Extracting prog: 1m18.510107005s
Minimizing prog: 13m37.576287721s
Simplifying prog options: 0s
Extracting C: 24.465635565s
Simplifying C: 3m44.693281717s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(0x0, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(0x0, 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)

program did not crash
testing program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@stripe}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x455, &(0x7f0000000880)="$eJzs289vFFUcAPDvTH+g/GpF/AGiVomx8UdLCyoHLxpNPGA00QPerNtCCAs1tCZCiFRj8GJiSPRsPJr4F3jzYtSTiVe9GxKiXEBPNTM7Q7fLbmlhu1u7n08y8N7O27733Tdv58282QB61kj2TxKxPSJ+j4ihWnZ5gZHaf9evnq/8c/V8JYnFxbf+SvJy166er5RFy/dtKzKjaUT6aVJUstzc2XMnp6rVmTNFfnz+1Pvjc2fPPXvi1NTxmeMzpycPHz50cOKF5yefa0ucWVzX9n40u2/Pa+9cer1y9NJ7P3+XtXd7sb8+jnYZyQL/ezHXuO+JdlfWZTvq0kl/FxvCmvRFRNZdA/n4H4q+WOq8oXj1k642DlhX2blpS+vdC4vAJpZEt1sAdEd5os+uf8utQ1OPDeHKS7ULoCzu68VW29MfaVFmoOH6tp1GIuLowr9fZ1us030IAIB6n1e+OhLPNJv/pXF/XbmdxRrKcETcExG7IuLeiNgdEfdF5GUfiIgH11h/49LQzfOf9PJtBbZK2fzvxWJta/n8r5z9xXBfkduRxz+QHDtRnTlQfCajMbAly0+sUMcPr/z2Rat99fO/bMvqL+eCRTsu9zfcoJuemp/KJ6VtcOXjiL39zeJPbqwEJBGxJyL2rq3SnWXixFPf7mtV6Nbxr6AN60yL30Q8Wev/hWiIv5SsvD45fldUZw6Ml0fFzX759eKbreq/o/jbIOv/rcuP/8Yiw0n9eu3c2uu4+MdnLa9pbvf4H0zezvtlsHjtw6n5+TMTEYPJkTy/7PXJpfeW+bJ8Fv/o/ubjf1fxnuTdiIciIjuIH46IRyLi0aLtj0XE4xGxf4X4f3q59b6N0P/TTb//bhz/Df2/9kTfyR+/b1X/6vr/UJ4aLV7Jv/9uYbUNvJPPDgAAAP4v0vwZ+CQdu5FO07Gx2jP8u2NrWp2dm3/62OwHp6drz8oPx0Ba3ukaqrsfOpEsFH+xlp8s7hWX+w8W942/7Ls7z49VZqvTXY4det22FuM/82dft1sHrLtm62iTg11oCNBxjeM/f/Rhaa3/whudbhDQMX6vDb3rFuM/7VQ7gM5z/ofe1Wz8X2jIWwuAzcn5H3qX8Q+9y/iH3mX8Q0+6k9/1S2zSxMBqCke6EZq6aRLbNkYzlhLd/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8CAAD//2wj7mI=")
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
request_key(0x0, 0x0, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=41.191569786s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
simplifying C reproducer
testing compiled C program (duration=41.191569786s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
testing compiled C program (duration=41.191569786s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
testing compiled C program (duration=41.191569786s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
testing compiled C program (duration=41.191569786s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
testing compiled C program (duration=41.191569786s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
testing compiled C program (duration=41.191569786s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-chdir-creat-mount-open-mmap-request_key-openat$cgroup_ro
program crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry
reproducing took 19m5.245337059s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x11b3/0x3a60 fs/ext4/xattr.c:1731
Read of size 18446744073709551600 at addr ffff88811c3be008 by task syz-executor123/281

CPU: 0 PID: 281 Comm: syz-executor123 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118
 print_address_description+0x81/0x3b0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:435 [inline]
 kasan_report+0x179/0x1c0 mm/kasan/report.c:452
 kasan_check_range+0x293/0x2a0 mm/kasan/generic.c:189
 memmove+0x2d/0x70 mm/kasan/shadow.c:54
 ext4_xattr_set_entry+0x11b3/0x3a60 fs/ext4/xattr.c:1731
 ext4_xattr_ibody_set+0x124/0x390 fs/ext4/xattr.c:2234
 ext4_destroy_inline_data_nolock+0x1d3/0x5d0 fs/ext4/inline.c:447
 ext4_convert_inline_data_nolock+0x3d8/0xd80 fs/ext4/inline.c:1240
 ext4_try_add_inline_entry+0x805/0xb60 fs/ext4/inline.c:1349
 ext4_add_entry+0x6c2/0x1280 fs/ext4/namei.c:2414
 ext4_add_nondir+0x97/0x270 fs/ext4/namei.c:2786
 ext4_create+0x348/0x530 fs/ext4/namei.c:2831
 lookup_open fs/namei.c:3247 [inline]
 open_last_lookups fs/namei.c:3317 [inline]
 path_openat+0x1377/0x3000 fs/namei.c:3506
 do_filp_open+0x21c/0x460 fs/namei.c:3536
 do_sys_openat2+0x13f/0x710 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_openat fs/open.c:1249 [inline]
 __se_sys_openat fs/open.c:1244 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1244
 do_syscall_64+0x34/0x70
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa2bb560bf9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd4c68cc18 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000073 RCX: 00007fa2bb560bf9
RDX: 000000000000275a RSI: 00002000000000c0 RDI: 00000000ffffff9c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2bb5c5604
R13: 00007ffd4c68cdf8 R14: 0000000000000001 R15: 0000000000000001

Allocated by task 220:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:430 [inline]
 __kasan_slab_alloc+0xb1/0xe0 mm/kasan/common.c:463
 kasan_slab_alloc include/linux/kasan.h:244 [inline]
 slab_post_alloc_hook+0x61/0x2f0 mm/slab.h:583
 slab_alloc_node mm/slub.c:2947 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc+0x168/0x2e0 mm/slub.c:2960
 kmem_cache_alloc_node include/linux/slab.h:423 [inline]
 __alloc_skb+0x80/0x510 net/core/skbuff.c:200
 __napi_alloc_skb+0x15d/0x2e0 net/core/skbuff.c:522
 napi_alloc_skb include/linux/skbuff.h:2952 [inline]
 page_to_skb+0x3d/0x900 drivers/net/virtio_net.c:412
 receive_mergeable drivers/net/virtio_net.c:1019 [inline]
 receive_buf+0xe79/0x53d0 drivers/net/virtio_net.c:1129
 virtnet_receive drivers/net/virtio_net.c:1421 [inline]
 virtnet_poll+0x5df/0x1240 drivers/net/virtio_net.c:1530
 napi_poll net/core/dev.c:6873 [inline]
 net_rx_action+0x516/0x10d0 net/core/dev.c:6943
 __do_softirq+0x268/0x5bb kernel/softirq.c:309

Freed by task 220:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:45
 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free+0x121/0x160 mm/kasan/common.c:362
 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:370
 kasan_slab_free include/linux/kasan.h:220 [inline]
 slab_free_hook mm/slub.c:1595 [inline]
 slab_free_freelist_hook+0xc0/0x190 mm/slub.c:1621
 slab_free mm/slub.c:3203 [inline]
 kmem_cache_free+0xa9/0x1e0 mm/slub.c:3219
 kfree_skbmem+0x104/0x170
 __kfree_skb net/core/skbuff.c:695 [inline]
 kfree_skb_partial+0x76/0x90 net/core/skbuff.c:5269
 tcp_rcv_established+0x11f3/0x1a90 net/ipv4/tcp_input.c:5967
 tcp_v4_do_rcv+0x3d7/0x7d0 net/ipv4/tcp_ipv4.c:1698
 tcp_v4_rcv+0x23a8/0x2930 net/ipv4/tcp_ipv4.c:2094
 ip_protocol_deliver_rcu+0x2f4/0x650 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_local_deliver+0x2c6/0x590 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:443 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:557 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:608 [inline]
 ip_sublist_rcv+0x7e2/0x990 net/ipv4/ip_input.c:616
 ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:651
 __netif_receive_skb_list_ptype net/core/dev.c:5444 [inline]
 __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5492
 __netif_receive_skb_list net/core/dev.c:5544 [inline]
 netif_receive_skb_list_internal+0x967/0xcc0 net/core/dev.c:5654
 gro_normal_list net/core/dev.c:5808 [inline]
 napi_complete_done+0x344/0x750 net/core/dev.c:6557
 virtqueue_napi_complete drivers/net/virtio_net.c:357 [inline]
 virtnet_poll+0xb8a/0x1240 drivers/net/virtio_net.c:1537
 napi_poll net/core/dev.c:6873 [inline]
 net_rx_action+0x516/0x10d0 net/core/dev.c:6943
 __do_softirq+0x268/0x5bb kernel/softirq.c:309

The buggy address belongs to the object at ffff88811c3be000
 which belongs to the cache skbuff_head_cache of size 248
The buggy address is located 8 bytes inside of
 248-byte region [ffff88811c3be000, ffff88811c3be0f8)
The buggy address belongs to the page:
page:ffffea000470ef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c3be
flags: 0x4000000000000200(slab)
raw: 4000000000000200 dead000000000100 dead000000000122 ffff888107d95b00
raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 220, ts 14110363205, free_ts 14090393786
 set_page_owner include/linux/page_owner.h:35 [inline]
 post_alloc_hook mm/page_alloc.c:2456 [inline]
 prep_new_page+0x166/0x180 mm/page_alloc.c:2462
 get_page_from_freelist+0x2d8c/0x2f30 mm/page_alloc.c:4254
 __alloc_pages_nodemask+0x435/0xaf0 mm/page_alloc.c:5348
 allocate_slab mm/slub.c:1808 [inline]
 new_slab+0x80/0x400 mm/slub.c:1869
 new_slab_objects mm/slub.c:2627 [inline]
 ___slab_alloc+0x302/0x4b0 mm/slub.c:2791
 __slab_alloc+0x63/0xa0 mm/slub.c:2831
 slab_alloc_node mm/slub.c:2913 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc+0x1b9/0x2e0 mm/slub.c:2960
 kmem_cache_alloc_node include/linux/slab.h:423 [inline]
 __alloc_skb+0x80/0x510 net/core/skbuff.c:200
 alloc_skb include/linux/skbuff.h:1126 [inline]
 __tcp_send_ack+0x95/0x6d0 net/ipv4/tcp_output.c:3984
 tcp_send_ack+0x3b/0x60 net/ipv4/tcp_output.c:4016
 tcp_cleanup_rbuf+0x278/0x590 net/ipv4/tcp.c:1592
 tcp_recvmsg+0x2192/0x3590 net/ipv4/tcp.c:2361
 inet_recvmsg+0x158/0x500 net/ipv4/af_inet.c:864
 sock_recvmsg_nosec net/socket.c:905 [inline]
 sock_recvmsg net/socket.c:923 [inline]
 sock_read_iter+0x353/0x480 net/socket.c:996
 call_read_iter include/linux/fs.h:2052 [inline]
 new_sync_read fs/read_write.c:415 [inline]
 vfs_read+0x990/0xba0 fs/read_write.c:496
 ksys_read+0x199/0x2c0 fs/read_write.c:634
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:28 [inline]
 free_pages_prepare mm/page_alloc.c:1349 [inline]
 free_pcp_prepare mm/page_alloc.c:1421 [inline]
 free_unref_page_prepare+0x2ae/0x2d0 mm/page_alloc.c:3336
 free_unref_page+0x7e/0x1c0 mm/page_alloc.c:3391
 __put_single_page mm/swap.c:104 [inline]
 __put_page+0xb1/0xe0 mm/swap.c:135
 put_page include/linux/mm.h:1257 [inline]
 anon_pipe_buf_release+0x17c/0x210 fs/pipe.c:137
 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline]
 pipe_read+0x5a6/0x1040 fs/pipe.c:323
 call_read_iter include/linux/fs.h:2052 [inline]
 new_sync_read fs/read_write.c:415 [inline]
 vfs_read+0x990/0xba0 fs/read_write.c:496
 ksys_read+0x199/0x2c0 fs/read_write.c:634
 __do_sys_read fs/read_write.c:644 [inline]
 __se_sys_read fs/read_write.c:642 [inline]
 __x64_sys_read+0x7b/0x90 fs/read_write.c:642
 do_syscall_64+0x34/0x70
 entry_SYSCALL_64_after_hwframe+0x61/0xcb

Memory state around the buggy address:
 ffff88811c3bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88811c3bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88811c3be000: fa f

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x11b3/0x3a60 fs/ext4/xattr.c:1731
Read of size 18446744073709551600 at addr ffff88811c3be008 by task syz-executor123/281

CPU: 0 PID: 281 Comm: syz-executor123 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118
 print_address_description+0x81/0x3b0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:435 [inline]
 kasan_report+0x179/0x1c0 mm/kasan/report.c:452
 kasan_check_range+0x293/0x2a0 mm/kasan/generic.c:189
 memmove+0x2d/0x70 mm/kasan/shadow.c:54
 ext4_xattr_set_entry+0x11b3/0x3a60 fs/ext4/xattr.c:1731
 ext4_xattr_ibody_set+0x124/0x390 fs/ext4/xattr.c:2234
 ext4_destroy_inline_data_nolock+0x1d3/0x5d0 fs/ext4/inline.c:447
 ext4_convert_inline_data_nolock+0x3d8/0xd80 fs/ext4/inline.c:1240
 ext4_try_add_inline_entry+0x805/0xb60 fs/ext4/inline.c:1349
 ext4_add_entry+0x6c2/0x1280 fs/ext4/namei.c:2414
 ext4_add_nondir+0x97/0x270 fs/ext4/namei.c:2786
 ext4_create+0x348/0x530 fs/ext4/namei.c:2831
 lookup_open fs/namei.c:3247 [inline]
 open_last_lookups fs/namei.c:3317 [inline]
 path_openat+0x1377/0x3000 fs/namei.c:3506
 do_filp_open+0x21c/0x460 fs/namei.c:3536
 do_sys_openat2+0x13f/0x710 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_openat fs/open.c:1249 [inline]
 __se_sys_openat fs/open.c:1244 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1244
 do_syscall_64+0x34/0x70
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa2bb560bf9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd4c68cc18 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000073 RCX: 00007fa2bb560bf9
RDX: 000000000000275a RSI: 00002000000000c0 RDI: 00000000ffffff9c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2bb5c5604
R13: 00007ffd4c68cdf8 R14: 0000000000000001 R15: 0000000000000001

Allocated by task 220:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:430 [inline]
 __kasan_slab_alloc+0xb1/0xe0 mm/kasan/common.c:463
 kasan_slab_alloc include/linux/kasan.h:244 [inline]
 slab_post_alloc_hook+0x61/0x2f0 mm/slab.h:583
 slab_alloc_node mm/slub.c:2947 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc+0x168/0x2e0 mm/slub.c:2960
 kmem_cache_alloc_node include/linux/slab.h:423 [inline]
 __alloc_skb+0x80/0x510 net/core/skbuff.c:200
 __napi_alloc_skb+0x15d/0x2e0 net/core/skbuff.c:522
 napi_alloc_skb include/linux/skbuff.h:2952 [inline]
 page_to_skb+0x3d/0x900 drivers/net/virtio_net.c:412
 receive_mergeable drivers/net/virtio_net.c:1019 [inline]
 receive_buf+0xe79/0x53d0 drivers/net/virtio_net.c:1129
 virtnet_receive drivers/net/virtio_net.c:1421 [inline]
 virtnet_poll+0x5df/0x1240 drivers/net/virtio_net.c:1530
 napi_poll net/core/dev.c:6873 [inline]
 net_rx_action+0x516/0x10d0 net/core/dev.c:6943
 __do_softirq+0x268/0x5bb kernel/softirq.c:309

Freed by task 220:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:45
 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free+0x121/0x160 mm/kasan/common.c:362
 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:370
 kasan_slab_free include/linux/kasan.h:220 [inline]
 slab_free_hook mm/slub.c:1595 [inline]
 slab_free_freelist_hook+0xc0/0x190 mm/slub.c:1621
 slab_free mm/slub.c:3203 [inline]
 kmem_cache_free+0xa9/0x1e0 mm/slub.c:3219
 kfree_skbmem+0x104/0x170
 __kfree_skb net/core/skbuff.c:695 [inline]
 kfree_skb_partial+0x76/0x90 net/core/skbuff.c:5269
 tcp_rcv_established+0x11f3/0x1a90 net/ipv4/tcp_input.c:5967
 tcp_v4_do_rcv+0x3d7/0x7d0 net/ipv4/tcp_ipv4.c:1698
 tcp_v4_rcv+0x23a8/0x2930 net/ipv4/tcp_ipv4.c:2094
 ip_protocol_deliver_rcu+0x2f4/0x650 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_local_deliver+0x2c6/0x590 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:443 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:557 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:608 [inline]
 ip_sublist_rcv+0x7e2/0x990 net/ipv4/ip_input.c:616
 ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:651
 __netif_receive_skb_list_ptype net/core/dev.c:5444 [inline]
 __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5492
 __netif_receive_skb_list net/core/dev.c:5544 [inline]
 netif_receive_skb_list_internal+0x967/0xcc0 net/core/dev.c:5654
 gro_normal_list net/core/dev.c:5808 [inline]
 napi_complete_done+0x344/0x750 net/core/dev.c:6557
 virtqueue_napi_complete drivers/net/virtio_net.c:357 [inline]
 virtnet_poll+0xb8a/0x1240 drivers/net/virtio_net.c:1537
 napi_poll net/core/dev.c:6873 [inline]
 net_rx_action+0x516/0x10d0 net/core/dev.c:6943
 __do_softirq+0x268/0x5bb kernel/softirq.c:309

The buggy address belongs to the object at ffff88811c3be000
 which belongs to the cache skbuff_head_cache of size 248
The buggy address is located 8 bytes inside of
 248-byte region [ffff88811c3be000, ffff88811c3be0f8)
The buggy address belongs to the page:
page:ffffea000470ef80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c3be
flags: 0x4000000000000200(slab)
raw: 4000000000000200 dead000000000100 dead000000000122 ffff888107d95b00
raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 220, ts 14110363205, free_ts 14090393786
 set_page_owner include/linux/page_owner.h:35 [inline]
 post_alloc_hook mm/page_alloc.c:2456 [inline]
 prep_new_page+0x166/0x180 mm/page_alloc.c:2462
 get_page_from_freelist+0x2d8c/0x2f30 mm/page_alloc.c:4254
 __alloc_pages_nodemask+0x435/0xaf0 mm/page_alloc.c:5348
 allocate_slab mm/slub.c:1808 [inline]
 new_slab+0x80/0x400 mm/slub.c:1869
 new_slab_objects mm/slub.c:2627 [inline]
 ___slab_alloc+0x302/0x4b0 mm/slub.c:2791
 __slab_alloc+0x63/0xa0 mm/slub.c:2831
 slab_alloc_node mm/slub.c:2913 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc+0x1b9/0x2e0 mm/slub.c:2960
 kmem_cache_alloc_node include/linux/slab.h:423 [inline]
 __alloc_skb+0x80/0x510 net/core/skbuff.c:200
 alloc_skb include/linux/skbuff.h:1126 [inline]
 __tcp_send_ack+0x95/0x6d0 net/ipv4/tcp_output.c:3984
 tcp_send_ack+0x3b/0x60 net/ipv4/tcp_output.c:4016
 tcp_cleanup_rbuf+0x278/0x590 net/ipv4/tcp.c:1592
 tcp_recvmsg+0x2192/0x3590 net/ipv4/tcp.c:2361
 inet_recvmsg+0x158/0x500 net/ipv4/af_inet.c:864
 sock_recvmsg_nosec net/socket.c:905 [inline]
 sock_recvmsg net/socket.c:923 [inline]
 sock_read_iter+0x353/0x480 net/socket.c:996
 call_read_iter include/linux/fs.h:2052 [inline]
 new_sync_read fs/read_write.c:415 [inline]
 vfs_read+0x990/0xba0 fs/read_write.c:496
 ksys_read+0x199/0x2c0 fs/read_write.c:634
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:28 [inline]
 free_pages_prepare mm/page_alloc.c:1349 [inline]
 free_pcp_prepare mm/page_alloc.c:1421 [inline]
 free_unref_page_prepare+0x2ae/0x2d0 mm/page_alloc.c:3336
 free_unref_page+0x7e/0x1c0 mm/page_alloc.c:3391
 __put_single_page mm/swap.c:104 [inline]
 __put_page+0xb1/0xe0 mm/swap.c:135
 put_page include/linux/mm.h:1257 [inline]
 anon_pipe_buf_release+0x17c/0x210 fs/pipe.c:137
 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline]
 pipe_read+0x5a6/0x1040 fs/pipe.c:323
 call_read_iter include/linux/fs.h:2052 [inline]
 new_sync_read fs/read_write.c:415 [inline]
 vfs_read+0x990/0xba0 fs/read_write.c:496
 ksys_read+0x199/0x2c0 fs/read_write.c:634
 __do_sys_read fs/read_write.c:644 [inline]
 __se_sys_read fs/read_write.c:642 [inline]
 __x64_sys_read+0x7b/0x90 fs/read_write.c:642
 do_syscall_64+0x34/0x70
 entry_SYSCALL_64_after_hwframe+0x61/0xcb

Memory state around the buggy address:
 ffff88811c3bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88811c3bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88811c3be000: fa f