F2FS-fs (loop1): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 ================================ WARNING: inconsistent lock state syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor/5836 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff888011d53ef0 (&sb->s_type->i_lock_key#49){+.?.}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline] ffff888011d53ef0 (&sb->s_type->i_lock_key#49){+.?.}-{3:3}, at: igrab+0x2d/0x1e0 fs/inode.c:1577 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158 spin_lock include/linux/spinlock.h:342 [inline] iget_locked+0x397/0x6a0 fs/inode.c:1483 f2fs_iget+0x56/0x5f30 fs/f2fs/inode.c:577 f2fs_fill_super+0x4419/0x78f0 fs/f2fs/super.c:5118 get_tree_bdev_flags+0x431/0x4f0 fs/super.c:1694 vfs_get_tree+0x92/0x2a0 fs/super.c:1754 fc_mount fs/namespace.c:1193 [inline] do_new_mount_fc fs/namespace.c:3758 [inline] do_new_mount+0x341/0xd30 fs/namespace.c:3834 do_mount fs/namespace.c:4167 [inline] __do_sys_mount fs/namespace.c:4399 [inline] __se_sys_mount+0x31d/0x420 fs/namespace.c:4376 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f irq event stamp: 880396 hardirqs last enabled at (880396): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (880396): [] _raw_spin_unlock_irqrestore+0x30/0x80 kernel/locking/spinlock.c:198 hardirqs last disabled at (880395): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (880395): [] _raw_spin_lock_irqsave+0x1a/0x60 kernel/locking/spinlock.c:166 softirqs last enabled at (879756): [] restore_fpregs_from_user arch/x86/kernel/fpu/signal.c:-1 [inline] softirqs last enabled at (879756): [] __fpu_restore_sig arch/x86/kernel/fpu/signal.c:346 [inline] softirqs last enabled at (879756): [] fpu__restore_sig+0x55b/0x1220 arch/x86/kernel/fpu/signal.c:480 softirqs last disabled at (880377): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (880377): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (880377): [] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_lock_key#49); lock(&sb->s_type->i_lock_key#49); *** DEADLOCK *** 1 lock held by syz-executor/5836: #0: ffffffff8e95d260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #0: ffffffff8e95d260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #0: ffffffff8e95d260 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1193 [inline] #0: ffffffff8e95d260 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 arch/x86/kernel/unwind_orc.c:495 stack backtrace: CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042 valid_state kernel/locking/lockdep.c:4056 [inline] mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753 mark_usage kernel/locking/lockdep.c:-1 [inline] __lock_acquire+0x689/0x2cf0 kernel/locking/lockdep.c:5191 lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158 spin_lock include/linux/spinlock.h:342 [inline] igrab+0x2d/0x1e0 fs/inode.c:1577 fserror_report+0x3c5/0x740 fs/fserror.c:159 fserror_report_io include/linux/fserror.h:48 [inline] f2fs_write_end_io+0x12c1/0x17a0 fs/f2fs/data.c:386 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258 handle_softirqs+0x22a/0x840 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:753 Code: 89 f7 e8 cc 41 84 00 48 c7 c3 d8 79 3d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 f7 90 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 d7 e7 06 0a cc e8 a1 72 RSP: 0018:ffffc90003f17878 EFLAGS: 00000286 RAX: 0000000000147ff4 RBX: ffff8880b87339d8 RCX: 0000000080000001 RDX: 000000005a44979c RSI: ffffffff8c287dc0 RDI: ffffffff8c287d80 RBP: dffffc0000000000 R08: ffffffff81771256 R09: ffffffff8e95d260 R10: ffffc90003f179b8 R11: ffffffff81b15a30 R12: ffffc90003f179a0 R13: 1ffff920007e2f2d R14: ffffffff8e27e798 R15: dffffc0000000000 rcu_read_lock include/linux/rcupdate.h:851 [inline] class_rcu_constructor include/linux/rcupdate.h:1193 [inline] unwind_next_frame+0xd5/0x2550 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905 alloc_filename fs/namei.c:142 [inline] do_getname+0x2e/0x250 fs/namei.c:182 getname include/linux/fs.h:2520 [inline] class_filename_constructor include/linux/fs.h:2547 [inline] do_sys_openat2+0xca/0x200 fs/open.c:1363 do_sys_open fs/open.c:1370 [inline] __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1381 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4bdf5d04e Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007ffdedc39c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000555577191500 RCX: 00007fd4bdf5d04e RDX: 0000000000000002 RSI: 00007ffdedc39dd0 RDI: ffffffffffffff9c RBP: 00007ffdedc39d7c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000007f R13: 00000000000927c0 R14: 000000000002f10b R15: 00007ffdedc39dd0 CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 f2fs_handle_critical_error fs/f2fs/super.c:4719 [inline] f2fs_stop_checkpoint+0x3c7/0x590 fs/f2fs/super.c:4748 f2fs_write_end_io+0x12e5/0x17a0 fs/f2fs/data.c:390 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258 handle_softirqs+0x22a/0x840 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:753 Code: 89 f7 e8 cc 41 84 00 48 c7 c3 d8 79 3d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 f7 90 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 d7 e7 06 0a cc e8 a1 72 RSP: 0018:ffffc90003f17878 EFLAGS: 00000286 RAX: 0000000000147ff4 RBX: ffff8880b87339d8 RCX: 0000000080000001 RDX: 000000005a44979c RSI: ffffffff8c287dc0 RDI: ffffffff8c287d80 RBP: dffffc0000000000 R08: ffffffff81771256 R09: ffffffff8e95d260 R10: ffffc90003f179b8 R11: ffffffff81b15a30 R12: ffffc90003f179a0 R13: 1ffff920007e2f2d R14: ffffffff8e27e798 R15: dffffc0000000000 rcu_read_lock include/linux/rcupdate.h:851 [inline] class_rcu_constructor include/linux/rcupdate.h:1193 [inline] unwind_next_frame+0xd5/0x2550 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905 alloc_filename fs/namei.c:142 [inline] do_getname+0x2e/0x250 fs/namei.c:182 getname include/linux/fs.h:2520 [inline] class_filename_constructor include/linux/fs.h:2547 [inline] do_sys_openat2+0xca/0x200 fs/open.c:1363 do_sys_open fs/open.c:1370 [inline] __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1381 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4bdf5d04e Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007ffdedc39c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000555577191500 RCX: 00007fd4bdf5d04e RDX: 0000000000000002 RSI: 00007ffdedc39dd0 RDI: ffffffffffffff9c RBP: 00007ffdedc39d7c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000007f R13: 00000000000927c0 R14: 000000000002f10b R15: 00007ffdedc39dd0 F2FS-fs (loop1): Stopped filesystem due to reason: 3 CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 f2fs_handle_critical_error fs/f2fs/super.c:4719 [inline] f2fs_stop_checkpoint+0x3c7/0x590 fs/f2fs/super.c:4748 f2fs_write_end_io+0x12e5/0x17a0 fs/f2fs/data.c:390 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258 handle_softirqs+0x22a/0x840 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:753 Code: 89 f7 e8 cc 41 84 00 48 c7 c3 d8 79 3d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 f7 90 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 d7 e7 06 0a cc e8 a1 72 RSP: 0018:ffffc90003f17878 EFLAGS: 00000286 RAX: 0000000000147ff4 RBX: ffff8880b87339d8 RCX: 0000000080000001 RDX: 000000005a44979c RSI: ffffffff8c287dc0 RDI: ffffffff8c287d80 RBP: dffffc0000000000 R08: ffffffff81771256 R09: ffffffff8e95d260 R10: ffffc90003f179b8 R11: ffffffff81b15a30 R12: ffffc90003f179a0 R13: 1ffff920007e2f2d R14: ffffffff8e27e798 R15: dffffc0000000000 rcu_read_lock include/linux/rcupdate.h:851 [inline] class_rcu_constructor include/linux/rcupdate.h:1193 [inline] unwind_next_frame+0xd5/0x2550 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905 alloc_filename fs/namei.c:142 [inline] do_getname+0x2e/0x250 fs/namei.c:182 getname include/linux/fs.h:2520 [inline] class_filename_constructor include/linux/fs.h:2547 [inline] do_sys_openat2+0xca/0x200 fs/open.c:1363 do_sys_open fs/open.c:1370 [inline] __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1381 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4bdf5d04e Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007ffdedc39c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000555577191500 RCX: 00007fd4bdf5d04e RDX: 0000000000000002 RSI: 00007ffdedc39dd0 RDI: ffffffffffffff9c RBP: 00007ffdedc39d7c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000007f R13: 00000000000927c0 R14: 000000000002f10b R15: 00007ffdedc39dd0 F2FS-fs (loop1): Stopped filesystem due to reason: 3 CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 f2fs_handle_critical_error fs/f2fs/super.c:4719 [inline] f2fs_stop_checkpoint+0x3c7/0x590 fs/f2fs/super.c:4748 f2fs_write_end_io+0x12e5/0x17a0 fs/f2fs/data.c:390 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258 handle_softirqs+0x22a/0x840 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:753 Code: 89 f7 e8 cc 41 84 00 48 c7 c3 d8 79 3d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 f7 90 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 d7 e7 06 0a cc e8 a1 72 RSP: 0018:ffffc90003f17878 EFLAGS: 00000286 RAX: 0000000000147ff4 RBX: ffff8880b87339d8 RCX: 0000000080000001 RDX: 000000005a44979c RSI: ffffffff8c287dc0 RDI: ffffffff8c287d80 RBP: dffffc0000000000 R08: ffffffff81771256 R09: ffffffff8e95d260 R10: ffffc90003f179b8 R11: ffffffff81b15a30 R12: ffffc90003f179a0 R13: 1ffff920007e2f2d R14: ffffffff8e27e798 R15: dffffc0000000000 rcu_read_lock include/linux/rcupdate.h:851 [inline] class_rcu_constructor include/linux/rcupdate.h:1193 [inline] unwind_next_frame+0xd5/0x2550 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905 alloc_filename fs/namei.c:142 [inline] do_getname+0x2e/0x250 fs/namei.c:182 getname include/linux/fs.h:2520 [inline] class_filename_constructor include/linux/fs.h:2547 [inline] do_sys_openat2+0xca/0x200 fs/open.c:1363 do_sys_open fs/open.c:1370 [inline] __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1381 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4bdf5d04e Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007ffdedc39c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000555577191500 RCX: 00007fd4bdf5d04e RDX: 0000000000000002 RSI: 00007ffdedc39dd0 RDI: ffffffffffffff9c RBP: 00007ffdedc39d7c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000007f R13: 00000000000927c0 R14: 000000000002f10b R15: 00007ffdedc39dd0 F2FS-fs (loop1): Stopped filesystem due to reason: 3 CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 f2fs_handle_critical_error fs/f2fs/super.c:4719 [inline] f2fs_stop_checkpoint+0x3c7/0x590 fs/f2fs/super.c:4748 f2fs_write_end_io+0x12e5/0x17a0 fs/f2fs/data.c:390 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258 handle_softirqs+0x22a/0x840 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:753 Code: 89 f7 e8 cc 41 84 00 48 c7 c3 d8 79 3d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 f7 90 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 d7 e7 06 0a cc e8 a1 72 RSP: 0018:ffffc90003f17878 EFLAGS: 00000286 RAX: 0000000000147ff4 RBX: ffff8880b87339d8 RCX: 0000000080000001 RDX: 000000005a44979c RSI: ffffffff8c287dc0 RDI: ffffffff8c287d80 RBP: dffffc0000000000 R08: ffffffff81771256 R09: ffffffff8e95d260 R10: ffffc90003f179b8 R11: ffffffff81b15a30 R12: ffffc90003f179a0 R13: 1ffff920007e2f2d R14: ffffffff8e27e798 R15: dffffc0000000000 rcu_read_lock include/linux/rcupdate.h:851 [inline] class_rcu_constructor include/linux/rcupdate.h:1193 [inline] unwind_next_frame+0xd5/0x2550 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905 alloc_filename fs/namei.c:142 [inline] do_getname+0x2e/0x250 fs/namei.c:182 getname include/linux/fs.h:2520 [inline] class_filename_constructor include/linux/fs.h:2547 [inline] do_sys_openat2+0xca/0x200 fs/open.c:1363 do_sys_open fs/open.c:1370 [inline] __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1381 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4bdf5d04e Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007ffdedc39c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000555577191500 RCX: 00007fd4bdf5d04e RDX: 0000000000000002 RSI: 00007ffdedc39dd0 RDI: ffffffffffffff9c RBP: 00007ffdedc39d7c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000007f R13: 00000000000927c0 R14: 000000000002f10b R15: 00007ffdedc39dd0 F2FS-fs (loop1): Stopped filesystem due to reason: 3 CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 f2fs_handle_critical_error fs/f2fs/super.c:4719 [inline] f2fs_stop_checkpoint+0x3c7/0x590 fs/f2fs/super.c:4748 f2fs_write_end_io+0x12e5/0x17a0 fs/f2fs/data.c:390 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258 handle_softirqs+0x22a/0x840 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:753 Code: 89 f7 e8 cc 41 84 00 48 c7 c3 d8 79 3d 93 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 f7 90 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 d7 e7 06 0a cc e8 a1 72 RSP: 0018:ffffc90003f17878 EFLAGS: 00000286 RAX: 0000000000147ff4 RBX: ffff8880b87339d8 RCX: 0000000080000001 RDX: 000000005a44979c RSI: ffffffff8c287dc0 RDI: ffffffff8c287d80 RBP: dffffc0000000000 R08: ffffffff81771256 R09: ffffffff8e95d260 R10: ffffc90003f179b8 R11: ffffffff81b15a30 R12: ffffc90003f179a0 R13: 1ffff920007e2f2d R14: ffffffff8e27e798 R15: dffffc0000000000 rcu_read_lock include/linux/rcupdate.h:851 [inline] class_rcu_constructor include/linux/rcupdate.h:1193 [inline] unwind_next_frame+0xd5/0x2550 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905 alloc_filename fs/namei.c:142 [inline] do_getname+0x2e/0x250 fs/namei.c:182 getname include/linux/fs.h:2520 [inline] class_filename_constructor include/linux/fs.h:2547 [inline] do_sys_openat2+0xca/0x200 fs/open.c:1363 do_sys_open fs/open.c:1370 [inline] __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1381 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd4bdf5d04e Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007ffdedc39c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000555577191500 RCX: 00007fd4bdf5d04e RDX: 0000000000000002 RSI: 00007ffdedc39dd0 RDI: ffffffffffffff9c RBP: 00007ffdedc39d7c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000007f R13: 00000000000927c0 R14: 000000000002f10b R15: 00007ffdedc39dd0 F2FS-fs (loop1): Stopped filesystem due to reason: 3 ---------------- Code disassembly (best guess): 0: 89 f7 mov %esi,%edi 2: e8 cc 41 84 00 call 0x8441d3 7: 48 c7 c3 d8 79 3d 93 mov $0xffffffff933d79d8,%rbx e: 49 03 1e add (%r14),%rbx 11: 48 89 d8 mov %rbx,%rax 14: 48 c1 e8 03 shr $0x3,%rax 18: 42 0f b6 04 38 movzbl (%rax,%r15,1),%eax 1d: 84 c0 test %al,%al 1f: 75 34 jne 0x55 21: 8b 03 mov (%rbx),%eax 23: 65 ff 0d 79 f7 90 11 decl %gs:0x1190f779(%rip) # 0x1190f7a3 * 2a: 74 11 je 0x3d <-- trapping instruction 2c: 83 e0 04 and $0x4,%eax 2f: c1 e8 02 shr $0x2,%eax 32: 5b pop %rbx 33: 41 5e pop %r14 35: 41 5f pop %r15 37: e9 d7 e7 06 0a jmp 0xa06e813 3c: cc int3 3d: e8 .byte 0xe8 3e: a1 .byte 0xa1 3f: 72 .byte 0x72