last executing test programs: 0s ago: executing program 4 (id=5): syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000080)='./bus\x00', 0x3cbcfb, 0x0, 0x0, 0x0, &(0x7f0000000140)) creat(&(0x7f0000000340)='./file0\x00', 0x28) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2a0471a, &(0x7f0000000280)={[{@errors_remount}]}, 0x82, 0x48f, &(0x7f0000000380)="$eJzs3M1vVFUfAODfvf3gffmsigpItEqMjR8tLags3Gg0cYHRRBeoq9oWQijU0JpYQqAagxsTQ6JrdWniX+DOjVFXJiaudG9IiLIBjYsx9869Mp12mKFOZwrzPMnQc+acO+ecnnvuPfccpgH0rOHsnyRia0T8EhE7qtHlGYarP65dOTv155WzU0lUKq/+nuT5rl45O1VmLY/bUkRG0oj0g6QoZLn5xTMnJmdnZ04X8bGFk2+PzS+eeeL4ycljM8dmTk0cOnTwwPjTT0082ZZ2Zu26uufc3N7dL75+8aWpIxff+v6rrL5bi/TadqzJ4Mq3hrOG/1HJ1ac9HP//T8VtNNtqwkl/FyvCTemLiKy7BrLxX6lUztek7YgX3m9y+JZ1rh6wjrJ706ZV3i/ui0uVhpIbpgK3giS6XQOgO8r7ffb8W746OP3ousvPVh+AsnZfK17VlP5IizwDdc+37TQcEUeW/vose0U71iEAAJr4aOrTw/H4avO/NO6pybe92EMZiog7IuLOiLgrInZGxN0Red57I2JXK4XWbBDUbw2tnP+kl9beuuay+d8zxd7W8vlfOfuLob4iti1v/0By9PjszP7idzISA5uy+PgNyvjm+Z8+bpRWO//LXln55VywqMel/roFuunJhcl8UtoGl9+L2NMff1cqlbr2J1H2UhIRuyNiz8199PYycPzRL/c2ytS8/Ss+7ro27DNVvoh4pNr/S1HX/lKycn9ycNv1/cmx/8XszP6x8qxY6YcfL7zSqPzW278+sv7fvPz8L1I+XywCQ2/W7tfOR4Ody60Ny7jw64cNn2nWev4PJq/l16Ny2/XdyYWF0+MRg8nhPL7s/Ynrx5bxMn/W/pF9WUrZ/vLINL/GRdH/90XE3mK/7P6IeKCo+4MR8VBE7GvY+ojvnmucthH6f7qm/5OoP/93nav+LPt/8aYDfSe+/bpR+a31/8E8NFK8k1//mmi1gmv/zQEAAMCtI81XbpJ09N9wmo6OVv9j787YnM7OzS88dnTunVPT1RWeoRhIy5WuHTXroePJUvGJ1fhEsVZcph8o1o0/6Ys8Pjo1Nzvd5bZDr9vSYPxnfuvrdu2AdbfaPtrEKl9oA24/9eM/XR49/3InKwN0lO9rQ+9qMv7TTtUD6Dz3f+hdq43/83VxewFwe3L/h95l/EPvMv6hd9WN/774uVs1ATpoDV/nFxCYXzwT6YaoRkuB1v8exHoH3tgY1Wgh0O0rEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHv8EwAA//9gP+wr") chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10) statfs(&(0x7f0000000840)='./bus\x00', &(0x7f0000000880)=""/102) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000010, &(0x7f0000000040)={[{@discard}, {@commit={'commit', 0x3d, 0x3}}]}, 0x4, 0x503, &(0x7f0000000f40)="$eJzs3c9vFNcdAPDvrr3YmAVDy6Gt2kJbWloh1j8AC9FD6aVVhZCqop56ANdeLMu7GPkHxS4Hc+y9apF6av6E3HKIxCmH3HJLbrmQG0lQIpwoh4lmdrCN7cV2/GNh9/ORnmfem2W+73l33tt5MLwAOtbpiFiKiEMRcSsi+vPyQp7iaiOlr3v+7MHY8rMHY4VIkhufFbLjaVms+TOpI/k5eyPiL3+M+HthY9zZhcWp0VqtOpPnB+bqdwdmFxbPTxbzkuGRoZHByxcuDe9ZW0/V3376h8lrf333nZ88+WDpN/9Mq1X+19Hs2Np2NNe145iNppeinG0PZz+7I+Lajs/0+urOPz+8edKr7Xt5uhX90ZW9mwBAO0uS/kj61+YBgHaX3v+Xo1Cs5HMB5SgWK5XGHN7J6CvWpmfnzvVPz98Zj2wO63iUircna9XBfK7weJQKaX4o21/ND6/LX4iIExHx757DWb4yNl0bb+UXHwDoYEfWjf9f9jTGfwCgzfW2ugIAwIEz/gNA5zH+A0Dn2cH47+lAAGgT7v8BoPMY/wGg82w5/j88mHoAAAfiz9evpylZzv//6/F7C/O/Ld87P16dnarU58cqY9MzdysT09MTtWplLEm2Ol+tGBEXV7KzC4s369Pzd+ZuTtZHJ6o3q6V9bg8AsLUTpx5/VIiIpSuHsxRr1nIwVkN7K7a6AkDL7HxFK6BdeJ4HOtc27vFNA0Cb22SJ3pc0/SdCjyz+Cm+qsz80/w+dyvw/dK7vNv//uz2vB3DwzP9D50qSQiRJ0m3hfwDoHOb4gV39/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0qHKWCsVKthb4UvqzWKlEHI2I41Eq3J6sVQcj4lhEfNhT6knzQ62uNACwS8Wp/+Trf53tP1Nef/RQ4auebBsR//jfjf/eH52bmxlKyz9fKZ97lJcPH2pFAwCANb5ONpY1xul8u+ZG/vmzB2Mv0kHW8envG4uLpnGX89Q40h3d2bY3ShHR90Uhzzek31e69iD+0sOI+MFq+++viVDO5kAaK5+uj5/GProP8Vd//+vjF1+KX8yOpdtS9rv4/h7UBTrN47T/ubpy/aWXWH79FeN0tt38+u/Neqjde9H/LW/o/4or/V/Xy/Gzbie95k+vnOXVNXl68b0/bShM+hvHHkb8qHuz+IWV+IUm/e+Zbbbx4x//9OfNjiX/jzgbm8dvqGftHZir3x2YXVg8P1kfnahOVO8MD48MjQxevnBpOGKyVh0cyGaq398sxqdXzh1rFj9tf1+T+L1btP+X22z/W9/c+tvPXhH/17/Y/P0/+Yr46Zj4q23GH+272nT57jT+eJP2b/X+n9tm/CefLI5v86UAwAGYXVicGq3VqjNb7KTfNbd6jZ03cyeWIl6Dauz3Tk/+kX9d6rO/Oz27bWmLOyZg361e9K2uCQAAAAAAAAAAAAAA0EzjUaH9fRqp1W0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgfX0bAAD//0dbx74=") read$FUSE(r0, &(0x7f0000004140)={0x2020}, 0x2020) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='.\x02\x00', 0x0, &(0x7f0000000300)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@discard}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001080)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1") socket$inet(0x2, 0x5, 0x7) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4b81415, 0x0, 0x3, 0x0, &(0x7f0000002680)) rmdir(0x0) getpid() eventfd(0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1000011, &(0x7f0000000180)={[{@nombcache}, {@debug}, {@norecovery}, {@grpid}, {@norecovery}]}, 0x9, 0x623, &(0x7f0000001c80)="$eJzs3c9vFFUcAPDvTH+3YgsxKh6kiTGQKC0tYIgxEeKVEPxx81RpIUihhNZokcSS4EVjvHgw8eRB/C+UxKsHrx68eDIkjTEcxKCsme1s2XZ3y9Luj9L9fJKhb2a6875T+u17+/bNTAAdazT7J43YGxGXk4jhsn3dke8cXfm+O39dO5MtSRQKb/+ZxLVPkqXyYyX516H8xf8NR/JLGrGnq7Le+cWrF6ZmZ2eu5OvjCxcvj88vXj14/uLUuZlzM5cmX5k8dvTI0WMTh7Z0frvKyidvvP/h8Gen3v3um3vJxPe/nUrieNzPY8vOa/1r+7ZUc/YzG43Cirvl27Of67EtHnu7+Hu49HvyQLJ+A9vW2fz3sScinonh6Cr73xyOT99sa3BAUxWSKLVRQMdJNpX//Y0PBGixUj+g9N6+2vvgSmmTeyVAKyyfWBkAWMn9nogo5X/3ythg9BfHBgbvJGvGeZKI2NrI3Iqsjp9/OnUjW6LGOBzQHEvXS6Pc69v/pJibI9FfXBu8k67J/7Rsyba/tcn6R9ety39onaXrEfFs3v73xob5n1uIKvn/3ibrl/8AAAAAAADQOLdORMTL1eb/pavzf3qrzP8ZiojjDaj/4Z//pbfzQtKA6oAyyyciXquY//tv+ezgka78c/5dxfkAPenZ87MzhyLiyYg4ED192frE2sOumSB88Is9X9eqv3z+X7Zk9ZfmAuaHut297kLc6amFqcacPXS25esRzxXn/+7Lt6yd/5O1/0lF+//5G1mCX66zjj0v3jxda9/D8x9olsK3EfurXv/zoLudbHx/jvFif2C81Cuo9PzHX/5Qq375D+2Ttf+DG+d/X1J+v575Rzt+b0QcXuwu1NpfO/8H8u+o3v/vTd7pKh0/89HUwsKViYje5GTl9slHixl2qlI+lPIly/8DL2w8/rfa/y/Lwyw7l+qs8+n7Q7/X2qf9h/bJ8n964/Z/ZG37/6iF/pi8OfJjfouxCqfrGv87UmzTD+RbjP9Bucr7cdSboG0JFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAec2lEPBFJOrZaTtOxsYihiHgqBtPZufmFl87OfXBpOtu39vn/wyvrSen5/yNl65Pr1g9HxO6I+KproLg+dmZudrrdJw8AAAAAAAAAAAAAAAAAAADbxFDxmv9C3/rr/zN/dLU7OqDpuvOv8h06T/emX1noa2ggQMttPv+Bx139+d/T1DiA1qud/3fvFYpaGg7QQvr/0Lk2mf8+LoAdQPsPnarOMb3+ZscBtEPd7f9yc+MAAAAAAAAaYve+W78mEbH06kBxyfTm+0z2h50tbXcAQNuYwwudq3uu3REA7ZK/xze5FzpYslr6p+rF/jX/QAw0KSAAAAAAAAAAAAAAoML+va7/h06VRmzwCO+klaEALbbB9f/Vkt/tAmAHqf3oj3ra/qTuHkJv3REBreI9PvCwdrz2DUKMEQAAAAAAAAAAAABAy/RfvTA1OztzZX7x8Su8XmtXsl0irFJYmtoWYTS0cL85R+6JiO1xgq0ulC6Xa2MYbf67BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArPo/AAD//x8qMI0=") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1) getdents(r2, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.198' (ED25519) to the list of known hosts. [ 20.515017][ T24] audit: type=1400 audit(1769270798.210:64): avc: denied { mounton } for pid=267 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.515952][ T267] cgroup: Unknown subsys name 'net' [ 20.537682][ T24] audit: type=1400 audit(1769270798.210:65): avc: denied { mount } for pid=267 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.565005][ T24] audit: type=1400 audit(1769270798.250:66): avc: denied { unmount } for pid=267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.565274][ T267] cgroup: Unknown subsys name 'devices' [ 20.737087][ T267] cgroup: Unknown subsys name 'hugetlb' [ 20.742666][ T267] cgroup: Unknown subsys name 'rlimit' [ 20.908910][ T24] audit: type=1400 audit(1769270798.610:67): avc: denied { setattr } for pid=267 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.932117][ T24] audit: type=1400 audit(1769270798.610:68): avc: denied { mounton } for pid=267 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.937596][ T269] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.957000][ T24] audit: type=1400 audit(1769270798.610:69): avc: denied { mount } for pid=267 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.988561][ T24] audit: type=1400 audit(1769270798.670:70): avc: denied { relabelto } for pid=269 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.014065][ T24] audit: type=1400 audit(1769270798.670:71): avc: denied { write } for pid=269 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.048460][ T24] audit: type=1400 audit(1769270798.750:72): avc: denied { read } for pid=267 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.074070][ T24] audit: type=1400 audit(1769270798.750:73): avc: denied { open } for pid=267 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.100159][ T267] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.613647][ T275] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.620865][ T275] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.629144][ T275] device bridge_slave_0 entered promiscuous mode [ 21.636747][ T275] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.643772][ T275] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.651197][ T275] device bridge_slave_1 entered promiscuous mode [ 21.768165][ T275] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.775327][ T275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.782595][ T275] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.789643][ T275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.802836][ T276] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.809938][ T276] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.817557][ T276] device bridge_slave_0 entered promiscuous mode [ 21.824182][ T277] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.831275][ T277] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.838662][ T277] device bridge_slave_0 entered promiscuous mode [ 21.845622][ T277] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.852656][ T277] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.860100][ T277] device bridge_slave_1 entered promiscuous mode [ 21.869840][ T276] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.876973][ T276] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.884227][ T276] device bridge_slave_1 entered promiscuous mode [ 21.923224][ T280] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.930335][ T280] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.937823][ T280] device bridge_slave_0 entered promiscuous mode [ 21.944624][ T280] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.951804][ T280] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.959076][ T280] device bridge_slave_1 entered promiscuous mode [ 21.982117][ T278] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.989252][ T278] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.996619][ T278] device bridge_slave_0 entered promiscuous mode [ 22.004643][ T278] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.011832][ T278] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.019341][ T278] device bridge_slave_1 entered promiscuous mode [ 22.093037][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.100412][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.108261][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.115922][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.148152][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.156592][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.163610][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.176865][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.185065][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.192159][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.228100][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.239631][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.258552][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.276074][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.284207][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.291264][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.309803][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.318453][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.326525][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.333872][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.341688][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.349613][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.357899][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.364913][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.377847][ T275] device veth0_vlan entered promiscuous mode [ 22.385744][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.393273][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.401670][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.408722][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.416313][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.424414][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.431461][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.439609][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.467601][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.475104][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.484156][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.491209][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.498896][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.506919][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.515013][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.522053][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.529454][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.537381][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.545335][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.553228][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.574992][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.582926][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.598096][ T275] device veth1_macvtap entered promiscuous mode [ 22.610695][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.619219][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.627913][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.635660][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.643918][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.652640][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.661047][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.669397][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.677905][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.699959][ T276] device veth0_vlan entered promiscuous mode [ 22.708475][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.716646][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.724631][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.732468][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.741086][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.748573][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.761974][ T280] device veth0_vlan entered promiscuous mode [ 22.775913][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.784270][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.792545][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.800835][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.809022][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.817430][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.825845][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.833600][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.841985][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.850230][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.858586][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.866783][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.874825][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.882302][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.889689][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.897139][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.907150][ T277] device veth0_vlan entered promiscuous mode [ 22.918367][ T280] device veth1_macvtap entered promiscuous mode [ 22.925894][ T276] device veth1_macvtap entered promiscuous mode [ 22.932706][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.935605][ T275] request_module fs-gadgetfs succeeded, but still no fs? [ 22.940410][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.956178][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.964492][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.972806][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.979844][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.987315][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.995788][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.003873][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.010900][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.019643][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.032552][ T275] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 23.034837][ T277] device veth1_macvtap entered promiscuous mode [ 23.055071][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.063926][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.072460][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.081364][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.089719][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.097421][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.105732][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.114121][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.118645][ T300] EXT4-fs (loop4): 1 truncate cleaned up [ 23.122585][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.128294][ T300] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro, [ 23.135911][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.152656][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.182547][ T278] device veth0_vlan entered promiscuous mode [ 23.192168][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.201255][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.210455][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.219150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.227823][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.236536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.244892][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.253424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.260016][ T300] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5: bg 0: block 465: padding at end of block bitmap is not set [ 23.262076][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.275737][ T300] EXT4-fs (loop4): Remounting filesystem read-only [ 23.284176][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.298942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.307081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.318077][ T300] ================================================================== [ 23.326189][ T300] BUG: KASAN: slab-out-of-bounds in ext4_inlinedir_to_tree+0x5f6/0xfd0 [ 23.334416][ T300] Read of size 52 at addr ffff88810d66aade by task syz.4.5/300 [ 23.341936][ T300] [ 23.344251][ T300] CPU: 1 PID: 300 Comm: syz.4.5 Not tainted syzkaller #0 [ 23.351277][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 23.361325][ T300] Call Trace: [ 23.364604][ T300] __dump_stack+0x21/0x24 [ 23.368950][ T300] dump_stack_lvl+0x1a7/0x208 [ 23.373615][ T300] ? show_regs_print_info+0x18/0x18 [ 23.378973][ T300] ? thaw_kernel_threads+0x220/0x220 [ 23.384245][ T300] print_address_description+0x7f/0x2c0 [ 23.389782][ T300] ? ext4_inlinedir_to_tree+0x5f6/0xfd0 [ 23.395323][ T300] kasan_report+0xe2/0x130 [ 23.399759][ T300] ? ext4_inlinedir_to_tree+0x5f6/0xfd0 [ 23.405298][ T300] kasan_check_range+0x249/0x2a0 [ 23.410356][ T300] ? ext4_inlinedir_to_tree+0x5f6/0xfd0 [ 23.415908][ T300] memcpy+0x2d/0x70 [ 23.419702][ T300] ext4_inlinedir_to_tree+0x5f6/0xfd0 [ 23.425670][ T300] ? is_bpf_text_address+0x177/0x190 [ 23.431062][ T300] ? ext4_convert_inline_data_nolock+0xcd0/0xcd0 [ 23.437395][ T300] ? ext4_readdir+0x4a1/0x3ab0 [ 23.442145][ T300] ? __kasan_kmalloc+0xec/0x110 [ 23.446986][ T300] ? ext4_readdir+0x4a1/0x3ab0 [ 23.451728][ T300] ? iterate_dir+0x260/0x570 [ 23.456299][ T300] ? __se_sys_getdents+0xf2/0x250 [ 23.461303][ T300] ? __x64_sys_getdents+0x7b/0x90 [ 23.466308][ T300] ext4_htree_fill_tree+0x508/0x1160 [ 23.471576][ T300] ? ext4_handle_dirty_dirblock+0x650/0x650 [ 23.477473][ T300] ? ext4_readdir+0x4a1/0x3ab0 [ 23.482228][ T300] ext4_readdir+0x2c49/0x3ab0 [ 23.486887][ T300] ? memset+0x35/0x40 [ 23.490870][ T300] ? do_futex+0xfe5/0x1290 [ 23.495272][ T300] ? ext4_dir_llseek+0x470/0x470 [ 23.500205][ T300] ? slab_free_freelist_hook+0xc5/0x190 [ 23.505751][ T300] ? fsnotify_perm+0x31b/0x4b0 [ 23.510511][ T300] ? __kasan_check_write+0x14/0x20 [ 23.515620][ T300] iterate_dir+0x260/0x570 [ 23.520038][ T300] ? ext4_dir_llseek+0x470/0x470 [ 23.524964][ T300] __se_sys_getdents+0xf2/0x250 [ 23.529804][ T300] ? __x64_sys_getdents+0x90/0x90 [ 23.534808][ T300] ? switch_fpu_return+0x19c/0x330 [ 23.539899][ T300] ? fillonedir+0x450/0x450 [ 23.544381][ T300] ? fpu__clear_all+0x20/0x20 [ 23.549037][ T300] ? ____fput+0x15/0x20 [ 23.553173][ T300] ? __kasan_check_read+0x11/0x20 [ 23.558195][ T300] __x64_sys_getdents+0x7b/0x90 [ 23.563032][ T300] do_syscall_64+0x31/0x40 [ 23.567429][ T300] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.573304][ T300] RIP: 0033:0x7f01c6e28cb9 [ 23.577703][ T300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 23.597290][ T300] RSP: 002b:00007f01c5885028 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 23.605707][ T300] RAX: ffffffffffffffda RBX: 00007f01c70a3fa0 RCX: 00007f01c6e28cb9 [ 23.613682][ T300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 23.621656][ T300] RBP: 00007f01c6e96bf7 R08: 0000000000000000 R09: 0000000000000000 [ 23.629616][ T300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 23.637566][ T300] R13: 00007f01c70a4038 R14: 00007f01c70a3fa0 R15: 00007ffc0f105378 [ 23.645532][ T300] [ 23.647840][ T300] Allocated by task 0: [ 23.651882][ T300] (stack is not available) [ 23.656273][ T300] [ 23.658581][ T300] Freed by task 300: [ 23.662509][ T300] kasan_set_track+0x4a/0x70 [ 23.667103][ T300] kasan_set_free_info+0x23/0x40 [ 23.672026][ T300] ____kasan_slab_free+0x125/0x160 [ 23.677136][ T300] __kasan_slab_free+0x11/0x20 [ 23.681879][ T300] slab_free_freelist_hook+0xc5/0x190 [ 23.687227][ T300] kfree+0xc0/0x270 [ 23.691037][ T300] skb_release_data+0x532/0x670 [ 23.695873][ T300] kfree_skb+0xb9/0x2f0 [ 23.700038][ T300] ip_tunnel_xmit+0x16a0/0x22d0 [ 23.704869][ T300] erspan_xmit+0x984/0x16f0 [ 23.709354][ T300] dev_hard_start_xmit+0x244/0x670 [ 23.714457][ T300] sch_direct_xmit+0x261/0x8d0 [ 23.719208][ T300] __qdisc_run+0xa4b/0x13b0 [ 23.723697][ T300] qdisc_run+0x10a/0x300 [ 23.727927][ T300] __dev_queue_xmit+0xbe7/0x2590 [ 23.732848][ T300] dev_queue_xmit+0x17/0x20 [ 23.737345][ T300] ip6_finish_output2+0xebe/0x1560 [ 23.742454][ T300] __ip6_finish_output+0x5ff/0x790 [ 23.747567][ T300] ip6_finish_output+0x33/0x1f0 [ 23.752408][ T300] ip6_output+0x1fa/0x420 [ 23.756725][ T300] mld_sendpack+0x624/0xb40 [ 23.761219][ T300] mld_ifc_timer_expire+0x84a/0xc50 [ 23.766411][ T300] call_timer_fn+0x38/0x290 [ 23.770903][ T300] __run_timers+0x650/0x9e0 [ 23.775395][ T300] run_timer_softirq+0x6a/0xf0 [ 23.780147][ T300] __do_softirq+0x255/0x563 [ 23.784646][ T300] [ 23.786970][ T300] The buggy address belongs to the object at ffff88810d66a000 [ 23.786970][ T300] which belongs to the cache kmalloc-2k of size 2048 [ 23.801011][ T300] The buggy address is located 734 bytes to the right of [ 23.801011][ T300] 2048-byte region [ffff88810d66a000, ffff88810d66a800) [ 23.814871][ T300] The buggy address belongs to the page: [ 23.820496][ T300] page:ffffea0004359a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d668 [ 23.830736][ T300] head:ffffea0004359a00 order:3 compound_mapcount:0 compound_pincount:0 [ 23.839147][ T300] flags: 0x4000000000010200(slab|head) [ 23.844609][ T300] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042d80 [ 23.853324][ T300] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 23.861989][ T300] page dumped because: kasan: bad access detected [ 23.868507][ T300] page_owner tracks the page as allocated [ 23.874227][ T300] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 300, ts 23105961289, free_ts 23069224724 [ 23.894707][ T300] prep_new_page+0x179/0x180 [ 23.899324][ T300] get_page_from_freelist+0x223b/0x23d0 [ 23.904854][ T300] __alloc_pages_nodemask+0x290/0x620 [ 23.910230][ T300] new_slab+0x84/0x3f0 [ 23.914310][ T300] ___slab_alloc+0x2a6/0x450 [ 23.918903][ T300] __slab_alloc+0x63/0xa0 [ 23.923237][ T300] kmem_cache_alloc_trace+0x1b0/0x2e0 [ 23.928597][ T300] ext4_fill_super+0xde/0x8d70 [ 23.933350][ T300] mount_bdev+0x28b/0x3a0 [ 23.937670][ T300] ext4_mount+0x34/0x40 [ 23.941815][ T300] legacy_get_tree+0xed/0x190 [ 23.946483][ T300] vfs_get_tree+0x89/0x260 [ 23.950888][ T300] do_new_mount+0x25a/0xa20 [ 23.955521][ T300] path_mount+0x585/0xc90 [ 23.959939][ T300] __se_sys_mount+0x320/0x390 [ 23.964611][ T300] __x64_sys_mount+0xbf/0xd0 [ 23.969197][ T300] page last free stack trace: [ 23.973876][ T300] __free_pages_ok+0x80b/0x830 [ 23.978636][ T300] __free_pages+0xd8/0x3b0 [ 23.983043][ T300] __free_slab+0xcf/0x190 [ 23.987362][ T300] unfreeze_partials+0x15f/0x190 [ 23.992284][ T300] put_cpu_partial+0xc1/0x180 [ 23.996949][ T300] __slab_free+0x2c9/0x3a0 [ 24.001356][ T300] ___cache_free+0x10e/0x130 [ 24.005937][ T300] qlink_free+0x50/0x90 [ 24.010088][ T300] qlist_free_all+0x5f/0xb0 [ 24.014581][ T300] kasan_quarantine_reduce+0x14a/0x160 [ 24.020204][ T300] __kasan_slab_alloc+0x2f/0xf0 [ 24.025052][ T300] slab_post_alloc_hook+0x5d/0x2f0 [ 24.030154][ T300] kmem_cache_alloc+0x162/0x2d0 [ 24.034989][ T300] getname_flags+0xb9/0x500 [ 24.039494][ T300] do_symlinkat+0x48/0x3b0 [ 24.043910][ T300] __x64_sys_symlink+0x60/0x70 [ 24.048665][ T300] [ 24.050988][ T300] Memory state around the buggy address: [ 24.056621][ T300] ffff88810d66a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.064669][ T300] ffff88810d66aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.072753][ T300] >ffff88810d66aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.080798][ T300] ^ [ 24.087721][ T300] ffff88810d66ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.095771][ T300] ffff88810d66ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.103825][ T300] ================================================================== [ 24.111897][ T300] Disabling lock debugging due to kernel taint [ 24.124435][ T300] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1457: inode #12: block 7: comm syz.4.5: path /0/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=9718, inode=2487112362, rec_len=9714, size=112 fake=0 [ 24.154390][ T278] device veth1_macvtap entered promiscuous mode [ 24.162144][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.171026][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.178541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.186764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.194935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.230022][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.238636][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.247668][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.256536][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready