ 57.907934][ T508] f2fs_lookup+0x491/0xc20 [ 57.907939][ T508] ? __recover_dot_dentries+0x530/0x530 [ 57.907949][ T508] path_openat+0x1024/0x3950 [ 57.907956][ T508] ? path_lookupat+0x6a0/0x6a0 [ 57.907961][ T508] ? __kasan_check_read+0x11/0x20 [ 57.907972][ T508] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.950597][ T508] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.957016][ T508] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.963082][ T508] ? __mod_node_page_state+0xa6/0x110 [ 57.966859][ T476] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 57.968921][ T508] do_filp_open+0x193/0x3d0 [ 57.981719][ T508] ? may_open_dev+0xd0/0xd0 [ 57.986219][ T508] ? __check_object_size+0x1df/0x270 [ 57.991822][ T508] ? _raw_spin_unlock+0x41/0x70 [ 57.997022][ T508] do_sys_openat2+0x135/0x810 [ 58.001706][ T508] ? recalc_sigpending+0x7c/0xb0 [ 58.006941][ T508] ? build_open_flags+0x490/0x490 [ 58.012215][ T508] ? __kasan_check_write+0x14/0x20 [ 58.017520][ T508] ? __handle_speculative_fault+0xee/0x280 [ 58.023408][ T508] __x64_sys_openat+0x124/0x200 [ 58.028647][ T508] ? __ia32_sys_open+0x1b0/0x1b0 [ 58.033676][ T508] ? exit_to_user_mode_prepare+0x36/0x160 [ 58.039697][ T508] ? irqentry_exit_to_user_mode+0xe/0x10 [ 58.045693][ T508] do_syscall_64+0x32/0x50 [ 58.050366][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.056795][ T508] RIP: 0033:0x7f7e1b2d5be9 [ 58.061996][ T508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.082959][ T508] RSP: 002b:00007f7e1b125038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 58.091806][ T508] RAX: ffffffffffffffda RBX: 00007f7e1b4fd090 RCX: 00007f7e1b2d5be9 [ 58.100436][ T508] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 58.109151][ T508] RBP: 00007f7e1b358e19 R08: 0000000000000000 R09: 0000000000000000 [ 58.117738][ T508] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 58.126857][ T508] R13: 00007f7e1b4fd128 R14: 00007f7e1b4fd090 R15: 00007fff3387aaa8 [ 58.135437][ T508] [ 58.135443][ T476] CPU: 0 PID: 476 Comm: syz.2.19 Not tainted syzkaller #0 [ 58.135450][ T476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 58.137871][ T508] Allocated by task 471: [ 58.145493][ T476] Call Trace: [ 58.156167][ T508] kasan_save_stack+0x26/0x50 [ 58.160777][ T476] dump_stack_lvl+0x81/0xac [ 58.164161][ T508] __kasan_slab_alloc+0x94/0xc0 [ 58.169089][ T476] dump_stack+0x10/0x12 [ 58.174096][ T508] kmem_cache_alloc+0x15d/0x4f0 [ 58.179289][ T476] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 58.183653][ T508] f2fs_init_extent_tree+0x98f/0xdf0 [ 58.183665][ T508] f2fs_iget+0xa71/0x4b10 [ 58.189029][ T476] f2fs_iget+0x35eb/0x4b10 [ 58.195636][ T508] f2fs_lookup+0x491/0xc20 [ 58.201463][ T476] f2fs_lookup+0x491/0xc20 [ 58.206144][ T508] __lookup_slow+0x19b/0x3d0 [ 58.210635][ T476] ? __recover_dot_dentries+0x530/0x530 [ 58.215221][ T508] walk_component+0x3ad/0x710 [ 58.219746][ T476] ? __legitimize_path+0x6c/0x170 [ 58.224321][ T508] path_lookupat+0x112/0x6a0 [ 58.230276][ T476] __lookup_slow+0x19b/0x3d0 [ 58.235299][ T508] filename_lookup+0x17f/0x510 [ 58.240395][ T476] ? page_put_link+0x80/0x80 [ 58.245395][ T508] user_path_at_empty+0xa2/0xf0 [ 58.249986][ T476] ? inode_permission.part.0+0xc2/0x320 [ 58.254919][ T508] do_sys_truncate.part.0+0x85/0x100 [ 58.259964][ T476] walk_component+0x3ad/0x710 [ 58.265067][ T508] __x64_sys_truncate+0x54/0x80 [ 58.270797][ T476] ? handle_dots.part.0+0x11c0/0x11c0 [ 58.276566][ T508] do_syscall_64+0x32/0x50 [ 58.281235][ T476] ? walk_component+0x710/0x710 [ 58.286449][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.292001][ T476] path_lookupat+0x112/0x6a0 [ 58.296617][ T508] [ 58.301457][ T476] ? _atomic_dec_and_lock+0x19/0xa0 [ 58.307621][ T508] Freed by task 471: [ 58.312584][ T476] filename_lookup+0x17f/0x510 [ 58.314911][ T508] kasan_save_stack+0x26/0x50 [ 58.320270][ T476] ? may_linkat+0x200/0x200 [ 58.324151][ T508] kasan_set_track+0x25/0x30 [ 58.329112][ T476] ? __check_object_size+0x1df/0x270 [ 58.334040][ T508] kasan_set_free_info+0x24/0x40 [ 58.338536][ T476] ? kmem_cache_alloc+0x17f/0x4f0 [ 58.343119][ T508] __kasan_slab_free+0x111/0x150 [ 58.348787][ T476] ? getname_flags.part.0+0x8c/0x480 [ 58.353960][ T508] slab_free_freelist_hook+0x9b/0x1a0 [ 58.359057][ T476] user_path_at_empty+0xa2/0xf0 [ 58.364065][ T508] kmem_cache_free+0x106/0x440 [ 58.369432][ T476] do_sys_truncate.part.0+0x85/0x100 [ 58.374911][ T508] f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.379985][ T476] ? vfs_truncate+0x540/0x540 [ 58.385035][ T508] f2fs_evict_inode+0x335/0x1680 [ 58.390911][ T476] ? __kasan_check_write+0x14/0x20 [ 58.396583][ T508] evict+0x372/0x940 [ 58.401339][ T476] ? switch_fpu_return+0xbf/0x1b0 [ 58.406549][ T508] iput.part.0+0x33b/0x640 [ 58.411821][ T476] __x64_sys_truncate+0x54/0x80 [ 58.415912][ T508] iput+0x3f/0x50 [ 58.421762][ T476] do_syscall_64+0x32/0x50 [ 58.426504][ T508] iget_failed+0x1e/0x30 [ 58.431806][ T476] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.435897][ T508] f2fs_iget+0x22f6/0x4b10 [ 58.440564][ T476] RIP: 0033:0x7f227a510be9 [ 58.445161][ T508] f2fs_lookup+0x491/0xc20 [ 58.451137][ T476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.456005][ T508] __lookup_slow+0x19b/0x3d0 [ 58.460501][ T476] RSP: 002b:00007f227a381038 EFLAGS: 00000246 [ 58.464899][ T508] walk_component+0x3ad/0x710 [ 58.464906][ T508] path_lookupat+0x112/0x6a0 [ 58.485410][ T476] ORIG_RAX: 000000000000004c [ 58.490008][ T508] filename_lookup+0x17f/0x510 [ 58.496426][ T476] RAX: ffffffffffffffda RBX: 00007f227a737fa0 RCX: 00007f227a510be9 [ 58.501648][ T508] user_path_at_empty+0xa2/0xf0 [ 58.506803][ T476] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 58.511472][ T508] do_sys_truncate.part.0+0x85/0x100 [ 58.516315][ T476] RBP: 00007f227a593e19 R08: 0000000000000000 R09: 0000000000000000 [ 58.524676][ T508] __x64_sys_truncate+0x54/0x80 [ 58.529965][ T476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.538214][ T508] do_syscall_64+0x32/0x50 [ 58.543831][ T476] R13: 00007f227a738038 R14: 00007f227a737fa0 R15: 00007fff98350678 [ 58.552363][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.562224][ T478] CPU: 0 PID: 478 Comm: syz.5.20 Not tainted syzkaller #0 [ 58.565900][ T508] [ 58.570779][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 58.579005][ T508] The buggy address belongs to the object at ffff888122f552a0 [ 58.579005][ T508] which belongs to the cache f2fs_extent_tree of size 80 [ 58.585501][ T478] Call Trace: [ 58.592595][ T508] The buggy address is located 36 bytes inside of [ 58.592595][ T508] 80-byte region [ffff888122f552a0, ffff888122f552f0) [ 58.595016][ T478] dump_stack_lvl+0x81/0xac [ 58.605307][ T508] The buggy address belongs to the page: [ 58.620494][ T478] dump_stack+0x10/0x12 [ 58.623811][ T508] page:ffffea00048bd540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122f55 [ 58.637508][ T478] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 58.642373][ T508] flags: 0x4000000000000200(slab) [ 58.648271][ T478] f2fs_iget+0x35eb/0x4b10 [ 58.652630][ T508] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047fbb00 [ 58.663647][ T478] f2fs_lookup+0x491/0xc20 [ 58.669176][ T508] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 58.674471][ T478] ? __recover_dot_dentries+0x530/0x530 [ 58.680047][ T508] page dumped because: kasan: bad access detected [ 58.689470][ T478] ? __legitimize_path+0x6c/0x170 [ 58.694061][ T508] page_owner tracks the page as allocated [ 58.703368][ T478] __lookup_slow+0x19b/0x3d0 [ 58.709968][ T508] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 469, ts 56371193098, free_ts 0 [ 58.716786][ T478] ? page_put_link+0x80/0x80 [ 58.721888][ T508] get_page_from_freelist+0x1fee/0x2ad0 [ 58.727872][ T478] ? inode_permission.part.0+0xc2/0x320 [ 58.732717][ T508] __alloc_pages_nodemask+0x2ae/0x2530 [ 58.751448][ T478] walk_component+0x3ad/0x710 [ 58.756322][ T508] allocate_slab+0x30f/0x460 [ 58.761849][ T478] ? handle_dots.part.0+0x11c0/0x11c0 [ 58.767473][ T508] ___slab_alloc.constprop.0+0x32b/0x730 [ 58.773121][ T478] ? walk_component+0x710/0x710 [ 58.777875][ T508] kmem_cache_alloc+0x491/0x4f0 [ 58.782447][ T478] path_lookupat+0x112/0x6a0 [ 58.788073][ T508] f2fs_init_extent_tree+0x98f/0xdf0 [ 58.794233][ T478] ? _atomic_dec_and_lock+0x19/0xa0 [ 58.799466][ T508] f2fs_iget+0xa71/0x4b10 [ 58.804340][ T478] filename_lookup+0x17f/0x510 [ 58.809001][ T508] f2fs_lookup+0x491/0xc20 [ 58.814533][ T478] ? may_linkat+0x200/0x200 [ 58.819989][ T508] __lookup_slow+0x19b/0x3d0 [ 58.824476][ T478] ? __check_object_size+0x1df/0x270 [ 58.829350][ T508] walk_component+0x3ad/0x710 [ 58.834080][ T478] ? kmem_cache_alloc+0x17f/0x4f0 [ 58.838909][ T508] path_lookupat+0x112/0x6a0 [ 58.838915][ T508] filename_lookup+0x17f/0x510 [ 58.843663][ T478] ? getname_flags.part.0+0x8c/0x480 [ 58.843670][ T478] user_path_at_empty+0xa2/0xf0 [ 58.849208][ T508] user_path_at_empty+0xa2/0xf0 [ 58.849214][ T508] do_sys_truncate.part.0+0x85/0x100 [ 58.854232][ T478] do_sys_truncate.part.0+0x85/0x100 [ 58.859485][ T508] __x64_sys_truncate+0x54/0x80 [ 58.864058][ T478] ? vfs_truncate+0x540/0x540 [ 58.868900][ T508] do_syscall_64+0x32/0x50 [ 58.874269][ T478] ? __kasan_check_write+0x14/0x20 [ 58.879272][ T508] page_owner free stack trace missing [ 58.884249][ T478] ? switch_fpu_return+0xbf/0x1b0 [ 58.890057][ T508] [ 58.895737][ T478] __x64_sys_truncate+0x54/0x80 [ 58.900617][ T508] Memory state around the buggy address: [ 58.905394][ T478] do_syscall_64+0x32/0x50 [ 58.909989][ T508] ffff888122f55180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.915599][ T478] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.921334][ T508] ffff888122f55200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.926536][ T478] RIP: 0033:0x7f4392503be9 [ 58.929040][ T508] >ffff888122f55280: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc [ 58.934094][ T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.940143][ T508] ^ [ 58.944564][ T478] RSP: 002b:00007f4392374038 EFLAGS: 00000246 [ 58.953298][ T508] ffff888122f55300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.959450][ T478] ORIG_RAX: 000000000000004c [ 58.967704][ T508] ffff888122f55380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.972287][ T478] RAX: ffffffffffffffda RBX: 00007f439272afa0 RCX: 00007f4392503be9 [ 58.980747][ T508] ================================================================== [ 59.001147][ T478] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 59.007295][ T508] Disabling lock debugging due to kernel taint [ 59.013513][ T478] RBP: 00007f4392586e19 R08: 0000000000000000 R09: 0000000000000000 [ 59.074776][ T478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.082965][ T478] R13: 00007f439272b038 R14: 00007f439272afa0 R15: 00007fffd697a1d8 [ 59.093451][ T508] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.106426][ T476] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.110803][ T23] audit: type=1400 audit(1762598274.690:113): avc: denied { read } for pid=73 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 59.119287][ T478] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.147724][ T508] ================================================================== [ 59.160553][ T23] audit: type=1400 audit(1762598274.690:114): avc: denied { search } for pid=73 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.163641][ T508] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 59.163643][ T508] [ 59.163655][ T508] CPU: 0 PID: 508 Comm: syz.6.17 Tainted: G B syzkaller #0 2025/11/08 10:37:54 executed programs: 16 [ 59.186327][ T23] audit: type=1400 audit(1762598274.690:115): avc: denied { write } for pid=73 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.194960][ T508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 59.194963][ T508] Call Trace: [ 59.194976][ T508] dump_stack_lvl+0x81/0xac [ 59.194987][ T508] print_address_description.constprop.0+0x24/0x160 [ 59.197656][ T23] audit: type=1400 audit(1762598274.690:116): avc: denied { add_name } for pid=73 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.206435][ T508] ? kmem_cache_free+0x106/0x440 [ 59.206440][ T508] kasan_report_invalid_free+0x56/0x80 [ 59.206444][ T508] ? kmem_cache_free+0x106/0x440 [ 59.206448][ T508] __kasan_slab_free+0x134/0x150 [ 59.206453][ T508] slab_free_freelist_hook+0x9b/0x1a0 [ 59.206465][ T508] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 59.234092][ T23] audit: type=1400 audit(1762598274.690:117): avc: denied { create } for pid=73 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.239167][ T508] kmem_cache_free+0x106/0x440 [ 59.239176][ T508] f2fs_destroy_extent_tree+0x174/0x4b0 [ 59.239182][ T508] f2fs_evict_inode+0x335/0x1680 [ 59.239188][ T508] ? irq_work_queue+0x3c/0x50 [ 59.239193][ T508] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 59.239198][ T508] ? f2fs_write_inode+0x1010/0x1010 [ 59.239203][ T508] ? var_wake_function+0x130/0x130 [ 59.239209][ T508] ? _raw_spin_lock_bh+0x110/0x110 [ 59.239214][ T508] ? vprintk_func+0x5a/0x150 [ 59.239218][ T508] ? _raw_spin_lock_bh+0x110/0x110 [ 59.239223][ T508] evict+0x372/0x940 [ 59.239227][ T508] ? new_inode+0x2f0/0x2f0 [ 59.239230][ T508] ? _raw_spin_lock+0x86/0x110 [ 59.239234][ T508] ? _raw_spin_lock_bh+0x110/0x110 [ 59.239238][ T508] ? __kasan_check_read+0x11/0x20 [ 59.239242][ T508] ? f2fs_drop_inode+0x71/0x910 [ 59.239247][ T508] iput.part.0+0x33b/0x640 [ 59.239251][ T508] iput+0x3f/0x50 [ 59.239255][ T508] iget_failed+0x1e/0x30 [ 59.239260][ T508] f2fs_iget+0x22f6/0x4b10 [ 59.239268][ T508] f2fs_lookup+0x491/0xc20 [ 59.239273][ T508] ? __recover_dot_dentries+0x530/0x530 [ 59.239284][ T508] path_openat+0x1024/0x3950 [ 59.242710][ T23] audit: type=1400 audit(1762598274.690:118): avc: denied { append open } for pid=73 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.247306][ T508] ? path_lookupat+0x6a0/0x6a0 [ 59.247310][ T508] ? __kasan_check_read+0x11/0x20 [ 59.247316][ T508] ? pagevec_add_and_need_flush+0x216/0x290 [ 59.247321][ T508] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 59.247329][ T508] ? __mod_memcg_lruvec_state+0x118/0x330 [ 59.254108][ T23] audit: type=1400 audit(1762598274.690:119): avc: denied { getattr } for pid=73 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.274730][ T508] ? __mod_node_page_state+0xa6/0x110 [ 59.274736][ T508] do_filp_open+0x193/0x3d0 [ 59.274740][ T508] ? may_open_dev+0xd0/0xd0 [ 59.274747][ T508] ? __check_object_size+0x1df/0x270 [ 59.274753][ T508] ? _raw_spin_unlock+0x41/0x70 [ 59.274762][ T508] do_sys_openat2+0x135/0x810 [ 59.552919][ T508] ? recalc_sigpending+0x7c/0xb0 [ 59.558324][ T508] ? build_open_flags+0x490/0x490 [ 59.563552][ T508] ? __kasan_check_write+0x14/0x20 [ 59.568648][ T508] ? __handle_speculative_fault+0xee/0x280 [ 59.574555][ T508] __x64_sys_openat+0x124/0x200 [ 59.579430][ T508] ? __ia32_sys_open+0x1b0/0x1b0 [ 59.584535][ T508] ? exit_to_user_mode_prepare+0x36/0x160 [ 59.590613][ T508] ? irqentry_exit_to_user_mode+0xe/0x10 [ 59.596529][ T508] do_syscall_64+0x32/0x50 [ 59.601054][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.607019][ T508] RIP: 0033:0x7f7e1b2d5be9 [ 59.611532][ T508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.631857][ T508] RSP: 002b:00007f7e1b125038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 59.641065][ T508] RAX: ffffffffffffffda RBX: 00007f7e1b4fd090 RCX: 00007f7e1b2d5be9 [ 59.649304][ T508] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 59.657652][ T508] RBP: 00007f7e1b358e19 R08: 0000000000000000 R09: 0000000000000000 [ 59.666130][ T508] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 59.674583][ T508] R13: 00007f7e1b4fd128 R14: 00007f7e1b4fd090 R15: 00007fff3387aaa8 [ 59.682755][ T508] [ 59.685168][ T508] Allocated by task 471: [ 59.689818][ T508] kasan_save_stack+0x26/0x50 [ 59.694765][ T508] __kasan_slab_alloc+0x94/0xc0 [ 59.700012][ T508] kmem_cache_alloc+0x15d/0x4f0 [ 59.705302][ T508] f2fs_init_extent_tree+0x98f/0xdf0 [ 59.710698][ T508] f2fs_iget+0xa71/0x4b10 [ 59.715807][ T508] f2fs_lookup+0x491/0xc20 [ 59.720325][ T508] __lookup_slow+0x19b/0x3d0 [ 59.725037][ T508] walk_component+0x3ad/0x710 [ 59.729999][ T508] path_lookupat+0x112/0x6a0 [ 59.734579][ T508] filename_lookup+0x17f/0x510 [ 59.739506][ T508] user_path_at_empty+0xa2/0xf0 [ 59.744431][ T508] do_sys_truncate.part.0+0x85/0x100 [ 59.749786][ T508] __x64_sys_truncate+0x54/0x80 [ 59.754793][ T508] do_syscall_64+0x32/0x50 [ 59.759421][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.765493][ T508] [ 59.767894][ T508] Freed by task 471: [ 59.771858][ T508] kasan_save_stack+0x26/0x50 [ 59.776864][ T508] kasan_set_track+0x25/0x30 [ 59.781697][ T508] kasan_set_free_info+0x24/0x40 [ 59.786789][ T508] __kasan_slab_free+0x111/0x150 [ 59.792286][ T508] slab_free_freelist_hook+0x9b/0x1a0 [ 59.797927][ T508] kmem_cache_free+0x106/0x440 [ 59.803120][ T508] f2fs_destroy_extent_tree+0x174/0x4b0 [ 59.809001][ T508] f2fs_evict_inode+0x335/0x1680 [ 59.814034][ T508] evict+0x372/0x940 [ 59.818096][ T508] iput.part.0+0x33b/0x640 [ 59.823154][ T508] iput+0x3f/0x50 [ 59.827125][ T508] iget_failed+0x1e/0x30 [ 59.831746][ T508] f2fs_iget+0x22f6/0x4b10 [ 59.836144][ T508] f2fs_lookup+0x491/0xc20 [ 59.840816][ T508] __lookup_slow+0x19b/0x3d0 [ 59.845404][ T508] walk_component+0x3ad/0x710 [ 59.850157][ T508] path_lookupat+0x112/0x6a0 [ 59.855310][ T508] filename_lookup+0x17f/0x510 [ 59.860181][ T508] user_path_at_empty+0xa2/0xf0 [ 59.865238][ T508] do_sys_truncate.part.0+0x85/0x100 [ 59.870941][ T508] __x64_sys_truncate+0x54/0x80 [ 59.876075][ T508] do_syscall_64+0x32/0x50 [ 59.880676][ T508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.887073][ T508] [ 59.889683][ T508] The buggy address belongs to the object at ffff888122f552a0 [ 59.889683][ T508] which belongs to the cache f2fs_extent_tree of size 80 [ 59.905328][ T508] The buggy address is located 0 bytes inside of [ 59.905328][ T508] 80-byte region [ffff888122f552a0, ffff888122f552f0) [ 59.918671][ T508] The buggy address belongs to the page: [ 59.924472][ T508] page:ffffea00048bd540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122f55 [ 59.935361][ T508] flags: 0x4000000000000200(slab) [ 59.940640][ T508] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047fbb00 [ 59.949560][ T508] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 59.958471][ T508] page dumped because: kasan: bad access detected [ 59.965114][ T508] page_owner tracks the page as allocated [ 59.971000][ T508] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 469, ts 56371193098, free_ts 0 [ 59.989918][ T508] get_page_from_freelist+0x1fee/0x2ad0 [ 59.995814][ T508] __alloc_pages_nodemask+0x2ae/0x2530 [ 60.001695][ T508] allocate_slab+0x30f/0x460 [ 60.006553][ T508] ___slab_alloc.constprop.0+0x32b/0x730 [ 60.012525][ T508] kmem_cache_alloc+0x491/0x4f0 [ 60.017537][ T508] f2fs_init_extent_tree+0x98f/0xdf0 [ 60.023065][ T508] f2fs_iget+0xa71/0x4b10 [ 60.027552][ T508] f2fs_lookup+0x491/0xc20 [ 60.032308][ T508] __lookup_slow+0x19b/0x3d0 [ 60.036883][ T508] walk_component+0x3ad/0x710 [ 60.041628][ T508] path_lookupat+0x112/0x6a0 [ 60.046377][ T508] filename_lookup+0x17f/0x510 [ 60.051268][ T508] user_path_at_empty+0xa2/0xf0 [ 60.056300][ T508] do_sys_truncate.part.0+0x85/0x100 [ 60.061733][ T508] __x64_sys_truncate+0x54/0x80 [ 60.066674][ T508] do_syscall_64+0x32/0x50 [ 60.071161][ T508] page_owner free stack trace missing [ 60.076601][ T508] [ 60.079014][ T508] Memory state around the buggy address: [ 60.084808][ T508] ffff888122f55180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.093150][ T508] ffff888122f55200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.101517][ T508] >ffff888122f55280: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc [ 60.109960][ T508] ^ [ 60.115180][ T508] ffff888122f55300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.124044][ T508] ffff888122f55380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.132445][ T508] ================================================================== [ 60.146040][ T500] F2FS-fs (loop1): invalid crc value [ 60.152264][ T500] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12) [ 61.386296][ T526] F2FS-fs (loop5): invalid crc value [ 61.426835][ T526] F2FS-fs (loop5): Found nat_bits in checkpoint [ 61.487691][ T526] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 61.580939][ T534] F2FS-fs (loop1): invalid crc value [ 61.588001][ T534] F2FS-fs (loop1): Found nat_bits in checkpoint [ 61.612594][ T528] F2FS-fs (loop2): invalid crc value [ 61.618774][ T526] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 61.626708][ T526] CPU: 1 PID: 526 Comm: syz.5.24 Tainted: G B syzkaller #0 [ 61.635568][ T526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 61.639388][ T534] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 61.646144][ T526] Call Trace: [ 61.646156][ T526] dump_stack_lvl+0x81/0xac [ 61.646161][ T526] dump_stack+0x10/0x12 [ 61.646166][ T526] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.646172][ T526] f2fs_iget+0x35eb/0x4b10 [ 61.646181][ T526] f2fs_lookup+0x491/0xc20 [ 61.655233][ T528] F2FS-fs (loop2): Found nat_bits in checkpoint [ 61.657143][ T526] ? __recover_dot_dentries+0x530/0x530 [ 61.657153][ T526] ? __legitimize_path+0x6c/0x170 [ 61.657157][ T526] __lookup_slow+0x19b/0x3d0 [ 61.657162][ T526] ? page_put_link+0x80/0x80 [ 61.657172][ T526] ? inode_permission.part.0+0xc2/0x320 [ 61.693406][ T528] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 61.698600][ T526] walk_component+0x3ad/0x710 [ 61.698606][ T526] ? handle_dots.part.0+0x11c0/0x11c0 [ 61.698609][ T526] ? walk_component+0x710/0x710 [ 61.698614][ T526] path_lookupat+0x112/0x6a0 [ 61.698621][ T526] ? _atomic_dec_and_lock+0x19/0xa0 [ 61.698625][ T526] filename_lookup+0x17f/0x510 [ 61.698633][ T526] ? may_linkat+0x200/0x200 [ 61.757751][ T526] ? __check_object_size+0x1df/0x270 [ 61.763318][ T526] ? kmem_cache_alloc+0x17f/0x4f0 [ 61.768615][ T526] ? getname_flags.part.0+0x8c/0x480 [ 61.773973][ T526] user_path_at_empty+0xa2/0xf0 [ 61.779013][ T526] do_sys_truncate.part.0+0x85/0x100 [ 61.784369][ T526] ? vfs_truncate+0x540/0x540 [ 61.789225][ T526] ? __kasan_check_write+0x14/0x20 [ 61.794977][ T526] ? switch_fpu_return+0xbf/0x1b0 [ 61.800755][ T526] __x64_sys_truncate+0x54/0x80 [ 61.806163][ T526] do_syscall_64+0x32/0x50 [ 61.810948][ T526] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.817279][ T526] RIP: 0033:0x7f4392503be9 [ 61.821869][ T526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.842447][ T526] RSP: 002b:00007f4392374038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 61.851456][ T526] RAX: ffffffffffffffda RBX: 00007f439272afa0 RCX: 00007f4392503be9 [ 61.859694][ T526] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 61.868101][ T526] RBP: 00007f4392586e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.876148][ T526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.884948][ T526] R13: 00007f439272b038 R14: 00007f439272afa0 R15: 00007fffd697a1d8 [ 61.894166][ T526] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.908105][ T551] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 61.915112][ T551] CPU: 1 PID: 551 Comm: syz.5.24 Tainted: G B syzkaller #0 [ 61.924173][ T551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 61.935182][ T551] Call Trace: [ 61.938862][ T551] dump_stack_lvl+0x81/0xac [ 61.943488][ T551] dump_stack+0x10/0x12 [ 61.948023][ T551] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.954311][ T551] f2fs_iget+0x35eb/0x4b10 [ 61.958989][ T551] f2fs_lookup+0x491/0xc20 [ 61.963569][ T551] ? __recover_dot_dentries+0x530/0x530 [ 61.970067][ T551] path_openat+0x1024/0x3950 [ 61.974898][ T551] ? path_lookupat+0x6a0/0x6a0 [ 61.979669][ T551] ? __kasan_check_read+0x11/0x20 [ 61.984907][ T551] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.991183][ T551] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.997361][ T551] ? __mod_memcg_lruvec_state+0x118/0x330 [ 62.003577][ T551] ? __mod_node_page_state+0xa6/0x110 [ 62.009041][ T551] do_filp_open+0x193/0x3d0 [ 62.013723][ T551] ? may_open_dev+0xd0/0xd0 [ 62.018306][ T551] ? __check_object_size+0x1df/0x270 [ 62.023929][ T551] ? _raw_spin_unlock+0x41/0x70 [ 62.028952][ T551] do_sys_openat2+0x135/0x810 [ 62.034453][ T551] ? recalc_sigpending+0x7c/0xb0 [ 62.039562][ T551] ? build_open_flags+0x490/0x490 [ 62.044668][ T551] ? __kasan_check_write+0x14/0x20 [ 62.050205][ T551] ? __handle_speculative_fault+0xee/0x280 [ 62.056549][ T551] __x64_sys_openat+0x124/0x200 [ 62.061469][ T551] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.066516][ T551] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.072311][ T551] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.078107][ T551] do_syscall_64+0x32/0x50 [ 62.082684][ T551] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.088958][ T551] RIP: 0033:0x7f4392503be9 [ 62.093559][ T551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.114714][ T551] RSP: 002b:00007f4392353038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.123801][ T551] RAX: ffffffffffffffda RBX: 00007f439272b090 RCX: 00007f4392503be9 [ 62.132063][ T551] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.140112][ T551] RBP: 00007f4392586e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.149044][ T551] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 62.157361][ T551] R13: 00007f439272b128 R14: 00007f439272b090 R15: 00007fffd697a1d8 [ 62.169962][ T528] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 62.170629][ T532] F2FS-fs (loop6): invalid crc value [ 62.177668][ T534] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 62.194633][ T530] F2FS-fs (loop4): invalid crc value [ 62.196133][ T551] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.226106][ T528] CPU: 1 PID: 528 Comm: syz.2.23 Tainted: G B syzkaller #0 [ 62.234745][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 62.244976][ T528] Call Trace: [ 62.248447][ T528] dump_stack_lvl+0x81/0xac [ 62.253499][ T528] dump_stack+0x10/0x12 [ 62.257835][ T528] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.263751][ T528] f2fs_iget+0x35eb/0x4b10 [ 62.268560][ T528] f2fs_lookup+0x491/0xc20 [ 62.272981][ T528] ? __recover_dot_dentries+0x530/0x530 [ 62.278544][ T528] ? __legitimize_path+0x6c/0x170 [ 62.283572][ T528] __lookup_slow+0x19b/0x3d0 [ 62.288434][ T528] ? page_put_link+0x80/0x80 [ 62.293292][ T528] ? inode_permission.part.0+0xc2/0x320 [ 62.298921][ T528] walk_component+0x3ad/0x710 [ 62.303680][ T528] ? handle_dots.part.0+0x11c0/0x11c0 [ 62.309140][ T528] ? walk_component+0x710/0x710 [ 62.314312][ T528] path_lookupat+0x112/0x6a0 [ 62.319081][ T528] ? _atomic_dec_and_lock+0x19/0xa0 [ 62.324484][ T528] filename_lookup+0x17f/0x510 [ 62.329252][ T528] ? may_linkat+0x200/0x200 [ 62.333760][ T528] ? __check_object_size+0x1df/0x270 [ 62.339135][ T528] ? kmem_cache_alloc+0x17f/0x4f0 [ 62.344173][ T528] ? getname_flags.part.0+0x8c/0x480 [ 62.349824][ T528] user_path_at_empty+0xa2/0xf0 [ 62.354947][ T528] do_sys_truncate.part.0+0x85/0x100 [ 62.360228][ T528] ? vfs_truncate+0x540/0x540 [ 62.364983][ T528] ? __kasan_check_write+0x14/0x20 [ 62.370283][ T528] ? switch_fpu_return+0xbf/0x1b0 [ 62.375390][ T528] __x64_sys_truncate+0x54/0x80 [ 62.380714][ T528] do_syscall_64+0x32/0x50 [ 62.385341][ T528] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.391505][ T528] RIP: 0033:0x7f227a510be9 [ 62.396011][ T528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.416926][ T528] RSP: 002b:00007f227a381038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 62.425592][ T528] RAX: ffffffffffffffda RBX: 00007f227a737fa0 RCX: 00007f227a510be9 [ 62.433735][ T528] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 62.442155][ T528] RBP: 00007f227a593e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.450312][ T528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.458396][ T528] R13: 00007f227a738038 R14: 00007f227a737fa0 R15: 00007fff98350678 [ 62.467421][ T534] CPU: 0 PID: 534 Comm: syz.1.27 Tainted: G B syzkaller #0 [ 62.470627][ T528] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.476512][ T534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 62.476516][ T534] Call Trace: [ 62.476531][ T534] dump_stack_lvl+0x81/0xac [ 62.476535][ T534] dump_stack+0x10/0x12 [ 62.476539][ T534] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.476546][ T534] f2fs_iget+0x35eb/0x4b10 [ 62.476554][ T534] f2fs_lookup+0x491/0xc20 [ 62.476564][ T534] ? __recover_dot_dentries+0x530/0x530 [ 62.489957][ T554] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 62.500637][ T534] ? __legitimize_path+0x6c/0x170 [ 62.500642][ T534] __lookup_slow+0x19b/0x3d0 [ 62.500646][ T534] ? page_put_link+0x80/0x80 [ 62.500651][ T534] ? inode_permission.part.0+0xc2/0x320 [ 62.500656][ T534] walk_component+0x3ad/0x710 [ 62.500661][ T534] ? handle_dots.part.0+0x11c0/0x11c0 [ 62.500668][ T534] ? walk_component+0x710/0x710 [ 62.577036][ T534] path_lookupat+0x112/0x6a0 [ 62.581791][ T534] ? _atomic_dec_and_lock+0x19/0xa0 [ 62.587333][ T534] filename_lookup+0x17f/0x510 [ 62.592407][ T534] ? may_linkat+0x200/0x200 [ 62.596986][ T534] ? __check_object_size+0x1df/0x270 [ 62.602480][ T534] ? kmem_cache_alloc+0x17f/0x4f0 [ 62.607980][ T534] ? getname_flags.part.0+0x8c/0x480 [ 62.613597][ T534] user_path_at_empty+0xa2/0xf0 [ 62.618517][ T534] do_sys_truncate.part.0+0x85/0x100 [ 62.623988][ T534] ? vfs_truncate+0x540/0x540 [ 62.628758][ T534] ? __kasan_check_write+0x14/0x20 [ 62.633862][ T534] ? switch_fpu_return+0xbf/0x1b0 [ 62.638872][ T534] __x64_sys_truncate+0x54/0x80 [ 62.643706][ T534] do_syscall_64+0x32/0x50 [ 62.648227][ T534] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.654577][ T534] RIP: 0033:0x7fba9ad5ebe9 [ 62.659473][ T534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.680448][ T534] RSP: 002b:00007fba9abcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 62.688985][ T534] RAX: ffffffffffffffda RBX: 00007fba9af85fa0 RCX: 00007fba9ad5ebe9 [ 62.697308][ T534] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 62.705453][ T534] RBP: 00007fba9ade1e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.713793][ T534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.722402][ T534] R13: 00007fba9af86038 R14: 00007fba9af85fa0 R15: 00007ffce1f06228 [ 62.731365][ T554] CPU: 0 PID: 554 Comm: syz.2.23 Tainted: G B syzkaller #0 [ 62.732553][ T530] F2FS-fs (loop4): Found nat_bits in checkpoint [ 62.740216][ T554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 62.740219][ T554] Call Trace: [ 62.740230][ T554] dump_stack_lvl+0x81/0xac [ 62.740235][ T554] dump_stack+0x10/0x12 [ 62.740240][ T554] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.740247][ T554] f2fs_iget+0x35eb/0x4b10 [ 62.740254][ T554] f2fs_lookup+0x491/0xc20 [ 62.740260][ T554] ? __recover_dot_dentries+0x530/0x530 [ 62.740268][ T554] path_openat+0x1024/0x3950 [ 62.740274][ T554] ? path_lookupat+0x6a0/0x6a0 [ 62.740278][ T554] ? __kasan_check_read+0x11/0x20 [ 62.740285][ T554] ? pagevec_add_and_need_flush+0x216/0x290 [ 62.740304][ T554] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 62.740309][ T554] ? __mod_memcg_lruvec_state+0x118/0x330 [ 62.740317][ T554] do_filp_open+0x193/0x3d0 [ 62.778771][ T530] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 62.780487][ T554] ? may_open_dev+0xd0/0xd0 [ 62.786300][ T534] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.791152][ T554] ? __check_object_size+0x1df/0x270 [ 62.796811][ T532] F2FS-fs (loop6): Found nat_bits in checkpoint [ 62.801095][ T554] ? _raw_spin_unlock+0x41/0x70 [ 62.873355][ T554] do_sys_openat2+0x135/0x810 [ 62.878455][ T554] ? recalc_sigpending+0x7c/0xb0 [ 62.883772][ T554] ? build_open_flags+0x490/0x490 [ 62.889265][ T554] ? __kasan_check_write+0x14/0x20 [ 62.894452][ T554] ? __handle_speculative_fault+0xee/0x280 [ 62.900593][ T554] __x64_sys_openat+0x124/0x200 [ 62.905789][ T554] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.911258][ T554] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.917395][ T554] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.923405][ T554] do_syscall_64+0x32/0x50 [ 62.928699][ T554] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.935107][ T554] RIP: 0033:0x7f227a510be9 [ 62.939716][ T554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.961169][ T554] RSP: 002b:00007f227a360038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.970522][ T554] RAX: ffffffffffffffda RBX: 00007f227a738090 RCX: 00007f227a510be9 [ 62.978874][ T554] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 62.986936][ T554] RBP: 00007f227a593e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.995336][ T554] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 63.003311][ T554] R13: 00007f227a738128 R14: 00007f227a738090 R15: 00007fff98350678 [ 63.016942][ T530] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 63.022799][ T554] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 63.024279][ T530] CPU: 1 PID: 530 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 63.037138][ T557] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 63.045881][ T530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 63.063274][ T554] ================================================================== [ 63.063438][ T530] Call Trace: [ 63.072137][ T554] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 63.075595][ T530] dump_stack_lvl+0x81/0xac [ 63.084307][ T554] [ 63.089057][ T530] dump_stack+0x10/0x12 [ 63.095866][ T530] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 63.101582][ T530] f2fs_iget+0x35eb/0x4b10 [ 63.106254][ T530] f2fs_lookup+0x491/0xc20 [ 63.110748][ T530] ? __recover_dot_dentries+0x530/0x530 [ 63.116548][ T530] ? __legitimize_path+0x6c/0x170 [ 63.122701][ T530] __lookup_slow+0x19b/0x3d0 [ 63.127378][ T530] ? page_put_link+0x80/0x80 [ 63.132050][ T530] ? inode_permission.part.0+0xc2/0x320 [ 63.137878][ T530] walk_component+0x3ad/0x710 [ 63.142630][ T530] ? handle_dots.part.0+0x11c0/0x11c0 [ 63.148346][ T530] ? walk_component+0x710/0x710 [ 63.153533][ T530] path_lookupat+0x112/0x6a0 [ 63.158114][ T530] ? _atomic_dec_and_lock+0x19/0xa0 [ 63.163493][ T530] filename_lookup+0x17f/0x510 [ 63.168622][ T530] ? may_linkat+0x200/0x200 [ 63.173114][ T530] ? __check_object_size+0x1df/0x270 [ 63.178903][ T530] ? kmem_cache_alloc+0x17f/0x4f0 [ 63.184353][ T530] ? getname_flags.part.0+0x8c/0x480 [ 63.189860][ T530] user_path_at_empty+0xa2/0xf0 [ 63.194984][ T530] do_sys_truncate.part.0+0x85/0x100 [ 63.200477][ T530] ? vfs_truncate+0x540/0x540 [ 63.205450][ T530] ? __kasan_check_write+0x14/0x20 [ 63.210850][ T530] ? switch_fpu_return+0xbf/0x1b0 [ 63.216131][ T530] __x64_sys_truncate+0x54/0x80 [ 63.221354][ T530] do_syscall_64+0x32/0x50 [ 63.225783][ T530] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.231968][ T530] RIP: 0033:0x7ff4551e1be9 [ 63.236648][ T530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.258281][ T530] RSP: 002b:00007ff455052038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 63.267373][ T530] RAX: ffffffffffffffda RBX: 00007ff455408fa0 RCX: 00007ff4551e1be9 [ 63.275795][ T530] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 63.284015][ T530] RBP: 00007ff455264e19 R08: 0000000000000000 R09: 0000000000000000 [ 63.293029][ T530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.301429][ T530] R13: 00007ff455409038 R14: 00007ff455408fa0 R15: 00007ffcddb73598 [ 63.310063][ T554] CPU: 0 PID: 554 Comm: syz.2.23 Tainted: G B syzkaller #0 [ 63.310522][ T532] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 63.319010][ T554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 63.319013][ T554] Call Trace: [ 63.319026][ T554] dump_stack_lvl+0x81/0xac [ 63.319033][ T554] print_address_description.constprop.0+0x24/0x160 [ 63.319037][ T554] ? kmem_cache_free+0x106/0x440 [ 63.319042][ T554] kasan_report_invalid_free+0x56/0x80 [ 63.319045][ T554] ? kmem_cache_free+0x106/0x440 [ 63.319049][ T554] __kasan_slab_free+0x134/0x150 [ 63.319053][ T554] slab_free_freelist_hook+0x9b/0x1a0 [ 63.319060][ T554] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 63.319063][ T554] kmem_cache_free+0x106/0x440 [ 63.319068][ T554] f2fs_destroy_extent_tree+0x174/0x4b0 [ 63.319074][ T554] f2fs_evict_inode+0x335/0x1680 [ 63.319080][ T554] ? preempt_count_add+0x7a/0x100 [ 63.319084][ T554] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 63.319089][ T554] ? f2fs_write_inode+0x1010/0x1010 [ 63.319094][ T554] ? var_wake_function+0x130/0x130 [ 63.319099][ T554] ? _raw_spin_lock_bh+0x110/0x110 [ 63.319104][ T554] ? vprintk_func+0x5a/0x150 [ 63.319108][ T554] ? _raw_spin_lock_bh+0x110/0x110 [ 63.319118][ T554] evict+0x372/0x940 [ 63.327950][ T532] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 63.337625][ T554] ? new_inode+0x2f0/0x2f0 [ 63.337631][ T554] ? _raw_spin_lock+0x86/0x110 [ 63.337635][ T554] ? _raw_spin_lock_bh+0x110/0x110 [ 63.337645][ T554] ? __kasan_check_read+0x11/0x20 [ 63.470231][ T554] ? f2fs_drop_inode+0x71/0x910 [ 63.475335][ T554] iput.part.0+0x33b/0x640 [ 63.476372][ T530] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 63.479743][ T554] iput+0x3f/0x50 [ 63.496358][ T554] iget_failed+0x1e/0x30 [ 63.500598][ T554] f2fs_iget+0x22f6/0x4b10 [ 63.503445][ T564] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 63.505448][ T554] f2fs_lookup+0x491/0xc20 [ 63.517679][ T554] ? __recover_dot_dentries+0x530/0x530 [ 63.523578][ T554] path_openat+0x1024/0x3950 [ 63.528514][ T554] ? path_lookupat+0x6a0/0x6a0 [ 63.533538][ T554] ? __kasan_check_read+0x11/0x20 [ 63.538840][ T554] ? pagevec_add_and_need_flush+0x216/0x290 [ 63.544725][ T554] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 63.550790][ T554] ? __mod_memcg_lruvec_state+0x118/0x330 [ 63.556694][ T554] do_filp_open+0x193/0x3d0 [ 63.561284][ T554] ? may_open_dev+0xd0/0xd0 [ 63.565964][ T554] ? __check_object_size+0x1df/0x270 [ 63.571434][ T554] ? _raw_spin_unlock+0x41/0x70 [ 63.576573][ T554] do_sys_openat2+0x135/0x810 [ 63.581334][ T554] ? recalc_sigpending+0x7c/0xb0 [ 63.586488][ T554] ? build_open_flags+0x490/0x490 [ 63.592402][ T554] ? __kasan_check_write+0x14/0x20 [ 63.597911][ T554] ? __handle_speculative_fault+0xee/0x280 [ 63.604079][ T554] __x64_sys_openat+0x124/0x200 [ 63.609193][ T554] ? __ia32_sys_open+0x1b0/0x1b0 [ 63.614496][ T554] ? exit_to_user_mode_prepare+0x36/0x160 [ 63.620551][ T554] ? irqentry_exit_to_user_mode+0xe/0x10 [ 63.626713][ T554] do_syscall_64+0x32/0x50 [ 63.631562][ T554] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.637716][ T554] RIP: 0033:0x7f227a510be9 [ 63.642481][ T554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.662971][ T554] RSP: 002b:00007f227a360038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 63.671666][ T554] RAX: ffffffffffffffda RBX: 00007f227a738090 RCX: 00007f227a510be9 [ 63.680240][ T554] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 63.688807][ T554] RBP: 00007f227a593e19 R08: 0000000000000000 R09: 0000000000000000 [ 63.696939][ T554] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 63.705494][ T554] R13: 00007f227a738128 R14: 00007f227a738090 R15: 00007fff98350678 [ 63.713896][ T554] [ 63.713901][ T564] CPU: 1 PID: 564 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 63.713907][ T564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 63.716424][ T554] Allocated by task 528: [ 63.725782][ T564] Call Trace: [ 63.736739][ T554] kasan_save_stack+0x26/0x50 [ 63.741320][ T564] dump_stack_lvl+0x81/0xac [ 63.744854][ T554] __kasan_slab_alloc+0x94/0xc0 [ 63.749702][ T564] dump_stack+0x10/0x12 [ 63.754555][ T554] kmem_cache_alloc+0x15d/0x4f0 [ 63.759485][ T564] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 63.763711][ T554] f2fs_init_extent_tree+0x98f/0xdf0 [ 63.768904][ T564] f2fs_iget+0x35eb/0x4b10 [ 63.774895][ T554] f2fs_iget+0xa71/0x4b10 [ 63.780266][ T564] f2fs_lookup+0x491/0xc20 [ 63.784937][ T554] f2fs_lookup+0x491/0xc20 [ 63.789526][ T564] ? __recover_dot_dentries+0x530/0x530 [ 63.794023][ T554] __lookup_slow+0x19b/0x3d0 [ 63.798707][ T564] path_openat+0x1024/0x3950 [ 63.804512][ T554] walk_component+0x3ad/0x710 [ 63.809089][ T564] ? path_lookupat+0x6a0/0x6a0 [ 63.813858][ T554] path_lookupat+0x112/0x6a0 [ 63.818709][ T564] ? __kasan_check_read+0x11/0x20 [ 63.823552][ T554] filename_lookup+0x17f/0x510 [ 63.828143][ T564] ? pagevec_add_and_need_flush+0x216/0x290 [ 63.833149][ T554] user_path_at_empty+0xa2/0xf0 [ 63.837991][ T564] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 63.844421][ T554] do_sys_truncate.part.0+0x85/0x100 [ 63.849511][ T564] ? __mod_memcg_lruvec_state+0x118/0x330 [ 63.855826][ T554] __x64_sys_truncate+0x54/0x80 [ 63.861460][ T564] ? __mod_node_page_state+0xa6/0x110 [ 63.867443][ T554] do_syscall_64+0x32/0x50 [ 63.872553][ T564] do_filp_open+0x193/0x3d0 [ 63.878194][ T554] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.882811][ T564] ? may_open_dev+0xd0/0xd0 [ 63.887560][ T554] [ 63.893559][ T564] ? __check_object_size+0x1df/0x270 [ 63.898217][ T554] Freed by task 528: [ 63.900545][ T564] ? _raw_spin_unlock+0x41/0x70 [ 63.906184][ T554] kasan_save_stack+0x26/0x50 [ 63.910084][ T564] do_sys_openat2+0x135/0x810 [ 63.915018][ T554] kasan_set_track+0x25/0x30 [ 63.919851][ T564] ? recalc_sigpending+0x7c/0xb0 [ 63.924843][ T554] kasan_set_free_info+0x24/0x40 [ 63.929689][ T564] ? build_open_flags+0x490/0x490 [ 63.934795][ T554] __kasan_slab_free+0x111/0x150 [ 63.939799][ T564] ? __kasan_check_write+0x14/0x20 [ 63.945573][ T554] slab_free_freelist_hook+0x9b/0x1a0 [ 63.950944][ T564] ? __handle_speculative_fault+0xee/0x280 [ 63.956320][ T554] kmem_cache_free+0x106/0x440 [ 63.962126][ T564] __x64_sys_openat+0x124/0x200 [ 63.968013][ T554] f2fs_destroy_extent_tree+0x174/0x4b0 [ 63.972931][ T564] ? __ia32_sys_open+0x1b0/0x1b0 [ 63.977850][ T554] f2fs_evict_inode+0x335/0x1680 [ 63.983569][ T564] ? exit_to_user_mode_prepare+0x36/0x160 [ 63.988677][ T554] evict+0x372/0x940 [ 63.993707][ T564] ? irqentry_exit_to_user_mode+0xe/0x10 [ 63.999594][ T554] iput.part.0+0x33b/0x640 [ 64.003557][ T564] do_syscall_64+0x32/0x50 [ 64.009563][ T554] iput+0x3f/0x50 [ 64.014334][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.014340][ T564] RIP: 0033:0x7ff4551e1be9 [ 64.014348][ T564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.014351][ T564] RSP: 002b:00007ff455031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.014358][ T564] RAX: ffffffffffffffda RBX: 00007ff455409090 RCX: 00007ff4551e1be9 [ 64.014362][ T564] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.014370][ T564] RBP: 00007ff455264e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.019359][ T554] iget_failed+0x1e/0x30 [ 64.023200][ T564] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.029176][ T554] f2fs_iget+0x22f6/0x4b10 [ 64.033669][ T564] R13: 00007ff455409128 R14: 00007ff455409090 R15: 00007ffcddb73598 [ 64.054214][ T554] f2fs_lookup+0x491/0xc20 [ 64.066789][ T557] CPU: 1 PID: 557 Comm: syz.1.27 Tainted: G B syzkaller #0 [ 64.071729][ T554] __lookup_slow+0x19b/0x3d0 [ 64.079980][ T557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 64.088053][ T554] walk_component+0x3ad/0x710 [ 64.092818][ T557] Call Trace: [ 64.101327][ T554] path_lookupat+0x112/0x6a0 [ 64.105742][ T557] dump_stack_lvl+0x81/0xac [ 64.113981][ T554] filename_lookup+0x17f/0x510 [ 64.118660][ T557] dump_stack+0x10/0x12 [ 64.127491][ T554] user_path_at_empty+0xa2/0xf0 [ 64.132339][ T557] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.142966][ T554] do_sys_truncate.part.0+0x85/0x100 [ 64.147659][ T557] f2fs_iget+0x35eb/0x4b10 [ 64.151020][ T554] __x64_sys_truncate+0x54/0x80 [ 64.155726][ T557] f2fs_lookup+0x491/0xc20 [ 64.160304][ T554] do_syscall_64+0x32/0x50 [ 64.165147][ T557] ? __recover_dot_dentries+0x530/0x530 [ 64.169410][ T554] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.174426][ T557] path_openat+0x1024/0x3950 [ 64.180409][ T554] [ 64.186335][ T557] ? path_lookupat+0x6a0/0x6a0 [ 64.190846][ T554] The buggy address belongs to the object at ffff88811ff1a9a0 [ 64.190846][ T554] which belongs to the cache f2fs_extent_tree of size 80 [ 64.195884][ T557] ? __kasan_check_read+0x11/0x20 [ 64.200877][ T554] The buggy address is located 0 bytes inside of [ 64.200877][ T554] 80-byte region [ffff88811ff1a9a0, ffff88811ff1a9f0) [ 64.205551][ T557] ? pagevec_add_and_need_flush+0x216/0x290 [ 64.211274][ T554] The buggy address belongs to the page: [ 64.217434][ T557] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 64.222268][ T554] page:ffffea00047fc680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ff1a [ 64.224588][ T557] ? __mod_memcg_lruvec_state+0x118/0x330 [ 64.229745][ T554] flags: 0x4000000000000200(slab) [ 64.244493][ T557] ? __mod_node_page_state+0xa6/0x110 [ 64.249509][ T554] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047fbb00 [ 64.262624][ T557] do_filp_open+0x193/0x3d0 [ 64.268517][ T554] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 64.274327][ T557] ? may_open_dev+0xd0/0xd0 [ 64.280546][ T554] page dumped because: kasan: bad access detected [ 64.290998][ T557] ? __check_object_size+0x1df/0x270 [ 64.296872][ T554] page_owner tracks the page as allocated [ 64.302080][ T557] ? _raw_spin_unlock+0x41/0x70 [ 64.307837][ T554] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 478, ts 57903083997, free_ts 34205435800 [ 64.316705][ T557] do_sys_openat2+0x135/0x810 [ 64.321272][ T554] get_page_from_freelist+0x1fee/0x2ad0 [ 64.330230][ T557] ? recalc_sigpending+0x7c/0xb0 [ 64.334834][ T554] __alloc_pages_nodemask+0x2ae/0x2530 [ 64.341501][ T557] ? build_open_flags+0x490/0x490 [ 64.346866][ T554] allocate_slab+0x30f/0x460 [ 64.353321][ T557] ? __kasan_check_write+0x14/0x20 [ 64.358848][ T554] ___slab_alloc.constprop.0+0x32b/0x730 [ 64.378573][ T557] ? __handle_speculative_fault+0xee/0x280 [ 64.383323][ T554] kmem_cache_alloc+0x491/0x4f0 [ 64.389139][ T557] __x64_sys_openat+0x124/0x200 [ 64.394318][ T554] f2fs_init_extent_tree+0x98f/0xdf0 [ 64.400024][ T557] ? __ia32_sys_open+0x1b0/0x1b0 [ 64.405123][ T554] f2fs_iget+0xa71/0x4b10 [ 64.409967][ T557] ? exit_to_user_mode_prepare+0x36/0x160 [ 64.415334][ T554] f2fs_lookup+0x491/0xc20 [ 64.421035][ T557] ? irqentry_exit_to_user_mode+0xe/0x10 [ 64.426823][ T554] __lookup_slow+0x19b/0x3d0 [ 64.431960][ T557] do_syscall_64+0x32/0x50 [ 64.437317][ T554] walk_component+0x3ad/0x710 [ 64.442959][ T557] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.448154][ T554] path_lookupat+0x112/0x6a0 [ 64.452748][ T557] RIP: 0033:0x7fba9ad5ebe9 [ 64.458882][ T554] filename_lookup+0x17f/0x510 [ 64.463563][ T557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.469292][ T554] user_path_at_empty+0xa2/0xf0 [ 64.473956][ T557] RSP: 002b:00007fba9abae038 EFLAGS: 00000246 [ 64.478620][ T554] do_sys_truncate.part.0+0x85/0x100 [ 64.483796][ T557] ORIG_RAX: 0000000000000101 [ 64.490020][ T554] __x64_sys_truncate+0x54/0x80 [ 64.494949][ T557] RAX: ffffffffffffffda RBX: 00007fba9af86090 RCX: 00007fba9ad5ebe9 [ 64.499390][ T554] do_syscall_64+0x32/0x50 [ 64.504604][ T557] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.525271][ T554] page last free stack trace: [ 64.530536][ T557] RBP: 00007fba9ade1e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.536769][ T554] free_pcp_prepare+0x1a7/0x230 [ 64.542029][ T557] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.546817][ T554] free_unref_page_list+0x18a/0xae0 [ 64.551731][ T557] R13: 00007fba9af86128 R14: 00007fba9af86090 R15: 00007ffce1f06228 [ 64.560077][ T554] release_pages+0x374/0xb00 [ 64.567611][ T532] CPU: 1 PID: 532 Comm: syz.6.25 Tainted: G B syzkaller #0 [ 64.573089][ T554] free_pages_and_swap_cache+0x180/0x1e0 [ 64.578039][ T532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 64.586002][ T554] tlb_flush_mmu+0xbe/0x590 [ 64.591086][ T532] Call Trace: [ 64.599227][ T554] unmap_page_range+0x127b/0x1d60 [ 64.604413][ T532] dump_stack_lvl+0x81/0xac [ 64.612913][ T554] unmap_vmas+0x1cf/0x390 [ 64.617673][ T532] dump_stack+0x10/0x12 [ 64.627300][ T554] exit_mmap+0x276/0x520 [ 64.633175][ T532] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.643223][ T554] mmput+0x99/0x430 [ 64.647739][ T532] f2fs_iget+0x35eb/0x4b10 [ 64.651202][ T554] do_exit+0x873/0x2330 [ 64.656222][ T532] f2fs_lookup+0x491/0xc20 [ 64.660883][ T554] do_group_exit+0xe6/0x290 [ 64.665229][ T532] ? __recover_dot_dentries+0x530/0x530 [ 64.669714][ T554] get_signal+0x353/0x1a10 [ 64.674687][ T532] ? __legitimize_path+0x6c/0x170 [ 64.680777][ T554] arch_do_signal_or_restart+0x2c1/0x1b70 [ 64.684681][ T532] __lookup_slow+0x19b/0x3d0 [ 64.689877][ T554] exit_to_user_mode_prepare+0x10f/0x160 [ 64.694542][ T532] ? page_put_link+0x80/0x80 [ 64.699293][ T554] syscall_exit_to_user_mode+0x27/0x160 [ 64.704068][ T532] ? inode_permission.part.0+0xc2/0x320 [ 64.710364][ T554] do_syscall_64+0x3f/0x50 [ 64.714899][ T532] walk_component+0x3ad/0x710 [ 64.720282][ T554] [ 64.726308][ T532] ? handle_dots.part.0+0x11c0/0x11c0 [ 64.730970][ T554] Memory state around the buggy address: [ 64.736789][ T532] ? walk_component+0x710/0x710 [ 64.741768][ T554] ffff88811ff1a880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 64.747309][ T532] path_lookupat+0x112/0x6a0 [ 64.752835][ T554] ffff88811ff1a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.757233][ T532] ? _atomic_dec_and_lock+0x19/0xa0 [ 64.762158][ T554] >ffff88811ff1a980: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc [ 64.764664][ T532] filename_lookup+0x17f/0x510 [ 64.770640][ T554] ^ [ 64.776742][ T532] ? may_linkat+0x200/0x200 [ 64.781681][ T554] ffff88811ff1aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.789926][ T532] ? __check_object_size+0x1df/0x270 [ 64.794793][ T554] ffff88811ff1aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.803065][ T532] ? kmem_cache_alloc+0x17f/0x4f0 [ 64.808664][ T554] ================================================================== [ 64.816800][ T532] ? getname_flags.part.0+0x8c/0x480 [ 64.825328][ T564] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.827316][ T532] user_path_at_empty+0xa2/0xf0 [ 64.827323][ T532] do_sys_truncate.part.0+0x85/0x100 [ 64.827328][ T532] ? vfs_truncate+0x540/0x540 [ 64.827332][ T532] ? __kasan_check_write+0x14/0x20 [ 64.827338][ T532] ? switch_fpu_return+0xbf/0x1b0 [ 64.827343][ T532] __x64_sys_truncate+0x54/0x80 [ 64.827354][ T532] do_syscall_64+0x32/0x50 [ 64.832067][ T564] ================================================================== [ 64.840817][ T532] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.846538][ T564] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 64.855356][ T532] RIP: 0033:0x7f7e1b2d5be9 [ 64.860673][ T564] [ 64.868833][ T532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.973854][ T532] RSP: 002b:00007f7e1b146038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 64.982722][ T532] RAX: ffffffffffffffda RBX: 00007f7e1b4fcfa0 RCX: 00007f7e1b2d5be9 [ 64.991236][ T532] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 64.999391][ T532] RBP: 00007f7e1b358e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.007921][ T532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.015976][ T532] R13: 00007f7e1b4fd038 R14: 00007f7e1b4fcfa0 R15: 00007fff3387aaa8 [ 65.024109][ T564] CPU: 0 PID: 564 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 65.032794][ T564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 65.043287][ T564] Call Trace: [ 65.047118][ T564] dump_stack_lvl+0x81/0xac [ 65.051880][ T564] print_address_description.constprop.0+0x24/0x160 [ 65.058641][ T564] ? kmem_cache_free+0x106/0x440 [ 65.063660][ T564] kasan_report_invalid_free+0x56/0x80 [ 65.069314][ T564] ? kmem_cache_free+0x106/0x440 [ 65.074333][ T564] __kasan_slab_free+0x134/0x150 [ 65.079257][ T564] slab_free_freelist_hook+0x9b/0x1a0 [ 65.084790][ T564] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.090706][ T564] kmem_cache_free+0x106/0x440 [ 65.095543][ T564] f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.101379][ T564] f2fs_evict_inode+0x335/0x1680 [ 65.106411][ T564] ? preempt_count_add+0x7a/0x100 [ 65.111427][ T564] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 65.117495][ T564] ? f2fs_write_inode+0x1010/0x1010 [ 65.122767][ T564] ? var_wake_function+0x130/0x130 [ 65.128124][ T564] ? _raw_spin_lock_bh+0x110/0x110 [ 65.133229][ T564] ? vprintk_func+0x5a/0x150 [ 65.137805][ T564] ? _raw_spin_lock_bh+0x110/0x110 [ 65.143167][ T564] evict+0x372/0x940 [ 65.147312][ T564] ? irqentry_exit+0x53/0x60 [ 65.152077][ T564] ? new_inode+0x2f0/0x2f0 [ 65.156563][ T564] ? _raw_spin_lock+0x86/0x110 [ 65.161422][ T564] ? _raw_spin_lock_bh+0x110/0x110 [ 65.166977][ T564] ? __kasan_check_read+0x11/0x20 [ 65.172256][ T564] ? f2fs_drop_inode+0x71/0x910 [ 65.177275][ T564] iput.part.0+0x33b/0x640 [ 65.181685][ T564] iput+0x3f/0x50 [ 65.185397][ T564] iget_failed+0x1e/0x30 [ 65.189645][ T564] f2fs_iget+0x22f6/0x4b10 [ 65.194229][ T564] f2fs_lookup+0x491/0xc20 [ 65.198870][ T564] ? __recover_dot_dentries+0x530/0x530 [ 65.204493][ T564] path_openat+0x1024/0x3950 [ 65.209520][ T564] ? path_lookupat+0x6a0/0x6a0 [ 65.214358][ T564] ? __kasan_check_read+0x11/0x20 [ 65.220187][ T564] ? pagevec_add_and_need_flush+0x216/0x290 [ 65.226262][ T564] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 65.232612][ T564] ? __mod_memcg_lruvec_state+0x118/0x330 [ 65.238423][ T564] ? __mod_node_page_state+0xa6/0x110 [ 65.244228][ T564] do_filp_open+0x193/0x3d0 [ 65.248715][ T564] ? may_open_dev+0xd0/0xd0 [ 65.253569][ T564] ? __check_object_size+0x1df/0x270 [ 65.259145][ T564] ? _raw_spin_unlock+0x41/0x70 [ 65.264091][ T564] do_sys_openat2+0x135/0x810 [ 65.268848][ T564] ? recalc_sigpending+0x7c/0xb0 [ 65.274107][ T564] ? build_open_flags+0x490/0x490 [ 65.279292][ T564] ? __kasan_check_write+0x14/0x20 [ 65.284788][ T564] ? __handle_speculative_fault+0xee/0x280 [ 65.290700][ T564] __x64_sys_openat+0x124/0x200 [ 65.295827][ T564] ? __ia32_sys_open+0x1b0/0x1b0 [ 65.300843][ T564] ? exit_to_user_mode_prepare+0x36/0x160 [ 65.307246][ T564] ? irqentry_exit_to_user_mode+0xe/0x10 [ 65.312878][ T564] do_syscall_64+0x32/0x50 [ 65.317375][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.323604][ T564] RIP: 0033:0x7ff4551e1be9 [ 65.328116][ T564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.349158][ T564] RSP: 002b:00007ff455031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 65.358168][ T564] RAX: ffffffffffffffda RBX: 00007ff455409090 RCX: 00007ff4551e1be9 [ 65.366601][ T564] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 65.375199][ T564] RBP: 00007ff455264e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.383355][ T564] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 65.391815][ T564] R13: 00007ff455409128 R14: 00007ff455409090 R15: 00007ffcddb73598 [ 65.400134][ T564] [ 65.402535][ T564] Allocated by task 530: [ 65.406876][ T564] kasan_save_stack+0x26/0x50 [ 65.411913][ T564] __kasan_slab_alloc+0x94/0xc0 [ 65.416942][ T564] kmem_cache_alloc+0x15d/0x4f0 [ 65.421964][ T564] f2fs_init_extent_tree+0x98f/0xdf0 [ 65.427331][ T564] f2fs_iget+0xa71/0x4b10 [ 65.431904][ T564] f2fs_lookup+0x491/0xc20 [ 65.436304][ T564] __lookup_slow+0x19b/0x3d0 [ 65.441053][ T564] walk_component+0x3ad/0x710 [ 65.445922][ T564] path_lookupat+0x112/0x6a0 [ 65.451080][ T564] filename_lookup+0x17f/0x510 [ 65.456131][ T564] user_path_at_empty+0xa2/0xf0 [ 65.461334][ T564] do_sys_truncate.part.0+0x85/0x100 [ 65.466873][ T564] __x64_sys_truncate+0x54/0x80 [ 65.471713][ T564] do_syscall_64+0x32/0x50 [ 65.476568][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.482626][ T564] [ 65.484941][ T564] Freed by task 530: [ 65.489002][ T564] kasan_save_stack+0x26/0x50 [ 65.494463][ T564] kasan_set_track+0x25/0x30 [ 65.499307][ T564] kasan_set_free_info+0x24/0x40 [ 65.504676][ T564] __kasan_slab_free+0x111/0x150 [ 65.510056][ T564] slab_free_freelist_hook+0x9b/0x1a0 [ 65.515419][ T564] kmem_cache_free+0x106/0x440 [ 65.520448][ T564] f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.525991][ T564] f2fs_evict_inode+0x335/0x1680 [ 65.531147][ T564] evict+0x372/0x940 [ 65.535134][ T564] iput.part.0+0x33b/0x640 [ 65.539645][ T564] iput+0x3f/0x50 [ 65.543530][ T564] iget_failed+0x1e/0x30 [ 65.547761][ T564] f2fs_iget+0x22f6/0x4b10 [ 65.552165][ T564] f2fs_lookup+0x491/0xc20 [ 65.556942][ T564] __lookup_slow+0x19b/0x3d0 [ 65.561713][ T564] walk_component+0x3ad/0x710 [ 65.566463][ T564] path_lookupat+0x112/0x6a0 [ 65.571226][ T564] filename_lookup+0x17f/0x510 [ 65.576058][ T564] user_path_at_empty+0xa2/0xf0 [ 65.581238][ T564] do_sys_truncate.part.0+0x85/0x100 [ 65.586792][ T564] __x64_sys_truncate+0x54/0x80 [ 65.591818][ T564] do_syscall_64+0x32/0x50 [ 65.596573][ T564] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.602648][ T564] [ 65.605058][ T564] The buggy address belongs to the object at ffff888122f55c40 [ 65.605058][ T564] which belongs to the cache f2fs_extent_tree of size 80 [ 65.620200][ T564] The buggy address is located 0 bytes inside of [ 65.620200][ T564] 80-byte region [ffff888122f55c40, ffff888122f55c90) [ 65.633989][ T564] The buggy address belongs to the page: [ 65.639867][ T564] page:ffffea00048bd540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122f55 [ 65.650273][ T564] flags: 0x4000000000000200(slab) [ 65.655684][ T564] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881047fbb00 [ 65.664642][ T564] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 65.673641][ T564] page dumped because: kasan: bad access detected [ 65.680044][ T564] page_owner tracks the page as allocated [ 65.685836][ T564] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 469, ts 56371193098, free_ts 0 [ 65.705754][ T564] get_page_from_freelist+0x1fee/0x2ad0 [ 65.711383][ T564] __alloc_pages_nodemask+0x2ae/0x2530 [ 65.716829][ T564] allocate_slab+0x30f/0x460 [ 65.721606][ T564] ___slab_alloc.constprop.0+0x32b/0x730 [ 65.727515][ T564] kmem_cache_alloc+0x491/0x4f0 [ 65.732436][ T564] f2fs_init_extent_tree+0x98f/0xdf0 [ 65.737808][ T564] f2fs_iget+0xa71/0x4b10 [ 65.742680][ T564] f2fs_lookup+0x491/0xc20 [ 65.747357][ T564] __lookup_slow+0x19b/0x3d0 [ 65.752265][ T564] walk_component+0x3ad/0x710 [ 65.757112][ T564] path_lookupat+0x112/0x6a0 [ 65.762082][ T564] filename_lookup+0x17f/0x510 [ 65.767194][ T564] user_path_at_empty+0xa2/0xf0 [ 65.772329][ T564] do_sys_truncate.part.0+0x85/0x100 [ 65.778068][ T564] __x64_sys_truncate+0x54/0x80 [ 65.783174][ T564] do_syscall_64+0x32/0x50 [ 65.787947][ T564] page_owner free stack trace missing [ 65.793495][ T564] [ 65.795812][ T564] Memory state around the buggy address: [ 65.801646][ T564] ffff888122f55b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.809888][ T564] ffff888122f55b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.818485][ T564] >ffff888122f55c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 65.826985][ T564] ^ [ 65.833555][ T564] ffff888122f55c80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.841694][ T564] ffff888122f55d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 2025/11/08 10:38:01 executed programs: 22 [ 65.850264][ T564] ================================================================== [ 65.860102][ T557] F2FS-fs (loop1): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.872981][ T532] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 67.297351][ T566] F2FS-fs (loop5): invalid crc value [ 67.303573][ T568] F2FS-fs (loop6): invalid crc value [ 67.319402][ T566] F2FS-fs (loop5): Found nat_bits in checkpoint [ 67.325674][ T568] F2FS-fs (loop6): Found nat_bits in checkpoint [ 67.347321][ T572] F2FS-fs (loop1): invalid crc value [ 67.366906][ T566] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 67.377300][ T568] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 67.377345][ T572] F2FS-fs (loop1): Found nat_bits in checkpoint [ 67.411783][ T572] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 67.421256][ T566] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 67.421661][ T570] F2FS-fs (loop2): invalid crc value [ 67.428329][ T566] CPU: 1 PID: 566 Comm: syz.5.28 Tainted: G B syzkaller #0 [ 67.434870][ T570] F2FS-fs (loop2): Found nat_bits in checkpoint [ 67.442429][ T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 67.442432][ T566] Call Trace: [ 67.442446][ T566] dump_stack_lvl+0x81/0xac [ 67.442450][ T566] dump_stack+0x10/0x12 [ 67.442455][ T566] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 67.442463][ T566] f2fs_iget+0x35eb/0x4b10 [ 67.442472][ T566] f2fs_lookup+0x491/0xc20 [ 67.442477][ T566] ? __recover_dot_dentries+0x530/0x530 [ 67.442486][ T566] ? __legitimize_path+0x6c/0x170 [ 67.442490][ T566] __lookup_slow+0x19b/0x3d0 [ 67.442493][ T566] ? page_put_link+0x80/0x80 [ 67.442502][ T566] ? inode_permission.part.0+0xc2/0x320 [ 67.513720][ T566] walk_component+0x3ad/0x710 [ 67.518892][ T566] ? handle_dots.part.0+0x11c0/0x11c0 [ 67.524511][ T566] ? walk_component+0x710/0x710 [ 67.529347][ T566] path_lookupat+0x112/0x6a0 [ 67.534196][ T566] ? _atomic_dec_and_lock+0x19/0xa0 [ 67.539566][ T566] filename_lookup+0x17f/0x510 [ 67.544497][ T566] ? may_linkat+0x200/0x200 [ 67.549098][ T566] ? __check_object_size+0x1df/0x270 [ 67.554720][ T566] ? kmem_cache_alloc+0x17f/0x4f0 [ 67.559818][ T566] ? getname_flags.part.0+0x8c/0x480 [ 67.565273][ T566] user_path_at_empty+0xa2/0xf0 [ 67.570413][ T566] do_sys_truncate.part.0+0x85/0x100 [ 67.576042][ T566] ? vfs_truncate+0x540/0x540 [ 67.580975][ T566] ? __kasan_check_write+0x14/0x20 [ 67.586157][ T566] ? switch_fpu_return+0xbf/0x1b0 [ 67.591262][ T566] __x64_sys_truncate+0x54/0x80 [ 67.596472][ T566] do_syscall_64+0x32/0x50 [ 67.601376][ T566] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 67.607435][ T566] RIP: 0033:0x7f4392503be9 [ 67.611928][ T566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.632561][ T566] RSP: 002b:00007f4392374038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 67.641059][ T566] RAX: ffffffffffffffda RBX: 00007f439272afa0 RCX: 00007f4392503be9 [ 67.649660][ T566] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 67.658363][ T566] RBP: 00007f4392586e19 R08: 0000000000000000 R09: 0000000000000000 [ 67.666906][ T566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.675412][ T566] R13: 00007f439272b038 R14: 00007f439272afa0 R15: 00007fffd697a1d8 [ 67.684005][ T566] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 67.697821][ T595] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 67.704771][ T595] CPU: 0 PID: 595 Comm: syz.5.28 Tainted: G B syzkaller #0 [ 67.708506][ T570] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 67.713956][ T595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 67.733167][ T595] Call Trace: [ 67.736765][ T595] dump_stack_lvl+0x81/0xac [ 67.741433][ T595] dump_stack+0x10/0x12 [ 67.745662][ T595] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 67.751944][ T595] f2fs_iget+0x35eb/0x4b10 [ 67.756524][ T595] f2fs_lookup+0x491/0xc20 [ 67.761288][ T595] ? __recover_dot_dentries+0x530/0x530 [ 67.767272][ T595] path_openat+0x1024/0x3950 [ 67.772126][ T595] ? path_lookupat+0x6a0/0x6a0 [ 67.777281][ T595] ? __kasan_check_read+0x11/0x20 [ 67.782451][ T595] ? pagevec_add_and_need_flush+0x216/0x290 [ 67.788603][ T595] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 67.795237][ T595] ? __mod_memcg_lruvec_state+0x118/0x330 [ 67.801340][ T595] ? __mod_node_page_state+0xa6/0x110 [ 67.806905][ T595] do_filp_open+0x193/0x3d0