syzkaller
syzkaller login: [ 7.937616][ T111] udevd (111) used greatest stack depth: 22912 bytes left
[ 14.458064][ T30] kauditd_printk_skb: 48 callbacks suppressed
[ 14.458077][ T30] audit: type=1400 audit(1767664167.262:59): avc: denied { transition } for pid=223 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.464419][ T30] audit: type=1400 audit(1767664167.262:60): avc: denied { noatsecure } for pid=223 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.468040][ T30] audit: type=1400 audit(1767664167.272:61): avc: denied { write } for pid=223 comm="sh" path="pipe:[14950]" dev="pipefs" ino=14950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 14.471934][ T30] audit: type=1400 audit(1767664167.272:62): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.473999][ T220] sshd-session (220) used greatest stack depth: 22240 bytes left
[ 14.475143][ T30] audit: type=1400 audit(1767664167.272:63): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts.
2026/01/06 01:49:46 parsed 1 programs
[ 34.052542][ T30] audit: type=1400 audit(1767664186.862:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 34.073243][ T30] audit: type=1400 audit(1767664186.862:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 34.695229][ T30] audit: type=1400 audit(1767664187.502:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 34.696243][ T289] cgroup: Unknown subsys name 'net'
[ 34.717910][ T30] audit: type=1400 audit(1767664187.502:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 34.745145][ T30] audit: type=1400 audit(1767664187.532:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 34.745304][ T289] cgroup: Unknown subsys name 'devices'
[ 34.922049][ T289] cgroup: Unknown subsys name 'hugetlb'
[ 34.927648][ T289] cgroup: Unknown subsys name 'rlimit'
[ 35.068425][ T30] audit: type=1400 audit(1767664187.872:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 35.091632][ T30] audit: type=1400 audit(1767664187.872:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 35.112079][ T30] audit: type=1400 audit(1767664187.872:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 35.117521][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 35.132460][ T30] audit: type=1400 audit(1767664187.872:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 35.161077][ T30] audit: type=1400 audit(1767664187.872:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 35.216496][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 35.710686][ T300] request_module fs-gadgetfs succeeded, but still no fs?
[ 35.747028][ T299] bridge0: port 1(bridge_slave_0) entered blocking state
[ 35.768518][ T299] bridge0: port 1(bridge_slave_0) entered disabled state
[ 35.777817][ T299] device bridge_slave_0 entered promiscuous mode
[ 35.805057][ T299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 35.812190][ T299] bridge0: port 2(bridge_slave_1) entered disabled state
[ 35.819550][ T299] device bridge_slave_1 entered promiscuous mode
[ 36.167469][ T299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.174537][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 36.181914][ T299] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.188925][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 36.241175][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.248643][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.265128][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 36.272690][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 36.302003][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 36.311019][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.318056][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 36.325800][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 36.334236][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.341291][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 36.349472][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 36.357552][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 36.380739][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 36.392388][ T299] device veth0_vlan entered promiscuous mode
[ 36.405935][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 36.414006][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 36.421465][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 36.430893][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 36.439607][ T299] device veth1_macvtap entered promiscuous mode
[ 36.448160][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2026/01/06 01:49:49 executed programs: 0
[ 36.457664][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 36.640230][ T370] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.647313][ T370] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.654742][ T370] device bridge_slave_0 entered promiscuous mode
[ 36.662612][ T370] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.669640][ T370] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.677101][ T370] device bridge_slave_1 entered promiscuous mode
[ 36.691127][ T369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.698166][ T369] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.705767][ T369] device bridge_slave_0 entered promiscuous mode
[ 36.713534][ T369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.721455][ T369] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.728746][ T369] device bridge_slave_1 entered promiscuous mode
[ 36.756280][ T374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.763354][ T374] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.770733][ T374] device bridge_slave_0 entered promiscuous mode
[ 36.777497][ T374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.784536][ T374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.791989][ T374] device bridge_slave_1 entered promiscuous mode
[ 36.889354][ T375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.896450][ T375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.904015][ T375] device bridge_slave_0 entered promiscuous mode
[ 36.916882][ T372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.923974][ T372] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.931253][ T372] device bridge_slave_0 entered promiscuous mode
[ 36.937975][ T372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.945028][ T372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.952395][ T372] device bridge_slave_1 entered promiscuous mode
[ 36.965441][ T375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.972511][ T375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.979750][ T375] device bridge_slave_1 entered promiscuous mode
[ 37.079632][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.087039][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.107134][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.115384][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.123506][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.130532][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.150704][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 37.167846][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.176363][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.184771][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.191804][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.231103][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.238986][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.266988][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.274642][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.298167][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 37.306476][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 37.313989][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 37.321502][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.330047][ T369] device veth0_vlan entered promiscuous mode
[ 37.342820][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.351392][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.359491][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.366521][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.373973][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.382373][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.390530][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.397531][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.407208][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 37.422936][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.430725][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.438082][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.446375][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.454588][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.461633][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.469065][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.477453][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.485646][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.492671][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.500045][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 37.511448][ T369] device veth1_macvtap entered promiscuous mode
[ 37.530429][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.538228][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 37.546904][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.555492][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.562688][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.570123][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.578330][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.585358][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.593670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 37.624118][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 37.633481][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.641854][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 37.650058][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.658109][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.666169][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.674182][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.682194][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.690322][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.697330][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.704708][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.712922][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.719928][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.727601][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 37.757589][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.771182][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.779143][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.789648][ T370] device veth0_vlan entered promiscuous mode
[ 37.817615][ T372] device veth0_vlan entered promiscuous mode
[ 37.823863][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 37.833289][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.841985][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 37.849857][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 37.858153][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 37.866398][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.874564][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 37.883107][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.891565][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 37.899850][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.908436][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 37.916675][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 37.924911][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 37.932489][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 37.939901][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 37.947480][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 37.963718][ T374] device veth0_vlan entered promiscuous mode
[ 37.975602][ T372] device veth1_macvtap entered promiscuous mode
[ 37.983793][ T370] device veth1_macvtap entered promiscuous mode
[ 37.990967][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 37.999123][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.007563][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 38.015725][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 38.023903][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.032126][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 38.040577][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.048749][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 38.070700][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 38.078288][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 38.085945][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 38.095841][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.104404][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.112906][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.121492][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.129751][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.138382][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.146805][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.155689][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.164269][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.175586][ T374] device veth1_macvtap entered promiscuous mode
[ 38.188227][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 38.196998][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.205295][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 38.213541][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 38.221739][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.229822][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 38.237607][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 38.244688][ T422] loop5: detected capacity change from 0 to 131072
[ 38.246722][ T375] device veth0_vlan entered promiscuous mode
[ 38.262089][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.271036][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.294217][ T422] =======================================================
[ 38.294217][ T422] WARNING: The mand mount option has been deprecated and
[ 38.294217][ T422] and is ignored by this kernel. Remove the mand
[ 38.294217][ T422] option from the mount to silence this warning.
[ 38.294217][ T422] =======================================================
[ 38.338874][ T375] device veth1_macvtap entered promiscuous mode
[ 38.345610][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 38.354550][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.362718][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 38.379815][ T422] F2FS-fs (loop5): invalid crc value
[ 38.388632][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.410962][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.439754][ T422] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 38.451494][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.471030][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.479404][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.497823][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.532494][ T422] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 38.544260][ T422] F2FS-fs (loop5): access invalid blkaddr:2147563524
[ 38.560542][ T422] CPU: 0 PID: 422 Comm: syz.5.17 Not tainted syzkaller #0
[ 38.567674][ T422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 38.577737][ T422] Call Trace:
[ 38.581012][ T422]
[ 38.583939][ T422] __dump_stack+0x21/0x30
[ 38.588287][ T422] dump_stack_lvl+0xee/0x150
[ 38.592869][ T422] ? show_regs_print_info+0x20/0x20
[ 38.598067][ T422] ? f2fs_init_extent_tree+0x77d/0xc70
[ 38.603521][ T422] ? memcpy+0x56/0x70
[ 38.607937][ T422] dump_stack+0x15/0x20
[ 38.612085][ T422] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 38.617537][ T422] f2fs_iget+0x216d/0x5230
[ 38.622037][ T422] f2fs_lookup+0x366/0xab0
[ 38.626463][ T422] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 38.632540][ T422] ? d_hash_and_lookup+0x1f0/0x1f0
[ 38.637660][ T422] ? lockref_get_not_dead+0xe6/0x1c0
[ 38.642942][ T422] ? downgrade_write+0x410/0x410
[ 38.647881][ T422] __lookup_slow+0x2aa/0x3e0
[ 38.652465][ T422] ? lookup_one_len+0x2c0/0x2c0
[ 38.657308][ T422] ? down_read+0xa5/0xf0
[ 38.661545][ T422] ? handle_dots+0xe10/0xe10
[ 38.666140][ T422] lookup_slow+0x57/0x70
[ 38.670472][ T422] walk_component+0x325/0x460
[ 38.675146][ T422] path_lookupat+0x180/0x490
[ 38.679729][ T422] filename_lookup+0x1e2/0x4f0
[ 38.684482][ T422] ? hashlen_string+0x120/0x120
[ 38.689338][ T422] user_path_at_empty+0x47/0x1c0
[ 38.694286][ T422] do_sys_truncate+0xa3/0x190
[ 38.698958][ T422] ? break_lease+0xd0/0xd0
[ 38.703369][ T422] ? __kasan_check_write+0x14/0x20
[ 38.708476][ T422] ? switch_fpu_return+0x15d/0x2c0
[ 38.713583][ T422] __x64_sys_truncate+0x5b/0x70
[ 38.718433][ T422] x64_sys_call+0x212/0x9a0
[ 38.722927][ T422] do_syscall_64+0x4c/0xa0
[ 38.727346][ T422] ? clear_bhb_loop+0x50/0xa0
[ 38.732018][ T422] ? clear_bhb_loop+0x50/0xa0
[ 38.736713][ T422] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 38.742611][ T422] RIP: 0033:0x7f76f640c749
[ 38.747021][ T422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 38.766623][ T422] RSP: 002b:00007f76f627c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 38.775037][ T422] RAX: ffffffffffffffda RBX: 00007f76f6662fa0 RCX: 00007f76f640c749
[ 38.783029][ T422] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 38.791002][ T422] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 38.798978][ T422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 38.806950][ T422] R13: 00007f76f6663038 R14: 00007f76f6662fa0 R15: 00007fff917ae288
[ 38.814921][ T422]
[ 39.150420][ T422] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 39.163885][ T435] F2FS-fs (loop5): access invalid blkaddr:2147563524
[ 39.180470][ T435] CPU: 1 PID: 435 Comm: syz.5.17 Not tainted syzkaller #0
[ 39.187607][ T435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 39.197654][ T435] Call Trace:
[ 39.200963][ T435]
[ 39.203886][ T435] __dump_stack+0x21/0x30
[ 39.208220][ T435] dump_stack_lvl+0xee/0x150
[ 39.212818][ T435] ? show_regs_print_info+0x20/0x20
[ 39.218024][ T435] ? _raw_spin_lock+0x8e/0xe0
[ 39.222701][ T435] dump_stack+0x15/0x20
[ 39.226854][ T435] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 39.232220][ T435] f2fs_iget+0x216d/0x5230
[ 39.236633][ T435] f2fs_lookup+0x366/0xab0
[ 39.241042][ T435] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 39.247105][ T435] ? d_hash_and_lookup+0x1f0/0x1f0
[ 39.252212][ T435] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 39.258273][ T435] path_openat+0xfcf/0x2f10
[ 39.262775][ T435] ? do_filp_open+0x3e0/0x3e0
[ 39.267447][ T435] ? expand_files+0xde/0x8e0
[ 39.272035][ T435] do_filp_open+0x1b3/0x3e0
[ 39.276534][ T435] ? vfs_tmpfile+0x2d0/0x2d0
[ 39.281121][ T435] do_sys_openat2+0x14c/0x7b0
[ 39.285794][ T435] ? do_sys_open+0xe0/0xe0
[ 39.290210][ T435] __x64_sys_openat+0x136/0x160
[ 39.295054][ T435] x64_sys_call+0x219/0x9a0
[ 39.299552][ T435] do_syscall_64+0x4c/0xa0
[ 39.303965][ T435] ? clear_bhb_loop+0x50/0xa0
[ 39.308635][ T435] ? clear_bhb_loop+0x50/0xa0
[ 39.313302][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 39.319188][ T435] RIP: 0033:0x7f76f640c749
[ 39.323595][ T435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 39.343199][ T435] RSP: 002b:00007f76f625b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 39.351612][ T435] RAX: ffffffffffffffda RBX: 00007f76f6663090 RCX: 00007f76f640c749
[ 39.359580][ T435] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 39.367545][ T435] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 39.375511][ T435] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 39.383474][ T435] R13: 00007f76f6663128 R14: 00007f76f6663090 R15: 00007fff917ae288
[ 39.385556][ T426] loop6: detected capacity change from 0 to 131072
[ 39.391464][ T435]
[ 39.519306][ T424] loop2: detected capacity change from 0 to 131072
[ 39.544501][ T426] F2FS-fs (loop6): invalid crc value
[ 39.547677][ T431] loop3: detected capacity change from 0 to 131072
[ 39.556742][ T435] ==================================================================
[ 39.564807][ T435] BUG: KASAN: use-after-free in f2fs_iget+0x487c/0x5230
[ 39.571745][ T435] Read of size 4 at addr ffff888120a86098 by task syz.5.17/435
[ 39.579280][ T435]
[ 39.581595][ T435] CPU: 1 PID: 435 Comm: syz.5.17 Not tainted syzkaller #0
[ 39.588697][ T435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 39.598746][ T435] Call Trace:
[ 39.602027][ T435]
[ 39.604960][ T435] __dump_stack+0x21/0x30
[ 39.609289][ T435] dump_stack_lvl+0xee/0x150
[ 39.613875][ T435] ? show_regs_print_info+0x20/0x20
[ 39.619071][ T435] ? load_image+0x3a0/0x3a0
[ 39.623573][ T435] ? dump_stack_lvl+0x122/0x150
[ 39.628424][ T435] print_address_description+0x7f/0x2c0
[ 39.633971][ T435] ? f2fs_iget+0x487c/0x5230
[ 39.638561][ T435] kasan_report+0xf1/0x140
[ 39.642974][ T435] ? dump_stack+0x15/0x20
[ 39.647306][ T435] ? f2fs_iget+0x487c/0x5230
[ 39.651902][ T435] __asan_report_load4_noabort+0x14/0x20
[ 39.657533][ T435] f2fs_iget+0x487c/0x5230
[ 39.661953][ T435] f2fs_lookup+0x366/0xab0
[ 39.666367][ T435] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 39.672430][ T435] ? d_hash_and_lookup+0x1f0/0x1f0
[ 39.676302][ T434] loop4: detected capacity change from 0 to 131072
[ 39.677535][ T435] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 39.685483][ T426] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 39.690052][ T435] path_openat+0xfcf/0x2f10
[ 39.700752][ T435] ? do_filp_open+0x3e0/0x3e0
[ 39.705425][ T435] ? expand_files+0xde/0x8e0
[ 39.710046][ T435] do_filp_open+0x1b3/0x3e0
[ 39.714557][ T435] ? vfs_tmpfile+0x2d0/0x2d0
[ 39.719163][ T435] do_sys_openat2+0x14c/0x7b0
[ 39.720785][ T426] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 39.723840][ T435] ? do_sys_open+0xe0/0xe0
[ 39.731970][ T426] F2FS-fs (loop6): access invalid blkaddr:2147563524
[ 39.735663][ T435] __x64_sys_openat+0x136/0x160
[ 39.747141][ T435] x64_sys_call+0x219/0x9a0
[ 39.751633][ T435] do_syscall_64+0x4c/0xa0
[ 39.756040][ T435] ? clear_bhb_loop+0x50/0xa0
[ 39.760703][ T435] ? clear_bhb_loop+0x50/0xa0
[ 39.765369][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 39.771256][ T435] RIP: 0033:0x7f76f640c749
[ 39.775653][ T435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 39.795243][ T435] RSP: 002b:00007f76f625b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 39.803644][ T435] RAX: ffffffffffffffda RBX: 00007f76f6663090 RCX: 00007f76f640c749
[ 39.811604][ T435] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 39.819564][ T435] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 39.827519][ T435] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 39.835473][ T435] R13: 00007f76f6663128 R14: 00007f76f6663090 R15: 00007fff917ae288
[ 39.843434][ T435]
[ 39.846443][ T435]
[ 39.846444][ T426] CPU: 0 PID: 426 Comm: syz.6.18 Not tainted syzkaller #0
[ 39.848749][ T435] Allocated by task 422:
[ 39.855838][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 39.860053][ T435] __kasan_slab_alloc+0xbd/0xf0
[ 39.870079][ T426] Call Trace:
[ 39.870086][ T426]
[ 39.874902][ T435] slab_post_alloc_hook+0x4f/0x2b0
[ 39.878159][ T426] __dump_stack+0x21/0x30
[ 39.881065][ T435] kmem_cache_alloc+0xf7/0x260
[ 39.886145][ T426] dump_stack_lvl+0xee/0x150
[ 39.890445][ T435] f2fs_init_extent_tree+0x4b9/0xc70
[ 39.895176][ T426] ? show_regs_print_info+0x20/0x20
[ 39.899733][ T435] f2fs_iget+0x13c9/0x5230
[ 39.905006][ T426] ? f2fs_init_extent_tree+0x77d/0xc70
[ 39.910175][ T435] f2fs_lookup+0x366/0xab0
[ 39.914560][ T426] ? memcpy+0x56/0x70
[ 39.919984][ T435] __lookup_slow+0x2aa/0x3e0
[ 39.924369][ T426] dump_stack+0x15/0x20
[ 39.928319][ T435] lookup_slow+0x57/0x70
[ 39.932880][ T426] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 39.937005][ T435] walk_component+0x325/0x460
[ 39.941216][ T426] f2fs_iget+0x216d/0x5230
[ 39.946552][ T435] path_lookupat+0x180/0x490
[ 39.951200][ T426] f2fs_lookup+0x366/0xab0
[ 39.955579][ T435] filename_lookup+0x1e2/0x4f0
[ 39.960137][ T426] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 39.964519][ T435] user_path_at_empty+0x47/0x1c0
[ 39.969252][ T426] ? d_hash_and_lookup+0x1f0/0x1f0
[ 39.975284][ T435] do_sys_truncate+0xa3/0x190
[ 39.980192][ T426] ? lockref_get_not_dead+0xe6/0x1c0
[ 39.985271][ T435] __x64_sys_truncate+0x5b/0x70
[ 39.989919][ T426] ? downgrade_write+0x410/0x410
[ 39.995170][ T435] x64_sys_call+0x212/0x9a0
[ 39.999988][ T426] __lookup_slow+0x2aa/0x3e0
[ 40.004890][ T435] do_syscall_64+0x4c/0xa0
[ 40.009363][ T426] ? lookup_one_len+0x2c0/0x2c0
[ 40.013920][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 40.018304][ T426] ? down_read+0xa5/0xf0
[ 40.023121][ T435]
[ 40.023126][ T435] Freed by task 422:
[ 40.028981][ T426] ? handle_dots+0xe10/0xe10
[ 40.033193][ T435] kasan_set_track+0x4a/0x70
[ 40.035491][ T426] lookup_slow+0x57/0x70
[ 40.039354][ T435] kasan_set_free_info+0x23/0x40
[ 40.043916][ T426] walk_component+0x325/0x460
[ 40.048474][ T435] ____kasan_slab_free+0x125/0x160
[ 40.052683][ T426] path_lookupat+0x180/0x490
[ 40.057584][ T435] __kasan_slab_free+0x11/0x20
[ 40.062234][ T426] filename_lookup+0x1e2/0x4f0
[ 40.067313][ T435] slab_free_freelist_hook+0xc2/0x190
[ 40.071893][ T426] ? hashlen_string+0x120/0x120
[ 40.076625][ T435] kmem_cache_free+0x100/0x320
[ 40.081361][ T426] user_path_at_empty+0x47/0x1c0
[ 40.086694][ T435] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 40.091516][ T426] do_sys_truncate+0xa3/0x190
[ 40.096245][ T435] f2fs_evict_inode+0x4f0/0x1600
[ 40.101154][ T426] ? break_lease+0xd0/0xd0
[ 40.106669][ T435] evict+0x485/0x870
[ 40.111311][ T426] ? __kasan_check_write+0x14/0x20
[ 40.116213][ T435] iput+0x635/0x7c0
[ 40.120598][ T426] ? switch_fpu_return+0x15d/0x2c0
[ 40.124459][ T435] iget_failed+0x17a/0x1c0
[ 40.129540][ T426] __x64_sys_truncate+0x5b/0x70
[ 40.133316][ T435] f2fs_iget+0x1aeb/0x5230
[ 40.138394][ T426] x64_sys_call+0x212/0x9a0
[ 40.142776][ T435] f2fs_lookup+0x366/0xab0
[ 40.147593][ T426] do_syscall_64+0x4c/0xa0
[ 40.151975][ T435] __lookup_slow+0x2aa/0x3e0
[ 40.156444][ T426] ? clear_bhb_loop+0x50/0xa0
[ 40.160825][ T435] lookup_slow+0x57/0x70
[ 40.165211][ T426] ? clear_bhb_loop+0x50/0xa0
[ 40.169767][ T435] walk_component+0x325/0x460
[ 40.174413][ T426] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 40.178621][ T435] path_lookupat+0x180/0x490
[ 40.183278][ T426] RIP: 0033:0x7f77b16f0749
[ 40.187924][ T435] filename_lookup+0x1e2/0x4f0
[ 40.193783][ T426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 40.198336][ T435] user_path_at_empty+0x47/0x1c0
[ 40.202721][ T426] RSP: 002b:00007f77b1560038 EFLAGS: 00000246
[ 40.207449][ T435] do_sys_truncate+0xa3/0x190
[ 40.227024][ T426] ORIG_RAX: 000000000000004c
[ 40.231930][ T435] __x64_sys_truncate+0x5b/0x70
[ 40.237967][ T426] RAX: ffffffffffffffda RBX: 00007f77b1946fa0 RCX: 00007f77b16f0749
[ 40.242610][ T435] x64_sys_call+0x212/0x9a0
[ 40.247254][ T426] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 40.252070][ T435] do_syscall_64+0x4c/0xa0
[ 40.260013][ T426] RBP: 00007f77b1774f91 R08: 0000000000000000 R09: 0000000000000000
[ 40.264481][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 40.272423][ T426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 40.276806][ T435]
[ 40.276811][ T435] The buggy address belongs to the object at ffff888120a86070
[ 40.276811][ T435] which belongs to the cache f2fs_extent_tree of size 80
[ 40.284751][ T426] R13: 00007f77b1947038 R14: 00007f77b1946fa0 R15: 00007ffed8e4c6b8
[ 40.290613][ T435] The buggy address is located 40 bytes inside of
[ 40.290613][ T435] 80-byte region [ffff888120a86070, ffff888120a860c0)
[ 40.298558][ T426]
[ 40.300854][ T435] The buggy address belongs to the page:
[ 40.300862][ T435] page:ffffea000482a180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120a86
[ 40.319199][ T426] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 40.323159][ T435] flags: 0x4000000000000200(slab|zone=1)
[ 40.323191][ T435] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f8d80
[ 40.323204][ T435] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 40.323212][ T435] page dumped because: kasan: bad access detected
[ 40.323219][ T435] page_owner tracks the page as allocated
[ 40.323224][ T435] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 422, ts 38544235908, free_ts 0
[ 40.323249][ T435] post_alloc_hook+0x192/0x1b0
[ 40.323269][ T435] prep_new_page+0x1c/0x110
[ 40.323284][ T435] get_page_from_freelist+0x2cc5/0x2d50
[ 40.323299][ T435] __alloc_pages+0x18f/0x440
[ 40.323314][ T435] new_slab+0xa1/0x4d0
[ 40.323330][ T435] ___slab_alloc+0x381/0x810
[ 40.323345][ T435] __slab_alloc+0x49/0x90
[ 40.323360][ T435] kmem_cache_alloc+0x138/0x260
[ 40.323373][ T435] f2fs_init_extent_tree+0x4b9/0xc70
[ 40.323389][ T435] f2fs_iget+0x13c9/0x5230
[ 40.323403][ T435] f2fs_lookup+0x366/0xab0
[ 40.323416][ T435] __lookup_slow+0x2aa/0x3e0
[ 40.323431][ T435] lookup_slow+0x57/0x70
[ 40.323444][ T435] walk_component+0x325/0x460
[ 40.323459][ T435] path_lookupat+0x180/0x490
[ 40.323473][ T435] filename_lookup+0x1e2/0x4f0
[ 40.323486][ T435] page_owner free stack trace missing
[ 40.323492][ T435]
[ 40.323495][ T435] Memory state around the buggy address:
[ 40.323504][ T435] ffff888120a85f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.323514][ T435] ffff888120a86000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb
[ 40.323523][ T435] >ffff888120a86080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 40.323530][ T435] ^
[ 40.323538][ T435] ffff888120a86100: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00
[ 40.323548][ T435] ffff888120a86180: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.323555][ T435] ==================================================================
[ 40.323561][ T435] Disabling lock debugging due to kernel taint
[ 40.328888][ T435] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 40.374308][ T440] F2FS-fs (loop6): access invalid blkaddr:2147563524
[ 40.382687][ T30] kauditd_printk_skb: 31 callbacks suppressed
[ 40.382698][ T30] audit: type=1400 audit(1767664193.162:105): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 40.391980][ T440] CPU: 0 PID: 440 Comm: syz.6.18 Tainted: G B syzkaller #0
[ 40.406046][ T424] F2FS-fs (loop2): invalid crc value
[ 40.421323][ T440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 40.421334][ T440] Call Trace:
[ 40.421338][ T440]
[ 40.421343][ T440] __dump_stack+0x21/0x30
[ 40.421366][ T440] dump_stack_lvl+0xee/0x150
[ 40.426443][ T431] F2FS-fs (loop3): invalid crc value
[ 40.430583][ T440] ? show_regs_print_info+0x20/0x20
[ 40.430602][ T440] ? _raw_spin_lock+0x8e/0xe0
[ 40.445628][ T30] audit: type=1400 audit(1767664193.162:106): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.449296][ T440] dump_stack+0x15/0x20
[ 40.459487][ T30] audit: type=1400 audit(1767664193.162:107): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.463680][ T440] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 40.463704][ T440] f2fs_iget+0x216d/0x5230
[ 40.463721][ T440] f2fs_lookup+0x366/0xab0
[ 40.468186][ T30] audit: type=1400 audit(1767664193.162:108): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.472496][ T440] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 40.472514][ T440] ? d_hash_and_lookup+0x1f0/0x1f0
[ 40.472531][ T440] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 40.472547][ T440] path_openat+0xfcf/0x2f10
[ 40.472566][ T440] ? do_filp_open+0x3e0/0x3e0
[ 40.472580][ T440] ? expand_files+0xde/0x8e0
[ 40.477322][ T30] audit: type=1400 audit(1767664193.162:109): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.481361][ T440] do_filp_open+0x1b3/0x3e0
[ 40.481379][ T440] ? vfs_tmpfile+0x2d0/0x2d0
[ 40.481398][ T440] do_sys_openat2+0x14c/0x7b0
[ 40.486069][ T30] audit: type=1400 audit(1767664193.162:110): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.490601][ T440] ? do_sys_open+0xe0/0xe0
[ 40.490621][ T440] __x64_sys_openat+0x136/0x160
[ 40.495357][ T30] audit: type=1400 audit(1767664193.162:111): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.500692][ T440] x64_sys_call+0x219/0x9a0
[ 40.500708][ T440] do_syscall_64+0x4c/0xa0
[ 40.500723][ T440] ? clear_bhb_loop+0x50/0xa0
[ 40.503072][ T435] ==================================================================
[ 40.508623][ T440] ? clear_bhb_loop+0x50/0xa0
[ 40.516656][ T435] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 40.524687][ T440] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 40.532719][ T435]
[ 40.911410][ T440] RIP: 0033:0x7f77b16f0749
[ 40.915817][ T440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 40.935403][ T440] RSP: 002b:00007f77b153f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 40.943821][ T440] RAX: ffffffffffffffda RBX: 00007f77b1947090 RCX: 00007f77b16f0749
[ 40.951776][ T440] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 40.959731][ T440] RBP: 00007f77b1774f91 R08: 0000000000000000 R09: 0000000000000000
[ 40.967691][ T440] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 40.975642][ T440] R13: 00007f77b1947128 R14: 00007f77b1947090 R15: 00007ffed8e4c6b8
[ 40.983602][ T440]
[ 40.986609][ T435] CPU: 1 PID: 435 Comm: syz.5.17 Tainted: G B syzkaller #0
[ 40.995113][ T435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 40.999890][ T440] F2FS-fs (loop6): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 41.005159][ T435] Call Trace:
[ 41.005166][ T435]
[ 41.005171][ T435] __dump_stack+0x21/0x30
[ 41.005193][ T435] dump_stack_lvl+0xee/0x150
[ 41.005208][ T435] ? show_regs_print_info+0x20/0x20
[ 41.037664][ T435] ? load_image+0x3a0/0x3a0
[ 41.042144][ T435] ? truncate_inode_pages_range+0xc8c/0xd60
[ 41.048011][ T435] ? __switch_to_asm+0x3a/0x60
[ 41.052748][ T435] print_address_description+0x7f/0x2c0
[ 41.058264][ T435] ? kmem_cache_free+0x100/0x320
[ 41.063176][ T435] kasan_report_invalid_free+0x58/0x90
[ 41.068607][ T435] ? kmem_cache_free+0x100/0x320
[ 41.073522][ T435] ____kasan_slab_free+0x13d/0x160
[ 41.078603][ T435] __kasan_slab_free+0x11/0x20
[ 41.083338][ T435] slab_free_freelist_hook+0xc2/0x190
[ 41.088679][ T435] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 41.094370][ T435] kmem_cache_free+0x100/0x320
[ 41.099103][ T435] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 41.104620][ T435] f2fs_evict_inode+0x4f0/0x1600
[ 41.109529][ T435] ? inode_wait_for_writeback+0x1b0/0x200
[ 41.115220][ T435] ? f2fs_write_inode+0x850/0x850
[ 41.120214][ T435] ? bit_waitqueue+0x30/0x30
[ 41.124772][ T435] ? _printk+0xcc/0x110
[ 41.128902][ T435] ? f2fs_write_inode+0x850/0x850
[ 41.133898][ T435] evict+0x485/0x870
[ 41.137766][ T435] ? proc_nr_inodes+0x310/0x310
[ 41.142585][ T435] ? _raw_spin_lock+0x8e/0xe0
[ 41.147233][ T435] ? __kasan_check_read+0x11/0x20
[ 41.152234][ T435] ? f2fs_drop_inode+0x174/0x980
[ 41.157158][ T435] ? __wake_up_bit+0x100/0x100
[ 41.161896][ T435] ? __kasan_check_write+0x14/0x20
[ 41.166985][ T435] iput+0x635/0x7c0
[ 41.170764][ T435] iget_failed+0x17a/0x1c0
[ 41.175152][ T435] f2fs_iget+0x1aeb/0x5230
[ 41.179542][ T435] f2fs_lookup+0x366/0xab0
[ 41.183927][ T435] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 41.189961][ T435] ? d_hash_and_lookup+0x1f0/0x1f0
[ 41.195047][ T435] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 41.201083][ T435] path_openat+0xfcf/0x2f10
[ 41.205566][ T435] ? do_filp_open+0x3e0/0x3e0
[ 41.210212][ T435] ? expand_files+0xde/0x8e0
[ 41.214772][ T435] do_filp_open+0x1b3/0x3e0
[ 41.219278][ T435] ? vfs_tmpfile+0x2d0/0x2d0
[ 41.223842][ T435] do_sys_openat2+0x14c/0x7b0
[ 41.228531][ T435] ? do_sys_open+0xe0/0xe0
[ 41.232918][ T435] __x64_sys_openat+0x136/0x160
[ 41.237738][ T435] x64_sys_call+0x219/0x9a0
[ 41.242211][ T435] do_syscall_64+0x4c/0xa0
[ 41.246598][ T435] ? clear_bhb_loop+0x50/0xa0
[ 41.251245][ T435] ? clear_bhb_loop+0x50/0xa0
[ 41.255891][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 41.261765][ T435] RIP: 0033:0x7f76f640c749
[ 41.266166][ T435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 41.285746][ T435] RSP: 002b:00007f76f625b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 41.294138][ T435] RAX: ffffffffffffffda RBX: 00007f76f6663090 RCX: 00007f76f640c749
[ 41.302086][ T435] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 41.310028][ T435] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 41.317973][ T435] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 41.325920][ T435] R13: 00007f76f6663128 R14: 00007f76f6663090 R15: 00007fff917ae288
[ 41.333892][ T435]
[ 41.336886][ T435]
[ 41.339181][ T435] Allocated by task 422:
[ 41.343387][ T435] __kasan_slab_alloc+0xbd/0xf0
[ 41.348210][ T435] slab_post_alloc_hook+0x4f/0x2b0
[ 41.353466][ T435] kmem_cache_alloc+0xf7/0x260
[ 41.358199][ T435] f2fs_init_extent_tree+0x4b9/0xc70
[ 41.363542][ T435] f2fs_iget+0x13c9/0x5230
[ 41.367928][ T435] f2fs_lookup+0x366/0xab0
[ 41.372313][ T435] __lookup_slow+0x2aa/0x3e0
[ 41.376874][ T435] lookup_slow+0x57/0x70
[ 41.381084][ T435] walk_component+0x325/0x460
[ 41.385731][ T435] path_lookupat+0x180/0x490
[ 41.390287][ T435] filename_lookup+0x1e2/0x4f0
[ 41.395020][ T435] user_path_at_empty+0x47/0x1c0
[ 41.399926][ T435] do_sys_truncate+0xa3/0x190
[ 41.404571][ T435] __x64_sys_truncate+0x5b/0x70
[ 41.409387][ T435] x64_sys_call+0x212/0x9a0
[ 41.413862][ T435] do_syscall_64+0x4c/0xa0
[ 41.418250][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 41.424115][ T435]
[ 41.426410][ T435] Freed by task 422:
[ 41.430269][ T435] kasan_set_track+0x4a/0x70
[ 41.434827][ T435] kasan_set_free_info+0x23/0x40
[ 41.439733][ T435] ____kasan_slab_free+0x125/0x160
[ 41.444811][ T435] __kasan_slab_free+0x11/0x20
[ 41.449540][ T435] slab_free_freelist_hook+0xc2/0x190
[ 41.454882][ T435] kmem_cache_free+0x100/0x320
[ 41.459613][ T435] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 41.465134][ T435] f2fs_evict_inode+0x4f0/0x1600
[ 41.470041][ T435] evict+0x485/0x870
[ 41.473907][ T435] iput+0x635/0x7c0
[ 41.477682][ T435] iget_failed+0x17a/0x1c0
[ 41.482067][ T435] f2fs_iget+0x1aeb/0x5230
[ 41.486450][ T435] f2fs_lookup+0x366/0xab0
[ 41.490835][ T435] __lookup_slow+0x2aa/0x3e0
[ 41.495391][ T435] lookup_slow+0x57/0x70
[ 41.499600][ T435] walk_component+0x325/0x460
[ 41.504244][ T435] path_lookupat+0x180/0x490
[ 41.508805][ T435] filename_lookup+0x1e2/0x4f0
[ 41.513537][ T435] user_path_at_empty+0x47/0x1c0
[ 41.518443][ T435] do_sys_truncate+0xa3/0x190
[ 41.523096][ T435] __x64_sys_truncate+0x5b/0x70
[ 41.527917][ T435] x64_sys_call+0x212/0x9a0
[ 41.532388][ T435] do_syscall_64+0x4c/0xa0
[ 41.536778][ T435] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 41.542640][ T435]
[ 41.544935][ T435] The buggy address belongs to the object at ffff888120a86070
[ 41.544935][ T435] which belongs to the cache f2fs_extent_tree of size 80
[ 41.559302][ T435] The buggy address is located 0 bytes inside of
[ 41.559302][ T435] 80-byte region [ffff888120a86070, ffff888120a860c0)
[ 41.572280][ T435] The buggy address belongs to the page:
[ 41.577878][ T435] page:ffffea000482a180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120a86
[ 41.588082][ T435] flags: 0x4000000000000200(slab|zone=1)
[ 41.593689][ T435] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f8d80
[ 41.602242][ T435] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 41.610790][ T435] page dumped because: kasan: bad access detected
[ 41.617176][ T435] page_owner tracks the page as allocated
[ 41.622878][ T435] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 422, ts 38544235908, free_ts 0
[ 41.640919][ T435] post_alloc_hook+0x192/0x1b0
[ 41.645678][ T435] prep_new_page+0x1c/0x110
[ 41.650154][ T435] get_page_from_freelist+0x2cc5/0x2d50
[ 41.655673][ T435] __alloc_pages+0x18f/0x440
[ 41.660235][ T435] new_slab+0xa1/0x4d0
[ 41.664277][ T435] ___slab_alloc+0x381/0x810
[ 41.668838][ T435] __slab_alloc+0x49/0x90
[ 41.673137][ T435] kmem_cache_alloc+0x138/0x260
[ 41.677969][ T435] f2fs_init_extent_tree+0x4b9/0xc70
[ 41.683240][ T435] f2fs_iget+0x13c9/0x5230
[ 41.687631][ T435] f2fs_lookup+0x366/0xab0
[ 41.692023][ T435] __lookup_slow+0x2aa/0x3e0
[ 41.696593][ T435] lookup_slow+0x57/0x70
[ 41.700816][ T435] walk_component+0x325/0x460
[ 41.705473][ T435] path_lookupat+0x180/0x490
[ 41.710036][ T435] filename_lookup+0x1e2/0x4f0
[ 41.714774][ T435] page_owner free stack trace missing
[ 41.720111][ T435]
[ 41.722406][ T435] Memory state around the buggy address:
[ 41.728007][ T435] ffff888120a85f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 41.736037][ T435] ffff888120a85f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 41.744064][ T435] >ffff888120a86000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb
[ 41.752090][ T435] ^
[ 41.759780][ T435] ffff888120a86080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 41.767822][ T435] ffff888120a86100: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
2026/01/06 01:49:54 executed programs: 15
[ 41.775855][ T435] ==================================================================
[ 41.783936][ T440] ==================================================================
[ 41.792009][ T440] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 41.798481][ T431] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 41.800423][ T440]
[ 41.800429][ T440] CPU: 0 PID: 440 Comm: syz.6.18 Tainted: G B syzkaller #0
[ 41.800446][ T440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 41.800454][ T440] Call Trace:
[ 41.800459][ T440]
[ 41.800464][ T440] __dump_stack+0x21/0x30
[ 41.806705][ T424] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 41.809002][ T440] dump_stack_lvl+0xee/0x150
[ 41.848837][ T440] ? show_regs_print_info+0x20/0x20
[ 41.854037][ T440] ? load_image+0x3a0/0x3a0
[ 41.858532][ T440] ? truncate_inode_pages_range+0xc8c/0xd60
[ 41.863601][ T431] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 41.864416][ T440] ? __switch_to_asm+0x3a/0x60
[ 41.872159][ T424] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 41.876590][ T440] print_address_description+0x7f/0x2c0
[ 41.886329][ T424] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 41.889540][ T440] ? kmem_cache_free+0x100/0x320
[ 41.901104][ T440] kasan_report_invalid_free+0x58/0x90
[ 41.906554][ T440] ? kmem_cache_free+0x100/0x320
[ 41.911480][ T440] ____kasan_slab_free+0x13d/0x160
[ 41.916579][ T440] __kasan_slab_free+0x11/0x20
[ 41.921324][ T440] slab_free_freelist_hook+0xc2/0x190
[ 41.926688][ T440] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 41.932391][ T440] kmem_cache_free+0x100/0x320
[ 41.937141][ T440] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 41.942677][ T440] f2fs_evict_inode+0x4f0/0x1600
[ 41.947599][ T440] ? inode_wait_for_writeback+0x1b0/0x200
[ 41.953302][ T440] ? f2fs_write_inode+0x850/0x850
[ 41.958309][ T440] ? bit_waitqueue+0x30/0x30
[ 41.960772][ T431] F2FS-fs (loop3): access invalid blkaddr:2147563524
[ 41.962882][ T440] ? _printk+0xcc/0x110
[ 41.973662][ T440] ? f2fs_write_inode+0x850/0x850
[ 41.978672][ T440] evict+0x485/0x870
[ 41.982552][ T440] ? proc_nr_inodes+0x310/0x310
[ 41.987386][ T440] ? _raw_spin_lock+0x8e/0xe0
[ 41.992050][ T440] ? __kasan_check_read+0x11/0x20
[ 41.997060][ T440] ? f2fs_drop_inode+0x174/0x980
[ 42.001990][ T440] ? __wake_up_bit+0x100/0x100
[ 42.006739][ T440] ? __kasan_check_write+0x14/0x20
[ 42.011835][ T440] iput+0x635/0x7c0
[ 42.015651][ T440] iget_failed+0x17a/0x1c0
[ 42.020056][ T440] f2fs_iget+0x1aeb/0x5230
[ 42.024459][ T440] f2fs_lookup+0x366/0xab0
[ 42.028865][ T440] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 42.035007][ T440] ? d_hash_and_lookup+0x1f0/0x1f0
[ 42.040104][ T440] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 42.046155][ T440] path_openat+0xfcf/0x2f10
[ 42.050650][ T440] ? do_filp_open+0x3e0/0x3e0
[ 42.055310][ T440] ? expand_files+0xde/0x8e0
[ 42.059881][ T440] do_filp_open+0x1b3/0x3e0
[ 42.064371][ T440] ? vfs_tmpfile+0x2d0/0x2d0
[ 42.068947][ T440] do_sys_openat2+0x14c/0x7b0
[ 42.073617][ T440] ? do_sys_open+0xe0/0xe0
[ 42.078026][ T440] __x64_sys_openat+0x136/0x160
[ 42.082863][ T440] x64_sys_call+0x219/0x9a0
[ 42.087353][ T440] do_syscall_64+0x4c/0xa0
[ 42.091755][ T440] ? clear_bhb_loop+0x50/0xa0
[ 42.096417][ T440] ? clear_bhb_loop+0x50/0xa0
[ 42.101077][ T440] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 42.106963][ T440] RIP: 0033:0x7f77b16f0749
[ 42.111365][ T440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 42.130959][ T440] RSP: 002b:00007f77b153f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 42.139368][ T440] RAX: ffffffffffffffda RBX: 00007f77b1947090 RCX: 00007f77b16f0749
[ 42.147444][ T440] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 42.155414][ T440] RBP: 00007f77b1774f91 R08: 0000000000000000 R09: 0000000000000000
[ 42.163378][ T440] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 42.171334][ T440] R13: 00007f77b1947128 R14: 00007f77b1947090 R15: 00007ffed8e4c6b8
[ 42.179297][ T440]
[ 42.182302][ T440]
[ 42.182304][ T424] CPU: 1 PID: 424 Comm: syz.2.19 Tainted: G B syzkaller #0
[ 42.184608][ T440] Allocated by task 426:
[ 42.193080][ T424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 42.197293][ T440] __kasan_slab_alloc+0xbd/0xf0
[ 42.207318][ T424] Call Trace:
[ 42.207325][ T424]
[ 42.212134][ T440] slab_post_alloc_hook+0x4f/0x2b0
[ 42.215390][ T424] __dump_stack+0x21/0x30
[ 42.218298][ T440] kmem_cache_alloc+0xf7/0x260
[ 42.223381][ T424] dump_stack_lvl+0xee/0x150
[ 42.227683][ T440] f2fs_init_extent_tree+0x4b9/0xc70
[ 42.232415][ T424] ? show_regs_print_info+0x20/0x20
[ 42.236974][ T440] f2fs_iget+0x13c9/0x5230
[ 42.242229][ T424] ? f2fs_init_extent_tree+0x77d/0xc70
[ 42.247394][ T440] f2fs_lookup+0x366/0xab0
[ 42.251778][ T424] ? memcpy+0x56/0x70
[ 42.257205][ T440] __lookup_slow+0x2aa/0x3e0
[ 42.261591][ T424] dump_stack+0x15/0x20
[ 42.265552][ T440] lookup_slow+0x57/0x70
[ 42.270115][ T424] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 42.274237][ T440] walk_component+0x325/0x460
[ 42.278452][ T424] f2fs_iget+0x216d/0x5230
[ 42.283789][ T440] path_lookupat+0x180/0x490
[ 42.288441][ T424] f2fs_lookup+0x366/0xab0
[ 42.292820][ T440] filename_lookup+0x1e2/0x4f0
[ 42.297386][ T424] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 42.301771][ T440] user_path_at_empty+0x47/0x1c0
[ 42.306502][ T424] ? d_hash_and_lookup+0x1f0/0x1f0
[ 42.312536][ T440] do_sys_truncate+0xa3/0x190
[ 42.317439][ T424] ? lockref_get_not_dead+0xe6/0x1c0
[ 42.322517][ T440] __x64_sys_truncate+0x5b/0x70
[ 42.327160][ T424] ? downgrade_write+0x410/0x410
[ 42.332434][ T440] x64_sys_call+0x212/0x9a0
[ 42.337255][ T424] __lookup_slow+0x2aa/0x3e0
[ 42.342160][ T440] do_syscall_64+0x4c/0xa0
[ 42.346631][ T424] ? lookup_one_len+0x2c0/0x2c0
[ 42.351191][ T440] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 42.355574][ T424] ? down_read+0xa5/0xf0
[ 42.360401][ T440]
[ 42.360407][ T440] Freed by task 426:
[ 42.366265][ T424] ? handle_dots+0xe10/0xe10
[ 42.370477][ T440] kasan_set_track+0x4a/0x70
[ 42.372789][ T424] lookup_slow+0x57/0x70
[ 42.376651][ T440] kasan_set_free_info+0x23/0x40
[ 42.381214][ T424] walk_component+0x325/0x460
[ 42.385773][ T440] ____kasan_slab_free+0x125/0x160
[ 42.389985][ T424] path_lookupat+0x180/0x490
[ 42.394891][ T440] __kasan_slab_free+0x11/0x20
[ 42.399545][ T424] filename_lookup+0x1e2/0x4f0
[ 42.404623][ T440] slab_free_freelist_hook+0xc2/0x190
[ 42.409185][ T424] ? hashlen_string+0x120/0x120
[ 42.413917][ T440] kmem_cache_free+0x100/0x320
[ 42.418654][ T424] user_path_at_empty+0x47/0x1c0
[ 42.423993][ T440] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 42.428816][ T424] do_sys_truncate+0xa3/0x190
[ 42.433557][ T440] f2fs_evict_inode+0x4f0/0x1600
[ 42.438461][ T424] ? break_lease+0xd0/0xd0
[ 42.443972][ T440] evict+0x485/0x870
[ 42.448619][ T424] ? __kasan_check_write+0x14/0x20
[ 42.453525][ T440] iput+0x635/0x7c0
[ 42.457944][ T424] ? switch_fpu_return+0x15d/0x2c0
[ 42.461814][ T440] iget_failed+0x17a/0x1c0
[ 42.466911][ T424] __x64_sys_truncate+0x5b/0x70
[ 42.470693][ T440] f2fs_iget+0x1aeb/0x5230
[ 42.475778][ T424] x64_sys_call+0x212/0x9a0
[ 42.480161][ T440] f2fs_lookup+0x366/0xab0
[ 42.484994][ T424] do_syscall_64+0x4c/0xa0
[ 42.489381][ T440] __lookup_slow+0x2aa/0x3e0
[ 42.493855][ T424] ? clear_bhb_loop+0x50/0xa0
[ 42.498238][ T440] lookup_slow+0x57/0x70
[ 42.502622][ T424] ? clear_bhb_loop+0x50/0xa0
[ 42.507181][ T440] walk_component+0x325/0x460
[ 42.511826][ T424] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 42.516036][ T440] path_lookupat+0x180/0x490
[ 42.520683][ T424] RIP: 0033:0x7f9215458749
[ 42.525327][ T440] filename_lookup+0x1e2/0x4f0
[ 42.531190][ T424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 42.535765][ T440] user_path_at_empty+0x47/0x1c0
[ 42.540149][ T424] RSP: 002b:00007f92152c8038 EFLAGS: 00000246
[ 42.544887][ T440] do_sys_truncate+0xa3/0x190
[ 42.564467][ T424] ORIG_RAX: 000000000000004c
[ 42.569388][ T440] __x64_sys_truncate+0x5b/0x70
[ 42.575420][ T424] RAX: ffffffffffffffda RBX: 00007f92156aefa0 RCX: 00007f9215458749
[ 42.580064][ T440] x64_sys_call+0x212/0x9a0
[ 42.584711][ T424] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 42.589531][ T440] do_syscall_64+0x4c/0xa0
[ 42.597472][ T424] RBP: 00007f92154dcf91 R08: 0000000000000000 R09: 0000000000000000
[ 42.601945][ T440] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 42.609896][ T424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 42.614281][ T440]
[ 42.614286][ T440] The buggy address belongs to the object at ffff888120a86150
[ 42.614286][ T440] which belongs to the cache f2fs_extent_tree of size 80
[ 42.622224][ T424] R13: 00007f92156af038 R14: 00007f92156aefa0 R15: 00007ffdefc5b658
[ 42.628083][ T440] The buggy address is located 0 bytes inside of
[ 42.628083][ T440] 80-byte region [ffff888120a86150, ffff888120a861a0)
[ 42.636032][ T424]
[ 42.638329][ T440] The buggy address belongs to the page:
[ 42.638337][ T440] page:ffffea000482a180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120a86
[ 42.659151][ T431] CPU: 1 PID: 431 Comm: syz.3.20 Tainted: G B syzkaller #0
[ 42.660761][ T440] flags: 0x4000000000000200(slab|zone=1)
[ 42.673751][ T431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 42.676759][ T440] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f8d80
[ 42.682350][ T431] Call Trace:
[ 42.682356][ T431]
[ 42.692553][ T440] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 42.701016][ T431] __dump_stack+0x21/0x30
[ 42.706628][ T440] page dumped because: kasan: bad access detected
[ 42.716667][ T431] dump_stack_lvl+0xee/0x150
[ 42.725343][ T440] page_owner tracks the page as allocated
[ 42.725351][ T440] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 422, ts 38544235908, free_ts 0
[ 42.728618][ T431] ? show_regs_print_info+0x20/0x20
[ 42.731529][ T440] post_alloc_hook+0x192/0x1b0
[ 42.740085][ T431] ? f2fs_init_extent_tree+0x77d/0xc70
[ 42.744382][ T440] prep_new_page+0x1c/0x110
[ 42.750762][ T431] ? memcpy+0x56/0x70
[ 42.755317][ T440] get_page_from_freelist+0x2cc5/0x2d50
[ 42.761004][ T431] dump_stack+0x15/0x20
[ 42.779017][ T440] __alloc_pages+0x18f/0x440
[ 42.784185][ T431] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 42.788916][ T440] new_slab+0xa1/0x4d0
[ 42.794346][ T431] f2fs_iget+0x216d/0x5230
[ 42.798816][ T440] ___slab_alloc+0x381/0x810
[ 42.802780][ T431] f2fs_lookup+0x366/0xab0
[ 42.808288][ T440] __slab_alloc+0x49/0x90
[ 42.812411][ T431] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 42.816968][ T440] kmem_cache_alloc+0x138/0x260
[ 42.822308][ T431] ? d_hash_and_lookup+0x1f0/0x1f0
[ 42.826352][ T440] f2fs_init_extent_tree+0x4b9/0xc70
[ 42.830765][ T431] ? lockref_get_not_dead+0xe6/0x1c0
[ 42.835322][ T440] f2fs_iget+0x13c9/0x5230
[ 42.839729][ T431] ? downgrade_write+0x410/0x410
[ 42.844026][ T440] f2fs_lookup+0x366/0xab0
[ 42.850060][ T431] __lookup_slow+0x2aa/0x3e0
[ 42.854879][ T440] __lookup_slow+0x2aa/0x3e0
[ 42.859957][ T431] ? lookup_one_len+0x2c0/0x2c0
[ 42.865209][ T440] lookup_slow+0x57/0x70
[ 42.870462][ T431] ? down_read+0xa5/0xf0
[ 42.874847][ T440] walk_component+0x325/0x460
[ 42.879753][ T431] ? handle_dots+0xe10/0xe10
[ 42.884138][ T440] path_lookupat+0x180/0x490
[ 42.888716][ T431] lookup_slow+0x57/0x70
[ 42.893273][ T440] filename_lookup+0x1e2/0x4f0
[ 42.898091][ T431] walk_component+0x325/0x460
[ 42.902302][ T440] page_owner free stack trace missing
[ 42.902309][ T440]
[ 42.906514][ T431] path_lookupat+0x180/0x490
[ 42.911158][ T440] Memory state around the buggy address:
[ 42.911167][ T440] ffff888120a86000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb
[ 42.915717][ T431] filename_lookup+0x1e2/0x4f0
[ 42.920277][ T440] ffff888120a86080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 42.924483][ T431] ? hashlen_string+0x120/0x120
[ 42.929215][ T440] >ffff888120a86100: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 42.933859][ T431] user_path_at_empty+0x47/0x1c0
[ 42.939195][ T440] ^
[ 42.941498][ T431] do_sys_truncate+0xa3/0x190
[ 42.946059][ T440] ffff888120a86180: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.951656][ T431] ? break_lease+0xd0/0xd0
[ 42.959707][ T440] ffff888120a86200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.964436][ T431] ? __kasan_check_write+0x14/0x20
[ 42.972466][ T440] ==================================================================
[ 42.977283][ T431] ? switch_fpu_return+0x15d/0x2c0
[ 42.993130][ T424] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 42.996881][ T431] __x64_sys_truncate+0x5b/0x70
[ 43.057281][ T431] x64_sys_call+0x212/0x9a0
[ 43.061770][ T431] do_syscall_64+0x4c/0xa0
[ 43.066172][ T431] ? clear_bhb_loop+0x50/0xa0
[ 43.070829][ T431] ? clear_bhb_loop+0x50/0xa0
[ 43.075482][ T431] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 43.081362][ T431] RIP: 0033:0x7f3878aa5749
[ 43.085756][ T431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 43.105340][ T431] RSP: 002b:00007f3878915038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 43.113734][ T431] RAX: ffffffffffffffda RBX: 00007f3878cfbfa0 RCX: 00007f3878aa5749
[ 43.121686][ T431] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 43.129636][ T431] RBP: 00007f3878b29f91 R08: 0000000000000000 R09: 0000000000000000
[ 43.137585][ T431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 43.145537][ T431] R13: 00007f3878cfc038 R14: 00007f3878cfbfa0 R15: 00007ffd49473e38
[ 43.153492][ T431]
[ 43.157035][ T449] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 43.162048][ T431] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 43.167998][ T449] CPU: 0 PID: 449 Comm: syz.2.19 Tainted: G B syzkaller #0
[ 43.176537][ T450] F2FS-fs (loop3): access invalid blkaddr:2147563524
[ 43.184488][ T449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 43.184498][ T449] Call Trace:
[ 43.184502][ T449]
[ 43.184508][ T449] __dump_stack+0x21/0x30
[ 43.184528][ T449] dump_stack_lvl+0xee/0x150
[ 43.184550][ T449] ? show_regs_print_info+0x20/0x20
[ 43.184568][ T449] ? _raw_spin_lock+0x8e/0xe0
[ 43.184586][ T449] dump_stack+0x15/0x20
[ 43.184602][ T449] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 43.184622][ T449] f2fs_iget+0x216d/0x5230
[ 43.240101][ T449] f2fs_lookup+0x366/0xab0
[ 43.244529][ T449] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 43.250607][ T449] ? d_hash_and_lookup+0x1f0/0x1f0
[ 43.255713][ T449] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 43.261769][ T449] path_openat+0xfcf/0x2f10
[ 43.266278][ T449] ? do_filp_open+0x3e0/0x3e0
[ 43.270952][ T449] ? expand_files+0xde/0x8e0
[ 43.275548][ T449] do_filp_open+0x1b3/0x3e0
[ 43.280072][ T449] ? vfs_tmpfile+0x2d0/0x2d0
[ 43.284690][ T449] do_sys_openat2+0x14c/0x7b0
[ 43.289363][ T449] ? do_sys_open+0xe0/0xe0
[ 43.293773][ T449] __x64_sys_openat+0x136/0x160
[ 43.298636][ T449] x64_sys_call+0x219/0x9a0
[ 43.303141][ T449] do_syscall_64+0x4c/0xa0
[ 43.307556][ T449] ? clear_bhb_loop+0x50/0xa0
[ 43.312224][ T449] ? clear_bhb_loop+0x50/0xa0
[ 43.316883][ T449] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 43.322760][ T449] RIP: 0033:0x7f9215458749
[ 43.327161][ T449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 43.346752][ T449] RSP: 002b:00007f92152a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 43.355153][ T449] RAX: ffffffffffffffda RBX: 00007f92156af090 RCX: 00007f9215458749
[ 43.363116][ T449] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 43.371075][ T449] RBP: 00007f92154dcf91 R08: 0000000000000000 R09: 0000000000000000
[ 43.379029][ T449] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 43.386980][ T449] R13: 00007f92156af128 R14: 00007f92156af090 R15: 00007ffdefc5b658
[ 43.394942][ T449]
[ 43.397947][ T450] CPU: 1 PID: 450 Comm: syz.3.20 Tainted: G B syzkaller #0
[ 43.400041][ T449] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 43.406440][ T450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 43.406451][ T450] Call Trace:
[ 43.406456][ T450]
[ 43.406461][ T450] __dump_stack+0x21/0x30
[ 43.418835][ T449] ==================================================================
[ 43.428800][ T450] dump_stack_lvl+0xee/0x150
[ 43.432057][ T449] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 43.434966][ T450] ? show_regs_print_info+0x20/0x20
[ 43.439264][ T449]
[ 43.467684][ T450] ? _raw_spin_lock+0x8e/0xe0
[ 43.472346][ T450] dump_stack+0x15/0x20
[ 43.476484][ T450] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 43.481842][ T450] f2fs_iget+0x216d/0x5230
[ 43.486253][ T450] f2fs_lookup+0x366/0xab0
[ 43.490667][ T450] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 43.496724][ T450] ? d_hash_and_lookup+0x1f0/0x1f0
[ 43.501851][ T450] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 43.507921][ T450] path_openat+0xfcf/0x2f10
[ 43.512424][ T450] ? do_filp_open+0x3e0/0x3e0
[ 43.517090][ T450] ? expand_files+0xde/0x8e0
[ 43.521662][ T450] do_filp_open+0x1b3/0x3e0
[ 43.526146][ T450] ? vfs_tmpfile+0x2d0/0x2d0
[ 43.530724][ T450] do_sys_openat2+0x14c/0x7b0
[ 43.535389][ T450] ? do_sys_open+0xe0/0xe0
[ 43.539792][ T450] __x64_sys_openat+0x136/0x160
[ 43.544640][ T450] x64_sys_call+0x219/0x9a0
[ 43.549131][ T450] do_syscall_64+0x4c/0xa0
[ 43.553543][ T450] ? clear_bhb_loop+0x50/0xa0
[ 43.558200][ T450] ? clear_bhb_loop+0x50/0xa0
[ 43.562857][ T450] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 43.568732][ T450] RIP: 0033:0x7f3878aa5749
[ 43.573128][ T450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 43.592715][ T450] RSP: 002b:00007f38788f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 43.601112][ T450] RAX: ffffffffffffffda RBX: 00007f3878cfc090 RCX: 00007f3878aa5749
[ 43.609070][ T450] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 43.617026][ T450] RBP: 00007f3878b29f91 R08: 0000000000000000 R09: 0000000000000000
[ 43.624979][ T450] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 43.632931][ T450] R13: 00007f3878cfc128 R14: 00007f3878cfc090 R15: 00007ffd49473e38
[ 43.640888][ T450]
[ 43.643896][ T449] CPU: 0 PID: 449 Comm: syz.2.19 Tainted: G B syzkaller #0
[ 43.648210][ T450] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 43.652394][ T449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 43.652404][ T449] Call Trace:
[ 43.652409][ T449]
[ 43.652414][ T449] __dump_stack+0x21/0x30
[ 43.652434][ T449] dump_stack_lvl+0xee/0x150
[ 43.652450][ T449] ? show_regs_print_info+0x20/0x20
[ 43.652467][ T449] ? load_image+0x3a0/0x3a0
[ 43.652482][ T449] ? truncate_inode_pages_range+0xc8c/0xd60
[ 43.652500][ T449] ? __switch_to_asm+0x3a/0x60
[ 43.652516][ T449] print_address_description+0x7f/0x2c0
[ 43.652533][ T449] ? kmem_cache_free+0x100/0x320
[ 43.652551][ T449] kasan_report_invalid_free+0x58/0x90
[ 43.652568][ T449] ? kmem_cache_free+0x100/0x320
[ 43.652585][ T449] ____kasan_slab_free+0x13d/0x160
[ 43.652601][ T449] __kasan_slab_free+0x11/0x20
[ 43.652614][ T449] slab_free_freelist_hook+0xc2/0x190
[ 43.652630][ T449] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 43.652648][ T449] kmem_cache_free+0x100/0x320
[ 43.652665][ T449] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 43.762141][ T449] f2fs_evict_inode+0x4f0/0x1600
[ 43.767070][ T449] ? inode_wait_for_writeback+0x1b0/0x200
[ 43.772778][ T449] ? f2fs_write_inode+0x850/0x850
[ 43.777781][ T449] ? bit_waitqueue+0x30/0x30
[ 43.782348][ T449] ? _printk+0xcc/0x110
[ 43.786484][ T449] ? f2fs_write_inode+0x850/0x850
[ 43.791489][ T449] evict+0x485/0x870
[ 43.795366][ T449] ? proc_nr_inodes+0x310/0x310
[ 43.800193][ T449] ? _raw_spin_lock+0x8e/0xe0
[ 43.804857][ T449] ? __kasan_check_read+0x11/0x20
[ 43.809860][ T449] ? f2fs_drop_inode+0x174/0x980
[ 43.814778][ T449] ? __wake_up_bit+0x100/0x100
[ 43.819521][ T449] ? __kasan_check_write+0x14/0x20
[ 43.824610][ T449] iput+0x635/0x7c0
[ 43.828400][ T449] iget_failed+0x17a/0x1c0
[ 43.832799][ T449] f2fs_iget+0x1aeb/0x5230
[ 43.837199][ T449] f2fs_lookup+0x366/0xab0
[ 43.841596][ T449] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 43.847641][ T449] ? d_hash_and_lookup+0x1f0/0x1f0
[ 43.852733][ T449] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 43.858784][ T449] path_openat+0xfcf/0x2f10
[ 43.863273][ T449] ? do_filp_open+0x3e0/0x3e0
[ 43.867931][ T449] ? expand_files+0xde/0x8e0
[ 43.872500][ T449] do_filp_open+0x1b3/0x3e0
[ 43.876985][ T449] ? vfs_tmpfile+0x2d0/0x2d0
[ 43.881558][ T449] do_sys_openat2+0x14c/0x7b0
[ 43.886215][ T449] ? do_sys_open+0xe0/0xe0
[ 43.890614][ T449] __x64_sys_openat+0x136/0x160
[ 43.895444][ T449] x64_sys_call+0x219/0x9a0
[ 43.899926][ T449] do_syscall_64+0x4c/0xa0
[ 43.904322][ T449] ? clear_bhb_loop+0x50/0xa0
[ 43.908977][ T449] ? clear_bhb_loop+0x50/0xa0
[ 43.913632][ T449] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 43.919510][ T449] RIP: 0033:0x7f9215458749
[ 43.923993][ T449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 43.943579][ T449] RSP: 002b:00007f92152a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 43.951972][ T449] RAX: ffffffffffffffda RBX: 00007f92156af090 RCX: 00007f9215458749
[ 43.959922][ T449] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 43.967873][ T449] RBP: 00007f92154dcf91 R08: 0000000000000000 R09: 0000000000000000
[ 43.975824][ T449] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 43.983778][ T449] R13: 00007f92156af128 R14: 00007f92156af090 R15: 00007ffdefc5b658
[ 43.991733][ T449]
[ 43.994738][ T449]
[ 43.997044][ T449] Allocated by task 424:
[ 44.001265][ T449] __kasan_slab_alloc+0xbd/0xf0
[ 44.006102][ T449] slab_post_alloc_hook+0x4f/0x2b0
[ 44.011191][ T449] kmem_cache_alloc+0xf7/0x260
[ 44.015934][ T449] f2fs_init_extent_tree+0x4b9/0xc70
[ 44.021233][ T449] f2fs_iget+0x13c9/0x5230
[ 44.025715][ T449] f2fs_lookup+0x366/0xab0
[ 44.030121][ T449] __lookup_slow+0x2aa/0x3e0
[ 44.034692][ T449] lookup_slow+0x57/0x70
[ 44.038913][ T449] walk_component+0x325/0x460
[ 44.043577][ T449] path_lookupat+0x180/0x490
[ 44.048144][ T449] filename_lookup+0x1e2/0x4f0
[ 44.052881][ T449] user_path_at_empty+0x47/0x1c0
[ 44.057797][ T449] do_sys_truncate+0xa3/0x190
[ 44.062454][ T449] __x64_sys_truncate+0x5b/0x70
[ 44.067282][ T449] x64_sys_call+0x212/0x9a0
[ 44.071768][ T449] do_syscall_64+0x4c/0xa0
[ 44.076169][ T449] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 44.082047][ T449]
[ 44.084350][ T449] Freed by task 424:
[ 44.088219][ T449] kasan_set_track+0x4a/0x70
[ 44.092794][ T449] kasan_set_free_info+0x23/0x40
[ 44.097710][ T449] ____kasan_slab_free+0x125/0x160
[ 44.102804][ T449] __kasan_slab_free+0x11/0x20
[ 44.107543][ T449] slab_free_freelist_hook+0xc2/0x190
[ 44.112900][ T449] kmem_cache_free+0x100/0x320
[ 44.117643][ T449] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 44.123168][ T449] f2fs_evict_inode+0x4f0/0x1600
[ 44.128081][ T449] evict+0x485/0x870
[ 44.131957][ T449] iput+0x635/0x7c0
[ 44.135744][ T449] iget_failed+0x17a/0x1c0
[ 44.140137][ T449] f2fs_iget+0x1aeb/0x5230
[ 44.144534][ T449] f2fs_lookup+0x366/0xab0
[ 44.148929][ T449] __lookup_slow+0x2aa/0x3e0
[ 44.153515][ T449] lookup_slow+0x57/0x70
[ 44.157752][ T449] walk_component+0x325/0x460
[ 44.162413][ T449] path_lookupat+0x180/0x490
[ 44.166988][ T449] filename_lookup+0x1e2/0x4f0
[ 44.171736][ T449] user_path_at_empty+0x47/0x1c0
[ 44.176654][ T449] do_sys_truncate+0xa3/0x190
[ 44.181313][ T449] __x64_sys_truncate+0x5b/0x70
[ 44.186143][ T449] x64_sys_call+0x212/0x9a0
[ 44.190631][ T449] do_syscall_64+0x4c/0xa0
[ 44.195027][ T449] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 44.200905][ T449]
[ 44.203212][ T449] The buggy address belongs to the object at ffff888120b74bd0
[ 44.203212][ T449] which belongs to the cache f2fs_extent_tree of size 80
[ 44.218024][ T449] The buggy address is located 0 bytes inside of
[ 44.218024][ T449] 80-byte region [ffff888120b74bd0, ffff888120b74c20)
[ 44.231017][ T449] The buggy address belongs to the page:
[ 44.236624][ T449] page:ffffea000482dd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120b74
[ 44.246844][ T449] flags: 0x4000000000000200(slab|zone=1)
[ 44.252463][ T449] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f8d80
[ 44.261025][ T449] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 44.269578][ T449] page dumped because: kasan: bad access detected
[ 44.275968][ T449] page_owner tracks the page as allocated
[ 44.281658][ T449] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 424, ts 41886307700, free_ts 0
[ 44.299783][ T449] post_alloc_hook+0x192/0x1b0
[ 44.304530][ T449] prep_new_page+0x1c/0x110
[ 44.309011][ T449] get_page_from_freelist+0x2cc5/0x2d50
[ 44.314564][ T449] __alloc_pages+0x18f/0x440
[ 44.319134][ T449] new_slab+0xa1/0x4d0
[ 44.323185][ T449] ___slab_alloc+0x381/0x810
[ 44.327760][ T449] __slab_alloc+0x49/0x90
[ 44.332069][ T449] kmem_cache_alloc+0x138/0x260
[ 44.336900][ T449] f2fs_init_extent_tree+0x4b9/0xc70
[ 44.342162][ T449] f2fs_iget+0x13c9/0x5230
[ 44.346555][ T449] f2fs_lookup+0x366/0xab0
[ 44.350949][ T449] __lookup_slow+0x2aa/0x3e0
[ 44.355518][ T449] lookup_slow+0x57/0x70
[ 44.359740][ T449] walk_component+0x325/0x460
[ 44.364395][ T449] path_lookupat+0x180/0x490
[ 44.368966][ T449] filename_lookup+0x1e2/0x4f0
[ 44.373710][ T449] page_owner free stack trace missing
[ 44.379056][ T449]
[ 44.381364][ T449] Memory state around the buggy address:
[ 44.386981][ T449] ffff888120b74a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.395020][ T449] ffff888120b74b00: fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb
[ 44.403060][ T449] >ffff888120b74b80: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
[ 44.411120][ T449] ^
[ 44.417770][ T449] ffff888120b74c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.425807][ T449] ffff888120b74c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.433840][ T449] ==================================================================
[ 44.447119][ T450] ==================================================================
[ 44.455199][ T450] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 44.463607][ T450]
[ 44.465914][ T450] CPU: 0 PID: 450 Comm: syz.3.20 Tainted: G B syzkaller #0
[ 44.474394][ T450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 44.484431][ T450] Call Trace:
[ 44.487689][ T450]
[ 44.490599][ T450] __dump_stack+0x21/0x30
[ 44.494913][ T450] dump_stack_lvl+0xee/0x150
[ 44.499489][ T450] ? show_regs_print_info+0x20/0x20
[ 44.504667][ T450] ? load_image+0x3a0/0x3a0
[ 44.509152][ T450] ? truncate_inode_pages_range+0xc8c/0xd60
[ 44.515030][ T450] ? __switch_to_asm+0x3a/0x60
[ 44.519777][ T450] print_address_description+0x7f/0x2c0
[ 44.525303][ T450] ? kmem_cache_free+0x100/0x320
[ 44.530230][ T450] kasan_report_invalid_free+0x58/0x90
[ 44.535679][ T450] ? kmem_cache_free+0x100/0x320
[ 44.540602][ T450] ____kasan_slab_free+0x13d/0x160
[ 44.545720][ T450] __kasan_slab_free+0x11/0x20
[ 44.550462][ T450] slab_free_freelist_hook+0xc2/0x190
[ 44.555822][ T450] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 44.561522][ T450] kmem_cache_free+0x100/0x320
[ 44.566269][ T450] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 44.571795][ T450] f2fs_evict_inode+0x4f0/0x1600
[ 44.576728][ T450] ? inode_wait_for_writeback+0x1b0/0x200
[ 44.582436][ T450] ? f2fs_write_inode+0x850/0x850
[ 44.587441][ T450] ? bit_waitqueue+0x30/0x30
[ 44.592009][ T450] ? _printk+0xcc/0x110
[ 44.596146][ T450] ? f2fs_write_inode+0x850/0x850
[ 44.601153][ T450] evict+0x485/0x870
[ 44.605117][ T450] ? proc_nr_inodes+0x310/0x310
[ 44.609947][ T450] ? _raw_spin_lock+0x8e/0xe0
[ 44.614606][ T450] ? __kasan_check_read+0x11/0x20
[ 44.619613][ T450] ? f2fs_drop_inode+0x174/0x980
[ 44.624536][ T450] ? __wake_up_bit+0x100/0x100
[ 44.629282][ T450] ? __kasan_check_write+0x14/0x20
[ 44.634379][ T450] iput+0x635/0x7c0
[ 44.638169][ T450] iget_failed+0x17a/0x1c0
[ 44.642568][ T450] f2fs_iget+0x1aeb/0x5230
[ 44.646968][ T450] f2fs_lookup+0x366/0xab0
[ 44.651371][ T450] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 44.657442][ T450] ? d_hash_and_lookup+0x1f0/0x1f0
[ 44.662562][ T450] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 44.668619][ T450] path_openat+0xfcf/0x2f10
[ 44.673110][ T450] ? do_filp_open+0x3e0/0x3e0
[ 44.677766][ T450] ? expand_files+0xde/0x8e0
[ 44.682334][ T450] do_filp_open+0x1b3/0x3e0
[ 44.686819][ T450] ? vfs_tmpfile+0x2d0/0x2d0
[ 44.691391][ T450] do_sys_openat2+0x14c/0x7b0
[ 44.696050][ T450] ? do_sys_open+0xe0/0xe0
[ 44.700450][ T450] __x64_sys_openat+0x136/0x160
[ 44.705292][ T450] x64_sys_call+0x219/0x9a0
[ 44.709797][ T450] do_syscall_64+0x4c/0xa0
[ 44.714201][ T450] ? clear_bhb_loop+0x50/0xa0
[ 44.718880][ T450] ? clear_bhb_loop+0x50/0xa0
[ 44.723541][ T450] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 44.729418][ T450] RIP: 0033:0x7f3878aa5749
[ 44.733813][ T450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 44.753401][ T450] RSP: 002b:00007f38788f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 44.761797][ T450] RAX: ffffffffffffffda RBX: 00007f3878cfc090 RCX: 00007f3878aa5749
[ 44.769748][ T450] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 44.777699][ T450] RBP: 00007f3878b29f91 R08: 0000000000000000 R09: 0000000000000000
[ 44.785649][ T450] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 44.793601][ T450] R13: 00007f3878cfc128 R14: 00007f3878cfc090 R15: 00007ffd49473e38
[ 44.801559][ T450]
[ 44.804558][ T450]
[ 44.806861][ T450] Allocated by task 431:
[ 44.811079][ T450] __kasan_slab_alloc+0xbd/0xf0
[ 44.815914][ T450] slab_post_alloc_hook+0x4f/0x2b0
[ 44.821015][ T450] kmem_cache_alloc+0xf7/0x260
[ 44.825755][ T450] f2fs_init_extent_tree+0x4b9/0xc70
[ 44.831106][ T450] f2fs_iget+0x13c9/0x5230
[ 44.835500][ T450] f2fs_lookup+0x366/0xab0
[ 44.839895][ T450] __lookup_slow+0x2aa/0x3e0
[ 44.844466][ T450] lookup_slow+0x57/0x70
[ 44.848687][ T450] walk_component+0x325/0x460
[ 44.853352][ T450] path_lookupat+0x180/0x490
[ 44.857936][ T450] filename_lookup+0x1e2/0x4f0
[ 44.862679][ T450] user_path_at_empty+0x47/0x1c0
[ 44.867598][ T450] do_sys_truncate+0xa3/0x190
[ 44.872258][ T450] __x64_sys_truncate+0x5b/0x70
[ 44.877089][ T450] x64_sys_call+0x212/0x9a0
[ 44.881569][ T450] do_syscall_64+0x4c/0xa0
[ 44.885965][ T450] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 44.891838][ T450]
[ 44.894142][ T450] Freed by task 431:
[ 44.898011][ T450] kasan_set_track+0x4a/0x70
[ 44.902578][ T450] kasan_set_free_info+0x23/0x40
[ 44.907510][ T450] ____kasan_slab_free+0x125/0x160
[ 44.912598][ T450] __kasan_slab_free+0x11/0x20
[ 44.917341][ T450] slab_free_freelist_hook+0xc2/0x190
[ 44.922693][ T450] kmem_cache_free+0x100/0x320
[ 44.927437][ T450] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 44.932962][ T450] f2fs_evict_inode+0x4f0/0x1600
[ 44.937884][ T450] evict+0x485/0x870
[ 44.941758][ T450] iput+0x635/0x7c0
[ 44.945551][ T450] iget_failed+0x17a/0x1c0
[ 44.949945][ T450] f2fs_iget+0x1aeb/0x5230
[ 44.954342][ T450] f2fs_lookup+0x366/0xab0
[ 44.958733][ T450] __lookup_slow+0x2aa/0x3e0
[ 44.963301][ T450] lookup_slow+0x57/0x70
[ 44.967528][ T450] walk_component+0x325/0x460
[ 44.972186][ T450] path_lookupat+0x180/0x490
[ 44.976759][ T450] filename_lookup+0x1e2/0x4f0
[ 44.981501][ T450] user_path_at_empty+0x47/0x1c0
[ 44.986417][ T450] do_sys_truncate+0xa3/0x190
[ 44.991073][ T450] __x64_sys_truncate+0x5b/0x70
[ 44.995901][ T450] x64_sys_call+0x212/0x9a0
[ 45.000389][ T450] do_syscall_64+0x4c/0xa0
[ 45.004789][ T450] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.010665][ T450]
[ 45.012966][ T450] The buggy address belongs to the object at ffff888120b74b60
[ 45.012966][ T450] which belongs to the cache f2fs_extent_tree of size 80
[ 45.027341][ T450] The buggy address is located 0 bytes inside of
[ 45.027341][ T450] 80-byte region [ffff888120b74b60, ffff888120b74bb0)
[ 45.040335][ T450] The buggy address belongs to the page:
[ 45.046027][ T450] page:ffffea000482dd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120b74
[ 45.056241][ T450] flags: 0x4000000000000200(slab|zone=1)
[ 45.061884][ T450] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f8d80
[ 45.070445][ T450] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 45.078998][ T450] page dumped because: kasan: bad access detected
[ 45.085381][ T450] page_owner tracks the page as allocated
[ 45.091074][ T450] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 424, ts 41886307700, free_ts 0
[ 45.109105][ T450] post_alloc_hook+0x192/0x1b0
[ 45.113853][ T450] prep_new_page+0x1c/0x110
[ 45.118334][ T450] get_page_from_freelist+0x2cc5/0x2d50
[ 45.123856][ T450] __alloc_pages+0x18f/0x440
[ 45.128423][ T450] new_slab+0xa1/0x4d0
[ 45.132470][ T450] ___slab_alloc+0x381/0x810
[ 45.137037][ T450] __slab_alloc+0x49/0x90
[ 45.141343][ T450] kmem_cache_alloc+0x138/0x260
[ 45.146195][ T450] f2fs_init_extent_tree+0x4b9/0xc70
[ 45.151483][ T450] f2fs_iget+0x13c9/0x5230
[ 45.155879][ T450] f2fs_lookup+0x366/0xab0
[ 45.160274][ T450] __lookup_slow+0x2aa/0x3e0
[ 45.164844][ T450] lookup_slow+0x57/0x70
[ 45.169065][ T450] walk_component+0x325/0x460
[ 45.173718][ T450] path_lookupat+0x180/0x490
[ 45.178284][ T450] filename_lookup+0x1e2/0x4f0
[ 45.183025][ T450] page_owner free stack trace missing
[ 45.188368][ T450]
[ 45.190680][ T450] Memory state around the buggy address:
[ 45.196283][ T450] ffff888120b74a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.204320][ T450] ffff888120b74a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.212357][ T450] >ffff888120b74b00: fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb
[ 45.220394][ T450] ^
[ 45.227561][ T450] ffff888120b74b80: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
[ 45.235600][ T450] ffff888120b74c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.243638][ T450] ==================================================================
[ 45.481225][ T8] device bridge_slave_1 left promiscuous mode
[ 45.487484][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.530755][ T8] device bridge_slave_0 left promiscuous mode
[ 45.536936][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.584691][ T8] device veth1_macvtap left promiscuous mode
[ 45.610315][ T8] device veth0_vlan left promiscuous mode
[ 46.565204][ T458] loop3: detected capacity change from 0 to 131072
[ 46.577614][ T454] loop2: detected capacity change from 0 to 131072
[ 46.602142][ T458] F2FS-fs (loop3): invalid crc value
[ 46.633111][ T458] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 46.692559][ T454] F2FS-fs (loop2): invalid crc value
[ 46.723588][ T458] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 46.730789][ T454] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 46.740878][ T458] F2FS-fs (loop3): access invalid blkaddr:2147563524
[ 46.757791][ T458] CPU: 0 PID: 458 Comm: syz.3.26 Tainted: G B syzkaller #0
[ 46.766327][ T458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 46.776397][ T458] Call Trace:
[ 46.779676][ T458]
[ 46.782609][ T458] __dump_stack+0x21/0x30
[ 46.786949][ T458] dump_stack_lvl+0xee/0x150
[ 46.791545][ T458] ? show_regs_print_info+0x20/0x20
[ 46.796749][ T458] ? f2fs_init_extent_tree+0x77d/0xc70
[ 46.802202][ T458] ? memcpy+0x56/0x70
[ 46.803632][ T462] loop5: detected capacity change from 0 to 131072
[ 46.806186][ T458] dump_stack+0x15/0x20
[ 46.816800][ T458] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 46.822177][ T458] f2fs_iget+0x216d/0x5230
[ 46.826607][ T458] f2fs_lookup+0x366/0xab0
[ 46.831023][ T458] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 46.837091][ T458] ? d_hash_and_lookup+0x1f0/0x1f0
[ 46.842212][ T458] ? lockref_get_not_dead+0xe6/0x1c0
[ 46.847498][ T458] ? downgrade_write+0x410/0x410
[ 46.852438][ T458] __lookup_slow+0x2aa/0x3e0
[ 46.857031][ T458] ? lookup_one_len+0x2c0/0x2c0
[ 46.861878][ T458] ? down_read+0xa5/0xf0
[ 46.866123][ T458] ? handle_dots+0xe10/0xe10
[ 46.870717][ T458] lookup_slow+0x57/0x70
[ 46.873437][ T464] loop4: detected capacity change from 0 to 131072
[ 46.874952][ T458] walk_component+0x325/0x460
[ 46.886092][ T458] path_lookupat+0x180/0x490
[ 46.890673][ T458] filename_lookup+0x1e2/0x4f0
[ 46.895420][ T458] ? hashlen_string+0x120/0x120
[ 46.900267][ T458] user_path_at_empty+0x47/0x1c0
[ 46.905187][ T458] do_sys_truncate+0xa3/0x190
[ 46.909849][ T458] ? break_lease+0xd0/0xd0
[ 46.914247][ T458] ? __kasan_check_write+0x14/0x20
[ 46.919340][ T458] ? switch_fpu_return+0x15d/0x2c0
[ 46.924433][ T458] __x64_sys_truncate+0x5b/0x70
[ 46.929294][ T458] x64_sys_call+0x212/0x9a0
[ 46.933779][ T458] do_syscall_64+0x4c/0xa0
[ 46.938179][ T458] ? clear_bhb_loop+0x50/0xa0
[ 46.942844][ T458] ? clear_bhb_loop+0x50/0xa0
[ 46.947500][ T458] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.953378][ T458] RIP: 0033:0x7f3878aa5749
[ 46.957775][ T458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 46.977364][ T458] RSP: 002b:00007f3878915038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 46.985765][ T458] RAX: ffffffffffffffda RBX: 00007f3878cfbfa0 RCX: 00007f3878aa5749
[ 46.993718][ T458] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 47.001678][ T458] RBP: 00007f3878b29f91 R08: 0000000000000000 R09: 0000000000000000
[ 47.009634][ T458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 47.017590][ T458] R13: 00007f3878cfc038 R14: 00007f3878cfbfa0 R15: 00007ffd49473e38
[ 47.025643][ T458]
[ 47.034447][ T462] F2FS-fs (loop5): invalid crc value
[ 47.042226][ T454] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 47.050913][ T454] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 47.057784][ T454] CPU: 0 PID: 454 Comm: syz.2.25 Tainted: G B syzkaller #0
[ 47.058247][ T462] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 47.066295][ T454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 47.066305][ T454] Call Trace:
[ 47.066310][ T454]
[ 47.066315][ T454] __dump_stack+0x21/0x30
[ 47.066340][ T454] dump_stack_lvl+0xee/0x150
[ 47.066356][ T454] ? show_regs_print_info+0x20/0x20
[ 47.066374][ T454] ? f2fs_init_extent_tree+0x77d/0xc70
[ 47.066391][ T454] ? memcpy+0x56/0x70
[ 47.090591][ T458] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 47.093127][ T454] dump_stack+0x15/0x20
[ 47.104332][ T462] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[ 47.108317][ T454] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 47.124988][ T460] loop6: detected capacity change from 0 to 131072
[ 47.128734][ T454] f2fs_iget+0x216d/0x5230
[ 47.144125][ T476] F2FS-fs (loop3): access invalid blkaddr:2147563524
[ 47.148086][ T454] f2fs_lookup+0x366/0xab0
[ 47.148112][ T454] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 47.169714][ T454] ? d_hash_and_lookup+0x1f0/0x1f0
[ 47.174819][ T454] ? lockref_get_not_dead+0xe6/0x1c0
[ 47.180093][ T454] ? downgrade_write+0x410/0x410
[ 47.185021][ T454] __lookup_slow+0x2aa/0x3e0
[ 47.189601][ T454] ? lookup_one_len+0x2c0/0x2c0
[ 47.194437][ T454] ? down_read+0xa5/0xf0
[ 47.198666][ T454] ? handle_dots+0xe10/0xe10
[ 47.203248][ T454] lookup_slow+0x57/0x70
[ 47.207478][ T454] walk_component+0x325/0x460
[ 47.212143][ T454] path_lookupat+0x180/0x490
[ 47.216721][ T454] filename_lookup+0x1e2/0x4f0
[ 47.221824][ T454] ? hashlen_string+0x120/0x120
[ 47.226671][ T454] user_path_at_empty+0x47/0x1c0
[ 47.231602][ T454] do_sys_truncate+0xa3/0x190
[ 47.236268][ T454] ? break_lease+0xd0/0xd0
[ 47.240674][ T454] ? __kasan_check_write+0x14/0x20
[ 47.245773][ T454] ? switch_fpu_return+0x15d/0x2c0
[ 47.250875][ T454] __x64_sys_truncate+0x5b/0x70
[ 47.255718][ T454] x64_sys_call+0x212/0x9a0
[ 47.260206][ T454] do_syscall_64+0x4c/0xa0
[ 47.264611][ T454] ? clear_bhb_loop+0x50/0xa0
[ 47.269286][ T454] ? clear_bhb_loop+0x50/0xa0
[ 47.270760][ T462] F2FS-fs (loop5): access invalid blkaddr:2147563524
[ 47.273945][ T454] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.273969][ T454] RIP: 0033:0x7f9215458749
[ 47.290894][ T454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 47.310488][ T454] RSP: 002b:00007f92152c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 47.318894][ T454] RAX: ffffffffffffffda RBX: 00007f92156aefa0 RCX: 00007f9215458749
[ 47.326857][ T454] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 47.334819][ T454] RBP: 00007f92154dcf91 R08: 0000000000000000 R09: 0000000000000000
[ 47.342783][ T454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 47.350742][ T454] R13: 00007f92156af038 R14: 00007f92156aefa0 R15: 00007ffdefc5b658
[ 47.358711][ T454]
[ 47.361726][ T462] CPU: 1 PID: 462 Comm: syz.5.22 Tainted: G B syzkaller #0
[ 47.362813][ T454] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 47.370229][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 47.392573][ T462] Call Trace:
[ 47.395843][ T462]
[ 47.398759][ T462] __dump_stack+0x21/0x30
[ 47.403083][ T462] dump_stack_lvl+0xee/0x150
[ 47.407665][ T462] ? show_regs_print_info+0x20/0x20
[ 47.412847][ T462] ? f2fs_init_extent_tree+0x77d/0xc70
[ 47.418300][ T462] ? memcpy+0x56/0x70
[ 47.422280][ T462] dump_stack+0x15/0x20
[ 47.424388][ T479] F2FS-fs (loop2): access invalid blkaddr:2147563524
[ 47.426449][ T462] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 47.433412][ T464] F2FS-fs (loop4): invalid crc value
[ 47.438554][ T462] f2fs_iget+0x216d/0x5230
[ 47.438579][ T462] f2fs_lookup+0x366/0xab0
[ 47.452712][ T462] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 47.458806][ T462] ? d_hash_and_lookup+0x1f0/0x1f0
[ 47.463994][ T462] ? lockref_get_not_dead+0xe6/0x1c0
[ 47.469617][ T462] ? downgrade_write+0x410/0x410
[ 47.474545][ T462] __lookup_slow+0x2aa/0x3e0
[ 47.479133][ T462] ? lookup_one_len+0x2c0/0x2c0
[ 47.483969][ T462] ? down_read+0xa5/0xf0
[ 47.488199][ T462] ? handle_dots+0xe10/0xe10
[ 47.492776][ T462] lookup_slow+0x57/0x70
[ 47.497006][ T462] walk_component+0x325/0x460
[ 47.501670][ T462] path_lookupat+0x180/0x490
[ 47.506246][ T462] filename_lookup+0x1e2/0x4f0
[ 47.511002][ T462] ? hashlen_string+0x120/0x120
[ 47.515848][ T462] user_path_at_empty+0x47/0x1c0
[ 47.520874][ T462] do_sys_truncate+0xa3/0x190
[ 47.525555][ T462] ? break_lease+0xd0/0xd0
[ 47.529970][ T462] ? __kasan_check_write+0x14/0x20
[ 47.535218][ T462] ? switch_fpu_return+0x15d/0x2c0
[ 47.540335][ T462] __x64_sys_truncate+0x5b/0x70
[ 47.545180][ T462] x64_sys_call+0x212/0x9a0
[ 47.549678][ T462] do_syscall_64+0x4c/0xa0
[ 47.554093][ T462] ? clear_bhb_loop+0x50/0xa0
[ 47.558770][ T462] ? clear_bhb_loop+0x50/0xa0
[ 47.563443][ T462] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.569330][ T462] RIP: 0033:0x7f76f640c749
[ 47.573745][ T462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 47.593453][ T462] RSP: 002b:00007f76f627c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 47.601877][ T462] RAX: ffffffffffffffda RBX: 00007f76f6662fa0 RCX: 00007f76f640c749
[ 47.609854][ T462] RDX: 0000000000000000 RSI: 0000000000001c9e RDI: 0000200000000280
[ 47.617834][ T462] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 47.625840][ T462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 47.633804][ T462] R13: 00007f76f6663038 R14: 00007f76f6662fa0 R15: 00007fff917ae288
[ 47.641768][ T462]
[ 47.644776][ T476] CPU: 0 PID: 476 Comm: syz.3.26 Tainted: G B syzkaller #0
[ 47.653304][ T476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 47.663346][ T476] Call Trace:
[ 47.666608][ T476]
[ 47.669520][ T476] __dump_stack+0x21/0x30
[ 47.673870][ T476] dump_stack_lvl+0xee/0x150
[ 47.678442][ T476] ? show_regs_print_info+0x20/0x20
[ 47.683708][ T476] ? f2fs_init_extent_tree+0x77d/0xc70
[ 47.689150][ T476] ? memcpy+0x56/0x70
[ 47.693117][ T476] dump_stack+0x15/0x20
[ 47.697256][ T476] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 47.702618][ T476] f2fs_iget+0x216d/0x5230
[ 47.707049][ T476] f2fs_lookup+0x366/0xab0
[ 47.711467][ T476] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 47.717533][ T476] ? d_hash_and_lookup+0x1f0/0x1f0
[ 47.722641][ T476] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 47.728785][ T476] path_openat+0xfcf/0x2f10
[ 47.733276][ T476] ? do_filp_open+0x3e0/0x3e0
[ 47.737941][ T476] ? expand_files+0xde/0x8e0
[ 47.742515][ T476] do_filp_open+0x1b3/0x3e0
[ 47.747002][ T476] ? vfs_tmpfile+0x2d0/0x2d0
[ 47.751576][ T476] do_sys_openat2+0x14c/0x7b0
[ 47.756239][ T476] ? do_sys_open+0xe0/0xe0
[ 47.760636][ T476] __x64_sys_openat+0x136/0x160
[ 47.765475][ T476] x64_sys_call+0x219/0x9a0
[ 47.769961][ T476] do_syscall_64+0x4c/0xa0
[ 47.774361][ T476] ? clear_bhb_loop+0x50/0xa0
[ 47.779038][ T476] ? clear_bhb_loop+0x50/0xa0
[ 47.783695][ T476] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.789574][ T476] RIP: 0033:0x7f3878aa5749
[ 47.793970][ T476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 47.813559][ T476] RSP: 002b:00007f38788f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 47.821957][ T476] RAX: ffffffffffffffda RBX: 00007f3878cfc090 RCX: 00007f3878aa5749
[ 47.830001][ T476] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 47.837966][ T476] RBP: 00007f3878b29f91 R08: 0000000000000000 R09: 0000000000000000
[ 47.845917][ T476] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 47.853871][ T476] R13: 00007f3878cfc128 R14: 00007f3878cfc090 R15: 00007ffd49473e38
[ 47.861827][ T476]
[ 47.865071][ T462] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 47.877505][ T479] CPU: 1 PID: 479 Comm: syz.2.25 Tainted: G B syzkaller #0
[ 47.877834][ T476] F2FS-fs (loop3): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 47.886009][ T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 47.886020][ T479] Call Trace:
[ 47.886025][ T479]
[ 47.886030][ T479] __dump_stack+0x21/0x30
[ 47.900428][ T478] F2FS-fs (loop5): access invalid blkaddr:2147563524
[ 47.908384][ T479] dump_stack_lvl+0xee/0x150
[ 47.930190][ T479] ? show_regs_print_info+0x20/0x20
[ 47.935382][ T479] ? _raw_spin_lock+0x8e/0xe0
[ 47.940052][ T479] dump_stack+0x15/0x20
[ 47.944192][ T479] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 47.949557][ T479] f2fs_iget+0x216d/0x5230
[ 47.953967][ T479] f2fs_lookup+0x366/0xab0
[ 47.958367][ T479] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 47.964431][ T479] ? d_hash_and_lookup+0x1f0/0x1f0
[ 47.969535][ T479] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 47.975591][ T479] path_openat+0xfcf/0x2f10
[ 47.980093][ T479] ? do_filp_open+0x3e0/0x3e0
[ 47.984760][ T479] ? expand_files+0xde/0x8e0
[ 47.989423][ T479] do_filp_open+0x1b3/0x3e0
[ 47.993914][ T479] ? vfs_tmpfile+0x2d0/0x2d0
[ 47.998493][ T479] do_sys_openat2+0x14c/0x7b0
[ 48.003162][ T479] ? do_sys_open+0xe0/0xe0
[ 48.007568][ T479] __x64_sys_openat+0x136/0x160
[ 48.012521][ T479] x64_sys_call+0x219/0x9a0
[ 48.017017][ T479] do_syscall_64+0x4c/0xa0
[ 48.021425][ T479] ? clear_bhb_loop+0x50/0xa0
[ 48.026090][ T479] ? clear_bhb_loop+0x50/0xa0
[ 48.030756][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.036637][ T479] RIP: 0033:0x7f9215458749
[ 48.041055][ T479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 48.060647][ T479] RSP: 002b:00007f92152a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 48.069050][ T479] RAX: ffffffffffffffda RBX: 00007f92156af090 RCX: 00007f9215458749
2026/01/06 01:50:00 executed programs: 20
[ 48.077018][ T479] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 48.084983][ T479] RBP: 00007f92154dcf91 R08: 0000000000000000 R09: 0000000000000000
[ 48.092944][ T479] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 48.100900][ T479] R13: 00007f92156af128 R14: 00007f92156af090 R15: 00007ffdefc5b658
[ 48.108863][ T479]
[ 48.111873][ T478] CPU: 0 PID: 478 Comm: syz.5.22 Tainted: G B syzkaller #0
[ 48.113500][ T479] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 48.120371][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 48.120383][ T478] Call Trace:
[ 48.120387][ T478]
[ 48.120391][ T478] __dump_stack+0x21/0x30
[ 48.120413][ T478] dump_stack_lvl+0xee/0x150
[ 48.120428][ T478] ? show_regs_print_info+0x20/0x20
[ 48.132922][ T479] ==================================================================
[ 48.142769][ T478] ? _raw_spin_lock+0x8e/0xe0
[ 48.146055][ T479] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 48.148974][ T478] dump_stack+0x15/0x20
[ 48.153273][ T479]
[ 48.190538][ T478] f2fs_is_valid_blkaddr+0xca0/0x12a0
[ 48.195902][ T478] f2fs_iget+0x216d/0x5230
[ 48.200308][ T478] f2fs_lookup+0x366/0xab0
[ 48.204708][ T478] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 48.210761][ T478] ? d_hash_and_lookup+0x1f0/0x1f0
[ 48.215858][ T478] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 48.221908][ T478] path_openat+0xfcf/0x2f10
[ 48.226430][ T478] ? do_filp_open+0x3e0/0x3e0
[ 48.231104][ T478] ? expand_files+0xde/0x8e0
[ 48.235698][ T478] do_filp_open+0x1b3/0x3e0
[ 48.240190][ T478] ? vfs_tmpfile+0x2d0/0x2d0
[ 48.244771][ T478] do_sys_openat2+0x14c/0x7b0
[ 48.249437][ T478] ? do_sys_open+0xe0/0xe0
[ 48.253841][ T478] __x64_sys_openat+0x136/0x160
[ 48.258679][ T478] x64_sys_call+0x219/0x9a0
[ 48.263166][ T478] do_syscall_64+0x4c/0xa0
[ 48.267578][ T478] ? clear_bhb_loop+0x50/0xa0
[ 48.272244][ T478] ? clear_bhb_loop+0x50/0xa0
[ 48.276903][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.282868][ T478] RIP: 0033:0x7f76f640c749
[ 48.287269][ T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 48.306862][ T478] RSP: 002b:00007f76f625b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 48.315264][ T478] RAX: ffffffffffffffda RBX: 00007f76f6663090 RCX: 00007f76f640c749
[ 48.323227][ T478] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 48.331184][ T478] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 48.339140][ T478] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 48.347359][ T478] R13: 00007f76f6663128 R14: 00007f76f6663090 R15: 00007fff917ae288
[ 48.355319][ T478]
[ 48.358337][ T479] CPU: 1 PID: 479 Comm: syz.2.25 Tainted: G B syzkaller #0
[ 48.359993][ T464] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 48.366925][ T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 48.366937][ T479] Call Trace:
[ 48.366942][ T479]
[ 48.366947][ T479] __dump_stack+0x21/0x30
[ 48.366971][ T479] dump_stack_lvl+0xee/0x150
[ 48.366988][ T479] ? show_regs_print_info+0x20/0x20
[ 48.367005][ T479] ? load_image+0x3a0/0x3a0
[ 48.367019][ T479] ? truncate_inode_pages_range+0xc8c/0xd60
[ 48.396855][ T478] F2FS-fs (loop5): sanity_check_inode: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix
[ 48.398401][ T479] print_address_description+0x7f/0x2c0
[ 48.431742][ T479] ? kmem_cache_free+0x100/0x320
[ 48.436663][ T479] kasan_report_invalid_free+0x58/0x90
[ 48.442095][ T479] ? kmem_cache_free+0x100/0x320
[ 48.447071][ T479] ____kasan_slab_free+0x13d/0x160
[ 48.452307][ T479] __kasan_slab_free+0x11/0x20
[ 48.457111][ T479] slab_free_freelist_hook+0xc2/0x190
[ 48.462475][ T479] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 48.468176][ T479] kmem_cache_free+0x100/0x320
[ 48.472918][ T479] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 48.478449][ T479] f2fs_evict_inode+0x4f0/0x1600
[ 48.483379][ T479] ? inode_wait_for_writeback+0x1b0/0x200
[ 48.489175][ T479] ? f2fs_write_inode+0x850/0x850
[ 48.494308][ T479] ? bit_waitqueue+0x30/0x30
[ 48.498875][ T479] ? _printk+0xcc/0x110
[ 48.503007][ T479] ? f2fs_write_inode+0x850/0x850
[ 48.508006][ T479] evict+0x485/0x870
[ 48.511878][ T479] ? proc_nr_inodes+0x310/0x310
[ 48.516703][ T479] ? _raw_spin_lock+0x8e/0xe0
[ 48.521359][ T479] ? __kasan_check_read+0x11/0x20
[ 48.526357][ T479] ? f2fs_drop_inode+0x174/0x980
[ 48.531272][ T479] ? __wake_up_bit+0x100/0x100
[ 48.536012][ T479] ? __kasan_check_write+0x14/0x20
[ 48.541257][ T479] iput+0x635/0x7c0
[ 48.545130][ T479] iget_failed+0x17a/0x1c0
[ 48.549629][ T479] f2fs_iget+0x1aeb/0x5230
[ 48.554025][ T479] f2fs_lookup+0x366/0xab0
[ 48.558413][ T479] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 48.564451][ T479] ? d_hash_and_lookup+0x1f0/0x1f0
[ 48.569773][ T479] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 48.575832][ T479] path_openat+0xfcf/0x2f10
[ 48.580361][ T479] ? do_filp_open+0x3e0/0x3e0
[ 48.585014][ T479] ? expand_files+0xde/0x8e0
[ 48.589584][ T479] do_filp_open+0x1b3/0x3e0
[ 48.594062][ T479] ? vfs_tmpfile+0x2d0/0x2d0
[ 48.598628][ T479] do_sys_openat2+0x14c/0x7b0
[ 48.603281][ T479] ? do_sys_open+0xe0/0xe0
[ 48.607674][ T479] __x64_sys_openat+0x136/0x160
[ 48.612503][ T479] x64_sys_call+0x219/0x9a0
[ 48.617002][ T479] do_syscall_64+0x4c/0xa0
[ 48.621413][ T479] ? clear_bhb_loop+0x50/0xa0
[ 48.626095][ T479] ? clear_bhb_loop+0x50/0xa0
[ 48.630748][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.636619][ T479] RIP: 0033:0x7f9215458749
[ 48.641046][ T479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 48.660628][ T479] RSP: 002b:00007f92152a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 48.669107][ T479] RAX: ffffffffffffffda RBX: 00007f92156af090 RCX: 00007f9215458749
[ 48.677060][ T479] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 48.685009][ T479] RBP: 00007f92154dcf91 R08: 0000000000000000 R09: 0000000000000000
[ 48.692959][ T479] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 48.700906][ T479] R13: 00007f92156af128 R14: 00007f92156af090 R15: 00007ffdefc5b658
[ 48.708861][ T479]
[ 48.711881][ T479]
[ 48.714185][ T479] Allocated by task 454:
[ 48.718396][ T479] __kasan_slab_alloc+0xbd/0xf0
[ 48.723223][ T479] slab_post_alloc_hook+0x4f/0x2b0
[ 48.728570][ T479] kmem_cache_alloc+0xf7/0x260
[ 48.733318][ T479] f2fs_init_extent_tree+0x4b9/0xc70
[ 48.738710][ T479] f2fs_iget+0x13c9/0x5230
[ 48.743114][ T479] f2fs_lookup+0x366/0xab0
[ 48.747510][ T479] __lookup_slow+0x2aa/0x3e0
[ 48.752079][ T479] lookup_slow+0x57/0x70
[ 48.756307][ T479] walk_component+0x325/0x460
[ 48.760975][ T479] path_lookupat+0x180/0x490
[ 48.765553][ T479] filename_lookup+0x1e2/0x4f0
[ 48.770304][ T479] user_path_at_empty+0x47/0x1c0
[ 48.775221][ T479] do_sys_truncate+0xa3/0x190
[ 48.779879][ T479] __x64_sys_truncate+0x5b/0x70
[ 48.784705][ T479] x64_sys_call+0x212/0x9a0
[ 48.789183][ T479] do_syscall_64+0x4c/0xa0
[ 48.793573][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.799447][ T479]
[ 48.801747][ T479] Freed by task 454:
[ 48.805616][ T479] kasan_set_track+0x4a/0x70
[ 48.810182][ T479] kasan_set_free_info+0x23/0x40
[ 48.815094][ T479] ____kasan_slab_free+0x125/0x160
[ 48.820187][ T479] __kasan_slab_free+0x11/0x20
[ 48.825065][ T479] slab_free_freelist_hook+0xc2/0x190
[ 48.830411][ T479] kmem_cache_free+0x100/0x320
[ 48.835149][ T479] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 48.840669][ T479] f2fs_evict_inode+0x4f0/0x1600
[ 48.845666][ T479] evict+0x485/0x870
[ 48.849538][ T479] iput+0x635/0x7c0
[ 48.853320][ T479] iget_failed+0x17a/0x1c0
[ 48.857706][ T479] f2fs_iget+0x1aeb/0x5230
[ 48.862093][ T479] f2fs_lookup+0x366/0xab0
[ 48.866482][ T479] __lookup_slow+0x2aa/0x3e0
[ 48.871045][ T479] lookup_slow+0x57/0x70
[ 48.875259][ T479] walk_component+0x325/0x460
[ 48.879940][ T479] path_lookupat+0x180/0x490
[ 48.884504][ T479] filename_lookup+0x1e2/0x4f0
[ 48.889248][ T479] user_path_at_empty+0x47/0x1c0
[ 48.894174][ T479] do_sys_truncate+0xa3/0x190
[ 48.898931][ T479] __x64_sys_truncate+0x5b/0x70
[ 48.903763][ T479] x64_sys_call+0x212/0x9a0
[ 48.908242][ T479] do_syscall_64+0x4c/0xa0
[ 48.912635][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.918591][ T479]
[ 48.920891][ T479] The buggy address belongs to the object at ffff888120a865b0
[ 48.920891][ T479] which belongs to the cache f2fs_extent_tree of size 80
[ 48.935267][ T479] The buggy address is located 0 bytes inside of
[ 48.935267][ T479] 80-byte region [ffff888120a865b0, ffff888120a86600)
[ 48.948390][ T479] The buggy address belongs to the page:
[ 48.954009][ T479] page:ffffea000482a180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120a86
[ 48.964224][ T479] flags: 0x4000000000000200(slab|zone=1)
[ 48.969845][ T479] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081f8d80
[ 48.978428][ T479] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000
[ 48.986984][ T479] page dumped because: kasan: bad access detected
[ 48.993369][ T479] page_owner tracks the page as allocated
[ 48.999054][ T479] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 422, ts 38544235908, free_ts 0
[ 49.017177][ T479] post_alloc_hook+0x192/0x1b0
[ 49.022030][ T479] prep_new_page+0x1c/0x110
[ 49.026513][ T479] get_page_from_freelist+0x2cc5/0x2d50
[ 49.032039][ T479] __alloc_pages+0x18f/0x440
[ 49.036699][ T479] new_slab+0xa1/0x4d0
[ 49.040757][ T479] ___slab_alloc+0x381/0x810
[ 49.045328][ T479] __slab_alloc+0x49/0x90
[ 49.049642][ T479] kmem_cache_alloc+0x138/0x260
[ 49.054468][ T479] f2fs_init_extent_tree+0x4b9/0xc70
[ 49.059729][ T479] f2fs_iget+0x13c9/0x5230
[ 49.064119][ T479] f2fs_lookup+0x366/0xab0
[ 49.068509][ T479] __lookup_slow+0x2aa/0x3e0
[ 49.073073][ T479] lookup_slow+0x57/0x70
[ 49.077286][ T479] walk_component+0x325/0x460
[ 49.081938][ T479] path_lookupat+0x180/0x490
[ 49.086503][ T479] filename_lookup+0x1e2/0x4f0
[ 49.091239][ T479] page_owner free stack trace missing
[ 49.096579][ T479]
[ 49.098893][ T479] Memory state around the buggy address:
[ 49.104494][ T479] ffff888120a86480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.112636][ T479] ffff888120a86500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.120666][ T479] >ffff888120a86580: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 49.128700][ T479] ^
[ 49.134300][ T479] ffff888120a86600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.142330][ T479] ffff888120a86680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.150363][ T479] ==================================================================
[ 49.158467][ T478] ==================================================================
[ 49.166644][ T478] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 49.175060][ T478]
[ 49.177371][ T478] CPU: 0 PID: 478 Comm: syz.5.22 Tainted: G B syzkaller #0
[ 49.185858][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 49.195895][ T478] Call Trace:
[ 49.199167][ T478]
[ 49.202180][ T478] __dump_stack+0x21/0x30
[ 49.206504][ T478] dump_stack_lvl+0xee/0x150
[ 49.211076][ T478] ? show_regs_print_info+0x20/0x20
[ 49.216260][ T478] ? load_image+0x3a0/0x3a0
[ 49.220743][ T478] ? truncate_inode_pages_range+0xc8c/0xd60
[ 49.226619][ T478] ? __switch_to_asm+0x3a/0x60
[ 49.231377][ T478] print_address_description+0x7f/0x2c0
[ 49.236905][ T478] ? kmem_cache_free+0x100/0x320
[ 49.241828][ T478] kasan_report_invalid_free+0x58/0x90
[ 49.247275][ T478] ? kmem_cache_free+0x100/0x320
[ 49.252202][ T478] ____kasan_slab_free+0x13d/0x160
[ 49.257439][ T478] __kasan_slab_free+0x11/0x20
[ 49.262200][ T478] slab_free_freelist_hook+0xc2/0x190
[ 49.267651][ T478] ? f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 49.273362][ T478] kmem_cache_free+0x100/0x320
[ 49.278122][ T478] f2fs_destroy_extent_tree+0x2c0/0x4b0
[ 49.283658][ T478] f2fs_evict_inode+0x4f0/0x1600
[ 49.288586][ T478] ? inode_wait_for_writeback+0x1b0/0x200
[ 49.294394][ T478] ? f2fs_write_inode+0x850/0x850
[ 49.299403][ T478] ? bit_waitqueue+0x30/0x30
[ 49.303982][ T478] ? _printk+0xcc/0x110
[ 49.308124][ T478] ? f2fs_write_inode+0x850/0x850
[ 49.313141][ T478] evict+0x485/0x870
[ 49.317034][ T478] ? proc_nr_inodes+0x310/0x310
[ 49.322389][ T478] ? _raw_spin_lock+0x8e/0xe0
[ 49.327051][ T478] ? __kasan_check_read+0x11/0x20
[ 49.332058][ T478] ? f2fs_drop_inode+0x174/0x980
[ 49.336978][ T478] ? __wake_up_bit+0x100/0x100
[ 49.341724][ T478] ? __kasan_check_write+0x14/0x20
[ 49.346817][ T478] iput+0x635/0x7c0
[ 49.350611][ T478] iget_failed+0x17a/0x1c0
[ 49.355054][ T478] f2fs_iget+0x1aeb/0x5230
[ 49.359460][ T478] f2fs_lookup+0x366/0xab0
[ 49.363877][ T478] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 49.369931][ T478] ? d_hash_and_lookup+0x1f0/0x1f0
[ 49.375114][ T478] ? f2fs_encrypted_symlink_getattr+0x50/0x50
[ 49.381265][ T478] path_openat+0xfcf/0x2f10
[ 49.385760][ T478] ? do_filp_open+0x3e0/0x3e0
[ 49.390420][ T478] ? expand_files+0xde/0x8e0
[ 49.394989][ T478] do_filp_open+0x1b3/0x3e0
[ 49.399470][ T478] ? vfs_tmpfile+0x2d0/0x2d0
[ 49.404048][ T478] do_sys_openat2+0x14c/0x7b0
[ 49.408710][ T478] ? do_sys_open+0xe0/0xe0
[ 49.413113][ T478] __x64_sys_openat+0x136/0x160
[ 49.417954][ T478] x64_sys_call+0x219/0x9a0
[ 49.422455][ T478] do_syscall_64+0x4c/0xa0
[ 49.426856][ T478] ? clear_bhb_loop+0x50/0xa0
[ 49.431516][ T478] ? clear_bhb_loop+0x50/0xa0
[ 49.436178][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.442055][ T478] RIP: 0033:0x7f76f640c749
[ 49.446455][ T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 49.466127][ T478] RSP: 002b:00007f76f625b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 49.474527][ T478] RAX: ffffffffffffffda RBX: 00007f76f6663090 RCX: 00007f76f640c749
[ 49.482481][ T478] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 49.490442][ T478] RBP: 00007f76f6490f91 R08: 0000000000000000 R09: 0000000000000000
[ 49.498392][ T478] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 49.506343][ T478] R13: 00007f76f6663128 R14: 00007f76f6663090 R15: 00007fff917ae288
[ 49.514306][ T478]
[ 49.517482][ T478]
[ 49.519785][ T478] Allocated by task 462:
[ 49.524036][ T478] __kasan_slab_alloc+0xbd/0xf0
[ 49.528878][ T478] slab_post_alloc_hook+0x4f/0x2b0
[ 49.533978][ T478] kmem_cache_alloc+0xf7/0x260
[ 49.538722][ T478] f2fs_init_extent_tree+0x4b9/0xc70
[ 49.543986][ T478] f2fs_iget+0x13c9/0x5230
[ 49.548386][ T478] f2fs_lookup+0x366/0xab0
[ 49.552778][ T478] __lookup_slow+0x2aa/0x3e0
[ 49.557350][ T478] lookup_slow+0x57/0x70
[ 49.561571][ T478] walk_component+0x325/0x460
[ 49.566233][ T478] path_lookupat+0x180/0x490
[ 49.570808][ T478] filename_lookup+0x1e2/0x4f0
[ 49.575554][ T478] user_path_at_empty+0x47/0x1c0
[ 49.580558][ T478] do_sys_truncate+0xa3/0x190