Extracting prog: 5m31.571582646s
Minimizing prog: 10m55.369355544s
Simplifying prog options: 4m37.93746093s
Extracting C: 1m20.464333003s
Simplifying C: 0s


extracting reproducer from 32 programs
testing a last program of every proc
single: executing 7 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$cgroup_ro-openat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000400), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1f1, &(0x7f0000000180)="$eJzsmb/L00AYx7+XpHl/IIqLg4uDL6jgmyapyrt0qOAoiFXUwaHYWKppK22EtiC0uLj4BwiuLo4ODk4O/gWuOqggONjRTTi5yyW9xrS0UrTg84HefXO5e567p/QbSEEQxH/Ll88/Pj29eHDtLIBD2MOWGv9mxj0/Mjv/47OHOyhfev7qw4t37cOP3mTjMbGGL5/fBvC2YiICs1TGmdU7mt5T/XUYOKP0DTA4sfzJJUKOEIDhlppzT9OdJGAYOHc6Yf1uMwxc0Xii8UVT0vOLTU3GDHUA23J3nDPtfm8wvF8Lw6CbFQWe5Pnt1qpiUf3k/ioGykiqx7kB4OaTx2NxrWoDF0ZaPw8GPKVLYKgqfYAtOI4zLYl2/uPWNL65zPn/rXgpxdH9v5VUFFiwCWcXgmEjtrFuUVhLHJYdET/odOTYJPFAfc7XFXPdZtiYr0AaF3L28343DC//YWRRMTunUKmY+pNw9lOaP1mwUv8oRq0Hxd5guN9s1RpBI2j7fumCe851z/tFaURxu8D/tqU/7WrxC3Pm2sxGvxZFXa8PRF0vvfbjVnPc6uvOd7nGuNqIF5+MO6aeWemDMgNTH0P2Qp0282eO5p6JIAiCIAiCIAiCIAiCIAginxNgiP8J40y9EM3DvyLfUP4KAAD//79dYrY=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0)
fadvise64(r0, 0xe0ffff, 0x5, 0x3)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare-syz_mount_image$ext4-mount$incfs-openat-openat$incfs-quotactl$Q_SYNC-syz_mount_image$ext4-prctl$PR_SET_SECCOMP-socket$nl_route-bpf$PROG_LOAD_XDP-bpf$MAP_CREATE-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_clone-wait4-mmap-socketpair$unix-fsconfig$FSCONFIG_SET_FLAG-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$packet-setsockopt$packet_int-pipe2-splice-sendmmsg$unix-syz_clone-syz_open_procfs
detailed listing:
executing program 0:
unshare(0x6060600)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200010, &(0x7f0000000f00)={[{@block_validity}, {@nombcache}, {@dioread_lock}, {@norecovery}, {@abort}, {@auto_da_alloc}, {@nodelalloc}, {@usrquota}, {@noauto_da_alloc}]}, 0xfb, 0x54c, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec+9Nzz0593t6Tk5CAhhaE9mPQsSrEfFtEnG47dho5Acn1s5bfXh9NtuSaDQ++yuJJN/XOj/Jfx/MM69ExG9fR5wsbCy3tryyUCqX08U8P1mvXJmsLa+culQpzafz6eXpmZkz78xMv//eu32r65vn//nh07sfnfnm+Or3v9w/cjuJs3EoP9Zejx240Z6ZiIn8ORmLs0+cONWHwgZJstsXwLaM5HE+FlkfcDhG8qgH/v++iogGMKQS8Q9DqjUOaM3t+zQPfmE8+HBtArSx/qNrr43Evubc6MBq8tjMKJvvjveh/KyMX/+8czvbon+vQwBs6cbNiDg9Orqx/0vy/m/7TvdwzpNl6P/g+bmbjX/e6jT+KayPf6LD+Odgh9jdjq3jv3C/D8V0lY3/Pug4/l1ftBofyXMvNcd8Y8nFS+U069tejogTMbY3y2+2nnNm9V6j27H28V+2ZeW3xoL5ddwf3fv4Y+ZK9dJO6tzuwc2I1zqOf5P19k86tH/2fJzvsYxj6Z3Xux3buv7PVuPniDc6tv+jFa1k8/XJyeb9MNm6Kzb6+9ax37uVv9v1z9r/wOb1H0/a12trT1/GT/v+Tbsd2+79vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr/Kz+J45v3v91uv/3R8QXPdb/1tFbXU8dhPafe6r2f/rEvY+//LFb+b21/9vN1Il8Ty/9X68XuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G5XHgAAAAAAAAAAAAAAAAAAAAbEwS6f/8/8MbLbVwc8c77yG4bXlvHfj296AgaS//8wvMQ/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/AMAAAAAAAAAAAAAAAAAAAAAAAAAAEBfnT93Ltsaqw+vz2b5uavLSwvVq6fm0tpCsbI0W5ytLl4pzler8+W0OFutbPX3ytXqlanpWLo2WU9r9cna8sqFSnXpcv3CpUppPr2Qjj2XWgEAAAAAAAAAAAAAAAAAAMCLpba8slAql9NFCYltJUYH4zIk+pzY7Z4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB75LwAA///MUDi3")
mount$incfs(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
openat$incfs(r0, &(0x7f0000000180)='.pending_reads\x00', 0x10b441, 0x63)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000540)='ext2\x00', &(0x7f00000001c0)='./file2\x00', 0x180088, &(0x7f0000000740)={[{@commit={'commit', 0x3d, 0x8000}}, {@min_batch_time}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x8f}}], [{@mask={'mask', 0x3d, 'MAY_APPEND'}}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x80000000, 0xfffffffffffffffc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
splice(r3, 0x0, r4, 0x0, 0x6, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r5 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
syz_open_procfs(r5, &(0x7f0000000100)='net/llc/socket\x00')

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-prlimit64-sched_setscheduler-getpid-sched_setscheduler-chdir-mremap-lseek-getdents64-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-syz_mount_image$erofs-openat-fadvise64-bpf$BPF_RAW_TRACEPOINT_OPEN-io_setup-io_getevents-socket$inet6_udplite-sendmmsg$inet6-sendto$inet6-sendmmsg$inet6-mkdirat
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000086d578fb9dde86059a969968cfb20c14ee30aad89e44f5abe4988c5c25d5f454fe8ebfa0dc169188ad032f6c407facd4b1f63f7d66a07a2a529547bc8c6206f995e577c222a1ce3c831490f1c6cc5312826a1b166980db0400d818df02c4bb55da0a039d46ca33a2649cc1e47e9e73695b2b6a3adcf722b20dd65977e0162572a57d6faacd5037c1e5e599bc73558761b2ff871b5036eb8a6b8d91df0a625ea9887148217d0d286c9faecbdd4642367b385e50fa5d4235ac6987b0b8321cf8002d0e5966e4f51b1f67fb2e0c909f1b84e4894f09cdc4981841a5ac1e09cc249331901b8277171af40de6bb78f75410a00ccfdbab92cdf60d46c3bb", @ANYRES32=r0, @ANYRESDEC=r0], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
chdir(&(0x7f0000000340)='./cgroup\x00')
mremap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
lseek(0xffffffffffffffff, 0x3, 0x1)
getdents64(0xffffffffffffffff, &(0x7f0000000000)=""/168, 0xa8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000001e40)='./file1\x00', 0x1000c01, &(0x7f0000000000)=ANY=[], 0x2, 0x21a, &(0x7f00000006c0)="$eJzsmb9rFEEUx78zu7d3F0Ww0MLmmoARzN7unkoakdgHhETU8jBriE5ycjkkCQgGGxv/AP8Ri1QWdnYWVhYqCBamFBTBkfl1O5fcyt1GbHwfyOQ7k3lv3puZvIVdEATx3/Lp47cPz68vrFwEcBKzqNvxL4GbEYJ789+/CGpWvt489Xj/sD8GQMqiH5as66ZEAF4tBsAT41ZK3xqYtT5XwLVW3ATHBatvgSF2scrCOgfDHTt839O9Jn5oIXJ2tydW762LPFFNqppMNZ0iOhP/wR7DKoCGXYJ58W3t7D7oCqBvhMidqFkfxUhlUbKFRXyLHFe9LVDndfvZ0z3Vj+144u1fCo7U6g4Ylq1eQB1xHLdsN0+9/M+Fhf/AHJuX/6SZNI63EdOK0/PH9XNtugTdf8/on35JkX+Xfz3BqNIRlAt1rauaqzimt+Kto1ZRBT9TCnZ4RGU+HDl7sP/mqNXnkZF3S2VLMPzTGz6R0IVr3OG+nRFiaazVGSuaw0IzzrO7gaVXwtQPFgLnvfoUek+F9mDjYXtrZ3d+faO7lq/lm1nWuZJcSpLLWVvXZtP+of41dH2a8fzXSuZGLMJ2dzDop9vAoJ8O+5lpvYq7/LL3VdtwXf845n5K6R4vOu36+DWY/eH69wkAc0Fp8ARBEARBEARBEARBEARBEBNiXkm2wGDfVeqPcTX3YWyEMLuBR03gdwAAAP//fcxapQ==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
fadvise64(r3, 0x57fff, 0x80000, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
io_setup(0x40, &(0x7f00000002c0)=<r4=>0x0)
io_getevents(r4, 0xfffffffffffffff7, 0x4, &(0x7f0000000380)=[{}, {}, {}, {}], 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r5, &(0x7f0000000540)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801)
sendto$inet6(r5, &(0x7f0000000380)="9a751f0e4be4be2e7d03ab7bf898086e4001de9423974e9ff76114be7709cec446fcc04fd9573882cc", 0x29, 0x480c0, 0x0, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="114aa8a4", 0x4}], 0x1}}], 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x2a)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_route_sched-prlimit64-socket$inet6-bind$inet6-bind$inet6-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-syz_open_procfs-socket$inet6-connect$inet6-connect$inet6-openat$ptmx-sendmmsg$inet6-syz_usb_connect-pipe2-write$P9_RGETLOCK-pipe2-tee-splice-read$FUSE-socket$packet-setsockopt$packet_fanout
detailed listing:
executing program 0:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3a)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x2, 0x0, @mcast2, 0x1f}, 0x1c) (async)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @dev}, 0x19) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64)
r1 = getpid() (rerun: 64)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x748a0a6e055a2aa0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) (async, rerun: 32)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (rerun: 32)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') (rerun: 32)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) (async)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) (async)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async, rerun: 32)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) (async, rerun: 32)
syz_usb_connect(0x0, 0x39f, &(0x7f0000002340)=ANY=[@ANYRES64=r2, @ANYRESOCT=r3, @ANYRES16=r1, @ANYRESDEC=r4, @ANYRESDEC, @ANYRESOCT], 0x0) (async, rerun: 64)
pipe2(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0) (rerun: 64)
write$P9_RGETLOCK(r6, &(0x7f0000000040)=ANY=[], 0xffffff6a) (async)
pipe2(&(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
tee(r5, r8, 0xfffffffffffffc01, 0x0) (async, rerun: 64)
splice(r5, 0x0, r8, 0x0, 0x9aa7, 0x0) (rerun: 64)
read$FUSE(r7, &(0x7f0000000280)={0x2020}, 0x2020)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS-openat$ppp-ioctl$PPPIOCATTCHAN-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nl802154-ioctl$sock_SIOCGIFINDEX_802154-ioctl$sock_SIOCGIFINDEX_802154-ioctl$sock_SIOCGIFINDEX_802154-ioctl$sock_SIOCGIFINDEX_802154-ioctl$sock_SIOCGIFINDEX_802154-ioctl$sock_SIOCGIFINDEX_802154-sendmsg$NL802154_CMD_GET_SEC_DEV-socket$inet6_udplite-setsockopt$inet6_MCAST_MSFILTER-setsockopt$inet6_MCAST_MSFILTER-syz_open_dev$usbfs-openat$tun-ioctl$TUNSETOFFLOAD-ioctl$TUNSETOFFLOAD-writev-syz_genetlink_get_family_id$ieee802154-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LLSEC_DEL_KEY-fcntl$dupfd-ioctl$BLKPG-socket$nl_generic-sendmsg$NL80211_CMD_GET_STATION-ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL-ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL-ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL-epoll_ctl$EPOLL_CTL_DEL-epoll_ctl$EPOLL_CTL_DEL-sendmsg$NL802154_CMD_DEL_SEC_DEV-sendmsg$NET_DM_CMD_START-sendmsg$NET_DM_CMD_START
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000001580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001540)={&(0x7f00000000c0)={0x1454, r1, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x121, 0x2a, [@ibss={0x6, 0x2, 0x2}, @measure_req={0x26, 0xd9, {0x2, 0x8, 0x3, "6f26713e0a62f554e4f39c421e585c0155fcae0df981217d8bfbd8b2b9bd1cc407d8458751679901cc2a9cc97ddbbb19cfe05a3077b42e85d47e2982b2cd24635c0767879aa8cecf7174e799ffdabb6d7bc6ebb58b48664d1a08c32f916c6fae32a37b0ebd70b80a3961cd0d65836a45b3485e82df8f46d3e83eece316e8c2b1f1a5ff74fd14fa6fd708c6394aefffdb1fb29c2db13083e0ae0aa63fed5ecb50f8ba83a3bcb395da0a3a05269b7118045b165b1078811e5eb78ace9b94a11a8129445e0b60628bf2acc6df466a0f2ce5a604cd181296"}}, @chsw_timing={0x68, 0x4, {0x3, 0xf}}, @mic={0x8c, 0x18, {0xeb7, "1940aeb6d4da", @long="a28226ee6d66b803f7e682add1875c96"}}, @cf={0x4, 0x6, {0x18, 0x0, 0xfffc, 0x9}}, @ibss={0x6, 0x2, 0xc}, @mic={0x8c, 0x10, {0x25a, "3a5eb9694a05", @short="2d7e13032218c353"}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0x70, 0xfc, "2de950ec2d88ec51fd6593558506a4d8eaff20006dde09a7ef4700584a2808a35d8efe9fd0722f9839d5bccec75abd8a25a9a897cb048ab2cb5a1840da8f239be62d13d55652297dabc1242b114994304e6f682bea036cbb88e54476c2f52ae76ffc0e31e64643f205955a2f"}, @NL80211_ATTR_FILS_ERP_RRK={0xd5, 0xfc, "f75fb3f62bb2ea5df1a2786754696c43eaf257232811e16bcd097100e447aac458774d45cae885f9b4d5b62db9024e624508d04626c8409f56cfd9904c5fb1d0e5d42ce76753e063a1d885a72b650b37667fb985620125fa08d85b83e06d5fb18008d5edf76266431f1fe157a9eaf3b620ee680091f5e4ef9cdd509b0cc00da037f11e390abe7bc92dddb0e68e5d47e8797289db31082fed4608366142b097ff67a8c29caf5e8f07c888aa6af9401a09577d01c3dab7b5e9c922d5d523e155174c1a63d74a751f8b3d56d094845a53a384"}, @NL80211_ATTR_FILS_ERP_REALM={0x4}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x2}], @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x7de4}, @NL80211_ATTR_FILS_ERP_REALM={0x9c, 0xfa, "66ca5870142dabc3dcfdee1701687de018eabf01c206133ad23d8ef1f95461a4673e8935caed387660a6404d822baca449c82786de80c7794909ab81f5b358526df86616372938b664375f423bc11058c900aa6bfc53ecaae3ca51854d41fdd888fdc26459e4c0373d31fa00a0d88101e2cac10c855d94cb0749c0b3cac1acee7bf1c57b79da22b64a8c5f079d8e728aca19c78a762735b3"}, @NL80211_ATTR_FILS_ERP_REALM={0x1004, 0xfa, "eec5f80920cc996caf049e54f5154ae060f437acb965c518ebe3756859fbd460f69ca1ca1f42ae3aa14f6895d08cba0284a0af7156e5762ea3c65cfea5f5123bb7639d3604df6a911e4978c7b2d866a7a77c74eda33c27a94d794c1b3c356f8428c0250457f6999af0f99f5aa87bea4eb602a10eb99f706c77d3cc7f5b7d15a038ef10b02394be91cd6df75c6237999120652f190ae44d0ac7c799fc8c6d615881ffcdc774e9aa0a91110d79581ae9219e5bbf28804c5badec2de14ca75c506da7579cbc053fc62becc76bc75e237dacf5f4043ae72055fb5d278ba69d3dea9230a429f4ab2dd98fcf94af4ef4840c410ff2b86477be304f904f704ddac14da55fb8b1925966e14600c5ff06cb67be227cd52d4cea846d72f25630035f2c7bc999e55738d2b46e9e746fc4e3c80a7bdd35e49404316261ce1cf9f8528887ada96a8431a5564582547e3ed31d0b462d0359f16d5cb1ce0c484104d8d50e9b52d83082ae7d1c908230dfafbcfcb23b9d1747c47083935fbe22455af3e075b1d3674f7add59c4a26893424df7aed472c93004103a85d0afd1146162f251af06bcfd42bb4a15fc4df493d177d6e51b2468999134595eccb9539d0514cf8a44a6630db90525189994790670c92bd063a8c4ce4dbf415bbdc845d965be05fab85877de515c338e6fb10d8e72bdcecbf4206997377a6d507a8aada108189e5acfea3764947cea1f7aafe86806f487d08f16835efd28b95bfe56b9cdf0e48f518b18a9bcfb05d2f0b043692ea92f882a04ff05fdca7baf1845571202697bb8849792cc27cbb1d6597faa3d84846785575a26161f34359ef930cd6db807265869f65a961bc952fb8e284b3abc4de059cdea597bb2cd682f68e2e2a86d13551815f7879b94b4e98f8fc6429a5f71adf0c36c30b45708ffec333f3bd10c599f4b9da3e6ad8093a2463f643b40ef5ed929a52a16ad637ab7a9ee5124f7410d1d93121b8aa99159b638b15465544496a46f77052ef41a0f5b13dfb70a00f1da3c48864d7949fcbe5d7065f07c5913475d1a683152e9984481763d73bdbcd5560cba5a395579eb960441e23a24943fb21692f675b90bd6c054a56a6bd55cd495e7402e2ce0832ab59ae4bf9bc482a5955cabee7408c59fb1003fba10063fc65634d62568ef9236a1f46f5b451fe6e19718caad08a4d4db1984154e18affacdd4f5b45f19a8cb75d8e5c7f85f11136d7e072c24d1b57d13f0f69ee51296bd2c127de4b9fa6622149824a1011c51801ddcd739e0207265d17848edc0f22710b7586900784b1ad91edc3aa44379c1904f4a2cbc57e4d0ea077100fef70d718382f436af38407defdee62834c67ed454d7f1ca19464eb8a2f155ca3acc1012879a9e8985e529d8964394ecb5d882209d433ed2ea1df916a94d0cf8e34114c290bb753aafca6eed502c538f96738b67518d4c2cf2d67ea2ee0a1ff0620d9c8dc19a5481a0d69cd8c6c4dbe56c3effe5dccc9ec1b8a4d7f0aed1eaf7f5a287e19ee8649a566446ece717fbe48eaf6c1e94b2842400ca46d286c9b00f44e9e6f3c0eff935739a974009695704a390fd001700c25bc544759c06c99e9141c64f19df04520d58b83c7a727818c2e74e297bc4675b9ba8e8b9ff63ed90483de6592e53e999955cd173ec9a31824fa26c6b2fab951fdec15b9f623a0e537b33d410e67a9775a396b2b17aecb35a6c8f2643482dd0634d049991bc2fbd46169117a82742682d09df10cdea4c56dae559000fab72f8478e4df115dd309f438020f413532df6e28a6f8e04a7973cef5238477c55b1ee959fdfd9e11b50cae4fc7de89783a85eabdf3f0e60283348c158a1b773f1d1583fc4f9a60591f2d620efc5244800d6b709e748051d21ed6c2e5b5ce51ee1f4e6457f0287b730842c987222016c28f4eabe3e7e3920bfbd1dcef2f17e0e7a3373058c2ce854a216c9bdfd6f0f6659d5ade8028af124f9c7bc638250dd8bd1bf7460fdfbcdc102192378577df85568411a9c32c010d84b3605e100a383054010ea026443657547c7b4b5989dba1c66fc7f8ad33edb036ad712f31b7393e62454f89fa2c767682f8edcaaf852a1bc0174404d4706fe00b4d1c7e2e717ad6828441f4066e9ff8333bbc59fc7a64c281f62cb624807990ceffc0cd9e7c39ab6a3a377239ee1535fefae083ded4a46b800d8a62544d81f57d1fa37f319c2fcbdec5a9a29c4268dc602198912fc25b2c9fa8b70e1c4a9227e9cd587c3d5c74745e643148af404411cc66ef965129d71a7ae9d6a20f44a7175075dd8bb2fe6ad68bdb64017b114fddc0ecadc0d30008d0ccf1487f4a662c9c11b67f1af2a3b6ef44326736fa0a761e2d2cab1b35825d8be29b9230fb66242b9a81915070707e916e91bc53e9cfc06e25f15e61526ea8976c62f0a2075fedaa57eb11fb859299bbb3366bfdb4f18b4770a3376a435e2c3acc528a606f85a04e1daa7a69f91477b1c8168d0dbf530c0fe64a2620f20ce71dcbc11ddb59d375deb1d643e144233117cd3b581a923a3a7fb46fd50870dbcd480303b191bb95193ce4ba20875cc148e8ee6d03bf42ade6adc868f414d84306a23ff5587a308d5f4771359f36e6cfd345d3bf3d3ff2fb6bfffaf3b1808e4cadb9b72dc269ef98209e8b3035e4c9d5a19c7599d3209ffce2c8dc6d241d439187d30111c622056bf75250f578c35afe7737fde27534bee4c675ab3f188e0744f846ecafb305ab7a6c483cf3ff90d0f3d43bab30fffa3113e1a723ed5b188290974120ad3da04bdd61cc6a07ce3d906a5f804aa3934964c5e537dbb476f1c276890f590e14fc165413dad3fc697f8f5126d946c3988a401c51b06fbfd20fe1c899ce45e9b05029b06080b34698362b3a3d4b1eca61341f802ada5b3d119d6b2fc4f7879533f55e7fea611d359f16bfba0a2f9d528dabbe220b9c25d284c01c76ed18f02261e83fb28de1ead4e712965329993671f96ee8d08582733d9f9ba14b82554c006551b07c8c2affcbb14ffcc7e807f3eea00c4804de1f897bc404c97e4121a9fffc376e21f25fd87fdc55a9735d56a8bab452646e486783f9969885a61b16e0a4f0918f410cb032f3bb55da8bb946ab1df85245ff9c28bf1c9a40baa81e5f2571d30f3ed82b321cf1690e16ed77131c84beb8b19bab22b907c8a14d994b1c819312edaf8151f6ee5adf79958955cd31c0450f069c7231078f079ef1eced0964e90483f07447ec41f1005280506a086ff24daa1ffa2e967211b7eaa4d3d1a9ae0f6c68940d2a72c56d28a72004db883df382e8e6e9c76b04549fe274ebe4d67217b2ed215e602946a03c7de49428a52f8d30114b3bb2742c10f5d91f7d60e55a445d43325eaf3768b71ed3bee2634f80942b079beaec308ad4c4321bca0ffb1bb5705b916131c2d9ba0310d602672f9ebdbf4ed554cfbac8dc84a4a8b0258d5bf124f4efc3a5c99d13207d5858ebfec61dd4e38ceb4107a3f4743992783560747d77e7fa769e2758f4f154265c3483e9089272fc21a0f79f410ebcaf9eb08834e2a6c414a8ee0c2821db239fc4c1390f06d7c1c276070d3606d8e6be9dc0427cf4c5f08972e4af24f71fd892d618883a64d335a7d21b6bd99d1982e317918aa5ad92897771c6989e404f4854f4642c4d4158d13e893506374c5efb2db904349652ef994d0ab49b576dc42f439bb53b9a1aa20309831ecfd918b02e467e627e9edfdd59d1bbbc65cac44721135cc87fbfbb886cc35d38fa748a548a0373e9ead4c4898977764c096629fb83ec25e99d4d99613e7dad0d67955e8a1f87b31b6751f095eef16336ba8fafef1af7c2495c0f45600dc5655628f72caed1c8eaae380f3b7f8560090630c3554470f17a80395f1479cfecd89627931d09cad2678dee83e5300094ee8179776ba6b82ffce56932f9451b326d0071f5beca50c9badbb1edffa85712df2649f0e15ca36277d47b5075471bf0159ba3cbbf37ca70a1354dfa1d74121dd304386d429b20606a3abe1f6456441512a47fa066e18cd1a000f5bf602f08528070235116b5f474838645f4db51f635cf3bbc1a6f0cc60c20a52a149eaea277417f50c0d97b308eb076c260dc79fd4400423e8772aeec04e4f6767f2c241c79fddffe679d31848eef0c27de57bd70734ee1505df60c606fc0fc6bb50086829cedc64417d1dc6ea3b0684ae48201e11aa3d762cb85890e9858b793905c98926c74acbee016006dc42c3a3ecc3a330b705c4991059787503b01659beedf601b312eab6fd1963ddfcd49871c9c3324055554994a55fc104f68458a316a67ee34eee826ad95263c22b9b5b9a1cfb2e3253263d6ca3e752aff2ba7e858f8d85d41828e3cf498cd135e26b5351e468c806043bedaa3797bff3abf20e26fa0c6286afd032edca17b8a8141a2e91ffc9731f17e599db62a29fd648244c6033acadbdb691a6e50b33a47af9c14b8ef8ef7d4467482bd48edea6c6e58103b2c600365f17f0a98e07ec6cb03e0690143b7d7fd52a5bf04173ab6885f3d9313927acdf0fa7b27da38be22155ffc150c868667039015abad9f6cc7f022ed062ef71ac1ebd39cd719a23712a69c6b50d8675f28c96bff957f1149349013d1ae070f0355c3ba71bc55afbaf11b6386249eb335400dedb83e8630ce6bb5c582e8a0e90d322215789c0f28ea45171801a1a18986ca65b39a35012dda4407f50d67edc8ed3f48533e48a4aa2f72f61c69abd1376d62a83a1a18b5d0119287f5c5a4a3b903769d155ec538420f10242f37a48a2558f5e16ac80d85148b6bdc544c2d54c70f94ee44c094938ea776dd5fdc66b0267871d6dbf104be2a1ffaf4c850d152a2fd0319f21988bb1a8b891accc882de4a90b6578b14138a49476053aca3e15ec0a3e6d05fe325d2552de0aafcd2c3d9187ddcb426b9b6e3f4a7cae82170a13f112525097ae184fc7e78d8087ed363d89fd394bf2fe3ef159124e60eab8151c7479383453369cf83d6ae7ac92ef2edd5e566b0c636f9630cb3a5c7618b34729053b3cbd29acb7e72ae12aada6975fb23857b1f133cc9500ecaae6343bf70b94531e61f6cd22836f3e133eaa1cc1147a6b9f3104ab8af77d9aa41a6d3311ddf47b006dd7dd958b58887664f62553f4cb13fec278be279f80f8e4e2f5f8c74b1e5f48d472ac042febb1a4ab79e8619f5df2489f2ca20b8a76ed203c26608f7b4bfa8fec5c3696a2df946f723592b8d85efa93f7d635da0f42c24968ac3d9fdbae28f10c921448e32e03bb4d1e1a54f8cf15b57d5d85eb970dbfc8f1b453d3198c703d349b82d412807a73eef7a84363980ce18f97b7dfdaeddea68d536509f1e80389339863e3a7ccf8467efe9ef1492a58f2f80e5eae26dd6ce8d36da06b2167040a367bb416ed39bcad5cb175da0310916bab75be836790ddf6612ddb77fa4f24e5756f2b013d2f235ed450faf004920a45aaf7b5c6797483d25c3fe837a2856ba0fb6dacc74f52784ab6d1a5955bc927cf004bb3617eef656f32c04f53dd035ce620e4cf48e8910f9c35537513e164b6cbef2fab4f5541c855e42bcabfe07bebc63c245f8695d518e44f9eedfb4d8fc1d1ba70fdd821ffe0ae97f191ec0213ef31fdc92c222e9363b44baa9fb7e87e04b74f223f95203577ba781363dc2a45400f0462aa8e35d0f83736c7b2193f1bf3f85ba25a9220f52179233b7cb5598ec7dc122fb9506b8c9596383a20ee37d6910eeeab4aa41c4b616f4bb8c9dc073534975ffe0c900c4c2f4af3833a"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x40}, @NL80211_ATTR_FILS_ERP_USERNAME={0x14, 0xf9, "edf522e4bb4323d6d32f786b77e81a11"}, @NL80211_ATTR_FILS_ERP_REALM={0x6c, 0xfa, "6d69f2974171bebf08100d790b427afe2d51bfb6df6b7eee2f161400dbd6ad5edc42f81b8dd5c1ce85ecbf6004638c2af86a48a9d1901cd858af06165a0dd854b16448d53cf6d1714b81a7358217c1bc522fbe935406ff01ecde394b1b1ccae8ae57043079335182"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x11, 0xf9, "98068930aa7645a5bc4586b815"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x13, 0xf9, "267745a94372ebd547c7d92afb266e"}, @NL80211_ATTR_FILS_ERP_RRK={0x65, 0xfc, "75023a1c8de03ca76d340522f1355d97572d643aabe0549138fd71b46494aeb5f355145321bfb34809c8922ed5fe4375dafc9d5fc79da103f42dd31f07af8e650dc1ac1cebb2f5e4e9a49ecb1521ff4657545918f0237c584dfad0ffa073300422"}]]}, 0x1454}, 0x1, 0x0, 0x0, 0x1}, 0x44081)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x8000, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000001600)=0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001680), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000016c0)={'wpan4\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000016c0)={'wpan4\x00', <r6=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001700)={'wpan1\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001740)={'wpan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001740)={'wpan1\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001780)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(r4, &(0x7f0000001880)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001840)={&(0x7f00000017c0)={0x58, r5, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0xac9bcc5590cee93f}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x58}, 0x1, 0x0, 0x0, 0x4068004}, 0x20008040)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r10, 0x29, 0x30, &(0x7f00000018c0)={0xfffffff8, {{0xa, 0x4e22, 0x354, @dev={0xfe, 0x80, '\x00', 0x20}, 0x2}}, 0x0, 0x5, [{{0xa, 0x4e23, 0x7, @local, 0x1}}, {{0xa, 0x4e23, 0x2, @mcast2, 0x9}}, {{0xa, 0x4e24, 0x8000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}}, {{0xa, 0x4e22, 0x7a, @loopback, 0x6}}, {{0xa, 0x4e24, 0x8, @private2, 0x2}}]}, 0x310) (async)
setsockopt$inet6_MCAST_MSFILTER(r10, 0x29, 0x30, &(0x7f00000018c0)={0xfffffff8, {{0xa, 0x4e22, 0x354, @dev={0xfe, 0x80, '\x00', 0x20}, 0x2}}, 0x0, 0x5, [{{0xa, 0x4e23, 0x7, @local, 0x1}}, {{0xa, 0x4e23, 0x2, @mcast2, 0x9}}, {{0xa, 0x4e24, 0x8000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}}, {{0xa, 0x4e22, 0x7a, @loopback, 0x6}}, {{0xa, 0x4e24, 0x8, @private2, 0x2}}]}, 0x310)
r11 = syz_open_dev$usbfs(&(0x7f0000001c00), 0x7, 0x100)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000001c40), 0x40000, 0x0)
ioctl$TUNSETOFFLOAD(r12, 0x400454d0, 0x1) (async)
ioctl$TUNSETOFFLOAD(r12, 0x400454d0, 0x1)
writev(r0, &(0x7f0000001d00)=[{&(0x7f0000001c80)="4c56b4fe56db9a03739808b9cbc6590b7bb52fdb7aaa0d5ed33b8c641bce020a417b4211e74e19e73b6f0de137f37c5494cd689783d4784066cb60e340dfc5d01c2d66ddfdd35c2254862778a102cecfdc9f8a32ebfc56bd5e588b831adb6889a82a67fe1f6e0d886846e88e", 0x6c}], 0x1)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000001d80), 0xffffffffffffffff) (async)
r13 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001d80), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000001e80)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x42200009}, 0xc, &(0x7f0000001e40)={&(0x7f0000001dc0)={0x64, r13, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x5790c7fe5b81e16d}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r14 = fcntl$dupfd(r0, 0x406, r11)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000001f80)={0x1, 0x0, 0x98, &(0x7f0000001ec0)={0x3fbe, 0x0, 0x13}})
r15 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_STATION(r15, &(0x7f00000020c0)={&(0x7f0000001fc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002080)={&(0x7f0000002000)={0x74, r1, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x7}]}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x401, 0x40}}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0xb}}, @NL80211_ATTR_STA_CAPABILITY={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x4}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x1}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1c3}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x4004}, 0x8800)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r10, 0x89f2, &(0x7f0000002180)={'syztnl0\x00', &(0x7f0000002100)={'syztnl1\x00', 0x0, 0x2f, 0xfc, 0x4, 0x4, 0x12, @private2, @ipv4={'\x00', '\xff\xff', @empty}, 0x8, 0x10, 0x7fff, 0x80}}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r10, 0x89f2, &(0x7f0000002180)={'syztnl0\x00', &(0x7f0000002100)={'syztnl1\x00', <r16=>0x0, 0x2f, 0xfc, 0x4, 0x4, 0x12, @private2, @ipv4={'\x00', '\xff\xff', @empty}, 0x8, 0x10, 0x7fff, 0x80}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r14, 0x89f2, &(0x7f0000002340)={'gre0\x00', &(0x7f00000021c0)={'gretap0\x00', r16, 0x8000, 0x7800, 0xfff, 0x1, {{0x49, 0x4, 0x1, 0x24, 0x124, 0x65, 0x0, 0x6, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x3a}, @empty, {[@timestamp={0x44, 0x14, 0x9d, 0x0, 0x6, [0x3ec2, 0x4, 0x9, 0x7]}, @ra={0x94, 0x4}, @cipso={0x86, 0x60, 0x0, [{0x6, 0x8, "564d791ec7b0"}, {0x2, 0x2}, {0x1, 0x10, "21e0e621fce355c731f7ecc70283"}, {0x5, 0xc, "d187aaf6ce49210e6311"}, {0x5, 0x8, "12dc32916b9a"}, {0x1, 0xf, "816dae44215ce52fb517cafce7"}, {0x7, 0x3, 'j'}, {0x6, 0xa, "b1e8b94844b0c424"}, {0x2, 0x10, "96a869133cee47b16f9556c613a2"}]}, @timestamp_prespec={0x44, 0x44, 0x90, 0x3, 0x4, [{@local, 0x1}, {@broadcast, 0x5}, {@multicast2, 0xf}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8000}, {@private=0xa010100, 0xafd7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@empty, 0x9b48}]}, @end, @ssrr={0x89, 0x17, 0xe3, [@empty, @private=0xa010101, @rand_addr=0x64010100, @remote, @broadcast]}, @ssrr={0x89, 0xb, 0xd7, [@rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x7}]}, @cipso={0x86, 0x2a, 0x1, [{0x5, 0x2}, {0x0, 0x4, "b663"}, {0x5, 0x11, "6f0974aa52cdf18b47b7b7e5038a93"}, {0x1, 0xd, "ec7bd29ebdb3f6b9413431"}]}, @end, @ra={0x94, 0x4}]}}}}})
epoll_ctl$EPOLL_CTL_DEL(r14, 0x2, r11) (async)
epoll_ctl$EPOLL_CTL_DEL(r14, 0x2, r11)
sendmsg$NL802154_CMD_DEL_SEC_DEV(r4, &(0x7f0000002480)={&(0x7f0000002380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000002440)={&(0x7f00000023c0)={0x44, r5, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000800)
sendmsg$NET_DM_CMD_START(r4, &(0x7f00000025c0)={&(0x7f00000024c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000002580)={&(0x7f0000002540)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44044}, 0x1) (async)
sendmsg$NET_DM_CMD_START(r4, &(0x7f00000025c0)={&(0x7f00000024c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000002580)={&(0x7f0000002540)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44044}, 0x1)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-syz_open_dev$loop-bpf$PROG_LOAD-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000004, &(0x7f0000000d80)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00', @ANYBLOB="1a961083c216e398b3852441fbacd14539194e81e2ec74ea00af4757fd632db5866c80f5b55492be6ad393d28d63023cd2e764a6bb41fa00d6c103356045fc3ade2c93339a56afb89b72a46f475c860a952e02dbf9c947a7cb75e89843f6d981fe7eed0ef37d5ab46550aa22", @ANYRES64], 0x6, 0x2bb, &(0x7f0000001240)="$eJzs3U9rI2UcB/DfpMkkKpgcPInggB48Ldu9ekmRXRB7cslBPWhxtyBNEFoo+AdjT169ePDgKxAEX4gX34HgVfBmhcLITGaapI1pIk3rls/n0l+feb4zv5k+tNNDn370yujgSRb7J1/+Fp1OEo1+9OM0iV40ovZ1zOl/GwDAs+w0z+PPfGKdXBIRnc21BQBs0Io//188r36+kbYAgA16/N777+zs7j58N8s68Wj0zfGg+M2++Dg5vrMfn8Qwnsb96MZZRPmi0IrybaEoH+V5Pm5mhV68PhofD4rk6MNfqvPv/BFR5rejG71y6Pxto8y/vftwO5uYyY+LPp6vrt8v8g+iGy+dh+fyDxbkY5DGG6/N9H8vuvHrx/FpDONJ2cQ0/9V2lr2Vf/fXFx8U7RX5ZHw8aJfzpvKtG/7SAAAAAAAAAAAAAAAAAAAAAABwh92r9s5pR7l/TzFU7b+zdVZ80oqs1pvfn2eST+oTze4PlOf5OI8f6v117mdZllcTp/lmvNyM5u3cNQAAAAAAAAAAAAAAAAAAAPy/HH32+cHecPj08FqKejeAZkT8/Tjiv56nPzPyaiyf3K6uuTccNqpyfk5zdiS26jlJxNI2ipu4psdyVfHcpZ6r4sef1j1h5+o5rcXXus6iXl0He8niZ9iOeqRTLZLv04jpnDRWvFb6b4fyWGf5pQsPdde+9/SFshgvmRPJssbe/H3y5KqR5OJdpOVTXRhvVcVM/MLaWGk9R2cSv/y9IrFbBwAAAAAAAAAAAAAAAAAAbNT0r38XHDxZGm3k7Y21BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avr//9coxlV4hclpHB41bvkeAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPv+CQAA///WoVye")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x7c}, [@ldst={0x6, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-syz_open_dev$loop-bpf$PROG_LOAD-openat$cgroup_ro-ioctl$LOOP_CONFIGURE
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000004, &(0x7f0000000d80)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00', @ANYBLOB="1a961083c216e398b3852441fbacd14539194e81e2ec74ea00af4757fd632db5866c80f5b55492be6ad393d28d63023cd2e764a6bb41fa00d6c103356045fc3ade2c93339a56afb89b72a46f475c860a952e02dbf9c947a7cb75e89843f6d981fe7eed0ef37d5ab46550aa22", @ANYRES64], 0x6, 0x2bb, &(0x7f0000001240)="$eJzs3U9rI2UcB/DfpMkkKpgcPInggB48Ldu9ekmRXRB7cslBPWhxtyBNEFoo+AdjT169ePDgKxAEX4gX34HgVfBmhcLITGaapI1pIk3rls/n0l+feb4zv5k+tNNDn370yujgSRb7J1/+Fp1OEo1+9OM0iV40ovZ1zOl/GwDAs+w0z+PPfGKdXBIRnc21BQBs0Io//188r36+kbYAgA16/N777+zs7j58N8s68Wj0zfGg+M2++Dg5vrMfn8Qwnsb96MZZRPmi0IrybaEoH+V5Pm5mhV68PhofD4rk6MNfqvPv/BFR5rejG71y6Pxto8y/vftwO5uYyY+LPp6vrt8v8g+iGy+dh+fyDxbkY5DGG6/N9H8vuvHrx/FpDONJ2cQ0/9V2lr2Vf/fXFx8U7RX5ZHw8aJfzpvKtG/7SAAAAAAAAAAAAAAAAAAAAAABwh92r9s5pR7l/TzFU7b+zdVZ80oqs1pvfn2eST+oTze4PlOf5OI8f6v117mdZllcTp/lmvNyM5u3cNQAAAAAAAAAAAAAAAAAAAPy/HH32+cHecPj08FqKejeAZkT8/Tjiv56nPzPyaiyf3K6uuTccNqpyfk5zdiS26jlJxNI2ipu4psdyVfHcpZ6r4sef1j1h5+o5rcXXus6iXl0He8niZ9iOeqRTLZLv04jpnDRWvFb6b4fyWGf5pQsPdde+9/SFshgvmRPJssbe/H3y5KqR5OJdpOVTXRhvVcVM/MLaWGk9R2cSv/y9IrFbBwAAAAAAAAAAAAAAAAAAbNT0r38XHDxZGm3k7Y21BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avr//9coxlV4hclpHB41bvkeAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPv+CQAA///WoVye")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x7c}, [@ldst={0x6, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-syz_open_dev$loop-bpf$PROG_LOAD-openat$cgroup_ro-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000004, &(0x7f0000000d80)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00', @ANYBLOB="1a961083c216e398b3852441fbacd14539194e81e2ec74ea00af4757fd632db5866c80f5b55492be6ad393d28d63023cd2e764a6bb41fa00d6c103356045fc3ade2c93339a56afb89b72a46f475c860a952e02dbf9c947a7cb75e89843f6d981fe7eed0ef37d5ab46550aa22", @ANYRES64], 0x6, 0x2bb, &(0x7f0000001240)="$eJzs3U9rI2UcB/DfpMkkKpgcPInggB48Ldu9ekmRXRB7cslBPWhxtyBNEFoo+AdjT169ePDgKxAEX4gX34HgVfBmhcLITGaapI1pIk3rls/n0l+feb4zv5k+tNNDn370yujgSRb7J1/+Fp1OEo1+9OM0iV40ovZ1zOl/GwDAs+w0z+PPfGKdXBIRnc21BQBs0Io//188r36+kbYAgA16/N777+zs7j58N8s68Wj0zfGg+M2++Dg5vrMfn8Qwnsb96MZZRPmi0IrybaEoH+V5Pm5mhV68PhofD4rk6MNfqvPv/BFR5rejG71y6Pxto8y/vftwO5uYyY+LPp6vrt8v8g+iGy+dh+fyDxbkY5DGG6/N9H8vuvHrx/FpDONJ2cQ0/9V2lr2Vf/fXFx8U7RX5ZHw8aJfzpvKtG/7SAAAAAAAAAAAAAAAAAAAAAABwh92r9s5pR7l/TzFU7b+zdVZ80oqs1pvfn2eST+oTze4PlOf5OI8f6v117mdZllcTp/lmvNyM5u3cNQAAAAAAAAAAAAAAAAAAAPy/HH32+cHecPj08FqKejeAZkT8/Tjiv56nPzPyaiyf3K6uuTccNqpyfk5zdiS26jlJxNI2ipu4psdyVfHcpZ6r4sef1j1h5+o5rcXXus6iXl0He8niZ9iOeqRTLZLv04jpnDRWvFb6b4fyWGf5pQsPdde+9/SFshgvmRPJssbe/H3y5KqR5OJdpOVTXRhvVcVM/MLaWGk9R2cSv/y9IrFbBwAAAAAAAAAAAAAAAAAAbNT0r38XHDxZGm3k7Y21BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avr//9coxlV4hclpHB41bvkeAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPv+CQAA///WoVye")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x7c}, [@ldst={0x6, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-syz_open_dev$loop-bpf$PROG_LOAD-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000004, &(0x7f0000000d80)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00', @ANYBLOB="1a961083c216e398b3852441fbacd14539194e81e2ec74ea00af4757fd632db5866c80f5b55492be6ad393d28d63023cd2e764a6bb41fa00d6c103356045fc3ade2c93339a56afb89b72a46f475c860a952e02dbf9c947a7cb75e89843f6d981fe7eed0ef37d5ab46550aa22", @ANYRES64], 0x6, 0x2bb, &(0x7f0000001240)="$eJzs3U9rI2UcB/DfpMkkKpgcPInggB48Ldu9ekmRXRB7cslBPWhxtyBNEFoo+AdjT169ePDgKxAEX4gX34HgVfBmhcLITGaapI1pIk3rls/n0l+feb4zv5k+tNNDn370yujgSRb7J1/+Fp1OEo1+9OM0iV40ovZ1zOl/GwDAs+w0z+PPfGKdXBIRnc21BQBs0Io//188r36+kbYAgA16/N777+zs7j58N8s68Wj0zfGg+M2++Dg5vrMfn8Qwnsb96MZZRPmi0IrybaEoH+V5Pm5mhV68PhofD4rk6MNfqvPv/BFR5rejG71y6Pxto8y/vftwO5uYyY+LPp6vrt8v8g+iGy+dh+fyDxbkY5DGG6/N9H8vuvHrx/FpDONJ2cQ0/9V2lr2Vf/fXFx8U7RX5ZHw8aJfzpvKtG/7SAAAAAAAAAAAAAAAAAAAAAABwh92r9s5pR7l/TzFU7b+zdVZ80oqs1pvfn2eST+oTze4PlOf5OI8f6v117mdZllcTp/lmvNyM5u3cNQAAAAAAAAAAAAAAAAAAAPy/HH32+cHecPj08FqKejeAZkT8/Tjiv56nPzPyaiyf3K6uuTccNqpyfk5zdiS26jlJxNI2ipu4psdyVfHcpZ6r4sef1j1h5+o5rcXXus6iXl0He8niZ9iOeqRTLZLv04jpnDRWvFb6b4fyWGf5pQsPdde+9/SFshgvmRPJssbe/H3y5KqR5OJdpOVTXRhvVcVM/MLaWGk9R2cSv/y9IrFbBwAAAAAAAAAAAAAAAAAAbNT0r38XHDxZGm3k7Y21BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avr//9coxlV4hclpHB41bvkeAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPv+CQAA///WoVye")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x7c}, [@ldst={0x6, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, 0xffffffffffffffff)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000004, &(0x7f0000000d80)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00', @ANYBLOB="1a961083c216e398b3852441fbacd14539194e81e2ec74ea00af4757fd632db5866c80f5b55492be6ad393d28d63023cd2e764a6bb41fa00d6c103356045fc3ade2c93339a56afb89b72a46f475c860a952e02dbf9c947a7cb75e89843f6d981fe7eed0ef37d5ab46550aa22", @ANYRES64], 0x6, 0x2bb, &(0x7f0000001240)="$eJzs3U9rI2UcB/DfpMkkKpgcPInggB48Ldu9ekmRXRB7cslBPWhxtyBNEFoo+AdjT169ePDgKxAEX4gX34HgVfBmhcLITGaapI1pIk3rls/n0l+feb4zv5k+tNNDn370yujgSRb7J1/+Fp1OEo1+9OM0iV40ovZ1zOl/GwDAs+w0z+PPfGKdXBIRnc21BQBs0Io//188r36+kbYAgA16/N777+zs7j58N8s68Wj0zfGg+M2++Dg5vrMfn8Qwnsb96MZZRPmi0IrybaEoH+V5Pm5mhV68PhofD4rk6MNfqvPv/BFR5rejG71y6Pxto8y/vftwO5uYyY+LPp6vrt8v8g+iGy+dh+fyDxbkY5DGG6/N9H8vuvHrx/FpDONJ2cQ0/9V2lr2Vf/fXFx8U7RX5ZHw8aJfzpvKtG/7SAAAAAAAAAAAAAAAAAAAAAABwh92r9s5pR7l/TzFU7b+zdVZ80oqs1pvfn2eST+oTze4PlOf5OI8f6v117mdZllcTp/lmvNyM5u3cNQAAAAAAAAAAAAAAAAAAAPy/HH32+cHecPj08FqKejeAZkT8/Tjiv56nPzPyaiyf3K6uuTccNqpyfk5zdiS26jlJxNI2ipu4psdyVfHcpZ6r4sef1j1h5+o5rcXXus6iXl0He8niZ9iOeqRTLZLv04jpnDRWvFb6b4fyWGf5pQsPdde+9/SFshgvmRPJssbe/H3y5KqR5OJdpOVTXRhvVcVM/MLaWGk9R2cSv/y9IrFbBwAAAAAAAAAAAAAAAAAAbNT0r38XHDxZGm3k7Y21BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avr//9coxlV4hclpHB41bvkeAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPv+CQAA///WoVye")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1000004, &(0x7f0000000d80)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00', @ANYBLOB="1a961083c216e398b3852441fbacd14539194e81e2ec74ea00af4757fd632db5866c80f5b55492be6ad393d28d63023cd2e764a6bb41fa00d6c103356045fc3ade2c93339a56afb89b72a46f475c860a952e02dbf9c947a7cb75e89843f6d981fe7eed0ef37d5ab46550aa22", @ANYRES64], 0x6, 0x2bb, &(0x7f0000001240)="$eJzs3U9rI2UcB/DfpMkkKpgcPInggB48Ldu9ekmRXRB7cslBPWhxtyBNEFoo+AdjT169ePDgKxAEX4gX34HgVfBmhcLITGaapI1pIk3rls/n0l+feb4zv5k+tNNDn370yujgSRb7J1/+Fp1OEo1+9OM0iV40ovZ1zOl/GwDAs+w0z+PPfGKdXBIRnc21BQBs0Io//188r36+kbYAgA16/N777+zs7j58N8s68Wj0zfGg+M2++Dg5vrMfn8Qwnsb96MZZRPmi0IrybaEoH+V5Pm5mhV68PhofD4rk6MNfqvPv/BFR5rejG71y6Pxto8y/vftwO5uYyY+LPp6vrt8v8g+iGy+dh+fyDxbkY5DGG6/N9H8vuvHrx/FpDONJ2cQ0/9V2lr2Vf/fXFx8U7RX5ZHw8aJfzpvKtG/7SAAAAAAAAAAAAAAAAAAAAAABwh92r9s5pR7l/TzFU7b+zdVZ80oqs1pvfn2eST+oTze4PlOf5OI8f6v117mdZllcTp/lmvNyM5u3cNQAAAAAAAAAAAAAAAAAAAPy/HH32+cHecPj08FqKejeAZkT8/Tjiv56nPzPyaiyf3K6uuTccNqpyfk5zdiS26jlJxNI2ipu4psdyVfHcpZ6r4sef1j1h5+o5rcXXus6iXl0He8niZ9iOeqRTLZLv04jpnDRWvFb6b4fyWGf5pQsPdde+9/SFshgvmRPJssbe/H3y5KqR5OJdpOVTXRhvVcVM/MLaWGk9R2cSv/y9IrFbBwAAAAAAAAAAAAAAAAAAbNT0r38XHDxZGm3k7Y21BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avr//9coxlV4hclpHB41bvkeAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPv+CQAA///WoVye")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c03, r0)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(0x0, 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
extracting C reproducer
testing compiled C program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
program did not crash
simplifying guilty program options
testing program (duration=58.031145193s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x40001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
extracting C reproducer
testing compiled C program (duration=58.031145193s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
program did not crash
reproducing took 22m11.303530631s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881ea5e0038 by task syz-executor/465

CPU: 1 PID: 465 Comm: syz-executor Not tainted 5.4.290-syzkaller-00017-g6b07fcd94a6a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
 mutex_lock_killable+0xd8/0x110 kernel/locking/mutex.c:1348
 lo_open+0x18/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x3c8/0x1160 fs/block_dev.c:1581
 blkdev_get+0x2de/0x3a0 fs/block_dev.c:1714
 do_dentry_open+0x964/0x1130 fs/open.c:806
 do_last fs/namei.c:3565 [inline]
 path_openat+0x29bf/0x34b0 fs/namei.c:3683
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fd98abdca51
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffeccc65120 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd98abdca51
RDX: 0000000000000002 RSI: 00007ffeccc65230 RDI: 00000000ffffff9c
RBP: 00007ffeccc65230 R08: 000000000000000a R09: 00007ffeccc64ee7
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fd98adc7260 R14: 0000000000000003 R15: 00007ffeccc65230

Allocated by task 445:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x2da/0x300 kernel/fork.c:2675
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 17:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10b/0x2c0 mm/slub.c:3096
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x492/0xa00 kernel/rcu/tree.c:2167
 rcu_core+0x4c8/0xcb0 kernel/rcu/tree.c:2387
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881ea5e0000
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881ea5e0000, ffff8881ea5e0f40)
The buggy address belongs to the page:
page:ffffea0007a97800 refcount:1 mapcount:0 mapping:ffff8881f5cf0c80 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf0c80
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4893
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x109/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 kernel_thread+0x16a/0x1d0 kernel/fork.c:2489
 create_kthread kernel/kthread.c:311 [inline]
 kthreadd+0x3b1/0x4f0 kernel/kthread.c:654
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 __free_slab+0x221/0x2e0 mm/slub.c:1774
 free_slab mm/slub.c:1789 [inline]
 discard_slab mm/slub.c:1795 [inline]
 unfreeze_partials+0x14e/0x180 mm/slub.c:2288
 put_cpu_partial+0x44/0x180 mm/slub.c:2324
 __slab_free+0x297/0x360 mm/slub.c:2971
 qlist_free_all+0x43/0xb0 mm/kasan/quarantine.c:167
 quarantine_reduce+0x1d9/0x210 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x41/0x210 mm/kasan/common.c:507
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 __alloc_skb+0x7a/0x4d0 net/core/skbuff.c:198
 alloc_skb include/linux/skbuff.h:1080 [inline]
 nlmsg_new include/net/netlink.h:888 [inline]
 inet6_netconf_notify_devconf+0xc9/0x180 net/ipv6/addrconf.c:573
 __addrconf_sysctl_unregister net/ipv6/addrconf.c:6997 [inline]
 addrconf_exit_net+0xd6/0x200 net/ipv6/addrconf.c:7084
 ops_exit_list net/core/net_namespace.c:182 [inline]
 cleanup_net+0x665/0xc90 net/core/net_namespace.c:612
 process_one_work+0x765/0xd20 kernel/workqueue.c:2290
 worker_thread+0xaef/0x1470 kernel/workqueue.c:2436

Memory state around the buggy address:
 ffff8881ea5dff00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 ffff8881ea5dff80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>ffff8881ea5e0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff8881ea5e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881ea5e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881ea5e0038 by task syz-executor/465

CPU: 1 PID: 465 Comm: syz-executor Not tainted 5.4.290-syzkaller-00017-g6b07fcd94a6a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
 mutex_lock_killable+0xd8/0x110 kernel/locking/mutex.c:1348
 lo_open+0x18/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x3c8/0x1160 fs/block_dev.c:1581
 blkdev_get+0x2de/0x3a0 fs/block_dev.c:1714
 do_dentry_open+0x964/0x1130 fs/open.c:806
 do_last fs/namei.c:3565 [inline]
 path_openat+0x29bf/0x34b0 fs/namei.c:3683
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fd98abdca51
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffeccc65120 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd98abdca51
RDX: 0000000000000002 RSI: 00007ffeccc65230 RDI: 00000000ffffff9c
RBP: 00007ffeccc65230 R08: 000000000000000a R09: 00007ffeccc64ee7
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fd98adc7260 R14: 0000000000000003 R15: 00007ffeccc65230

Allocated by task 445:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x2da/0x300 kernel/fork.c:2675
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 17:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10b/0x2c0 mm/slub.c:3096
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x492/0xa00 kernel/rcu/tree.c:2167
 rcu_core+0x4c8/0xcb0 kernel/rcu/tree.c:2387
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881ea5e0000
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881ea5e0000, ffff8881ea5e0f40)
The buggy address belongs to the page:
page:ffffea0007a97800 refcount:1 mapcount:0 mapping:ffff8881f5cf0c80 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf0c80
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4893
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x109/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 kernel_thread+0x16a/0x1d0 kernel/fork.c:2489
 create_kthread kernel/kthread.c:311 [inline]
 kthreadd+0x3b1/0x4f0 kernel/kthread.c:654
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 __free_slab+0x221/0x2e0 mm/slub.c:1774
 free_slab mm/slub.c:1789 [inline]
 discard_slab mm/slub.c:1795 [inline]
 unfreeze_partials+0x14e/0x180 mm/slub.c:2288
 put_cpu_partial+0x44/0x180 mm/slub.c:2324
 __slab_free+0x297/0x360 mm/slub.c:2971
 qlist_free_all+0x43/0xb0 mm/kasan/quarantine.c:167
 quarantine_reduce+0x1d9/0x210 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x41/0x210 mm/kasan/common.c:507
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 __alloc_skb+0x7a/0x4d0 net/core/skbuff.c:198
 alloc_skb include/linux/skbuff.h:1080 [inline]
 nlmsg_new include/net/netlink.h:888 [inline]
 inet6_netconf_notify_devconf+0xc9/0x180 net/ipv6/addrconf.c:573
 __addrconf_sysctl_unregister net/ipv6/addrconf.c:6997 [inline]
 addrconf_exit_net+0xd6/0x200 net/ipv6/addrconf.c:7084
 ops_exit_list net/core/net_namespace.c:182 [inline]
 cleanup_net+0x665/0xc90 net/core/net_namespace.c:612
 process_one_work+0x765/0xd20 kernel/workqueue.c:2290
 worker_thread+0xaef/0x1470 kernel/workqueue.c:2436

Memory state around the buggy address:
 ffff8881ea5dff00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 ffff8881ea5dff80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>ffff8881ea5e0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff8881ea5e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881ea5e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================