Warning: Permanently added '10.128.0.30' (ED25519) to the list of known hosts. 2025/07/26 08:55:00 ignoring optional flag "sandboxArg"="0" 2025/07/26 08:55:00 ignoring optional flag "type"="gce" 2025/07/26 08:55:00 parsed 1 programs [ 44.953470][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 44.953483][ T28] audit: type=1400 audit(1753520101.036:92): avc: denied { unlink } for pid=329 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2025/07/26 08:55:01 executed programs: 0 [ 45.036499][ T329] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.084661][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.091699][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.099158][ T335] device bridge_slave_0 entered promiscuous mode [ 45.105967][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.113023][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.120310][ T335] device bridge_slave_1 entered promiscuous mode [ 45.157998][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.165045][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.172269][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.179292][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.195868][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.203288][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.210922][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.218516][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.227390][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.235588][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.242602][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.251161][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.259438][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.266484][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.277825][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.286945][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.299765][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.310494][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.318590][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.326276][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.334537][ T335] device veth0_vlan entered promiscuous mode [ 45.344163][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.353170][ T335] device veth1_macvtap entered promiscuous mode [ 45.361944][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.371831][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.395098][ T347] loop0: detected capacity change from 0 to 512 [ 45.401910][ T28] audit: type=1400 audit(1753520101.476:93): avc: denied { mounton } for pid=345 comm="syz-executor.0" path="/root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0" dev="sda1" ino=2036 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 45.402677][ T347] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 45.439102][ T347] EXT4-fs (loop0): 1 truncate cleaned up [ 45.445512][ T347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 45.454272][ T28] audit: type=1400 audit(1753520101.536:94): avc: denied { mount } for pid=345 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 45.477031][ T28] audit: type=1400 audit(1753520101.536:95): avc: denied { write } for pid=345 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 45.499521][ T28] audit: type=1400 audit(1753520101.536:96): avc: denied { add_name } for pid=345 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 45.500365][ T335] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 45.521794][ T28] audit: type=1400 audit(1753520101.536:97): avc: denied { create } for pid=345 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.548303][ T335] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 45.568231][ T28] audit: type=1400 audit(1753520101.536:98): avc: denied { write open } for pid=345 comm="syz-executor.0" path="/root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.588031][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.615319][ T28] audit: type=1400 audit(1753520101.536:99): avc: denied { mounton } for pid=345 comm="syz-executor.0" path="/root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.615346][ T28] audit: type=1400 audit(1753520101.536:100): avc: denied { append } for pid=345 comm="syz-executor.0" path="/root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0/memory.events" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.615367][ T28] audit: type=1400 audit(1753520101.536:101): avc: denied { map } for pid=345 comm="syz-executor.0" path="/root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.715713][ T335] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 45.743168][ T335] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 45.763182][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.778585][ T335] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 45.806239][ T335] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 45.826388][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.841667][ T335] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 45.869029][ T335] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 45.889227][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.904813][ T335] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3330865594/syzkaller.BKx1wY/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 45.932433][ T335] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 45.952661][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.968415][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.984112][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 45.999867][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 46.015776][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 46.031460][ T335] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 46.115111][ T335] EXT4-fs (loop0): unmounting filesystem. [ 46.603530][ T10] device bridge_slave_1 left promiscuous mode [ 46.609649][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.617119][ T10] device bridge_slave_0 left promiscuous mode [ 46.623553][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.631693][ T10] device veth1_macvtap left promiscuous mode [ 46.637957][ T10] device veth0_vlan left promiscuous mode [ 47.163953][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.171421][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.178837][ T352] device bridge_slave_0 entered promiscuous mode [ 47.185565][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.192582][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.200240][ T352] device bridge_slave_1 entered promiscuous mode [ 47.238381][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.245457][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.252694][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.259716][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.276809][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.284517][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.291709][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.300541][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.308762][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.315814][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.324415][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.332578][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.339609][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.350973][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.360595][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.373810][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.385476][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.393514][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.401135][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.409288][ T352] device veth0_vlan entered promiscuous mode [ 47.419245][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.428158][ T352] device veth1_macvtap entered promiscuous mode [ 47.437109][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.446833][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.468229][ T363] loop0: detected capacity change from 0 to 512 [ 47.476952][ T363] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 47.486800][ T363] EXT4-fs (loop0): 1 truncate cleaned up [ 47.492466][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 47.513837][ T352] ================================================================== [ 47.522017][ T352] BUG: KASAN: use-after-free in ext4_inlinedir_to_tree+0x4af/0xf50 [ 47.529914][ T352] Read of size 68 at addr ffff88810b10dec9 by task syz-executor.0/352 [ 47.538068][ T352] [ 47.540392][ T352] CPU: 1 PID: 352 Comm: syz-executor.0 Not tainted 6.1.145-syzkaller-1169961-g2ff414a09808 #0 [ 47.550612][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.560674][ T352] Call Trace: [ 47.563946][ T352] [ 47.566857][ T352] __dump_stack+0x21/0x24 [ 47.571197][ T352] dump_stack_lvl+0xee/0x150 [ 47.575768][ T352] ? __cfi_dump_stack_lvl+0x8/0x8 [ 47.580774][ T352] ? ext4_inlinedir_to_tree+0x4af/0xf50 [ 47.586297][ T352] print_address_description+0x71/0x210 [ 47.591821][ T352] print_report+0x4a/0x60 [ 47.596129][ T352] kasan_report+0x122/0x150 [ 47.600695][ T352] ? ext4_inlinedir_to_tree+0x4af/0xf50 [ 47.606219][ T352] ? ext4_inlinedir_to_tree+0x4af/0xf50 [ 47.611738][ T352] kasan_check_range+0x280/0x290 [ 47.616652][ T352] memcpy+0x2d/0x70 [ 47.620442][ T352] ext4_inlinedir_to_tree+0x4af/0xf50 [ 47.625805][ T352] ? kernel_text_address+0xa0/0xd0 [ 47.630915][ T352] ? __cfi_ext4_inlinedir_to_tree+0x10/0x10 [ 47.636790][ T352] ? unwind_get_return_address+0x4d/0x90 [ 47.642401][ T352] ? arch_stack_walk+0xfc/0x150 [ 47.647231][ T352] ? kasan_set_track+0x60/0x70 [ 47.651968][ T352] ? kasan_set_track+0x4b/0x70 [ 47.656717][ T352] ? kasan_save_alloc_info+0x25/0x30 [ 47.661980][ T352] ? __kasan_kmalloc+0x95/0xb0 [ 47.666716][ T352] ? kmalloc_trace+0x40/0xb0 [ 47.671282][ T352] ? __se_sys_getdents64+0xe5/0x240 [ 47.676454][ T352] ? __x64_sys_getdents64+0x7b/0x90 [ 47.681629][ T352] ? x64_sys_call+0x15c/0x9a0 [ 47.686285][ T352] ? do_syscall_64+0x4c/0xa0 [ 47.690857][ T352] ext4_htree_fill_tree+0x4c5/0x10d0 [ 47.696125][ T352] ? __cfi_ext4_htree_fill_tree+0x10/0x10 [ 47.701921][ T352] ? kasan_save_alloc_info+0x25/0x30 [ 47.707202][ T352] ? ext4_readdir+0x4ac/0x3c10 [ 47.711956][ T352] ? kmalloc_trace+0x40/0xb0 [ 47.716541][ T352] ext4_readdir+0x2d8a/0x3c10 [ 47.721198][ T352] ? __this_cpu_preempt_check+0x13/0x20 [ 47.726754][ T352] ? memcg_rstat_updated+0x56/0x110 [ 47.731938][ T352] ? cgroup_rstat_updated+0xf5/0x370 [ 47.737198][ T352] ? __mod_memcg_lruvec_state+0xd4/0x110 [ 47.742804][ T352] ? __cfi_ext4_readdir+0x10/0x10 [ 47.747816][ T352] ? __kasan_check_write+0x14/0x20 [ 47.752919][ T352] ? rwsem_read_trylock+0x29a/0x620 [ 47.758100][ T352] ? downgrade_write+0x350/0x350 [ 47.763042][ T352] ? handle_mm_fault+0x17be/0x2640 [ 47.768160][ T352] ? avc_policy_seqno+0x1b/0x70 [ 47.772990][ T352] ? down_read_killable+0xb6/0x100 [ 47.778090][ T352] ? __cfi_down_read_killable+0x10/0x10 [ 47.783720][ T352] ? fsnotify_perm+0x269/0x5b0 [ 47.788505][ T352] ? security_file_permission+0x94/0xb0 [ 47.794042][ T352] iterate_dir+0x271/0x610 [ 47.798456][ T352] ? __cfi_ext4_readdir+0x10/0x10 [ 47.803466][ T352] __se_sys_getdents64+0xe5/0x240 [ 47.808467][ T352] ? __x64_sys_getdents64+0x90/0x90 [ 47.813646][ T352] ? __cfi_filldir64+0x10/0x10 [ 47.818490][ T352] ? do_user_addr_fault+0x9ac/0x1050 [ 47.823767][ T352] ? debug_smp_processor_id+0x17/0x20 [ 47.829122][ T352] __x64_sys_getdents64+0x7b/0x90 [ 47.834122][ T352] x64_sys_call+0x15c/0x9a0 [ 47.838727][ T352] do_syscall_64+0x4c/0xa0 [ 47.843121][ T352] ? clear_bhb_loop+0x30/0x80 [ 47.847772][ T352] ? clear_bhb_loop+0x30/0x80 [ 47.852423][ T352] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 47.858290][ T352] RIP: 0033:0x7f752e4a9363 [ 47.862695][ T352] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 62 8b fa ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 [ 47.882365][ T352] RSP: 002b:00007ffd30e953a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 47.890800][ T352] RAX: ffffffffffffffda RBX: 00005555806aa890 RCX: 00007f752e4a9363 [ 47.898761][ T352] RDX: 0000000000008000 RSI: 00005555806aa890 RDI: 0000000000000006 [ 47.906715][ T352] RBP: 00005555806aa864 R08: 0000000000000000 R09: 0000000000000000 [ 47.914666][ T352] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb0 [ 47.922650][ T352] R13: 0000000000000016 R14: 00005555806aa860 R15: 0000000000000008 [ 47.930606][ T352] [ 47.933609][ T352] [ 47.935913][ T352] Allocated by task 346: [ 47.940135][ T352] kasan_set_track+0x4b/0x70 [ 47.944702][ T352] kasan_save_alloc_info+0x25/0x30 [ 47.949789][ T352] __kasan_slab_alloc+0x72/0x80 [ 47.954623][ T352] slab_post_alloc_hook+0x4f/0x2d0 [ 47.959710][ T352] kmem_cache_alloc+0x16e/0x330 [ 47.964533][ T352] vm_area_alloc+0x24/0x1a0 [ 47.969111][ T352] mmap_region+0xf7d/0x2140 [ 47.973609][ T352] do_mmap+0x7ae/0xcf0 [ 47.977752][ T352] vm_mmap_pgoff+0x1f5/0x3f0 [ 47.982318][ T352] ksys_mmap_pgoff+0xf6/0x1d0 [ 47.986973][ T352] __x64_sys_mmap+0xfa/0x110 [ 47.991535][ T352] x64_sys_call+0x8fd/0x9a0 [ 47.996012][ T352] do_syscall_64+0x4c/0xa0 [ 48.000402][ T352] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 48.006281][ T352] [ 48.008665][ T352] Freed by task 23: [ 48.012448][ T352] kasan_set_track+0x4b/0x70 [ 48.017070][ T352] kasan_save_free_info+0x31/0x50 [ 48.022081][ T352] ____kasan_slab_free+0x132/0x180 [ 48.027170][ T352] __kasan_slab_free+0x11/0x20 [ 48.031933][ T352] slab_free_freelist_hook+0xc2/0x190 [ 48.037285][ T352] kmem_cache_free+0x12d/0x300 [ 48.042203][ T352] __vm_area_free+0x7e/0x130 [ 48.046774][ T352] vm_area_free_rcu_cb+0x15/0x20 [ 48.051693][ T352] rcu_do_batch+0x515/0xb90 [ 48.056175][ T352] rcu_core+0x5a5/0xe70 [ 48.060311][ T352] rcu_core_si+0x9/0x10 [ 48.064468][ T352] handle_softirqs+0x1d7/0x600 [ 48.069218][ T352] run_ksoftirqd+0x28/0x30 [ 48.073622][ T352] smpboot_thread_fn+0x4a0/0x910 [ 48.078542][ T352] kthread+0x281/0x320 [ 48.082597][ T352] ret_from_fork+0x1f/0x30 [ 48.086995][ T352] [ 48.089297][ T352] Last potentially related work creation: [ 48.094986][ T352] kasan_save_stack+0x3a/0x60 [ 48.099639][ T352] __kasan_record_aux_stack+0xb6/0xc0 [ 48.104993][ T352] kasan_record_aux_stack_noalloc+0xb/0x10 [ 48.110778][ T352] call_rcu+0xd4/0xf90 [ 48.114823][ T352] vm_area_free+0x1c/0x20 [ 48.119134][ T352] __vma_adjust+0x172c/0x1e50 [ 48.123796][ T352] vma_merge+0x7da/0xa40 [ 48.128021][ T352] mprotect_fixup+0x403/0x930 [ 48.132678][ T352] do_mprotect_pkey+0x75f/0xa80 [ 48.137521][ T352] __x64_sys_mprotect+0x80/0x90 [ 48.142354][ T352] x64_sys_call+0x997/0x9a0 [ 48.146835][ T352] do_syscall_64+0x4c/0xa0 [ 48.151238][ T352] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 48.157108][ T352] [ 48.159409][ T352] The buggy address belongs to the object at ffff88810b10de70 [ 48.159409][ T352] which belongs to the cache vm_area_struct of size 200 [ 48.173698][ T352] The buggy address is located 89 bytes inside of [ 48.173698][ T352] 200-byte region [ffff88810b10de70, ffff88810b10df38) [ 48.186860][ T352] [ 48.189161][ T352] The buggy address belongs to the physical page: [ 48.195571][ T352] page:ffffea00042c4340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b10d [ 48.205788][ T352] flags: 0x4000000000000200(slab|zone=1) [ 48.211413][ T352] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002a8a80 [ 48.219982][ T352] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000 [ 48.228622][ T352] page dumped because: kasan: bad access detected [ 48.235023][ T352] page_owner tracks the page as allocated [ 48.240790][ T352] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 346, tgid 346 (udevd), ts 47478203811, free_ts 38534654388 [ 48.258216][ T352] post_alloc_hook+0x1f5/0x210 [ 48.262963][ T352] prep_new_page+0x1c/0x110 [ 48.267446][ T352] get_page_from_freelist+0x2c7b/0x2cf0 [ 48.273012][ T352] __alloc_pages+0x19e/0x3a0 [ 48.277580][ T352] alloc_slab_page+0x6e/0xf0 [ 48.282154][ T352] new_slab+0x98/0x3d0 [ 48.286290][ T352] ___slab_alloc+0x6f6/0xb50 [ 48.290869][ T352] __slab_alloc+0x5e/0xa0 [ 48.295185][ T352] kmem_cache_alloc+0x1b0/0x330 [ 48.300012][ T352] vm_area_dup+0x27/0x280 [ 48.304318][ T352] __split_vma+0x1b6/0x840 [ 48.308719][ T352] do_mas_align_munmap+0x2f6/0x11b0 [ 48.313908][ T352] do_mas_munmap+0x241/0x2b0 [ 48.318563][ T352] __vm_munmap+0x19f/0x2f0 [ 48.322973][ T352] __x64_sys_munmap+0x6b/0x80 [ 48.327629][ T352] x64_sys_call+0x8a/0x9a0 [ 48.332028][ T352] page last free stack trace: [ 48.336673][ T352] free_unref_page_prepare+0x742/0x750 [ 48.342121][ T352] free_unref_page+0x8f/0x530 [ 48.346781][ T352] __folio_put+0xac/0xe0 [ 48.351014][ T352] anon_pipe_buf_release+0x183/0x200 [ 48.356293][ T352] pipe_read+0x55d/0x1000 [ 48.360602][ T352] vfs_read+0x41e/0x8c0 [ 48.364738][ T352] ksys_read+0x140/0x240 [ 48.368966][ T352] __x64_sys_read+0x7b/0x90 [ 48.373625][ T352] x64_sys_call+0x2f/0x9a0 [ 48.378021][ T352] do_syscall_64+0x4c/0xa0 [ 48.382452][ T352] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 48.388326][ T352] [ 48.390626][ T352] Memory state around the buggy address: [ 48.396235][ T352] ffff88810b10dd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.404272][ T352] ffff88810b10de00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb [ 48.412311][ T352] >ffff88810b10de80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.420434][ T352] ^ [ 48.426854][ T352] ffff88810b10df00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 48.434892][ T352] ffff88810b10df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.442955][ T352] ================================================================== [ 48.459354][ T352] Disabling lock debugging due to kernel taint [ 48.465607][ T352] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir705988493/syzkaller.LFeDsd/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 48.493236][ T352] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 48.513432][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.528728][ T352] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir705988493/syzkaller.LFeDsd/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 48.556185][ T352] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 48.576226][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.591854][ T352] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir705988493/syzkaller.LFeDsd/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 48.619503][ T352] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 48.639582][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.654921][ T352] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir705988493/syzkaller.LFeDsd/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 48.682350][ T352] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 48.702442][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.718277][ T352] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir705988493/syzkaller.LFeDsd/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 48.745676][ T352] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 48.765721][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.781430][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.797566][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.813629][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.829463][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.845320][ T352] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 48.935190][ T352] EXT4-fs (loop0): unmounting filesystem. [ 49.474063][ T365] device bridge_slave_1 left promiscuous mode [ 49.480278][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.487953][ T365] device bridge_slave_0 left promiscuous mode [ 49.494125][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.501801][ T365] device veth1_macvtap left promiscuous mode [ 49.507851][ T365] device veth0_vlan left promiscuous mode [ 49.986260][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.993342][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.000624][ T367] device bridge_slave_0 entered promiscuous mode [ 50.007666][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.014832][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.022167][ T367] device bridge_slave_1 entered promiscuous mode [ 50.060734][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.067807][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.075076][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.082095][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.098814][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.106452][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.113869][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.122423][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.130759][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.137809][ T365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.146849][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.155106][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.162124][ T365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.173571][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.182500][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.195282][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.206046][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.214323][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.221736][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.229946][ T367] device veth0_vlan entered promiscuous mode [ 50.239401][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.248415][ T367] device veth1_macvtap entered promiscuous mode [ 50.257443][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.267380][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.289528][ T378] loop0: detected capacity change from 0 to 512 [ 50.296738][ T378] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem 2025/07/26 08:55:06 executed programs: 6 [ 50.307142][ T378] EXT4-fs (loop0): 1 truncate cleaned up [ 50.312799][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 50.333850][ T367] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3671077021/syzkaller.7BoCyH/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 50.361270][ T367] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 50.381399][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.396887][ T367] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3671077021/syzkaller.7BoCyH/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 50.424300][ T367] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 50.444488][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.459810][ T367] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3671077021/syzkaller.7BoCyH/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 50.487358][ T367] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 50.507387][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.522846][ T367] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3671077021/syzkaller.7BoCyH/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 50.550319][ T367] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 50.570630][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.586325][ T367] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3671077021/syzkaller.7BoCyH/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 50.613904][ T367] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 50.634302][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.650039][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.665641][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.681465][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.697212][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.712904][ T367] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 50.804961][ T367] EXT4-fs (loop0): unmounting filesystem. [ 51.363530][ T365] device bridge_slave_1 left promiscuous mode [ 51.369730][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.377249][ T365] device bridge_slave_0 left promiscuous mode [ 51.383428][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.391048][ T365] device veth1_macvtap left promiscuous mode [ 51.397109][ T365] device veth0_vlan left promiscuous mode [ 51.856095][ T382] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.863166][ T382] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.870454][ T382] device bridge_slave_0 entered promiscuous mode [ 51.877363][ T382] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.884417][ T382] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.891694][ T382] device bridge_slave_1 entered promiscuous mode [ 51.930948][ T382] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.938021][ T382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.945335][ T382] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.952354][ T382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.969882][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.977474][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.984724][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.993688][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.001854][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.008987][ T365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.017893][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.026168][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.033197][ T365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.044343][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.053662][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.067247][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.078041][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.086159][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.093695][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.101831][ T382] device veth0_vlan entered promiscuous mode [ 52.111673][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.120572][ T382] device veth1_macvtap entered promiscuous mode [ 52.129485][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.139324][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.160641][ T393] loop0: detected capacity change from 0 to 512 [ 52.168112][ T393] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 52.178140][ T393] EXT4-fs (loop0): 1 truncate cleaned up [ 52.183952][ T393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 52.205646][ T382] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir1690192450/syzkaller.OsF457/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 52.233186][ T382] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 52.253501][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.269098][ T382] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir1690192450/syzkaller.OsF457/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 52.296459][ T382] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 52.316679][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.332284][ T382] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir1690192450/syzkaller.OsF457/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 52.360046][ T382] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 52.380261][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.395925][ T382] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir1690192450/syzkaller.OsF457/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 52.423367][ T382] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 52.443613][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.458907][ T382] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir1690192450/syzkaller.OsF457/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 52.486320][ T382] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 52.506338][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.521972][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.537702][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.553461][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.569061][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.584828][ T382] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 52.655116][ T382] EXT4-fs (loop0): unmounting filesystem. [ 53.143510][ T348] device bridge_slave_1 left promiscuous mode [ 53.150037][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.157572][ T348] device bridge_slave_0 left promiscuous mode [ 53.163934][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.171572][ T348] device veth1_macvtap left promiscuous mode [ 53.177639][ T348] device veth0_vlan left promiscuous mode [ 53.707073][ T396] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.714203][ T396] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.721469][ T396] device bridge_slave_0 entered promiscuous mode [ 53.728264][ T396] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.735297][ T396] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.742578][ T396] device bridge_slave_1 entered promiscuous mode [ 53.781627][ T396] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.788860][ T396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.796144][ T396] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.803176][ T396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.819780][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.827296][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.834533][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.843821][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.852028][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.859064][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.868006][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.876250][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.883283][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.894846][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.904040][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.917271][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.928320][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.936498][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.944008][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.952053][ T396] device veth0_vlan entered promiscuous mode [ 53.961841][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.971304][ T396] device veth1_macvtap entered promiscuous mode [ 53.980202][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.990570][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.011755][ T407] loop0: detected capacity change from 0 to 512 [ 54.020121][ T407] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 54.030170][ T407] EXT4-fs (loop0): 1 truncate cleaned up [ 54.036143][ T407] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.055235][ T396] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3183152573/syzkaller.yZmd85/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 54.082915][ T396] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 54.103595][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.118931][ T396] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3183152573/syzkaller.yZmd85/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 54.146337][ T396] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 54.166532][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.181957][ T396] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3183152573/syzkaller.yZmd85/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 54.209398][ T396] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 54.229640][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.244942][ T396] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3183152573/syzkaller.yZmd85/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 54.272604][ T396] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 54.293008][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.308367][ T396] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir3183152573/syzkaller.yZmd85/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 54.336091][ T396] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 54.356225][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.372013][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.387733][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.403477][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.419131][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.434748][ T396] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 54.534790][ T396] EXT4-fs (loop0): unmounting filesystem. [ 55.073459][ T348] device bridge_slave_1 left promiscuous mode [ 55.079579][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.087201][ T348] device bridge_slave_0 left promiscuous mode [ 55.093319][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.101166][ T348] device veth1_macvtap left promiscuous mode [ 55.107294][ T348] device veth0_vlan left promiscuous mode [ 55.587754][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.595248][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.602529][ T412] device bridge_slave_0 entered promiscuous mode [ 55.609492][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.616539][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.624017][ T412] device bridge_slave_1 entered promiscuous mode [ 55.674072][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.681647][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.690175][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.699010][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.707272][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.714489][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.721965][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.730610][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.739075][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.747343][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.754384][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.765609][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.774850][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.788480][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.799271][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.807905][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.815585][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.823966][ T412] device veth0_vlan entered promiscuous mode [ 55.833444][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.842456][ T412] device veth1_macvtap entered promiscuous mode [ 55.851407][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.861145][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/07/26 08:55:12 executed programs: 13 [ 55.884855][ T423] loop0: detected capacity change from 0 to 512 [ 55.893216][ T423] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 55.902799][ T423] EXT4-fs (loop0): 1 truncate cleaned up [ 55.908526][ T423] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 55.928753][ T412] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir364433397/syzkaller.HhNjk2/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 55.956088][ T412] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 55.976465][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 55.992532][ T412] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir364433397/syzkaller.HhNjk2/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 56.019781][ T412] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 56.040046][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.055355][ T412] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir364433397/syzkaller.HhNjk2/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 56.082606][ T412] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 56.102795][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.118183][ T412] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir364433397/syzkaller.HhNjk2/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 56.145535][ T412] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 56.165705][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.181022][ T412] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz-executor.0: path /root/syzkaller-testdir364433397/syzkaller.HhNjk2/0/file0/file0: bad entry in directory: directory entry overrun - offset=34816, inode=2538880996, rec_len=34812, size=128 fake=0 [ 56.208592][ T412] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 7: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=4, inode=2538880996, rec_len=34812, size=60 fake=0 [ 56.228842][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.244610][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.260339][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.276118][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.291763][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.307553][ T412] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 2538880996, rec_len 34812, name_len 234inline size 60 [ 56.404900][ T412] EXT4-fs (loop0): unmounting filesystem. [ 57.083464][ T348] device bridge_slave_1 left promiscuous mode [ 57.089580][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.097128][ T348] device bridge_slave_0 left promiscuous mode [ 57.103426][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.111167][ T348] device veth1_macvtap left promiscuous mode [ 57.117254][ T348] device veth0_vlan left promiscuous mode [ 57.461977][ T426] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.469181][ T426] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.476948][ T426] device bridge_slave_0 entered promiscuous mode [ 57.483825][ T426] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.490840][ T426] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.498222][ T426] device bridge_slave_1 entered promiscuous mode