Warning: Permanently added '10.128.1.233' (ED25519) to the list of known hosts. 2026/01/13 16:51:41 parsed 1 programs [ 53.236919][ T23] audit: type=1400 audit(1768323101.630:109): avc: denied { unlink } for pid=395 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 53.266197][ T395] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.609749][ T23] audit: type=1401 audit(1768323102.000:110): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 53.818450][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.826235][ T431] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.835850][ T431] device bridge_slave_0 entered promiscuous mode [ 53.846237][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.853373][ T431] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.860762][ T431] device bridge_slave_1 entered promiscuous mode [ 53.911629][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.918722][ T431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.926271][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.933380][ T431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.949990][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.958277][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.966700][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.974991][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.995768][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.004734][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.011957][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.020716][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.030357][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.037604][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.045292][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.053368][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.062411][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.074235][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.094648][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.114451][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.124663][ T431] device veth0_vlan entered promiscuous mode [ 54.143034][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.152621][ T431] device veth1_macvtap entered promiscuous mode 2026/01/13 16:51:42 executed programs: 0 [ 54.167228][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.178395][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.328888][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.336133][ T448] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.343616][ T448] device bridge_slave_0 entered promiscuous mode [ 54.350444][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.357622][ T450] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.365533][ T450] device bridge_slave_0 entered promiscuous mode [ 54.374172][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.381371][ T450] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.388829][ T450] device bridge_slave_1 entered promiscuous mode [ 54.408273][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.415701][ T448] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.423235][ T448] device bridge_slave_1 entered promiscuous mode [ 54.456315][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.463438][ T454] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.471203][ T454] device bridge_slave_0 entered promiscuous mode [ 54.480960][ T454] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.488567][ T454] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.496373][ T454] device bridge_slave_1 entered promiscuous mode [ 54.524710][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.531863][ T452] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.539273][ T452] device bridge_slave_0 entered promiscuous mode [ 54.571763][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.578943][ T452] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.586641][ T452] device bridge_slave_1 entered promiscuous mode [ 54.618362][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.625559][ T455] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.632948][ T455] device bridge_slave_0 entered promiscuous mode [ 54.658224][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.665386][ T455] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.673364][ T455] device bridge_slave_1 entered promiscuous mode [ 54.725308][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.732542][ T448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.740019][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.747238][ T448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.783662][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.791231][ T452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.798948][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.806159][ T452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.823834][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.831969][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.840247][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.848086][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.883337][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.891000][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.911117][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.919118][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.926769][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.935671][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.943965][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.951111][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.959323][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.968588][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.977087][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.984225][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.991804][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.999607][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.007336][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.027273][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.034906][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.042721][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.051790][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.060540][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.067781][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.075671][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.084278][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.092581][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.099839][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.107258][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.115740][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.123984][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.131112][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.138944][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.147475][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.155682][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.162810][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.176219][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.183988][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.192177][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.202671][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.211581][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.235907][ T448] device veth0_vlan entered promiscuous mode [ 55.245729][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.254420][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.262475][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.270657][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.280070][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.288401][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.295649][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.303021][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.311533][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.319774][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.326890][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.334780][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.343082][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.351597][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.360247][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.370192][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 55.378798][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.389336][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.397428][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.417504][ T450] device veth0_vlan entered promiscuous mode [ 55.424747][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.432816][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.440976][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.448750][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.457489][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.466241][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.474822][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.482444][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.490286][ T448] device veth1_macvtap entered promiscuous mode [ 55.504628][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.512971][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.521517][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.528577][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.536814][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.545554][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.561048][ T450] device veth1_macvtap entered promiscuous mode [ 55.570237][ T9] device bridge_slave_1 left promiscuous mode [ 55.577004][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.585400][ T9] device bridge_slave_0 left promiscuous mode [ 55.591726][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.599892][ T9] device veth1_macvtap left promiscuous mode [ 55.606799][ T9] device veth0_vlan left promiscuous mode [ 55.679998][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.688576][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.697070][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.704214][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.712692][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.732904][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.741574][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.750642][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.758973][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.768245][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.776732][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.785201][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.793514][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.802005][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.817657][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.826285][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.837805][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.846630][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.857776][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.867107][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.883766][ T454] device veth0_vlan entered promiscuous mode [ 55.914603][ T452] device veth0_vlan entered promiscuous mode [ 55.921284][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 55.944624][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.952834][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 55.974425][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.982436][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.003496][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.013483][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.026733][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.044417][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.064346][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.071865][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.094569][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.106776][ T455] device veth0_vlan entered promiscuous mode [ 56.133839][ T454] device veth1_macvtap entered promiscuous mode [ 56.141991][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.150775][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.171609][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.183648][ T455] device veth1_macvtap entered promiscuous mode [ 56.204857][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.213708][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.232770][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.251427][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.270130][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.287986][ T452] device veth1_macvtap entered promiscuous mode [ 56.318508][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.327956][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.344651][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.363618][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.372778][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.384047][ T472] ====================================================== [ 56.384047][ T472] WARNING: the mand mount option is being deprecated and [ 56.384047][ T472] will be removed in v5.15! [ 56.384047][ T472] ====================================================== [ 56.391837][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.424761][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.433256][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.442014][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.466745][ T472] F2FS-fs (loop5): invalid crc value [ 56.482182][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.515637][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.545702][ T472] F2FS-fs (loop5): Found nat_bits in checkpoint [ 56.557245][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.566113][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.594783][ T472] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 56.602525][ T23] audit: type=1400 audit(1768323104.990:111): avc: denied { mount } for pid=471 comm="syz.5.17" name="/" dev="loop5" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.605212][ T474] F2FS-fs (loop6): invalid crc value [ 56.642762][ T472] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 56.643379][ T474] F2FS-fs (loop6): Found nat_bits in checkpoint [ 56.672442][ T472] CPU: 1 PID: 472 Comm: syz.5.17 Not tainted syzkaller #0 [ 56.679565][ T472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.689625][ T472] Call Trace: [ 56.692899][ T472] dump_stack_lvl+0x81/0xac [ 56.697393][ T472] dump_stack+0x10/0x12 [ 56.701519][ T472] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.707395][ T472] f2fs_iget+0x351e/0x4a00 [ 56.708569][ T474] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 56.711973][ T472] f2fs_lookup+0x491/0xc20 [ 56.724063][ T472] ? __recover_dot_dentries+0x530/0x530 [ 56.729702][ T472] ? __legitimize_path+0x6c/0x170 [ 56.734805][ T472] __lookup_slow+0x19b/0x3d0 [ 56.739458][ T472] ? page_put_link+0x80/0x80 [ 56.744133][ T472] ? inode_permission.part.0+0xc2/0x320 [ 56.749765][ T472] walk_component+0x3ad/0x710 [ 56.754510][ T472] ? handle_dots.part.0+0x11c0/0x11c0 [ 56.759857][ T472] ? walk_component+0x710/0x710 [ 56.764682][ T472] path_lookupat+0x112/0x6a0 [ 56.769335][ T472] ? setup_object.isra.0+0x22/0xd0 [ 56.774809][ T472] filename_lookup+0x17f/0x510 [ 56.775151][ T474] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 56.779727][ T472] ? may_linkat+0x200/0x200 [ 56.791104][ T472] ? ___slab_alloc.constprop.0+0x32b/0x730 [ 56.797223][ T472] ? __check_object_size+0x1df/0x270 [ 56.802667][ T472] ? kmem_cache_alloc+0x17f/0x4f0 [ 56.807683][ T472] ? getname_flags.part.0+0x8c/0x480 [ 56.813242][ T472] user_path_at_empty+0xa2/0xf0 [ 56.818342][ T472] do_sys_truncate.part.0+0x85/0x100 [ 56.823609][ T472] ? vfs_truncate+0x540/0x540 [ 56.828368][ T472] ? __kasan_check_write+0x14/0x20 [ 56.833634][ T472] ? switch_fpu_return+0xbf/0x1b0 [ 56.838739][ T472] __x64_sys_truncate+0x54/0x80 [ 56.843640][ T472] do_syscall_64+0x32/0x50 [ 56.848223][ T472] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.854104][ T472] RIP: 0033:0x7f3a883edbe9 [ 56.858697][ T472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.878557][ T472] RSP: 002b:00007f3a8825e038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 56.887428][ T472] RAX: ffffffffffffffda RBX: 00007f3a88614fa0 RCX: 00007f3a883edbe9 [ 56.895911][ T472] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 56.904143][ T472] RBP: 00007f3a88470e19 R08: 0000000000000000 R09: 0000000000000000 [ 56.912800][ T472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.921464][ T472] R13: 00007f3a88615038 R14: 00007f3a88614fa0 R15: 00007fffab0feac8 [ 56.930811][ T474] CPU: 1 PID: 474 Comm: syz.6.18 Not tainted syzkaller #0 [ 56.938153][ T474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.948605][ T474] Call Trace: [ 56.952125][ T474] dump_stack_lvl+0x81/0xac [ 56.956940][ T474] dump_stack+0x10/0x12 [ 56.961380][ T474] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 56.967126][ T474] f2fs_iget+0x351e/0x4a00 [ 56.971835][ T474] f2fs_lookup+0x491/0xc20 [ 56.976866][ T474] ? __recover_dot_dentries+0x530/0x530 [ 56.984213][ T474] ? __legitimize_path+0x6c/0x170 [ 56.991188][ T474] __lookup_slow+0x19b/0x3d0 [ 56.996824][ T474] ? page_put_link+0x80/0x80 [ 57.001610][ T474] ? inode_permission.part.0+0xc2/0x320 [ 57.007220][ T474] walk_component+0x3ad/0x710 [ 57.012046][ T474] ? handle_dots.part.0+0x11c0/0x11c0 [ 57.017509][ T474] ? walk_component+0x710/0x710 [ 57.022567][ T474] path_lookupat+0x112/0x6a0 [ 57.027140][ T474] ? _atomic_dec_and_lock+0x19/0xa0 [ 57.032573][ T474] filename_lookup+0x17f/0x510 [ 57.037496][ T474] ? may_linkat+0x200/0x200 [ 57.042243][ T474] ? __check_object_size+0x1df/0x270 [ 57.047681][ T474] ? kmem_cache_alloc+0x17f/0x4f0 [ 57.052677][ T474] ? getname_flags.part.0+0x8c/0x480 [ 57.058081][ T474] user_path_at_empty+0xa2/0xf0 [ 57.063128][ T474] do_sys_truncate.part.0+0x85/0x100 [ 57.068951][ T474] ? vfs_truncate+0x540/0x540 [ 57.073880][ T474] ? __kasan_check_write+0x14/0x20 [ 57.074726][ T472] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.079059][ T474] ? switch_fpu_return+0xbf/0x1b0 [ 57.079067][ T474] __x64_sys_truncate+0x54/0x80 [ 57.079075][ T474] do_syscall_64+0x32/0x50 [ 57.079086][ T474] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.112130][ T474] RIP: 0033:0x7f3a665f4be9 [ 57.116535][ T474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.126796][ T502] F2FS-fs (loop5): access invalid blkaddr:2147563524 [ 57.136746][ T474] RSP: 002b:00007f3a66465038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 57.136754][ T474] RAX: ffffffffffffffda RBX: 00007f3a6681bfa0 RCX: 00007f3a665f4be9 [ 57.136756][ T474] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 57.136758][ T474] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.136760][ T474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.136762][ T474] R13: 00007f3a6681c038 R14: 00007f3a6681bfa0 R15: 00007ffd97412c08 [ 57.254433][ T502] CPU: 0 PID: 502 Comm: syz.5.17 Not tainted syzkaller #0 [ 57.261586][ T502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 57.271827][ T502] Call Trace: [ 57.275132][ T502] dump_stack_lvl+0x81/0xac [ 57.279622][ T502] dump_stack+0x10/0x12 [ 57.284002][ T502] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 57.289722][ T502] f2fs_iget+0x351e/0x4a00 [ 57.294128][ T502] f2fs_lookup+0x491/0xc20 [ 57.298531][ T502] ? __recover_dot_dentries+0x530/0x530 [ 57.304157][ T502] path_openat+0x1024/0x3950 [ 57.308830][ T502] ? path_lookupat+0x6a0/0x6a0 [ 57.313791][ T502] ? __kasan_check_read+0x11/0x20 [ 57.318807][ T502] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.324696][ T502] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.330682][ T502] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.336510][ T502] ? __mod_node_page_state+0xa6/0x110 [ 57.342345][ T502] do_filp_open+0x193/0x3d0 [ 57.347111][ T502] ? may_open_dev+0xd0/0xd0 [ 57.351644][ T502] ? __check_object_size+0x1df/0x270 [ 57.356929][ T502] ? _raw_spin_unlock+0x41/0x70 [ 57.362227][ T502] do_sys_openat2+0x135/0x810 [ 57.366927][ T502] ? recalc_sigpending+0x7c/0xb0 [ 57.372097][ T502] ? build_open_flags+0x490/0x490 [ 57.377167][ T502] ? __kasan_check_write+0x14/0x20 [ 57.382486][ T502] ? __handle_speculative_fault+0xee/0x280 [ 57.388301][ T502] __x64_sys_openat+0x124/0x200 [ 57.393433][ T502] ? __ia32_sys_open+0x1b0/0x1b0 [ 57.398415][ T502] ? exit_to_user_mode_prepare+0x36/0x160 [ 57.404420][ T502] ? irqentry_exit_to_user_mode+0xe/0x10 [ 57.410514][ T502] do_syscall_64+0x32/0x50 [ 57.415103][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.421002][ T502] RIP: 0033:0x7f3a883edbe9 [ 57.425555][ T502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.445701][ T502] RSP: 002b:00007f3a8823d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 57.454128][ T502] RAX: ffffffffffffffda RBX: 00007f3a88615090 RCX: 00007f3a883edbe9 [ 57.462099][ T502] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 57.470077][ T502] RBP: 00007f3a88470e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.474422][ T474] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 57.478064][ T502] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 57.498584][ T502] R13: 00007f3a88615128 R14: 00007f3a88615090 R15: 00007fffab0feac8 [ 57.644517][ T502] ================================================================== [ 57.652727][ T502] BUG: KASAN: use-after-free in f2fs_iget+0x4321/0x4a00 [ 57.659791][ T502] Read of size 4 at addr ffff88811dfbe174 by task syz.5.17/502 [ 57.667416][ T502] [ 57.669916][ T502] CPU: 1 PID: 502 Comm: syz.5.17 Not tainted syzkaller #0 [ 57.677197][ T502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 57.687253][ T502] Call Trace: [ 57.690575][ T502] dump_stack_lvl+0x81/0xac [ 57.695268][ T502] print_address_description.constprop.0+0x24/0x160 [ 57.701969][ T502] ? f2fs_iget+0x4321/0x4a00 [ 57.706652][ T502] kasan_report.cold+0x82/0xdb [ 57.711508][ T502] ? f2fs_iget+0x4321/0x4a00 [ 57.716191][ T502] __asan_report_load4_noabort+0x14/0x20 [ 57.721833][ T502] f2fs_iget+0x4321/0x4a00 [ 57.726332][ T502] f2fs_lookup+0x491/0xc20 [ 57.730838][ T502] ? __recover_dot_dentries+0x530/0x530 [ 57.736475][ T502] path_openat+0x1024/0x3950 [ 57.741169][ T502] ? path_lookupat+0x6a0/0x6a0 [ 57.746013][ T502] ? __kasan_check_read+0x11/0x20 [ 57.751178][ T502] ? pagevec_add_and_need_flush+0x216/0x290 [ 57.757160][ T502] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 57.763374][ T502] ? __mod_memcg_lruvec_state+0x118/0x330 [ 57.769082][ T502] ? __mod_node_page_state+0xa6/0x110 [ 57.774526][ T502] do_filp_open+0x193/0x3d0 [ 57.779087][ T502] ? may_open_dev+0xd0/0xd0 [ 57.783588][ T502] ? __check_object_size+0x1df/0x270 [ 57.788855][ T502] ? _raw_spin_unlock+0x41/0x70 [ 57.793773][ T502] do_sys_openat2+0x135/0x810 [ 57.798538][ T502] ? recalc_sigpending+0x7c/0xb0 [ 57.803535][ T502] ? build_open_flags+0x490/0x490 [ 57.808893][ T502] ? __kasan_check_write+0x14/0x20 [ 57.814252][ T502] ? __handle_speculative_fault+0xee/0x280 [ 57.820136][ T502] __x64_sys_openat+0x124/0x200 [ 57.825156][ T502] ? __ia32_sys_open+0x1b0/0x1b0 [ 57.830261][ T502] ? exit_to_user_mode_prepare+0x36/0x160 [ 57.836172][ T502] ? irqentry_exit_to_user_mode+0xe/0x10 [ 57.841782][ T502] do_syscall_64+0x32/0x50 [ 57.846175][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.852264][ T502] RIP: 0033:0x7f3a883edbe9 [ 57.856830][ T502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.877003][ T502] RSP: 002b:00007f3a8823d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 57.885568][ T502] RAX: ffffffffffffffda RBX: 00007f3a88615090 RCX: 00007f3a883edbe9 [ 57.894218][ T502] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 57.902407][ T502] RBP: 00007f3a88470e19 R08: 0000000000000000 R09: 0000000000000000 [ 57.910476][ T502] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 57.918509][ T502] R13: 00007f3a88615128 R14: 00007f3a88615090 R15: 00007fffab0feac8 [ 57.926598][ T502] [ 57.928909][ T502] Allocated by task 472: [ 57.933134][ T502] kasan_save_stack+0x26/0x50 [ 57.937785][ T502] __kasan_slab_alloc+0x94/0xc0 [ 57.942910][ T502] kmem_cache_alloc+0x15d/0x4f0 [ 57.947954][ T502] f2fs_init_extent_tree+0x98f/0xdf0 [ 57.953219][ T502] f2fs_iget+0xa75/0x4a00 [ 57.957530][ T502] f2fs_lookup+0x491/0xc20 [ 57.962210][ T502] __lookup_slow+0x19b/0x3d0 [ 57.966806][ T502] walk_component+0x3ad/0x710 [ 57.971470][ T502] path_lookupat+0x112/0x6a0 [ 57.976344][ T502] filename_lookup+0x17f/0x510 [ 57.981266][ T502] user_path_at_empty+0xa2/0xf0 [ 57.986312][ T502] do_sys_truncate.part.0+0x85/0x100 [ 57.991652][ T502] __x64_sys_truncate+0x54/0x80 [ 57.996606][ T502] do_syscall_64+0x32/0x50 [ 58.001076][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.007018][ T502] [ 58.009405][ T502] Freed by task 472: [ 58.013375][ T502] kasan_save_stack+0x26/0x50 [ 58.018030][ T502] kasan_set_track+0x25/0x30 [ 58.022599][ T502] kasan_set_free_info+0x24/0x40 [ 58.027501][ T502] __kasan_slab_free+0x111/0x150 [ 58.032834][ T502] slab_free_freelist_hook+0x9b/0x1a0 [ 58.038169][ T502] kmem_cache_free+0x106/0x440 [ 58.042913][ T502] f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.048433][ T502] f2fs_evict_inode+0x335/0x1680 [ 58.053340][ T502] evict+0x372/0x940 [ 58.057486][ T502] iput.part.0+0x33b/0x640 [ 58.061977][ T502] iput+0x3f/0x50 [ 58.065586][ T502] iget_failed+0x1e/0x30 [ 58.069807][ T502] f2fs_iget+0x22be/0x4a00 [ 58.074341][ T502] f2fs_lookup+0x491/0xc20 [ 58.078968][ T502] __lookup_slow+0x19b/0x3d0 [ 58.083626][ T502] walk_component+0x3ad/0x710 [ 58.088389][ T502] path_lookupat+0x112/0x6a0 [ 58.093049][ T502] filename_lookup+0x17f/0x510 [ 58.097871][ T502] user_path_at_empty+0xa2/0xf0 [ 58.102964][ T502] do_sys_truncate.part.0+0x85/0x100 [ 58.108225][ T502] __x64_sys_truncate+0x54/0x80 [ 58.113039][ T502] do_syscall_64+0x32/0x50 [ 58.117601][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.123459][ T502] [ 58.126009][ T502] The buggy address belongs to the object at ffff88811dfbe150 [ 58.126009][ T502] which belongs to the cache f2fs_extent_tree of size 80 [ 58.140577][ T502] The buggy address is located 36 bytes inside of [ 58.140577][ T502] 80-byte region [ffff88811dfbe150, ffff88811dfbe1a0) [ 58.153827][ T502] The buggy address belongs to the page: [ 58.159625][ T502] page:ffffea000477ef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11dfbe [ 58.170096][ T502] flags: 0x4000000000000200(slab) [ 58.175262][ T502] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810458e480 [ 58.184018][ T502] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 58.192657][ T502] page dumped because: kasan: bad access detected [ 58.199137][ T502] page_owner tracks the page as allocated [ 58.204937][ T502] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 472, ts 56642727106, free_ts 0 [ 58.223146][ T502] get_page_from_freelist+0x1fee/0x2ad0 [ 58.228794][ T502] __alloc_pages_nodemask+0x2ae/0x2530 [ 58.234227][ T502] allocate_slab+0x30f/0x460 [ 58.238783][ T502] ___slab_alloc.constprop.0+0x32b/0x730 [ 58.244494][ T502] kmem_cache_alloc+0x491/0x4f0 [ 58.249431][ T502] f2fs_init_extent_tree+0x98f/0xdf0 [ 58.254698][ T502] f2fs_iget+0xa75/0x4a00 [ 58.259184][ T502] f2fs_lookup+0x491/0xc20 [ 58.263652][ T502] __lookup_slow+0x19b/0x3d0 [ 58.268216][ T502] walk_component+0x3ad/0x710 [ 58.272967][ T502] path_lookupat+0x112/0x6a0 [ 58.277628][ T502] filename_lookup+0x17f/0x510 [ 58.282420][ T502] user_path_at_empty+0xa2/0xf0 [ 58.287455][ T502] do_sys_truncate.part.0+0x85/0x100 [ 58.292906][ T502] __x64_sys_truncate+0x54/0x80 [ 58.297728][ T502] do_syscall_64+0x32/0x50 [ 58.302107][ T502] page_owner free stack trace missing [ 58.307726][ T502] [ 58.310242][ T502] Memory state around the buggy address: [ 58.315856][ T502] ffff88811dfbe000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.324194][ T502] ffff88811dfbe080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.332248][ T502] >ffff88811dfbe100: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 58.340552][ T502] ^ [ 58.348509][ T502] ffff88811dfbe180: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 58.356956][ T502] ffff88811dfbe200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.365347][ T502] ================================================================== [ 58.373398][ T502] Disabling lock debugging due to kernel taint [ 58.383857][ T23] audit: type=1400 audit(1768323106.770:112): avc: denied { read } for pid=72 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 58.385865][ T502] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 58.407320][ T494] F2FS-fs (loop2): invalid crc value [ 58.420871][ T502] ================================================================== [ 58.426290][ T494] F2FS-fs (loop2): Found nat_bits in checkpoint [ 58.432868][ T502] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 58.447614][ T502] [ 58.449933][ T502] CPU: 1 PID: 502 Comm: syz.5.17 Tainted: G B syzkaller #0 [ 58.458486][ T502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 58.461160][ T494] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 58.468731][ T502] Call Trace: [ 58.468745][ T502] dump_stack_lvl+0x81/0xac [ 58.468753][ T502] print_address_description.constprop.0+0x24/0x160 [ 58.468756][ T502] ? kmem_cache_free+0x106/0x440 [ 58.468760][ T502] kasan_report_invalid_free+0x56/0x80 [ 58.468763][ T502] ? kmem_cache_free+0x106/0x440 [ 58.468766][ T502] __kasan_slab_free+0x134/0x150 [ 58.468770][ T502] slab_free_freelist_hook+0x9b/0x1a0 [ 58.468778][ T502] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.468787][ T502] kmem_cache_free+0x106/0x440 [ 58.476699][ T23] audit: type=1400 audit(1768323106.810:113): avc: denied { search } for pid=72 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.479685][ T502] f2fs_destroy_extent_tree+0x174/0x4b0 [ 58.496840][ T23] audit: type=1400 audit(1768323106.810:114): avc: denied { write } for pid=72 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.501487][ T502] f2fs_evict_inode+0x335/0x1680 [ 58.501496][ T502] ? irq_work_queue+0x3c/0x50 [ 58.501501][ T502] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 58.501511][ T502] ? f2fs_write_inode+0x1010/0x1010 [ 58.511535][ T23] audit: type=1400 audit(1768323106.810:115): avc: denied { add_name } for pid=72 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.512308][ T502] ? var_wake_function+0x130/0x130 [ 58.518025][ T23] audit: type=1400 audit(1768323106.810:116): avc: denied { create } for pid=72 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.523353][ T502] ? _raw_spin_lock_bh+0x110/0x110 [ 58.528247][ T23] audit: type=1400 audit(1768323106.810:117): avc: denied { append open } for pid=72 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.550126][ T502] ? vprintk_func+0x5a/0x150 [ 58.550137][ T502] ? _raw_spin_lock_bh+0x110/0x110 [ 58.550144][ T502] evict+0x372/0x940 [ 58.550148][ T502] ? new_inode+0x2f0/0x2f0 [ 58.550151][ T502] ? _raw_spin_lock+0x86/0x110 [ 58.550154][ T502] ? _raw_spin_lock_bh+0x110/0x110 [ 58.550159][ T502] ? __kasan_check_read+0x11/0x20 [ 58.550165][ T502] ? f2fs_drop_inode+0x71/0x910 [ 58.550168][ T502] iput.part.0+0x33b/0x640 [ 58.550179][ T502] iput+0x3f/0x50 [ 58.555875][ T23] audit: type=1400 audit(1768323106.810:118): avc: denied { getattr } for pid=72 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.577252][ T502] iget_failed+0x1e/0x30 [ 58.577260][ T502] f2fs_iget+0x22be/0x4a00 [ 58.577265][ T502] f2fs_lookup+0x491/0xc20 [ 58.577268][ T502] ? __recover_dot_dentries+0x530/0x530 [ 58.577275][ T502] path_openat+0x1024/0x3950 [ 58.577280][ T502] ? path_lookupat+0x6a0/0x6a0 [ 58.577284][ T502] ? __kasan_check_read+0x11/0x20 [ 58.577290][ T502] ? pagevec_add_and_need_flush+0x216/0x290 [ 58.577294][ T502] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 58.577306][ T502] ? __mod_memcg_lruvec_state+0x118/0x330 [ 58.795848][ T502] ? __mod_node_page_state+0xa6/0x110 [ 58.801304][ T502] do_filp_open+0x193/0x3d0 [ 58.806135][ T502] ? may_open_dev+0xd0/0xd0 [ 58.810916][ T502] ? __check_object_size+0x1df/0x270 [ 58.816223][ T502] ? _raw_spin_unlock+0x41/0x70 [ 58.821156][ T502] do_sys_openat2+0x135/0x810 [ 58.826088][ T502] ? recalc_sigpending+0x7c/0xb0 [ 58.831207][ T502] ? build_open_flags+0x490/0x490 [ 58.836539][ T502] ? __kasan_check_write+0x14/0x20 [ 58.842335][ T502] ? __handle_speculative_fault+0xee/0x280 [ 58.849336][ T502] __x64_sys_openat+0x124/0x200 [ 58.854469][ T502] ? __ia32_sys_open+0x1b0/0x1b0 [ 58.859802][ T502] ? exit_to_user_mode_prepare+0x36/0x160 [ 58.866096][ T502] ? irqentry_exit_to_user_mode+0xe/0x10 [ 58.871863][ T502] do_syscall_64+0x32/0x50 [ 58.876312][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.882608][ T502] RIP: 0033:0x7f3a883edbe9 [ 58.887327][ T502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.907919][ T502] RSP: 002b:00007f3a8823d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 58.917469][ T502] RAX: ffffffffffffffda RBX: 00007f3a88615090 RCX: 00007f3a883edbe9 [ 58.925875][ T502] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 58.934270][ T502] RBP: 00007f3a88470e19 R08: 0000000000000000 R09: 0000000000000000 [ 58.942675][ T502] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 58.950760][ T502] R13: 00007f3a88615128 R14: 00007f3a88615090 R15: 00007fffab0feac8 [ 58.959515][ T502] [ 58.962271][ T502] Allocated by task 472: [ 58.966900][ T502] kasan_save_stack+0x26/0x50 [ 58.971934][ T502] __kasan_slab_alloc+0x94/0xc0 [ 58.977293][ T502] kmem_cache_alloc+0x15d/0x4f0 [ 58.982501][ T502] f2fs_init_extent_tree+0x98f/0xdf0 [ 58.987756][ T502] f2fs_iget+0xa75/0x4a00 [ 58.992333][ T502] f2fs_lookup+0x491/0xc20 [ 58.997157][ T502] __lookup_slow+0x19b/0x3d0 [ 59.001919][ T502] walk_component+0x3ad/0x710 [ 59.006670][ T502] path_lookupat+0x112/0x6a0 [ 59.011884][ T502] filename_lookup+0x17f/0x510 [ 59.017020][ T502] user_path_at_empty+0xa2/0xf0 [ 59.022253][ T502] do_sys_truncate.part.0+0x85/0x100 [ 59.028233][ T502] __x64_sys_truncate+0x54/0x80 [ 59.033403][ T502] do_syscall_64+0x32/0x50 [ 59.038050][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.044730][ T502] [ 59.047032][ T502] Freed by task 472: [ 59.050990][ T502] kasan_save_stack+0x26/0x50 [ 59.055668][ T502] kasan_set_track+0x25/0x30 [ 59.060504][ T502] kasan_set_free_info+0x24/0x40 [ 59.065737][ T502] __kasan_slab_free+0x111/0x150 [ 59.070654][ T502] slab_free_freelist_hook+0x9b/0x1a0 [ 59.076103][ T502] kmem_cache_free+0x106/0x440 [ 59.081674][ T502] f2fs_destroy_extent_tree+0x174/0x4b0 [ 59.087652][ T502] f2fs_evict_inode+0x335/0x1680 [ 59.093212][ T502] evict+0x372/0x940 [ 59.097445][ T502] iput.part.0+0x33b/0x640 [ 59.102177][ T502] iput+0x3f/0x50 [ 59.105800][ T502] iget_failed+0x1e/0x30 [ 59.110129][ T502] f2fs_iget+0x22be/0x4a00 [ 59.114792][ T502] f2fs_lookup+0x491/0xc20 [ 59.120664][ T502] __lookup_slow+0x19b/0x3d0 [ 59.125459][ T502] walk_component+0x3ad/0x710 [ 59.130596][ T502] path_lookupat+0x112/0x6a0 [ 59.135302][ T502] filename_lookup+0x17f/0x510 [ 59.140471][ T502] user_path_at_empty+0xa2/0xf0 [ 59.145903][ T502] do_sys_truncate.part.0+0x85/0x100 [ 59.151337][ T502] __x64_sys_truncate+0x54/0x80 [ 59.156263][ T502] do_syscall_64+0x32/0x50 [ 59.160842][ T502] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.166875][ T502] [ 59.169200][ T502] The buggy address belongs to the object at ffff88811dfbe150 [ 59.169200][ T502] which belongs to the cache f2fs_extent_tree of size 80 [ 59.184496][ T502] The buggy address is located 0 bytes inside of [ 59.184496][ T502] 80-byte region [ffff88811dfbe150, ffff88811dfbe1a0) [ 59.198535][ T502] The buggy address belongs to the page: [ 59.204172][ T502] page:ffffea000477ef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11dfbe [ 59.214665][ T502] flags: 0x4000000000000200(slab) [ 59.219772][ T502] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810458e480 [ 59.228662][ T502] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 59.237398][ T502] page dumped because: kasan: bad access detected [ 59.243968][ T502] page_owner tracks the page as allocated [ 59.249657][ T502] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 472, ts 56642727106, free_ts 0 [ 59.267787][ T502] get_page_from_freelist+0x1fee/0x2ad0 [ 59.273310][ T502] __alloc_pages_nodemask+0x2ae/0x2530 [ 59.278834][ T502] allocate_slab+0x30f/0x460 [ 59.283446][ T502] ___slab_alloc.constprop.0+0x32b/0x730 [ 59.289153][ T502] kmem_cache_alloc+0x491/0x4f0 [ 59.293992][ T502] f2fs_init_extent_tree+0x98f/0xdf0 [ 59.299443][ T502] f2fs_iget+0xa75/0x4a00 [ 59.303840][ T502] f2fs_lookup+0x491/0xc20 [ 59.308312][ T502] __lookup_slow+0x19b/0x3d0 [ 59.312954][ T502] walk_component+0x3ad/0x710 [ 59.317711][ T502] path_lookupat+0x112/0x6a0 [ 59.322346][ T502] filename_lookup+0x17f/0x510 [ 59.327219][ T502] user_path_at_empty+0xa2/0xf0 [ 59.332133][ T502] do_sys_truncate.part.0+0x85/0x100 [ 59.337491][ T502] __x64_sys_truncate+0x54/0x80 [ 59.342312][ T502] do_syscall_64+0x32/0x50 [ 59.346865][ T502] page_owner free stack trace missing [ 59.352212][ T502] [ 59.354699][ T502] Memory state around the buggy address: [ 59.360474][ T502] ffff88811dfbe000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.368973][ T502] ffff88811dfbe080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.377104][ T502] >ffff88811dfbe100: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 59.385555][ T502] ^ [ 59.392474][ T502] ffff88811dfbe180: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 59.400887][ T502] ffff88811dfbe200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.409522][ T502] ================================================================== [ 59.421037][ T494] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 59.428198][ T494] CPU: 1 PID: 494 Comm: syz.2.19 Tainted: G B syzkaller #0 [ 59.436776][ T494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 59.447648][ T494] Call Trace: [ 59.451139][ T494] dump_stack_lvl+0x81/0xac [ 59.455865][ T494] dump_stack+0x10/0x12 [ 59.460091][ T494] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 59.465948][ T494] f2fs_iget+0x351e/0x4a00 [ 59.470422][ T494] f2fs_lookup+0x491/0xc20 [ 59.474813][ T494] ? __recover_dot_dentries+0x530/0x530 [ 59.480334][ T494] ? __legitimize_path+0x6c/0x170 [ 59.485434][ T494] __lookup_slow+0x19b/0x3d0 [ 59.489988][ T494] ? page_put_link+0x80/0x80 [ 59.494543][ T494] ? inode_permission.part.0+0xc2/0x320 [ 59.500058][ T494] walk_component+0x3ad/0x710 [ 59.504699][ T494] ? handle_dots.part.0+0x11c0/0x11c0 [ 59.510065][ T494] ? walk_component+0x710/0x710 [ 59.514982][ T494] path_lookupat+0x112/0x6a0 [ 59.519536][ T494] ? _atomic_dec_and_lock+0x19/0xa0 [ 59.524811][ T494] filename_lookup+0x17f/0x510 [ 59.529654][ T494] ? may_linkat+0x200/0x200 [ 59.534159][ T494] ? __check_object_size+0x1df/0x270 [ 59.539655][ T494] ? kmem_cache_alloc+0x17f/0x4f0 [ 59.544755][ T494] ? getname_flags.part.0+0x8c/0x480 [ 59.550013][ T494] user_path_at_empty+0xa2/0xf0 [ 59.555025][ T494] do_sys_truncate.part.0+0x85/0x100 [ 59.560454][ T494] ? vfs_truncate+0x540/0x540 [ 59.565106][ T494] ? __kasan_check_write+0x14/0x20 [ 59.570190][ T494] ? switch_fpu_return+0xbf/0x1b0 [ 59.575304][ T494] __x64_sys_truncate+0x54/0x80 [ 59.580278][ T494] do_syscall_64+0x32/0x50 [ 59.584860][ T494] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.590741][ T494] RIP: 0033:0x7f0dd87a1be9 [ 59.595133][ T494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.615518][ T494] RSP: 002b:00007f0dd8612038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 59.624172][ T494] RAX: ffffffffffffffda RBX: 00007f0dd89c8fa0 RCX: 00007f0dd87a1be9 [ 59.632209][ T494] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 59.640356][ T494] RBP: 00007f0dd8824e19 R08: 0000000000000000 R09: 0000000000000000 2026/01/13 16:51:48 executed programs: 16 [ 59.648658][ T494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.656696][ T494] R13: 00007f0dd89c9038 R14: 00007f0dd89c8fa0 R15: 00007fff3d1d7958 [ 59.665560][ T494] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 59.679930][ T512] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 59.686839][ T512] CPU: 0 PID: 512 Comm: syz.2.19 Tainted: G B syzkaller #0 [ 59.695594][ T512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 59.705721][ T512] Call Trace: [ 59.709022][ T512] dump_stack_lvl+0x81/0xac [ 59.713868][ T512] dump_stack+0x10/0x12 [ 59.718188][ T512] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 59.723835][ T512] f2fs_iget+0x351e/0x4a00 [ 59.728237][ T512] f2fs_lookup+0x491/0xc20 [ 59.732888][ T512] ? __recover_dot_dentries+0x530/0x530 [ 59.738647][ T512] path_openat+0x1024/0x3950 [ 59.743216][ T512] ? path_lookupat+0x6a0/0x6a0 [ 59.748108][ T512] ? __kasan_check_read+0x11/0x20 [ 59.753599][ T512] ? pagevec_add_and_need_flush+0x216/0x290 [ 59.759676][ T512] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 59.765931][ T512] ? __mod_memcg_lruvec_state+0x118/0x330 [ 59.771734][ T512] ? __mod_node_page_state+0xa6/0x110 [ 59.777678][ T512] do_filp_open+0x193/0x3d0 [ 59.782167][ T512] ? may_open_dev+0xd0/0xd0 [ 59.786829][ T512] ? __check_object_size+0x1df/0x270 [ 59.792111][ T512] ? _raw_spin_unlock+0x41/0x70 [ 59.797136][ T512] do_sys_openat2+0x135/0x810 [ 59.802012][ T512] ? recalc_sigpending+0x7c/0xb0 [ 59.807139][ T512] ? build_open_flags+0x490/0x490 [ 59.812578][ T512] ? __kasan_check_write+0x14/0x20 [ 59.818019][ T512] ? __handle_speculative_fault+0xee/0x280 [ 59.824123][ T512] __x64_sys_openat+0x124/0x200 [ 59.829247][ T512] ? __ia32_sys_open+0x1b0/0x1b0 [ 59.834471][ T512] ? exit_to_user_mode_prepare+0x36/0x160 [ 59.840613][ T512] ? irqentry_exit_to_user_mode+0xe/0x10 [ 59.846406][ T512] do_syscall_64+0x32/0x50 [ 59.850974][ T512] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.857013][ T512] RIP: 0033:0x7f0dd87a1be9 [ 59.861605][ T512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.882208][ T512] RSP: 002b:00007f0dd85f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 59.891646][ T512] RAX: ffffffffffffffda RBX: 00007f0dd89c9090 RCX: 00007f0dd87a1be9 [ 59.899949][ T512] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 59.908515][ T512] RBP: 00007f0dd8824e19 R08: 0000000000000000 R09: 0000000000000000 [ 59.916838][ T512] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 59.924789][ T512] R13: 00007f0dd89c9128 R14: 00007f0dd89c9090 R15: 00007fff3d1d7958 [ 59.933688][ T512] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 60.277495][ T511] F2FS-fs (loop6): invalid crc value [ 60.296921][ T511] F2FS-fs (loop6): Found nat_bits in checkpoint [ 60.424503][ T511] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 60.463810][ T511] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 60.474388][ T511] CPU: 1 PID: 511 Comm: syz.6.22 Tainted: G B syzkaller #0 [ 60.483111][ T511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 60.493172][ T511] Call Trace: [ 60.496455][ T511] dump_stack_lvl+0x81/0xac [ 60.500954][ T511] dump_stack+0x10/0x12 [ 60.505095][ T511] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 60.510751][ T511] f2fs_iget+0x351e/0x4a00 [ 60.515157][ T511] f2fs_lookup+0x491/0xc20 [ 60.519570][ T511] ? __recover_dot_dentries+0x530/0x530 [ 60.525190][ T511] ? __legitimize_path+0x6c/0x170 [ 60.530184][ T511] __lookup_slow+0x19b/0x3d0 [ 60.535062][ T511] ? page_put_link+0x80/0x80 [ 60.539826][ T511] ? inode_permission.part.0+0xc2/0x320 [ 60.545793][ T511] walk_component+0x3ad/0x710 [ 60.550545][ T511] ? handle_dots.part.0+0x11c0/0x11c0 [ 60.556076][ T511] ? walk_component+0x710/0x710 [ 60.561182][ T511] path_lookupat+0x112/0x6a0 [ 60.565945][ T511] ? _atomic_dec_and_lock+0x19/0xa0 [ 60.571298][ T511] filename_lookup+0x17f/0x510 [ 60.576048][ T511] ? may_linkat+0x200/0x200 [ 60.580931][ T511] ? __check_object_size+0x1df/0x270 [ 60.586558][ T511] ? kmem_cache_alloc+0x17f/0x4f0 [ 60.591586][ T511] ? getname_flags.part.0+0x8c/0x480 [ 60.596948][ T511] user_path_at_empty+0xa2/0xf0 [ 60.601790][ T511] do_sys_truncate.part.0+0x85/0x100 [ 60.607206][ T511] ? vfs_truncate+0x540/0x540 [ 60.611942][ T511] ? __kasan_check_write+0x14/0x20 [ 60.617244][ T511] ? switch_fpu_return+0xbf/0x1b0 [ 60.622472][ T511] __x64_sys_truncate+0x54/0x80 [ 60.628142][ T511] do_syscall_64+0x32/0x50 [ 60.632657][ T511] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.638640][ T511] RIP: 0033:0x7f3a665f4be9 [ 60.643231][ T511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.664127][ T511] RSP: 002b:00007f3a66465038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 60.672908][ T511] RAX: ffffffffffffffda RBX: 00007f3a6681bfa0 RCX: 00007f3a665f4be9 [ 60.680943][ T511] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 60.689099][ T511] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 60.697235][ T511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.705432][ T511] R13: 00007f3a6681c038 R14: 00007f3a6681bfa0 R15: 00007ffd97412c08 [ 61.014179][ T511] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.044232][ T524] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 61.051275][ T524] CPU: 0 PID: 524 Comm: syz.6.22 Tainted: G B syzkaller #0 [ 61.059764][ T524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.069817][ T524] Call Trace: [ 61.073115][ T524] dump_stack_lvl+0x81/0xac [ 61.077826][ T524] dump_stack+0x10/0x12 [ 61.082069][ T524] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 61.087729][ T524] f2fs_iget+0x351e/0x4a00 [ 61.092241][ T524] f2fs_lookup+0x491/0xc20 [ 61.096657][ T524] ? __recover_dot_dentries+0x530/0x530 [ 61.102195][ T524] path_openat+0x1024/0x3950 [ 61.106780][ T524] ? path_lookupat+0x6a0/0x6a0 [ 61.111540][ T524] ? __kasan_check_read+0x11/0x20 [ 61.116785][ T524] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.122897][ T524] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.128885][ T524] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.134701][ T524] ? __mod_node_page_state+0xa6/0x110 [ 61.140077][ T524] do_filp_open+0x193/0x3d0 [ 61.144663][ T524] ? may_open_dev+0xd0/0xd0 [ 61.150008][ T524] ? __check_object_size+0x1df/0x270 [ 61.155325][ T524] ? _raw_spin_unlock+0x41/0x70 [ 61.160486][ T524] do_sys_openat2+0x135/0x810 [ 61.165253][ T524] ? recalc_sigpending+0x7c/0xb0 [ 61.170310][ T524] ? build_open_flags+0x490/0x490 [ 61.175433][ T524] ? __kasan_check_write+0x14/0x20 [ 61.181094][ T524] ? __handle_speculative_fault+0xee/0x280 [ 61.187113][ T524] __x64_sys_openat+0x124/0x200 [ 61.192054][ T524] ? __ia32_sys_open+0x1b0/0x1b0 [ 61.197191][ T524] ? exit_to_user_mode_prepare+0x36/0x160 [ 61.202996][ T524] ? irqentry_exit_to_user_mode+0xe/0x10 [ 61.208650][ T524] do_syscall_64+0x32/0x50 [ 61.214236][ T524] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.220347][ T524] RIP: 0033:0x7f3a665f4be9 [ 61.224899][ T524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.244775][ T524] RSP: 002b:00007f3a66444038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.253191][ T524] RAX: ffffffffffffffda RBX: 00007f3a6681c090 RCX: 00007f3a665f4be9 [ 61.261545][ T524] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.270038][ T524] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.278011][ T524] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.285980][ T524] R13: 00007f3a6681c128 R14: 00007f3a6681c090 R15: 00007ffd97412c08 [ 61.345705][ T528] F2FS-fs (loop4): invalid crc value [ 61.356888][ T524] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 61.370097][ T524] ================================================================== [ 61.378279][ T524] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 61.387117][ T524] [ 61.389625][ T524] CPU: 1 PID: 524 Comm: syz.6.22 Tainted: G B syzkaller #0 [ 61.398299][ T524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 61.408353][ T524] Call Trace: [ 61.411648][ T524] dump_stack_lvl+0x81/0xac [ 61.416242][ T524] print_address_description.constprop.0+0x24/0x160 [ 61.422841][ T524] ? kmem_cache_free+0x106/0x440 [ 61.427782][ T524] kasan_report_invalid_free+0x56/0x80 [ 61.433249][ T524] ? kmem_cache_free+0x106/0x440 [ 61.438272][ T524] __kasan_slab_free+0x134/0x150 [ 61.443299][ T524] slab_free_freelist_hook+0x9b/0x1a0 [ 61.448907][ T524] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 61.454682][ T524] kmem_cache_free+0x106/0x440 [ 61.459548][ T524] f2fs_destroy_extent_tree+0x174/0x4b0 [ 61.465094][ T524] f2fs_evict_inode+0x335/0x1680 [ 61.470109][ T524] ? irq_work_queue+0x3c/0x50 [ 61.474795][ T524] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 61.480680][ T524] ? f2fs_write_inode+0x1010/0x1010 [ 61.485991][ T524] ? var_wake_function+0x130/0x130 [ 61.491196][ T524] ? _raw_spin_lock_bh+0x110/0x110 [ 61.496322][ T524] ? vprintk_func+0x5a/0x150 [ 61.500916][ T524] ? _raw_spin_lock_bh+0x110/0x110 [ 61.506025][ T524] evict+0x372/0x940 [ 61.510098][ T524] ? new_inode+0x2f0/0x2f0 [ 61.514516][ T524] ? _raw_spin_lock+0x86/0x110 [ 61.517846][ T528] F2FS-fs (loop4): Found nat_bits in checkpoint [ 61.519444][ T524] ? _raw_spin_lock_bh+0x110/0x110 [ 61.531070][ T524] ? __kasan_check_read+0x11/0x20 [ 61.536283][ T524] ? f2fs_drop_inode+0x71/0x910 [ 61.541228][ T524] iput.part.0+0x33b/0x640 [ 61.545800][ T524] iput+0x3f/0x50 [ 61.548375][ T528] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 61.549420][ T524] iget_failed+0x1e/0x30 [ 61.561172][ T524] f2fs_iget+0x22be/0x4a00 [ 61.565660][ T524] f2fs_lookup+0x491/0xc20 [ 61.570158][ T524] ? __recover_dot_dentries+0x530/0x530 [ 61.575697][ T524] path_openat+0x1024/0x3950 [ 61.580852][ T524] ? path_lookupat+0x6a0/0x6a0 [ 61.585766][ T524] ? __kasan_check_read+0x11/0x20 [ 61.590980][ T524] ? pagevec_add_and_need_flush+0x216/0x290 [ 61.596941][ T524] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 61.603145][ T524] ? __mod_memcg_lruvec_state+0x118/0x330 [ 61.609085][ T524] ? __mod_node_page_state+0xa6/0x110 [ 61.614644][ T524] do_filp_open+0x193/0x3d0 [ 61.619233][ T524] ? may_open_dev+0xd0/0xd0 [ 61.623990][ T524] ? __check_object_size+0x1df/0x270 [ 61.629426][ T524] ? _raw_spin_unlock+0x41/0x70 [ 61.634662][ T524] do_sys_openat2+0x135/0x810 [ 61.639344][ T524] ? recalc_sigpending+0x7c/0xb0 [ 61.644268][ T524] ? build_open_flags+0x490/0x490 [ 61.649633][ T524] ? __kasan_check_write+0x14/0x20 [ 61.654715][ T524] ? __handle_speculative_fault+0xee/0x280 [ 61.660611][ T524] __x64_sys_openat+0x124/0x200 [ 61.665684][ T524] ? __ia32_sys_open+0x1b0/0x1b0 [ 61.671023][ T524] ? exit_to_user_mode_prepare+0x36/0x160 [ 61.677237][ T524] ? irqentry_exit_to_user_mode+0xe/0x10 [ 61.682852][ T524] do_syscall_64+0x32/0x50 [ 61.687380][ T524] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.693245][ T524] RIP: 0033:0x7f3a665f4be9 [ 61.697628][ T524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.717854][ T524] RSP: 002b:00007f3a66444038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.726395][ T524] RAX: ffffffffffffffda RBX: 00007f3a6681c090 RCX: 00007f3a665f4be9 [ 61.735024][ T524] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 61.743369][ T524] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 61.751319][ T524] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 61.759376][ T524] R13: 00007f3a6681c128 R14: 00007f3a6681c090 R15: 00007ffd97412c08 [ 61.767418][ T524] [ 61.769824][ T524] Allocated by task 511: [ 61.774238][ T524] kasan_save_stack+0x26/0x50 [ 61.779068][ T524] __kasan_slab_alloc+0x94/0xc0 [ 61.784035][ T524] kmem_cache_alloc+0x15d/0x4f0 [ 61.789139][ T524] f2fs_init_extent_tree+0x98f/0xdf0 [ 61.794500][ T524] f2fs_iget+0xa75/0x4a00 [ 61.798929][ T524] f2fs_lookup+0x491/0xc20 [ 61.803330][ T524] __lookup_slow+0x19b/0x3d0 [ 61.808134][ T524] walk_component+0x3ad/0x710 [ 61.812892][ T524] path_lookupat+0x112/0x6a0 [ 61.817747][ T524] filename_lookup+0x17f/0x510 [ 61.824455][ T524] user_path_at_empty+0xa2/0xf0 [ 61.829606][ T524] do_sys_truncate.part.0+0x85/0x100 [ 61.835193][ T524] __x64_sys_truncate+0x54/0x80 [ 61.840147][ T524] do_syscall_64+0x32/0x50 [ 61.844563][ T524] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.850531][ T524] [ 61.853116][ T524] Freed by task 511: [ 61.857120][ T524] kasan_save_stack+0x26/0x50 [ 61.862031][ T524] kasan_set_track+0x25/0x30 [ 61.866590][ T524] kasan_set_free_info+0x24/0x40 [ 61.871820][ T524] __kasan_slab_free+0x111/0x150 [ 61.876758][ T524] slab_free_freelist_hook+0x9b/0x1a0 [ 61.882200][ T524] kmem_cache_free+0x106/0x440 [ 61.887232][ T524] f2fs_destroy_extent_tree+0x174/0x4b0 [ 61.893141][ T524] f2fs_evict_inode+0x335/0x1680 [ 61.898131][ T524] evict+0x372/0x940 [ 61.902102][ T524] iput.part.0+0x33b/0x640 [ 61.907549][ T524] iput+0x3f/0x50 [ 61.911686][ T524] iget_failed+0x1e/0x30 [ 61.916282][ T524] f2fs_iget+0x22be/0x4a00 [ 61.920767][ T524] f2fs_lookup+0x491/0xc20 [ 61.925182][ T524] __lookup_slow+0x19b/0x3d0 [ 61.929842][ T524] walk_component+0x3ad/0x710 [ 61.934626][ T524] path_lookupat+0x112/0x6a0 [ 61.939195][ T524] filename_lookup+0x17f/0x510 [ 61.944198][ T524] user_path_at_empty+0xa2/0xf0 [ 61.949043][ T524] do_sys_truncate.part.0+0x85/0x100 [ 61.955017][ T524] __x64_sys_truncate+0x54/0x80 [ 61.960133][ T524] do_syscall_64+0x32/0x50 [ 61.964871][ T524] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 61.971025][ T524] [ 61.973399][ T524] The buggy address belongs to the object at ffff88811dfbef50 [ 61.973399][ T524] which belongs to the cache f2fs_extent_tree of size 80 [ 61.989338][ T524] The buggy address is located 0 bytes inside of [ 61.989338][ T524] 80-byte region [ffff88811dfbef50, ffff88811dfbefa0) [ 62.002939][ T524] The buggy address belongs to the page: [ 62.008554][ T524] page:ffffea000477ef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11dfbe [ 62.019269][ T524] flags: 0x4000000000000200(slab) [ 62.024628][ T524] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810458e480 [ 62.033484][ T524] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 62.042524][ T524] page dumped because: kasan: bad access detected [ 62.049260][ T524] page_owner tracks the page as allocated [ 62.055238][ T524] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 472, ts 56642727106, free_ts 0 [ 62.074229][ T524] get_page_from_freelist+0x1fee/0x2ad0 [ 62.080021][ T524] __alloc_pages_nodemask+0x2ae/0x2530 [ 62.085672][ T524] allocate_slab+0x30f/0x460 [ 62.090234][ T524] ___slab_alloc.constprop.0+0x32b/0x730 [ 62.096058][ T524] kmem_cache_alloc+0x491/0x4f0 [ 62.101204][ T524] f2fs_init_extent_tree+0x98f/0xdf0 [ 62.106565][ T524] f2fs_iget+0xa75/0x4a00 [ 62.110909][ T524] f2fs_lookup+0x491/0xc20 [ 62.115478][ T524] __lookup_slow+0x19b/0x3d0 [ 62.120590][ T524] walk_component+0x3ad/0x710 [ 62.125432][ T524] path_lookupat+0x112/0x6a0 [ 62.130512][ T524] filename_lookup+0x17f/0x510 [ 62.135374][ T524] user_path_at_empty+0xa2/0xf0 [ 62.140745][ T524] do_sys_truncate.part.0+0x85/0x100 [ 62.146192][ T524] __x64_sys_truncate+0x54/0x80 [ 62.151094][ T524] do_syscall_64+0x32/0x50 [ 62.155563][ T524] page_owner free stack trace missing [ 62.161050][ T524] [ 62.163461][ T524] Memory state around the buggy address: [ 62.169158][ T524] ffff88811dfbee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.177491][ T524] ffff88811dfbee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.185703][ T524] >ffff88811dfbef00: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 62.194087][ T524] ^ [ 62.200833][ T524] ffff88811dfbef80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 62.208926][ T524] ffff88811dfbf000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.217056][ T524] ================================================================== [ 62.259037][ T526] F2FS-fs (loop2): invalid crc value [ 62.260379][ T528] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 62.265489][ T526] F2FS-fs (loop2): Found nat_bits in checkpoint [ 62.271655][ T528] CPU: 1 PID: 528 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 62.286085][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.296207][ T528] Call Trace: [ 62.299215][ T526] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 62.299477][ T528] dump_stack_lvl+0x81/0xac [ 62.311481][ T528] dump_stack+0x10/0x12 [ 62.315707][ T528] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.321235][ T528] f2fs_iget+0x351e/0x4a00 [ 62.325628][ T528] f2fs_lookup+0x491/0xc20 [ 62.330365][ T528] ? __recover_dot_dentries+0x530/0x530 [ 62.335883][ T528] ? __legitimize_path+0x6c/0x170 [ 62.341016][ T528] __lookup_slow+0x19b/0x3d0 [ 62.345597][ T528] ? page_put_link+0x80/0x80 [ 62.350341][ T528] ? inode_permission.part.0+0xc2/0x320 [ 62.356172][ T528] walk_component+0x3ad/0x710 [ 62.361121][ T528] ? handle_dots.part.0+0x11c0/0x11c0 [ 62.366652][ T528] ? walk_component+0x710/0x710 [ 62.371597][ T528] path_lookupat+0x112/0x6a0 [ 62.376399][ T528] ? _atomic_dec_and_lock+0x19/0xa0 [ 62.381757][ T528] filename_lookup+0x17f/0x510 [ 62.386708][ T528] ? may_linkat+0x200/0x200 [ 62.391651][ T528] ? __check_object_size+0x1df/0x270 [ 62.397202][ T528] ? kmem_cache_alloc+0x17f/0x4f0 [ 62.402222][ T528] ? getname_flags.part.0+0x8c/0x480 [ 62.407506][ T528] user_path_at_empty+0xa2/0xf0 [ 62.412800][ T528] do_sys_truncate.part.0+0x85/0x100 [ 62.418323][ T528] ? vfs_truncate+0x540/0x540 [ 62.423323][ T528] ? __kasan_check_write+0x14/0x20 [ 62.428525][ T528] ? switch_fpu_return+0xbf/0x1b0 [ 62.433563][ T528] __x64_sys_truncate+0x54/0x80 [ 62.438401][ T528] do_syscall_64+0x32/0x50 [ 62.443132][ T528] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.449105][ T528] RIP: 0033:0x7fad93bd8be9 [ 62.453654][ T528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.473554][ T528] RSP: 002b:00007fad93a49038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 62.482211][ T528] RAX: ffffffffffffffda RBX: 00007fad93dfffa0 RCX: 00007fad93bd8be9 [ 62.490592][ T528] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 62.498885][ T528] RBP: 00007fad93c5be19 R08: 0000000000000000 R09: 0000000000000000 [ 62.507308][ T528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.515426][ T528] R13: 00007fad93e00038 R14: 00007fad93dfffa0 R15: 00007ffda7909558 [ 62.524389][ T528] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.535745][ T526] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 62.544480][ T541] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 62.547627][ T526] CPU: 1 PID: 526 Comm: syz.2.25 Tainted: G B syzkaller #0 [ 62.560353][ T526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.570768][ T526] Call Trace: [ 62.574145][ T526] dump_stack_lvl+0x81/0xac [ 62.578739][ T526] dump_stack+0x10/0x12 [ 62.582962][ T526] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.588810][ T526] f2fs_iget+0x351e/0x4a00 [ 62.593580][ T526] f2fs_lookup+0x491/0xc20 [ 62.599092][ T526] ? __recover_dot_dentries+0x530/0x530 [ 62.604798][ T526] ? __legitimize_path+0x6c/0x170 [ 62.609798][ T526] __lookup_slow+0x19b/0x3d0 [ 62.614460][ T526] ? page_put_link+0x80/0x80 [ 62.619196][ T526] ? inode_permission.part.0+0xc2/0x320 [ 62.624837][ T526] walk_component+0x3ad/0x710 [ 62.629484][ T526] ? handle_dots.part.0+0x11c0/0x11c0 [ 62.635181][ T526] ? walk_component+0x710/0x710 [ 62.640005][ T526] path_lookupat+0x112/0x6a0 [ 62.644575][ T526] ? _atomic_dec_and_lock+0x19/0xa0 [ 62.650042][ T526] filename_lookup+0x17f/0x510 [ 62.654980][ T526] ? may_linkat+0x200/0x200 [ 62.659494][ T526] ? __check_object_size+0x1df/0x270 [ 62.665169][ T526] ? kmem_cache_alloc+0x17f/0x4f0 [ 62.670197][ T526] ? getname_flags.part.0+0x8c/0x480 [ 62.676370][ T526] user_path_at_empty+0xa2/0xf0 [ 62.681476][ T526] do_sys_truncate.part.0+0x85/0x100 [ 62.686846][ T526] ? vfs_truncate+0x540/0x540 [ 62.691496][ T526] ? __kasan_check_write+0x14/0x20 [ 62.696591][ T526] ? switch_fpu_return+0xbf/0x1b0 [ 62.701617][ T526] __x64_sys_truncate+0x54/0x80 [ 62.706685][ T526] do_syscall_64+0x32/0x50 [ 62.711278][ T526] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.717333][ T526] RIP: 0033:0x7f0dd87a1be9 [ 62.721868][ T526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.741981][ T526] RSP: 002b:00007f0dd8612038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 62.750764][ T526] RAX: ffffffffffffffda RBX: 00007f0dd89c8fa0 RCX: 00007f0dd87a1be9 [ 62.759086][ T526] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 62.767037][ T526] RBP: 00007f0dd8824e19 R08: 0000000000000000 R09: 0000000000000000 [ 62.775182][ T526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.783412][ T526] R13: 00007f0dd89c9038 R14: 00007f0dd89c8fa0 R15: 00007fff3d1d7958 [ 62.792131][ T526] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 62.792693][ T541] CPU: 0 PID: 541 Comm: syz.4.26 Tainted: G B syzkaller #0 [ 62.813490][ T541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.824026][ T541] Call Trace: [ 62.827313][ T541] dump_stack_lvl+0x81/0xac [ 62.831797][ T541] dump_stack+0x10/0x12 [ 62.836300][ T541] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 62.842300][ T541] f2fs_iget+0x351e/0x4a00 [ 62.847266][ T541] f2fs_lookup+0x491/0xc20 [ 62.851685][ T541] ? __recover_dot_dentries+0x530/0x530 [ 62.857284][ T541] path_openat+0x1024/0x3950 [ 62.862372][ T541] ? path_lookupat+0x6a0/0x6a0 [ 62.867295][ T541] ? __kasan_check_read+0x11/0x20 [ 62.872481][ T541] ? pagevec_add_and_need_flush+0x216/0x290 [ 62.878423][ T541] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 62.885059][ T541] ? __mod_memcg_lruvec_state+0x118/0x330 [ 62.891301][ T541] ? __mod_node_page_state+0xa6/0x110 [ 62.896750][ T541] do_filp_open+0x193/0x3d0 [ 62.901498][ T541] ? may_open_dev+0xd0/0xd0 [ 62.906524][ T541] ? __check_object_size+0x1df/0x270 [ 62.911982][ T541] ? _raw_spin_unlock+0x41/0x70 [ 62.917017][ T541] do_sys_openat2+0x135/0x810 [ 62.921721][ T541] ? recalc_sigpending+0x7c/0xb0 [ 62.926714][ T541] ? build_open_flags+0x490/0x490 [ 62.931784][ T541] ? __kasan_check_write+0x14/0x20 [ 62.937145][ T541] ? __handle_speculative_fault+0xee/0x280 [ 62.943201][ T541] __x64_sys_openat+0x124/0x200 [ 62.948285][ T541] ? __ia32_sys_open+0x1b0/0x1b0 [ 62.953772][ T541] ? exit_to_user_mode_prepare+0x36/0x160 [ 62.959819][ T541] ? irqentry_exit_to_user_mode+0xe/0x10 [ 62.965832][ T541] do_syscall_64+0x32/0x50 [ 62.970422][ T541] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 62.977107][ T541] RIP: 0033:0x7fad93bd8be9 [ 62.981919][ T541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.002799][ T541] RSP: 002b:00007fad93a28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 63.011466][ T541] RAX: ffffffffffffffda RBX: 00007fad93e00090 RCX: 00007fad93bd8be9 [ 63.019843][ T541] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 63.027889][ T541] RBP: 00007fad93c5be19 R08: 0000000000000000 R09: 0000000000000000 [ 63.036010][ T541] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 63.044431][ T541] R13: 00007fad93e00128 R14: 00007fad93e00090 R15: 00007ffda7909558 [ 63.052859][ T541] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 63.053783][ T542] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 63.072464][ T542] CPU: 1 PID: 542 Comm: syz.2.25 Tainted: G B syzkaller #0 [ 63.081217][ T542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 63.091450][ T542] Call Trace: [ 63.094886][ T542] dump_stack_lvl+0x81/0xac [ 63.099536][ T542] dump_stack+0x10/0x12 [ 63.103708][ T542] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 63.109316][ T542] f2fs_iget+0x351e/0x4a00 [ 63.114069][ T542] f2fs_lookup+0x491/0xc20 [ 63.118592][ T542] ? __recover_dot_dentries+0x530/0x530 [ 63.124564][ T542] path_openat+0x1024/0x3950 [ 63.129206][ T542] ? path_lookupat+0x6a0/0x6a0 [ 63.133959][ T542] ? __kasan_check_read+0x11/0x20 [ 63.139138][ T542] ? pagevec_add_and_need_flush+0x216/0x290 [ 63.145323][ T542] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 63.151391][ T542] ? __mod_memcg_lruvec_state+0x118/0x330 [ 63.157552][ T542] ? __mod_node_page_state+0xa6/0x110 [ 63.163105][ T542] do_filp_open+0x193/0x3d0 [ 63.167673][ T542] ? may_open_dev+0xd0/0xd0 [ 63.172597][ T542] ? __check_object_size+0x1df/0x270 [ 63.178079][ T542] ? _raw_spin_unlock+0x41/0x70 [ 63.183095][ T542] do_sys_openat2+0x135/0x810 [ 63.187812][ T542] ? recalc_sigpending+0x7c/0xb0 [ 63.192818][ T542] ? build_open_flags+0x490/0x490 [ 63.198018][ T542] ? __kasan_check_write+0x14/0x20 [ 63.203118][ T542] ? __handle_speculative_fault+0xee/0x280 [ 63.209120][ T542] __x64_sys_openat+0x124/0x200 [ 63.214255][ T542] ? __ia32_sys_open+0x1b0/0x1b0 [ 63.219292][ T542] ? exit_to_user_mode_prepare+0x36/0x160 [ 63.224994][ T542] ? irqentry_exit_to_user_mode+0xe/0x10 [ 63.230783][ T542] do_syscall_64+0x32/0x50 [ 63.235259][ T542] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.241237][ T542] RIP: 0033:0x7f0dd87a1be9 [ 63.245667][ T542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.265935][ T542] RSP: 002b:00007f0dd85f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 63.274336][ T542] RAX: ffffffffffffffda RBX: 00007f0dd89c9090 RCX: 00007f0dd87a1be9 [ 63.282304][ T542] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 63.290358][ T542] RBP: 00007f0dd8824e19 R08: 0000000000000000 R09: 0000000000000000 [ 63.298410][ T542] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 63.306369][ T542] R13: 00007f0dd89c9128 R14: 00007f0dd89c9090 R15: 00007fff3d1d7958 [ 63.314701][ T542] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 63.405369][ T523] F2FS-fs (loop5): invalid crc value [ 63.431729][ T523] F2FS-fs (loop5): Found nat_bits in checkpoint [ 64.236840][ T544] F2FS-fs (loop3): invalid crc value [ 64.293441][ T544] F2FS-fs (loop3): Found nat_bits in checkpoint [ 64.357914][ T549] F2FS-fs (loop6): invalid crc value [ 64.385147][ T544] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 64.404454][ T544] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 64.413986][ T544] CPU: 1 PID: 544 Comm: syz.3.29 Tainted: G B syzkaller #0 [ 64.422789][ T544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 64.433028][ T544] Call Trace: [ 64.436412][ T544] dump_stack_lvl+0x81/0xac [ 64.440922][ T544] dump_stack+0x10/0x12 [ 64.445124][ T544] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.450840][ T544] f2fs_iget+0x351e/0x4a00 [ 64.455253][ T544] f2fs_lookup+0x491/0xc20 [ 64.459662][ T544] ? __recover_dot_dentries+0x530/0x530 [ 64.465215][ T544] ? __legitimize_path+0x6c/0x170 [ 64.470404][ T544] __lookup_slow+0x19b/0x3d0 [ 64.475069][ T544] ? page_put_link+0x80/0x80 [ 64.479650][ T544] ? inode_permission.part.0+0xc2/0x320 [ 64.485269][ T544] walk_component+0x3ad/0x710 [ 64.485774][ T549] F2FS-fs (loop6): Found nat_bits in checkpoint [ 64.489987][ T544] ? handle_dots.part.0+0x11c0/0x11c0 [ 64.501808][ T544] ? walk_component+0x710/0x710 [ 64.506782][ T544] path_lookupat+0x112/0x6a0 [ 64.511374][ T544] ? _atomic_dec_and_lock+0x19/0xa0 [ 64.516677][ T544] filename_lookup+0x17f/0x510 [ 64.521599][ T544] ? may_linkat+0x200/0x200 [ 64.526184][ T544] ? __check_object_size+0x1df/0x270 [ 64.531611][ T544] ? kmem_cache_alloc+0x17f/0x4f0 [ 64.536722][ T544] ? getname_flags.part.0+0x8c/0x480 [ 64.542446][ T544] user_path_at_empty+0xa2/0xf0 [ 64.547475][ T544] do_sys_truncate.part.0+0x85/0x100 [ 64.552947][ T544] ? vfs_truncate+0x540/0x540 [ 64.557706][ T544] ? __kasan_check_write+0x14/0x20 [ 64.563033][ T544] ? switch_fpu_return+0xbf/0x1b0 [ 64.568283][ T544] __x64_sys_truncate+0x54/0x80 [ 64.573128][ T544] do_syscall_64+0x32/0x50 [ 64.577625][ T544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.583598][ T544] RIP: 0033:0x7fc763321be9 [ 64.588359][ T544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.608532][ T544] RSP: 002b:00007fc763192038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 64.617649][ T544] RAX: ffffffffffffffda RBX: 00007fc763548fa0 RCX: 00007fc763321be9 [ 64.625816][ T544] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 64.634201][ T544] RBP: 00007fc7633a4e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.642159][ T544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 64.650370][ T544] R13: 00007fc763549038 R14: 00007fc763548fa0 R15: 00007fff695bfda8 [ 64.660987][ T549] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 64.668618][ T544] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.683376][ T566] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 64.690593][ T552] F2FS-fs (loop2): invalid crc value [ 64.695342][ T566] CPU: 1 PID: 566 Comm: syz.3.29 Tainted: G B syzkaller #0 [ 64.704712][ T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 64.715039][ T566] Call Trace: [ 64.718441][ T566] dump_stack_lvl+0x81/0xac [ 64.723033][ T566] dump_stack+0x10/0x12 [ 64.727278][ T566] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.733211][ T566] f2fs_iget+0x351e/0x4a00 [ 64.737727][ T566] f2fs_lookup+0x491/0xc20 [ 64.742234][ T566] ? __recover_dot_dentries+0x530/0x530 [ 64.748077][ T566] path_openat+0x1024/0x3950 [ 64.752294][ T549] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 64.752741][ T566] ? path_lookupat+0x6a0/0x6a0 [ 64.764400][ T566] ? __kasan_check_read+0x11/0x20 [ 64.765292][ T554] F2FS-fs (loop4): invalid crc value [ 64.769893][ T566] ? pagevec_add_and_need_flush+0x216/0x290 [ 64.769899][ T566] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 64.769907][ T566] ? __mod_memcg_lruvec_state+0x118/0x330 [ 64.769920][ T566] ? __mod_node_page_state+0xa6/0x110 [ 64.785252][ T554] F2FS-fs (loop4): Found nat_bits in checkpoint [ 64.787177][ T566] do_filp_open+0x193/0x3d0 [ 64.787182][ T566] ? may_open_dev+0xd0/0xd0 [ 64.787194][ T566] ? __check_object_size+0x1df/0x270 [ 64.819308][ T566] ? _raw_spin_unlock+0x41/0x70 [ 64.824419][ T566] do_sys_openat2+0x135/0x810 [ 64.829175][ T566] ? recalc_sigpending+0x7c/0xb0 [ 64.834190][ T566] ? build_open_flags+0x490/0x490 [ 64.839277][ T566] ? __kasan_check_write+0x14/0x20 [ 64.844607][ T566] ? __handle_speculative_fault+0xee/0x280 [ 64.850536][ T566] __x64_sys_openat+0x124/0x200 [ 64.855546][ T566] ? __ia32_sys_open+0x1b0/0x1b0 [ 64.860465][ T566] ? exit_to_user_mode_prepare+0x36/0x160 [ 64.866249][ T566] ? irqentry_exit_to_user_mode+0xe/0x10 [ 64.872047][ T566] do_syscall_64+0x32/0x50 [ 64.876617][ T566] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.883090][ T566] RIP: 0033:0x7fc763321be9 [ 64.886428][ T552] F2FS-fs (loop2): Found nat_bits in checkpoint [ 64.887759][ T566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.914493][ T566] RSP: 002b:00007fc763171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.923158][ T566] RAX: ffffffffffffffda RBX: 00007fc763549090 RCX: 00007fc763321be9 [ 64.931215][ T566] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 64.939267][ T566] RBP: 00007fc7633a4e19 R08: 0000000000000000 R09: 0000000000000000 [ 64.947313][ T566] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 64.955361][ T566] R13: 00007fc763549128 R14: 00007fc763549090 R15: 00007fff695bfda8 [ 64.963323][ T549] CPU: 0 PID: 549 Comm: syz.6.27 Tainted: G B syzkaller #0 [ 64.963831][ T566] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 64.972106][ T549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 64.972109][ T549] Call Trace: [ 64.972121][ T549] dump_stack_lvl+0x81/0xac [ 64.972124][ T549] dump_stack+0x10/0x12 2026/01/13 16:51:53 executed programs: 25 [ 64.972130][ T549] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 64.972137][ T549] f2fs_iget+0x351e/0x4a00 [ 64.972145][ T549] f2fs_lookup+0x491/0xc20 [ 64.986507][ T554] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 64.995995][ T549] ? __recover_dot_dentries+0x530/0x530 [ 64.996007][ T549] ? __legitimize_path+0x6c/0x170 [ 64.996010][ T549] __lookup_slow+0x19b/0x3d0 [ 64.996013][ T549] ? page_put_link+0x80/0x80 [ 64.996017][ T549] ? inode_permission.part.0+0xc2/0x320 [ 64.996020][ T549] walk_component+0x3ad/0x710 [ 64.996024][ T549] ? handle_dots.part.0+0x11c0/0x11c0 [ 64.996027][ T549] ? walk_component+0x710/0x710 [ 64.996031][ T549] path_lookupat+0x112/0x6a0 [ 64.996037][ T549] ? _atomic_dec_and_lock+0x19/0xa0 [ 64.996040][ T549] filename_lookup+0x17f/0x510 [ 64.996052][ T549] ? may_linkat+0x200/0x200 [ 65.000487][ T552] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 65.003897][ T549] ? __check_object_size+0x1df/0x270 [ 65.103468][ T549] ? kmem_cache_alloc+0x17f/0x4f0 [ 65.108561][ T549] ? getname_flags.part.0+0x8c/0x480 [ 65.114012][ T549] user_path_at_empty+0xa2/0xf0 [ 65.118841][ T549] do_sys_truncate.part.0+0x85/0x100 [ 65.124287][ T549] ? vfs_truncate+0x540/0x540 [ 65.129030][ T549] ? __kasan_check_write+0x14/0x20 [ 65.134378][ T549] ? switch_fpu_return+0xbf/0x1b0 [ 65.139389][ T549] __x64_sys_truncate+0x54/0x80 [ 65.144295][ T549] do_syscall_64+0x32/0x50 [ 65.148972][ T549] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.154946][ T549] RIP: 0033:0x7f3a665f4be9 [ 65.159437][ T549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.179188][ T549] RSP: 002b:00007f3a66465038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 65.187571][ T549] RAX: ffffffffffffffda RBX: 00007f3a6681bfa0 RCX: 00007f3a665f4be9 [ 65.195542][ T549] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 65.203677][ T549] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.211817][ T549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.220026][ T549] R13: 00007f3a6681c038 R14: 00007f3a6681bfa0 R15: 00007ffd97412c08 [ 65.228609][ T549] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.241235][ T572] F2FS-fs (loop6): access invalid blkaddr:2147563524 [ 65.248165][ T572] CPU: 1 PID: 572 Comm: syz.6.27 Tainted: G B syzkaller #0 [ 65.255474][ T556] F2FS-fs (loop5): invalid crc value [ 65.256673][ T572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 65.272269][ T572] Call Trace: [ 65.275563][ T572] dump_stack_lvl+0x81/0xac [ 65.280170][ T572] dump_stack+0x10/0x12 [ 65.284505][ T572] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 65.290145][ T572] f2fs_iget+0x351e/0x4a00 [ 65.294578][ T572] f2fs_lookup+0x491/0xc20 [ 65.299081][ T572] ? __recover_dot_dentries+0x530/0x530 [ 65.304721][ T572] path_openat+0x1024/0x3950 [ 65.309665][ T572] ? path_lookupat+0x6a0/0x6a0 [ 65.314434][ T572] ? __kasan_check_read+0x11/0x20 [ 65.319814][ T572] ? pagevec_add_and_need_flush+0x216/0x290 [ 65.322533][ T554] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 65.325883][ T572] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 65.325891][ T572] ? __mod_memcg_lruvec_state+0x118/0x330 [ 65.325896][ T572] ? __mod_node_page_state+0xa6/0x110 [ 65.325902][ T572] do_filp_open+0x193/0x3d0 [ 65.325906][ T572] ? may_open_dev+0xd0/0xd0 [ 65.325913][ T572] ? __check_object_size+0x1df/0x270 [ 65.325920][ T572] ? _raw_spin_unlock+0x41/0x70 [ 65.325929][ T572] do_sys_openat2+0x135/0x810 [ 65.374252][ T572] ? recalc_sigpending+0x7c/0xb0 [ 65.379229][ T572] ? build_open_flags+0x490/0x490 [ 65.384592][ T572] ? __kasan_check_write+0x14/0x20 [ 65.389989][ T572] ? __handle_speculative_fault+0xee/0x280 [ 65.396174][ T572] __x64_sys_openat+0x124/0x200 [ 65.401012][ T572] ? __ia32_sys_open+0x1b0/0x1b0 [ 65.404675][ T552] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 65.406027][ T572] ? exit_to_user_mode_prepare+0x36/0x160 [ 65.418546][ T572] ? irqentry_exit_to_user_mode+0xe/0x10 [ 65.424331][ T572] do_syscall_64+0x32/0x50 [ 65.428896][ T572] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.434845][ T572] RIP: 0033:0x7f3a665f4be9 [ 65.439239][ T572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.459306][ T572] RSP: 002b:00007f3a66444038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 65.467952][ T572] RAX: ffffffffffffffda RBX: 00007f3a6681c090 RCX: 00007f3a665f4be9 [ 65.475908][ T572] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 65.483968][ T572] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 65.492277][ T572] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 65.500229][ T572] R13: 00007f3a6681c128 R14: 00007f3a6681c090 R15: 00007ffd97412c08 [ 65.508770][ T554] CPU: 0 PID: 554 Comm: syz.4.28 Tainted: G B syzkaller #0 [ 65.510131][ T572] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.517532][ T554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 65.517535][ T554] Call Trace: [ 65.517548][ T554] dump_stack_lvl+0x81/0xac [ 65.517552][ T554] dump_stack+0x10/0x12 [ 65.517557][ T554] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 65.517570][ T554] f2fs_iget+0x351e/0x4a00 [ 65.530397][ T572] ================================================================== [ 65.540849][ T554] f2fs_lookup+0x491/0xc20 [ 65.544107][ T572] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 65.548705][ T554] ? __recover_dot_dentries+0x530/0x530 [ 65.553017][ T572] [ 65.558813][ T554] ? __legitimize_path+0x6c/0x170 [ 65.597812][ T554] __lookup_slow+0x19b/0x3d0 [ 65.602935][ T554] ? page_put_link+0x80/0x80 [ 65.608025][ T554] ? inode_permission.part.0+0xc2/0x320 [ 65.614200][ T554] walk_component+0x3ad/0x710 [ 65.619058][ T554] ? handle_dots.part.0+0x11c0/0x11c0 [ 65.624496][ T554] ? walk_component+0x710/0x710 [ 65.629599][ T554] path_lookupat+0x112/0x6a0 [ 65.634563][ T554] ? _atomic_dec_and_lock+0x19/0xa0 [ 65.639830][ T554] filename_lookup+0x17f/0x510 [ 65.644837][ T554] ? may_linkat+0x200/0x200 [ 65.649686][ T554] ? __check_object_size+0x1df/0x270 [ 65.655311][ T554] ? kmem_cache_alloc+0x17f/0x4f0 [ 65.660631][ T554] ? getname_flags.part.0+0x8c/0x480 [ 65.665902][ T554] user_path_at_empty+0xa2/0xf0 [ 65.670942][ T554] do_sys_truncate.part.0+0x85/0x100 [ 65.676218][ T554] ? vfs_truncate+0x540/0x540 [ 65.681167][ T554] ? __kasan_check_write+0x14/0x20 [ 65.686610][ T554] ? switch_fpu_return+0xbf/0x1b0 [ 65.692607][ T554] __x64_sys_truncate+0x54/0x80 [ 65.697720][ T554] do_syscall_64+0x32/0x50 [ 65.702376][ T554] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 65.708365][ T554] RIP: 0033:0x7fad93bd8be9 [ 65.713106][ T554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.733489][ T554] RSP: 002b:00007fad93a49038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 65.741982][ T554] RAX: ffffffffffffffda RBX: 00007fad93dfffa0 RCX: 00007fad93bd8be9 [ 65.750857][ T554] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 65.759669][ T554] RBP: 00007fad93c5be19 R08: 0000000000000000 R09: 0000000000000000 [ 65.769038][ T554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.777603][ T554] R13: 00007fad93e00038 R14: 00007fad93dfffa0 R15: 00007ffda7909558 [ 65.786519][ T572] CPU: 1 PID: 572 Comm: syz.6.27 Tainted: G B syzkaller #0 [ 65.795632][ T572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 65.806290][ T572] Call Trace: [ 65.810081][ T572] dump_stack_lvl+0x81/0xac [ 65.814742][ T572] print_address_description.constprop.0+0x24/0x160 [ 65.822350][ T572] ? kmem_cache_free+0x106/0x440 [ 65.827270][ T572] kasan_report_invalid_free+0x56/0x80 [ 65.832933][ T572] ? kmem_cache_free+0x106/0x440 [ 65.838032][ T572] __kasan_slab_free+0x134/0x150 [ 65.843476][ T572] slab_free_freelist_hook+0x9b/0x1a0 [ 65.849020][ T572] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.854991][ T572] kmem_cache_free+0x106/0x440 [ 65.860087][ T572] f2fs_destroy_extent_tree+0x174/0x4b0 [ 65.865886][ T572] f2fs_evict_inode+0x335/0x1680 [ 65.870912][ T572] ? preempt_count_add+0x7a/0x100 [ 65.875995][ T572] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 65.882080][ T572] ? f2fs_write_inode+0x1010/0x1010 [ 65.887631][ T572] ? var_wake_function+0x130/0x130 [ 65.893296][ T572] ? _raw_spin_lock_bh+0x110/0x110 [ 65.898680][ T572] ? vprintk_func+0x5a/0x150 [ 65.903618][ T572] ? _raw_spin_lock_bh+0x110/0x110 [ 65.909534][ T572] evict+0x372/0x940 [ 65.913763][ T572] ? new_inode+0x2f0/0x2f0 [ 65.918239][ T572] ? _raw_spin_lock+0x86/0x110 [ 65.923184][ T572] ? _raw_spin_lock_bh+0x110/0x110 [ 65.928529][ T572] ? __kasan_check_read+0x11/0x20 [ 65.933790][ T572] ? f2fs_drop_inode+0x71/0x910 [ 65.938711][ T572] iput.part.0+0x33b/0x640 [ 65.943399][ T572] iput+0x3f/0x50 [ 65.947123][ T572] iget_failed+0x1e/0x30 [ 65.951431][ T572] f2fs_iget+0x22be/0x4a00 [ 65.955909][ T572] f2fs_lookup+0x491/0xc20 [ 65.960467][ T572] ? __recover_dot_dentries+0x530/0x530 [ 65.964437][ T554] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 65.966620][ T572] path_openat+0x1024/0x3950 [ 65.985075][ T572] ? path_lookupat+0x6a0/0x6a0 [ 65.990136][ T572] ? __kasan_check_read+0x11/0x20 [ 65.990320][ T582] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 65.995332][ T572] ? pagevec_add_and_need_flush+0x216/0x290 [ 65.995336][ T572] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 65.995342][ T572] ? __mod_memcg_lruvec_state+0x118/0x330 [ 65.995347][ T572] ? __mod_node_page_state+0xa6/0x110 [ 65.995353][ T572] do_filp_open+0x193/0x3d0 [ 65.995356][ T572] ? may_open_dev+0xd0/0xd0 [ 65.995362][ T572] ? __check_object_size+0x1df/0x270 [ 65.995369][ T572] ? _raw_spin_unlock+0x41/0x70 [ 65.995375][ T572] do_sys_openat2+0x135/0x810 [ 65.995382][ T572] ? recalc_sigpending+0x7c/0xb0 [ 65.995389][ T572] ? build_open_flags+0x490/0x490 [ 66.043518][ T556] F2FS-fs (loop5): Found nat_bits in checkpoint [ 66.045906][ T572] ? __kasan_check_write+0x14/0x20 [ 66.045911][ T572] ? __handle_speculative_fault+0xee/0x280 [ 66.045920][ T572] __x64_sys_openat+0x124/0x200 [ 66.045924][ T572] ? __ia32_sys_open+0x1b0/0x1b0 [ 66.045935][ T572] ? exit_to_user_mode_prepare+0x36/0x160 [ 66.095382][ T572] ? irqentry_exit_to_user_mode+0xe/0x10 [ 66.100999][ T572] do_syscall_64+0x32/0x50 [ 66.105392][ T572] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.111253][ T572] RIP: 0033:0x7f3a665f4be9 [ 66.115828][ T572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.136027][ T572] RSP: 002b:00007f3a66444038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 66.144596][ T572] RAX: ffffffffffffffda RBX: 00007f3a6681c090 RCX: 00007f3a665f4be9 [ 66.152833][ T572] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 66.161079][ T572] RBP: 00007f3a66677e19 R08: 0000000000000000 R09: 0000000000000000 [ 66.169304][ T572] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 66.177278][ T572] R13: 00007f3a6681c128 R14: 00007f3a6681c090 R15: 00007ffd97412c08 [ 66.184195][ T556] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 66.185310][ T572] [ 66.185315][ T572] Allocated by task 549: [ 66.185330][ T572] kasan_save_stack+0x26/0x50 [ 66.193413][ T582] CPU: 0 PID: 582 Comm: syz.4.28 Tainted: G B syzkaller #0 [ 66.195441][ T572] __kasan_slab_alloc+0x94/0xc0 [ 66.199832][ T582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 66.204500][ T572] kmem_cache_alloc+0x15d/0x4f0 [ 66.213220][ T582] Call Trace: [ 66.218327][ T572] f2fs_init_extent_tree+0x98f/0xdf0 [ 66.228734][ T582] dump_stack_lvl+0x81/0xac [ 66.233765][ T572] f2fs_iget+0xa75/0x4a00 [ 66.237042][ T582] dump_stack+0x10/0x12 [ 66.242295][ T572] f2fs_lookup+0x491/0xc20 [ 66.246850][ T582] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 66.251141][ T572] __lookup_slow+0x19b/0x3d0 [ 66.255348][ T582] f2fs_iget+0x351e/0x4a00 [ 66.259730][ T572] walk_component+0x3ad/0x710 [ 66.265242][ T582] f2fs_lookup+0x491/0xc20 [ 66.270055][ T572] path_lookupat+0x112/0x6a0 [ 66.274617][ T582] ? __recover_dot_dentries+0x530/0x530 [ 66.279522][ T572] filename_lookup+0x17f/0x510 [ 66.284027][ T582] path_openat+0x1024/0x3950 [ 66.288751][ T572] user_path_at_empty+0xa2/0xf0 [ 66.294268][ T582] ? path_lookupat+0x6a0/0x6a0 [ 66.299259][ T572] do_sys_truncate.part.0+0x85/0x100 [ 66.303837][ T582] ? __kasan_check_read+0x11/0x20 [ 66.308732][ T572] __x64_sys_truncate+0x54/0x80 [ 66.313489][ T582] ? pagevec_add_and_need_flush+0x216/0x290 [ 66.318857][ T572] do_syscall_64+0x32/0x50 [ 66.323868][ T582] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 66.328951][ T572] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.335125][ T582] ? __mod_memcg_lruvec_state+0x118/0x330 [ 66.339866][ T572] [ 66.346020][ T582] ? __mod_node_page_state+0xa6/0x110 [ 66.352258][ T572] Freed by task 549: [ 66.358121][ T582] do_filp_open+0x193/0x3d0 [ 66.360433][ T572] kasan_save_stack+0x26/0x50 [ 66.365790][ T582] ? may_open_dev+0xd0/0xd0 [ 66.370261][ T572] kasan_set_track+0x25/0x30 [ 66.375166][ T582] ? __check_object_size+0x1df/0x270 [ 66.380202][ T572] kasan_set_free_info+0x24/0x40 [ 66.384765][ T582] ? _raw_spin_unlock+0x41/0x70 [ 66.389413][ T572] __kasan_slab_free+0x111/0x150 [ 66.394839][ T582] do_sys_openat2+0x135/0x810 [ 66.399833][ T572] slab_free_freelist_hook+0x9b/0x1a0 [ 66.404782][ T582] ? recalc_sigpending+0x7c/0xb0 [ 66.409772][ T572] kmem_cache_free+0x106/0x440 [ 66.414474][ T582] ? build_open_flags+0x490/0x490 [ 66.419817][ T572] f2fs_destroy_extent_tree+0x174/0x4b0 [ 66.424887][ T582] ? __kasan_check_write+0x14/0x20 [ 66.429624][ T572] f2fs_evict_inode+0x335/0x1680 [ 66.434899][ T582] ? __handle_speculative_fault+0xee/0x280 [ 66.440442][ T572] evict+0x372/0x940 [ 66.445556][ T582] __x64_sys_openat+0x124/0x200 [ 66.450452][ T572] iput.part.0+0x33b/0x640 [ 66.456394][ T582] ? __ia32_sys_open+0x1b0/0x1b0 [ 66.460254][ T572] iput+0x3f/0x50 [ 66.465223][ T582] ? exit_to_user_mode_prepare+0x36/0x160 [ 66.469704][ T572] iget_failed+0x1e/0x30 [ 66.474855][ T582] ? irqentry_exit_to_user_mode+0xe/0x10 [ 66.478455][ T572] f2fs_iget+0x22be/0x4a00 [ 66.484364][ T582] do_syscall_64+0x32/0x50 [ 66.488758][ T572] f2fs_lookup+0x491/0xc20 [ 66.494356][ T582] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.498756][ T572] __lookup_slow+0x19b/0x3d0 [ 66.503219][ T582] RIP: 0033:0x7fad93bd8be9 [ 66.507599][ T572] walk_component+0x3ad/0x710 [ 66.513462][ T582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.518051][ T572] path_lookupat+0x112/0x6a0 [ 66.522549][ T582] RSP: 002b:00007fad93a28038 EFLAGS: 00000246 [ 66.527277][ T572] filename_lookup+0x17f/0x510 [ 66.547315][ T582] ORIG_RAX: 0000000000000101 [ 66.551924][ T572] user_path_at_empty+0xa2/0xf0 [ 66.558083][ T582] RAX: ffffffffffffffda RBX: 00007fad93e00090 RCX: 00007fad93bd8be9 [ 66.562962][ T572] do_sys_truncate.part.0+0x85/0x100 [ 66.567612][ T582] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 66.572548][ T572] __x64_sys_truncate+0x54/0x80 [ 66.580787][ T582] RBP: 00007fad93c5be19 R08: 0000000000000000 R09: 0000000000000000 [ 66.586060][ T572] do_syscall_64+0x32/0x50 [ 66.594074][ T582] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 66.594080][ T582] R13: 00007fad93e00128 R14: 00007fad93e00090 R15: 00007ffda7909558 [ 66.598924][ T572] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.609665][ T552] CPU: 0 PID: 552 Comm: syz.2.30 Tainted: G B syzkaller #0 [ 66.611560][ T572] [ 66.620378][ T552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 66.628520][ T572] The buggy address belongs to the object at ffff88811fa04c40 [ 66.628520][ T572] which belongs to the cache f2fs_extent_tree of size 80 [ 66.628524][ T572] The buggy address is located 0 bytes inside of [ 66.628524][ T572] 80-byte region [ffff88811fa04c40, ffff88811fa04c90) [ 66.628527][ T572] The buggy address belongs to the page: [ 66.628535][ T572] page:ffffea00047e8100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fa04 [ 66.628539][ T572] flags: 0x4000000000000200(slab) [ 66.628546][ T572] raw: 4000000000000200 dead000000000100 dead000000000122 ffff88810458e480 [ 66.628549][ T572] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 66.628552][ T572] page dumped because: kasan: bad access detected [ 66.628554][ T572] page_owner tracks the page as allocated [ 66.628561][ T572] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 474, ts 56775122474, free_ts 34387993144 [ 66.628573][ T572] get_page_from_freelist+0x1fee/0x2ad0 [ 66.628589][ T572] __alloc_pages_nodemask+0x2ae/0x2530 [ 66.634448][ T552] Call Trace: [ 66.643177][ T572] allocate_slab+0x30f/0x460 [ 66.645663][ T552] dump_stack_lvl+0x81/0xac [ 66.656078][ T572] ___slab_alloc.constprop.0+0x32b/0x730 [ 66.670720][ T552] dump_stack+0x10/0x12 [ 66.683714][ T572] kmem_cache_alloc+0x491/0x4f0 [ 66.689524][ T552] f2fs_is_valid_blkaddr.cold+0x2a/0x47 [ 66.700170][ T572] f2fs_init_extent_tree+0x98f/0xdf0 [ 66.705261][ T552] f2fs_iget+0x351e/0x4a00 [ 66.713996][ T572] f2fs_iget+0xa75/0x4a00 [ 66.722720][ T552] f2fs_lookup+0x491/0xc20 [ 66.729624][ T572] f2fs_lookup+0x491/0xc20 [ 66.735486][ T552] ? __recover_dot_dentries+0x530/0x530 [ 66.755090][ T572] __lookup_slow+0x19b/0x3d0 [ 66.760927][ T552] ? __legitimize_path+0x6c/0x170 [ 66.766466][ T572] walk_component+0x3ad/0x710 [ 66.769749][ T552] __lookup_slow+0x19b/0x3d0 [ 66.774569][ T572] path_lookupat+0x112/0x6a0 [ 66.779149][ T552] ? page_put_link+0x80/0x80 [ 66.784752][ T572] filename_lookup+0x17f/0x510 [ 66.788956][ T552] ? inode_permission.part.0+0xc2/0x320 [ 66.793857][ T572] user_path_at_empty+0xa2/0xf0 [ 66.799521][ T552] walk_component+0x3ad/0x710 [ 66.804777][ T572] do_sys_truncate.part.0+0x85/0x100 [ 66.809333][ T552] ? handle_dots.part.0+0x11c0/0x11c0 [ 66.813826][ T572] __x64_sys_truncate+0x54/0x80 [ 66.818299][ T552] ? walk_component+0x710/0x710 [ 66.822964][ T572] do_syscall_64+0x32/0x50 [ 66.829278][ T552] path_lookupat+0x112/0x6a0 [ 66.833935][ T572] page last free stack trace: [ 66.839016][ T552] ? _atomic_dec_and_lock+0x19/0xa0 [ 66.844246][ T572] free_pcp_prepare+0x1a7/0x230 [ 66.849269][ T552] filename_lookup+0x17f/0x510 [ 66.854116][ T572] free_unref_page_list+0x18a/0xae0 [ 66.859087][ T552] ? may_linkat+0x200/0x200 [ 66.864018][ T572] release_pages+0x374/0xb00 [ 66.869539][ T552] ? __check_object_size+0x1df/0x270 [ 66.874350][ T572] free_pages_and_swap_cache+0x180/0x1e0 [ 66.879725][ T552] ? kmem_cache_alloc+0x17f/0x4f0 [ 66.885648][ T572] tlb_flush_mmu+0xbe/0x590 [ 66.891868][ T552] ? getname_flags.part.0+0x8c/0x480 [ 66.897123][ T572] unmap_page_range+0x127b/0x1d60 [ 66.902418][ T552] user_path_at_empty+0xa2/0xf0 [ 66.906805][ T572] unmap_vmas+0x1cf/0x390 [ 66.911535][ T552] do_sys_truncate.part.0+0x85/0x100 [ 66.916345][ T572] exit_mmap+0x276/0x520 [ 66.921538][ T552] ? vfs_truncate+0x540/0x540 [ 66.926394][ T572] mmput+0x99/0x430 [ 66.931416][ T552] ? __kasan_check_write+0x14/0x20 [ 66.936776][ T572] do_exit+0x873/0x2330 [ 66.941277][ T552] ? switch_fpu_return+0xbf/0x1b0 [ 66.945979][ T572] do_group_exit+0xe6/0x290 [ 66.951484][ T552] __x64_sys_truncate+0x54/0x80 [ 66.957100][ T572] get_signal+0x353/0x1a10 [ 66.962549][ T552] do_syscall_64+0x32/0x50 [ 66.967795][ T572] arch_do_signal_or_restart+0x2c1/0x1b70 [ 66.973598][ T552] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 66.979232][ T572] exit_to_user_mode_prepare+0x10f/0x160 [ 66.984477][ T552] RIP: 0033:0x7f0dd87a1be9 [ 66.988902][ T572] syscall_exit_to_user_mode+0x27/0x160 [ 66.994560][ T552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.998874][ T572] do_syscall_64+0x3f/0x50 [ 67.003645][ T552] RSP: 002b:00007f0dd8612038 EFLAGS: 00000246 [ 67.007446][ T572] [ 67.012736][ T552] ORIG_RAX: 000000000000004c [ 67.017118][ T572] Memory state around the buggy address: [ 67.022290][ T552] RAX: ffffffffffffffda RBX: 00007f0dd89c8fa0 RCX: 00007f0dd87a1be9 [ 67.026756][ T572] ffff88811fa04b00: fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb [ 67.031658][ T552] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280 [ 67.036234][ T572] ffff88811fa04b80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 67.040723][ T552] RBP: 00007f0dd8824e19 R08: 0000000000000000 R09: 0000000000000000 [ 67.046508][ T572] >ffff88811fa04c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 67.052574][ T552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.058609][ T572] ^ [ 67.062991][ T552] R13: 00007f0dd89c9038 R14: 00007f0dd89c8fa0 R15: 00007fff3d1d7958 [ 67.068688][ T572] ffff88811fa04c80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.096606][ T582] F2FS-fs (loop4): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 67.101674][ T572] ffff88811fa04d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.220404][ T572] ================================================================== [ 67.228774][ T582] ================================================================== [ 67.234813][ T552] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 67.237564][ T582] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x106/0x440 [ 67.251008][ T583] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 67.259674][ T582] [ 67.259686][ T582] CPU: 0 PID: 582 Comm: syz.4.28 Tainted: G B syzkaller #0 [ 67.259689][ T582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 67.259691][ T582] Call Trace: [ 67.259707][ T582] dump_stack_lvl+0x81/0xac [ 67.259715][ T582] print_address_description.constprop.0+0x24/0x160 [ 67.259719][ T582] ? kmem_cache_free+0x106/0x440 [ 67.259722][ T582] kasan_report_invalid_free+0x56/0x80 [ 67.259725][ T582] ? kmem_cache_free+0x106/0x440 [ 67.259728][ T582] __kasan_slab_free+0x134/0x150 [ 67.259732][ T582] slab_free_freelist_hook+0x9b/0x1a0 [ 67.259741][ T582] ? f2fs_destroy_extent_tree+0x174/0x4b0 [ 67.259749][ T582] kmem_cache_free+0x106/0x440 [ 67.340724][ T582] f2fs_destroy_extent_tree+0x174/0x4b0 [ 67.346531][ T582] f2fs_evict_inode+0x335/0x1680 [ 67.351559][ T582] ? irq_work_queue+0x3c/0x50 [ 67.356480][ T582] ? __inode_wait_for_writeback+0xe7/0x1c0 [ 67.362520][ T582] ? f2fs_write_inode+0x1010/0x1010 [ 67.367690][ T582] ? var_wake_function+0x130/0x130 [ 67.372976][ T582] ? _raw_spin_lock_bh+0x110/0x110 [ 67.378667][ T582] ? vprintk_func+0x5a/0x150 [ 67.383646][ T582] ? _raw_spin_lock_bh+0x110/0x110 [ 67.388856][ T582] evict+0x372/0x940 [ 67.393424][ T582] ? irqentry_exit+0x53/0x60 [ 67.398433][ T582] ? new_inode+0x2f0/0x2f0 [ 67.403134][ T582] ? _raw_spin_lock+0x86/0x110 [ 67.407965][ T582] ? _raw_spin_lock_bh+0x110/0x110 [ 67.413345][ T582] ? __kasan_check_read+0x11/0x20 [ 67.418512][ T582] ? f2fs_drop_inode+0x71/0x910 [ 67.423700][ T582] iput.part.0+0x33b/0x640 [ 67.428274][ T582] iput+0x3f/0x50 [ 67.432051][ T582] iget_failed+0x1e/0x30 [ 67.436564][ T582] f2fs_iget+0x22be/0x4a00 [ 67.440962][ T582] f2fs_lookup+0x491/0xc20 [ 67.445366][ T582] ? __recover_dot_dentries+0x530/0x530 [ 67.450990][ T582] path_openat+0x1024/0x3950 [ 67.455741][ T582] ? path_lookupat+0x6a0/0x6a0 [ 67.460577][ T582] ? __kasan_check_read+0x11/0x20 [ 67.465682][ T582] ? pagevec_add_and_need_flush+0x216/0x290 [ 67.471565][ T582] ? perf_trace_mm_lru_insertion+0x970/0x970 [ 67.477629][ T582] ? __mod_memcg_lruvec_state+0x118/0x330 [ 67.483354][ T582] ? __mod_node_page_state+0xa6/0x110 [ 67.488692][ T582] do_filp_open+0x193/0x3d0 [ 67.493455][ T582] ? may_open_dev+0xd0/0xd0 [ 67.498021][ T582] ? __check_object_size+0x1df/0x270 [ 67.503444][ T582] ? _raw_spin_unlock+0x41/0x70 [ 67.508451][ T582] do_sys_openat2+0x135/0x810 [ 67.513339][ T582] ? recalc_sigpending+0x7c/0xb0 [ 67.518355][ T582] ? build_open_flags+0x490/0x490 [ 67.523469][ T582] ? __kasan_check_write+0x14/0x20 [ 67.528639][ T582] ? __handle_speculative_fault+0xee/0x280 [ 67.534929][ T582] __x64_sys_openat+0x124/0x200 [ 67.539783][ T582] ? __ia32_sys_open+0x1b0/0x1b0 [ 67.544695][ T582] ? exit_to_user_mode_prepare+0x36/0x160 [ 67.550672][ T582] ? irqentry_exit_to_user_mode+0xe/0x10 [ 67.556290][ T582] do_syscall_64+0x32/0x50 [ 67.561001][ T582] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 67.567065][ T582] RIP: 0033:0x7fad93bd8be9 [ 67.571583][ T582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.593080][ T582] RSP: 002b:00007fad93a28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 67.602177][ T582] RAX: ffffffffffffffda RBX: 00007fad93e00090 RCX: 00007fad93bd8be9 [ 67.610933][ T582] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 67.619221][ T582] RBP: 00007fad93c5be19 R08: 0000000000000000 R09: 0000000000000000 [ 67.627469][ T582] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 67.635652][ T582] R13: 00007fad93e00128 R14: 00007fad93e00090 R15: 00007ffda7909558 [ 67.644216][ T582] [ 67.646617][ T582] Allocated by task 554: [ 67.651313][ T582] kasan_save_stack+0x26/0x50 [ 67.656642][ T582] __kasan_slab_alloc+0x94/0xc0 [ 67.661787][ T582] kmem_cache_alloc+0x15d/0x4f0 [ 67.666617][ T582] f2fs_init_extent_tree+0x98f/0xdf0