program: io_setup(0x2, &(0x7f00000004c0)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000040)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x7, r1, &(0x7f0000000140)='i', 0x1, 0x9fd}]) r2 = io_uring_setup(0x33c8, &(0x7f0000000100)={0x0, 0x4c48, 0x4000, 0x0, 0x108}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r3, 0xc038586c, &(0x7f00000000c0)={0x29, 0x300000000000000}) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x22043, 0x69) fremovexattr(r4, &(0x7f0000000200)=@known='trusted.overlay.origin\x00') r5 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x1cb1, 0x1c080, 0xa, 0x20002fb}) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000200)={0xffffffffffffffff, 0x7c4, 0x7, 0x51ee}) syz_ublk_setup_queues(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x0, 0x810, 0x8000, 0x0, 0x2da}, &(0x7f0000000540)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0xe866, 0x0, 0x1, 0x297}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xba31, 0x200, 0x0, 0x1ad}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x145e, 0x1, 0x3, 0x37}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x44b2, 0x40000, 0x1, 0x3d3}}], 0x4, &(0x7f00000017c0)={0x2e, 0x2a, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x1, {0x4}, 0x0, 0x0, '\x00', {0x2, 0xa0f, 0x0, &(0x7f00000007c0)=@buf_1k="7dc319c6efedc1d5f646b087b4c9a3128b2f0f40c2878b09c5172b996cb2a6f0279c530ff37cdb87a3a083ee78d186ad53c262db7a35d6c6611e732012706431324f27260fa0c59b81f6ae0505374220ba9f6065fe9486e53572f5ca4de191b5dcbdc049776b7da6259b88c231dfc10f5155dd8a4af26de71233b50828d60137bbb777a90cada96534ea331114940bfb54e2a09cbdd8753d3dcd06547c00df5721844179513475661c63a66fd293d9b5335e83bbca020fef3efc929487ba371b3e0f55beb6a069f8f6fcd07ac0d0d416584e336f0b46ac440085d40026d6be4b9cc277e7d596b505406e121bb98667d0cc0c61737f4edb2be43856c3a6477492c98b6928bd7d10d30208099b7b1b709c319f3184937477d4c88659973de40f8efaf5d28c9047df4284c3b956dec2cd7c1514daaf2a9f0db36a050c2bcb5dc3aaffddc286702f15bccb34710bc8702577c71dc689c599e5e0013c8092d16342c788dc6d2269c3cac0c71f16aad2734d8876d9957c6b48faf2e4d58e34d5fabdae19ec82b4577ce0993a99e7827220ae0a34d7c16c4a153b2843461d9be5f72ade3b2465f8a364b347c89a8725036ca561413f1d02be6592cb8e1a7cb5862efda121fa98b136e6cfb8cb0d7d0cabfbc3bf5d67d29244f14f2f91c0321544e954e346e50e8e77047d5e5a0b8f0433c2dbd03211f444f353cf25b7900dc052b515caec84417b024876272ffb066124833698f15c18c56057fbdadbf2d0f9c805f3bef5c9d792726745de136a58d504a2ddf741bf88a16e01f25f21e46d054a084056f7a1d112737825d9afd58361b8c63a4923b7561e8f59f5450f002293f77aa6a33ae1e3b676876fdc27b1c3355b7475cef6981d30aaf5cd90d8f3b9825d79637425cae888f946d09d9367c306055ba810707cc7fcea2d4241b8aeb9f9f3d652e0595cfdd00c10b1bc1ff14b22d22817e57d9c8a638d294ae9babe65d5079422821e0188946e3c0cb86716dcae95483e4ef7fe84e2a4a4cee2ec8015a5e2ac337e76d410de3fed568319c4d246aa4fe5a9c5e781cc67ec41ba2b605f0b051319fc55738b467968baec885d00df542b6b49296f3f0c7e1238b523c28f8d1c5b9e74a7461ace66ca50f2d6ac6c90c99d1b4c0d2939e3d81eac4564e76a7facc2ee79b9b8a65d38240632ce33ff278bb1d90c62591451614fa30912069829a92c5904d58ce0149b9f2df74e189b9eae6717d8426c65772aed5b3762804801196a0370c4c925ad7789375253914a97452af679880079132806f93aa39f928e64c906a8ee3302372cffea0e7629b9826a184e19fe20e6c36af2f0b2f99f831d8615efa0c2eabff32757ea1108d1683848541c985cb37ef4dd682ef08df54bb1a852f6573a7ab3db5e843d087bd30288c691b7685638415af47a1699c93660b73ed42d21"}}, &(0x7f0000001840)) r8 = io_uring_setup(0x1de0, &(0x7f00000002c0)={0x0, 0x0, 0x40, 0xfffffff9, 0x42}) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x1b, 0x20000038, r9) r10 = syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x200) ioctl$BLKGETSIZE(r10, 0x1260, &(0x7f0000000840)) syz_ublk_setup_queues(r1, 0x0, &(0x7f0000000180)={0x0, 0xb157, 0x40, 0x3, 0x21e, 0x0, r2}, &(0x7f0000000240)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0xd867, 0x100, 0x3, 0x40, 0x0, r3}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x85f8, 0x100, 0x1, 0x39c, 0x0, r4}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7cbd, 0x20, 0x1, 0x308, 0x0, r5}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x8c32, 0x10000, 0x0, 0x352, 0x0, r6}}], 0x4, &(0x7f0000002880)={0x2e, 0x20, 0x0, r7, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {0x7ff}, 0x0, r9, '\x00', {0x3, 0xc95, 0x0, &(0x7f0000001880)=@buf_512="ffaf8452d860135301ff979629e1c506f6fd8a7452b1316a39eef281f8b425b429a91cda45b8e56521e7f9231c23f8bbc5e11a6d0b24be17aeae3dac2966e4594b1e8ba1bfd70222a324d0f9e669e7200ebe0f5ebb046cc8b1586cc88c5a6d86a60ca77a09d05e9d7d2783ceaeb169d6d24b94a5b0ff56920e90b112f482d073df78d17eda3f33a70fe014805e2a430fc5d3d7f774228e324bfbd1cff92bbb040f29f2d24e114a2cf1f2646d7c92d44451a8250b5588cebcb0510d095375a06ef35e8406071bcc420b2584bd30162e5359bc8b48d00dbabf55d3eb373f2f638afa0394022e14ac09be1e05b7c9963732e9762f6b82a3519ffd55531b9c9a90c4f300f067a14d8c9e47cb0935fdba9f79aca7504d8270b3820f0e7fbf115fb6ab45b05a19e51d95b1578ba548c06aa8bf3719db032a9c9a3d355ab3b7201dd4a2bacb35bcfdd974f84c0a3c0c357792b407b5f94e904467d147e9a39ed271fc37900b1b144e1481edff02991ab15882ff5d955e80ed3f760af8b8acfa566c2940e5a67bf480611b8d7e3e26903f85a697692070952cbb3c75dce6717748658ec3ea8455d90dde8b270a84a146263e3af3381fe59b65603d7e0e035352e9ce07339259ef5375ce3734c0f7fb57bf4e58e645e1eb17081aea8cdbc015a34b46fc28fe7ec66b8dc99df95b3d2af46f24dcd4d95800589dae4028867e0c3c5b8e494c"}}, &(0x7f0000002900)) r11 = socket$netlink(0x10, 0x3, 0x0) writev(r11, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a0004000500000000000072000000000000000000", 0x39}], 0x1) syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @broadcast=0x2, @multicast2}, "1a3f02eb38ad1bf6"}}}}}, 0x0) [ 85.747193][ T75] ------------[ cut here ]------------ [ 85.749904][ T75] kernel BUG at fs/f2fs/inode.c:977! [ 85.753371][ T75] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.756157][ T75] CPU: 0 UID: 0 PID: 75 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 85.759921][ T75] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.764404][ T75] RIP: 0010:f2fs_evict_inode+0x199c/0x19b0 [ 85.766840][ T75] Code: fd 48 c7 c7 00 a9 9b 8e be 04 00 00 00 e8 7c a5 76 fd 65 49 ff 46 08 e9 b1 e8 ff ff e8 9d 64 92 fd 90 0f 0b e8 95 64 92 fd 90 <0f> 0b e8 8d 64 92 fd 90 0f 0b 90 e9 ea fe ff ff 0f 1f 40 00 90 90 [ 85.774853][ T75] RSP: 0018:ffffc90000cef080 EFLAGS: 00010293 [ 85.777833][ T75] RAX: ffffffff8433ccfb RBX: ffff888011eea380 RCX: ffff8880007e4a80 [ 85.781370][ T75] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 85.784739][ T75] RBP: ffffc90000cef1f0 R08: ffff888011eea7df R09: 1ffff110023dd4fb [ 85.788364][ T75] R10: dffffc0000000000 R11: ffffed10023dd4fc R12: ffff888011eea3c0 [ 85.792062][ T75] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880124700c0 [ 85.795591][ T75] FS: 0000000000000000(0000) GS:ffff88808c852000(0000) knlGS:0000000000000000 [ 85.799213][ T75] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.802043][ T75] CR2: 000055cc4d7bb620 CR3: 0000000012228000 CR4: 0000000000352ef0 [ 85.806430][ T75] Call Trace: [ 85.808199][ T75] [ 85.809516][ T75] ? __pfx_f2fs_evict_inode+0x10/0x10 [ 85.811689][ T75] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.813937][ T75] ? rcu_is_watching+0x15/0xb0 [ 85.815986][ T75] ? do_raw_spin_unlock+0x4d/0x210 [ 85.818962][ T75] ? __pfx_f2fs_evict_inode+0x10/0x10 [ 85.821155][ T75] evict+0x624/0xb50 [ 85.822986][ T75] ? __pfx_evict+0x10/0x10 [ 85.825387][ T75] ? __pfx_inode_lru_isolate+0x10/0x10 [ 85.828382][ T75] ? list_lru_walk_one+0x3c/0x50 [ 85.830830][ T75] prune_icache_sb+0x223/0x2d0 [ 85.832928][ T75] ? __pfx_prune_icache_sb+0x10/0x10 [ 85.835114][ T75] ? list_lru_count_one+0x27/0x2c0 [ 85.837197][ T75] ? list_lru_count_one+0x27/0x2c0 [ 85.839261][ T75] ? list_lru_count_one+0x264/0x2c0 [ 85.841524][ T75] super_cache_scan+0x38d/0x4a0 [ 85.843855][ T75] do_shrink_slab+0x6d0/0x10e0 [ 85.846561][ T75] shrink_slab+0x838/0x1220 [ 85.848735][ T75] ? shrink_slab+0x1e9/0x1220 [ 85.850690][ T75] ? __pfx_shrink_slab+0x10/0x10 [ 85.852843][ T75] ? __pfx_try_to_shrink_lruvec+0x10/0x10 [ 85.855221][ T75] ? __pfx_get_random_u8+0x10/0x10 [ 85.857453][ T75] shrink_one+0x2a2/0x700 [ 85.859722][ T75] ? shrink_node+0x2daa/0x3a40 [ 85.862343][ T75] shrink_node+0x31d6/0x3a40 [ 85.864380][ T75] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.866375][ T75] ? shrink_node+0x2daa/0x3a40 [ 85.868447][ T75] ? rcu_is_watching+0x15/0xb0 [ 85.870498][ T75] ? kvm_sched_clock_read+0x11/0x20 [ 85.872987][ T75] ? sched_clock+0x3f/0x60 [ 85.875231][ T75] ? percpu_ref_put+0x19/0x180 [ 85.877561][ T75] ? rcu_is_watching+0x15/0xb0 [ 85.879565][ T75] ? percpu_ref_put+0x19/0x180 [ 85.881539][ T75] ? rcu_is_watching+0x15/0xb0 [ 85.883548][ T75] ? percpu_ref_put+0x19/0x180 [ 85.885752][ T75] ? __pfx_shrink_node+0x10/0x10 [ 85.888219][ T75] ? rcu_is_watching+0x15/0xb0 [ 85.890857][ T75] ? percpu_ref_put+0x19/0x180 [ 85.892897][ T75] ? mem_cgroup_iter+0x410/0x440 [ 85.894970][ T75] ? mem_cgroup_iter+0x3b/0x440 [ 85.897206][ T75] kswapd+0x170d/0x2d60 [ 85.899367][ T75] ? kswapd+0x919/0x2d60 [ 85.901566][ T75] ? __pfx_kswapd+0x10/0x10 [ 85.903488][ T75] ? trace_contention_end+0x3d/0x140 [ 85.905635][ T75] ? rcu_is_watching+0x15/0xb0 [ 85.907554][ T75] ? lock_release+0x4b/0x3c0 [ 85.909659][ T75] ? __mutex_unlock_slowpath+0x724/0x8e0 [ 85.912696][ T75] ? __pfx_autoremove_wake_function+0x10/0x10 [ 85.915806][ T75] ? __kthread_parkme+0x71/0x1f0 [ 85.917910][ T75] ? __kthread_parkme+0x196/0x1f0 [ 85.920062][ T75] kthread+0x388/0x470 [ 85.921817][ T75] ? __pfx_kswapd+0x10/0x10 [ 85.923809][ T75] ? __pfx_kthread+0x10/0x10 [ 85.925625][ T75] ret_from_fork+0x514/0xb70 [ 85.927639][ T75] ? __pfx_ret_from_fork+0x10/0x10 [ 85.930306][ T75] ? __switch_to+0xc89/0x1420 [ 85.932633][ T75] ? __pfx_kthread+0x10/0x10 [ 85.934538][ T75] ret_from_fork_asm+0x1a/0x30 [ 85.936583][ T75] [ 85.937961][ T75] Modules linked in: [ 85.941813][ T75] ---[ end trace 0000000000000000 ]--- [ 85.964152][ T75] RIP: 0010:f2fs_evict_inode+0x199c/0x19b0 [ 85.967427][ T75] Code: fd 48 c7 c7 00 a9 9b 8e be 04 00 00 00 e8 7c a5 76 fd 65 49 ff 46 08 e9 b1 e8 ff ff e8 9d 64 92 fd 90 0f 0b e8 95 64 92 fd 90 <0f> 0b e8 8d 64 92 fd 90 0f 0b 90 e9 ea fe ff ff 0f 1f 40 00 90 90 [ 85.978783][ T75] RSP: 0018:ffffc90000cef080 EFLAGS: 00010293 [ 85.981788][ T75] RAX: ffffffff8433ccfb RBX: ffff888011eea380 RCX: ffff8880007e4a80 [ 85.985443][ T75] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 85.989838][ T75] RBP: ffffc90000cef1f0 R08: ffff888011eea7df R09: 1ffff110023dd4fb [ 85.993715][ T75] R10: dffffc0000000000 R11: ffffed10023dd4fc R12: ffff888011eea3c0 [ 85.996858][ T75] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880124700c0 [ 86.000523][ T75] FS: 0000000000000000(0000) GS:ffff88808c852000(0000) knlGS:0000000000000000 [ 86.005086][ T75] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.007771][ T75] CR2: 000055cc4d7bb620 CR3: 0000000012228000 CR4: 0000000000352ef0 [ 86.011456][ T75] Kernel panic - not syncing: Fatal exception [ 86.014380][ T75] Kernel Offset: disabled [ 86.016265][ T75] Rebooting in 86400 seconds.. [ 84.773377][ T5321] tunl0: entered promiscuous mode [ 84.781978][ T5321] netlink: 'syz.0.0': attribute type 4 has an invalid length. [ 84.791853][ T5286] Bluetooth: hci0: command tx timeout [ 84.795206][ T5321] netlink: 9 bytes leftover after parsing attributes in process `syz.0.0'.