Extracting prog: 2m47.430791465s
Minimizing prog: 38.491Âµs
Simplifying prog options: 0s
Extracting C: 35.229131951s
Simplifying C: 11m18.944373863s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000002c0), 0xfe, 0x4fb, &(0x7f0000000880)="$eJzs3V9rHGsZAPBnJrvnNG2Om6Ne6AHbYitJ0W6SxrbBi1ZB9Kqg1vsak20I2WRLsmmbUDTFDyCIqOCNXnkj+AEE6UcQoWDvRUURbfVCoTqyu7MxTXeTlG52Mfv7wZv5u/M8b5Z5Z96ZYSeAoXU+IiYjIsuy7FJElPL5aV5ip1Ua6714/mihUZLIstt/TSLJ57W39W4+PJN/7FREfO3LEd9MXo+7sbW9Ml+tVtbz6an6avIyy7YvL6/OL1WWKmuzszPX5q7PXZ2b7kk9xyPixhf/+IPv/uxLN371mQe/u/PnyW+1Ktiytx691Kp6sfm/aCtExPpxBBuQQrOGLVcHnAsAAAdrnO9/OCI+GRGXohQjzbM5AAAA4CTJbo7Fy6R1/w8AAAA4mdKIGIskLefP+45FmpbLrWd4Pxqn02pto/7prLR7vWA8iund5WplOn92YDyKSWN6Jn/Gtj19Zd/0bES8HxHfL402p8sLteriQK98AAAAwPA4s6///49Sq/8PAAAAnDDjg04AAAAAOHb6/wAAAHDy6f8DAADAifaVW7caJWu//3rx/tbmSu3+5cXKxkp5dXOhvFBbv1deqtWWmr/Zt3rY9qq12r3Pxtrmw6l6ZaM+tbG1fWe1trlWv7P8yiuwAQAAgD56/9yTZ0lE7HxuNI2ILNmzrBiRjexdudD//IDjk77Jyn84vjyA/hsZdALAwDilh+FVHHQCwMAd1g50fXjn173PBQAAOB4TH3/yLFr3/5ul4Z18WTLIxIBjl9//T+zrMHzc/4fh5f4fDK/iQWcAOgVw4qVH2NXf/v5/lr1RUgAAQM+NNUuSlvN+wFikabkc8V7ztQDF5O5ytTIdER+KiN+Wiu82pmean0xcHgAAAAAAAAAAAAAAAAAAAAAAAACAI8qyJLIuRnfXAQAAAP6fRaR/SvL3f02ULo7tvz7wTvLPUnMYEQ9+fPuHD+fr9fWZxvy/7c6v/yiff6XfVy8AAACATtr99HY/HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66cXzRwvt0s+4f/lCRIx3il+IU83hqShGxOm/J1HY87kkIkZ6EH/ncUR8rFP8pJFWjOdZ7I+fRsTogOOf6UF8GGZPGu3P5zvtf2mcbw4773+FvLyt7u1futv+jXRp/97rtMH09VkfPP3FVNf4jyM+KHRuf9rxky7xLxyxjt/4+vZ2t2XZTyMmOh5/kldiTSWFe1MbW9uXl1fnlypLlbXZ2Zlrc9fnrs5NT91drlbyvx1jfO8Tv/zPQfU/3SX++CH1v3jE+v/76cPnH2mNFvctKsZPsmzyQufjb+v/Hzf3x28f+z6Vf92N6Yn2+E5rfK+zP//N2XNdcht9HLHYpf6Hff+TR6z/pa9+5/dHXBUA6IONre2V+Wq1st5xpHWcP3gdI0YOGxmNPgadj4PWaZ/E9iGfb+eh+lj3f2U92+AAGyUAAOBY/O+kf9CZAAAAAAAAAAAAAAAAAAAAwPA67GfAogc/J7Y/5s5gqgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKD/BgAA///E6ck2")

program crashed: WARNING in inode_set_cached_link
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=53.240700948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
simplifying C reproducer
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
testing compiled C program (duration=53.240700948s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4
program crashed: WARNING in inode_set_cached_link
reproducing took 14m41.604354721s
repro crashed as (corrupted=false):
EXT4-fs warning (device loop0): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
EXT4-fs (loop0): Cannot turn on quotas: error -22
------------[ cut here ]------------
bad length passed for symlink [
ó] (got 9000, expected 3)
WARNING: CPU: 0 PID: 5828 at ./include/linux/fs.h:803 inode_set_cached_link+0xd0/0x110 include/linux/fs.h:802
Modules linked in:
CPU: 0 UID: 0 PID: 5828 Comm: syz-executor292 Not tainted 6.14.0-rc1-next-20250206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:inode_set_cached_link+0xd0/0x110 include/linux/fs.h:802
Code: 41 5f 5d c3 cc cc cc cc e8 ed 1b 44 ff c6 05 b5 51 8a 0d 01 90 48 c7 c7 20 dc 1d 8c 4c 89 f6 44 89 fa 89 e9 e8 d1 c7 04 ff 90 <0f> 0b 90 90 e9 6a ff ff ff 89 f9 80 e1 07 80 c1 03 38 c1 7c a1 e8
RSP: 0018:ffffc90003edf658 EFLAGS: 00010246
RAX: eb1626e2bcb2c200 RBX: ffff88807a402a50 RCX: ffff888030555a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000003 R08: ffffffff81803292 R09: 1ffff110170e519a
R10: dffffc0000000000 R11: ffffed10170e519b R12: ffff88807a402a50
R13: dffffc0000000000 R14: ffff88807a4027a0 R15: 0000000000002328
FS:  00005555714bd380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcb97718ae0 CR3: 0000000078d30000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __ext4_iget+0x2ea4/0x3f30 fs/ext4/inode.c:5000
 ext4_orphan_get+0x1bb/0x5f0 fs/ext4/ialloc.c:1389
 ext4_orphan_cleanup+0xa19/0x13d0 fs/ext4/orphan.c:467
 __ext4_fill_super fs/ext4/super.c:5602 [inline]
 ext4_fill_super+0x5dd5/0x6760 fs/ext4/super.c:5722
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3659
 do_mount fs/namespace.c:3999 [inline]
 __do_sys_mount fs/namespace.c:4210 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4187
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f51d811d93a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd0c869028 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd0c869040 RCX: 00007f51d811d93a
RDX: 0000200000000080 RSI: 0000200000000000 RDI: 00007ffd0c869040
RBP: 0000200000000000 R08: 00007ffd0c869080 R09: 00000000000004f5
R10: 000000000200801f R11: 0000000000000202 R12: 0000200000000080
R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd0c869080
 </TASK>

final repro crashed as (corrupted=false):
EXT4-fs warning (device loop0): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
EXT4-fs (loop0): Cannot turn on quotas: error -22
------------[ cut here ]------------
bad length passed for symlink [
ó] (got 9000, expected 3)
WARNING: CPU: 0 PID: 5828 at ./include/linux/fs.h:803 inode_set_cached_link+0xd0/0x110 include/linux/fs.h:802
Modules linked in:
CPU: 0 UID: 0 PID: 5828 Comm: syz-executor292 Not tainted 6.14.0-rc1-next-20250206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:inode_set_cached_link+0xd0/0x110 include/linux/fs.h:802
Code: 41 5f 5d c3 cc cc cc cc e8 ed 1b 44 ff c6 05 b5 51 8a 0d 01 90 48 c7 c7 20 dc 1d 8c 4c 89 f6 44 89 fa 89 e9 e8 d1 c7 04 ff 90 <0f> 0b 90 90 e9 6a ff ff ff 89 f9 80 e1 07 80 c1 03 38 c1 7c a1 e8
RSP: 0018:ffffc90003edf658 EFLAGS: 00010246
RAX: eb1626e2bcb2c200 RBX: ffff88807a402a50 RCX: ffff888030555a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000003 R08: ffffffff81803292 R09: 1ffff110170e519a
R10: dffffc0000000000 R11: ffffed10170e519b R12: ffff88807a402a50
R13: dffffc0000000000 R14: ffff88807a4027a0 R15: 0000000000002328
FS:  00005555714bd380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcb97718ae0 CR3: 0000000078d30000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __ext4_iget+0x2ea4/0x3f30 fs/ext4/inode.c:5000
 ext4_orphan_get+0x1bb/0x5f0 fs/ext4/ialloc.c:1389
 ext4_orphan_cleanup+0xa19/0x13d0 fs/ext4/orphan.c:467
 __ext4_fill_super fs/ext4/super.c:5602 [inline]
 ext4_fill_super+0x5dd5/0x6760 fs/ext4/super.c:5722
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3659
 do_mount fs/namespace.c:3999 [inline]
 __do_sys_mount fs/namespace.c:4210 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4187
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f51d811d93a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd0c869028 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd0c869040 RCX: 00007f51d811d93a
RDX: 0000200000000080 RSI: 0000200000000000 RDI: 00007ffd0c869040
RBP: 0000200000000000 R08: 00007ffd0c869080 R09: 00000000000004f5
R10: 000000000200801f R11: 0000000000000202 R12: 0000200000000080
R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd0c869080
 </TASK>