Extracting prog: 4m45.557938453s
Minimizing prog: 1h6m36.366396659s
Simplifying prog options: 5m4.03010366s
Extracting C: 1m11.735162787s
Simplifying C: 0s


extracting reproducer from 57 programs
testing a last program of every proc
single: executing 17 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-socket$packet-prlimit64-sched_setscheduler-sched_setaffinity-getpid-sched_setscheduler-socketpair$unix-connect$unix-sendmmsg$unix-socket$inet6_tcp-getsockopt$inet6_buf-recvmmsg-socket$inet6_tcp-socketpair$tipc-getsockopt$TIPC_GROUP_JOIN-bpf$PROG_LOAD-recvfrom$inet6-syz_mount_image$msdos-syz_mount_image$vfat-openat-renameat2-rename
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x5, 0xfffffffffffffffd, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
getsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100), &(0x7f0000000500)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000d00)=ANY=[@ANYBLOB="b4050000000000006110690000000000070000000000000095000000000000007381a62328c36946dcffa896e1d11948845d94cf607eb455567f1474e95f7d6fa129b85eb3eaf7cd5570596b1edea3e2248c19a585c7d3d3065fb2557e7cfbe5011ba34eab5c38dcd7d1417cb6d6fd7233d25ec3bd3b59412ab800"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3c)
recvfrom$inet6(r4, 0x0, 0x0, 0x40000141, 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./bus\x00', 0x2000c8, &(0x7f00000005c0)=ANY=[@ANYBLOB='codepage=874,nodots,dots,tz=UTC,dots,nodots,codepage=862,dots,dots,check=strict,allow_utime=000000000000000000001,sys_immutable,nodots,nfs,quiet,dots,nodots,nodots,debug,usefree,tz=UTC,flush,nodots,\x00'], 0xfd, 0x1c9, &(0x7f0000000300)="$eJzs3TFrE2EYB/AnsTZXp26CKBy4OBX1E1SkgnggKBl0UqgujQh2OV3aj+EH9ANIpyxyct5dzyQiMZi7GH+/pU/zf9/keYe7ZMmTVzffnRy/P3375frnSJJBDA/jMKaD2I9hNM4DANgm06KIr0Wl714AgG4s8f7/reOWAIA1e/7i5ZMHWXb0LE2TiIvzfJyPq79V/uhxdnQ3/WG/3XWR5+Mrl/m9dP6zQ5lfjWt1fr/cvTOf78ad21Vexg+fZulsPorjdR4cAAAAAAAAAAAAAAAAAAAAAAB6dCvSxi/n+xwcNHFS53t1Xv3303ygufk9O3GjmfnTjgcqzro4FAAAAAAAAAAAAAAAAAAAAPxjTj9+Onk9mbz50BajiJh95E+KQf3EK27vuhjGRrSh+KtFuhltTBaugt366vj99nLVuhqbFkWx1OL2HjHq48YEAAAAAAAAAAAAAAAAAAD/ofZLv4tZ0kdDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCD9vf/VyjOImKJxZcvttfrUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhi3wMAAP//cRMx9w==")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x200080, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', r6, &(0x7f00000003c0)='./file1\x00', 0x0)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus/file0\x00')

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_open_dev$hiddev-ioctl$HIDIOCGUSAGE-bpf$BPF_PROG_WITH_BTFID_LOAD-pselect6-openat$selinux_attr-write$selinux_attr-socket-socket$nl_route-socket$nl_route-socket-getsockname$packet-ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL-syz_mount_image$ext4-syz_mount_image$ext4-openat$cgroup_ro-bpf$BPF_PROG_TEST_RUN-madvise-syz_clone-mount$bind-syz_mount_image$msdos
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) (async)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f0000000000)={0x1, 0xfffffffc, 0x6620, 0x100, 0xa22, 0x8}) (async, rerun: 64)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x9, 0x6, &(0x7f0000000140)=@framed={{0x18, 0x4}, [@initr0, @jmp={0x7, 0x1, 0xc, 0x4}]}, &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) (rerun: 64)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300, 0x0, 0x7fffffff, 0x100}, 0x0, &(0x7f0000000140)={0x8, 0x4}, 0x0, 0x0)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r2, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) (async, rerun: 64)
r3 = socket(0x2c, 0x803, 0x0) (async, rerun: 64)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000000400)={'syztnl1\x00', r5, 0x7800, 0x0, 0xe236, 0xfffffffe, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @empty}}}}) (async)
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x1849089, &(0x7f0000000000), 0x2c, 0x52f, &(0x7f0000000f80)="$eJzs3c9vI1cdAPCvZ5O1d5vtbqGHgoAupbCg1dobb7uqeqFckFBVFalwQmgbJd4oih1HsVOaEIn0zBWJSpzgT+CAxAGpJ+7c4MalHJAKrEANEkJGMx7vJo6dWPlhs/HnI408742d7/dZmvfs58y8AKbWzYjYjYjLEfFuRFzP6wv5Fm90t/R5nz7aWdx7tLNYiE7nnb/P5M/cWew9v+eZ/G+WIt5Oy8UBcVtb26sL9XptIy9X2o31Smtr+85KY2G5tlxbq1bvz9+/+9q9V6tn1tYXG7/+5Nsrb37/d7/94sd/2P3Gj9Ocv5kfS9t2ZoH26b4vszG3ry595948j2ATcClvz+VJJ8KJJBHxmYh4Kd9/rDS5nACA89XpXI/O9f3lrmJfOVUYUAcAPH3S7/xzUUjK+ff/uUiScjmbwys9H1eTerPVvv2wubm2FNkc1o2YTR6u1Gt387nCGzFbSMvz2f6TcrWvfC8inouInxWvZOXyYrO+NIkPPABA9lvd/vH/X8Xu+D8CvxAAwNPMSA4A0+fw+D87kTwAgPHx/R8Aps++8X/QtboAwAVU6rv2HwC4+I6d/38hfvLD8aQCAIzJyX//v3SmeQAAY/Hdt95Kt85efv/rpfe2Nleb791ZqrVWy43NxfJic2O9vNxsLmf37Gkc9/fqzeb6/Cux+X6lXWu1K62t7QeN5uZa+0F2X+8HNRcWAMDkPffiR38qRMTu61eyLXprOfiHALjwnOYwvUzgw/SaOVByITBME/PxQOGY40M/GXw4/DVXTpEPcP5ufW7I/P/Rnw3+2xlPesA5Mv8P0+t08/9mD+BpNjPpBICJ6XQK1vMHgCkzwjd4/yIIF9yJf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKTaXbYWknK8FPhdJUi5HXIuIGzFbeLhSr92NiGcj4o/F2WJanp900gDAKSV/LeTrf926/vJc/9HLhX8Xs8eI+NEv3vn5+wvt9sZ8Wv+Px/XtD/P66sAAxfNvAwCwz0x/RW+c7o3jvfV9P320s9jbxpngJ9/qLi6axt3Lt17q3eRLMRsRV/9ZONCYwhktTLz7QUS80N/+5PHxG/nKp/3x09jXzi1+ZC2cOxA/ORA/yY51H9P34rNnkAtMm4/S/ueNQedfEjezx/z8KxzsTEvx08Od6wn0+r+9Tn//1z3f375WyvqaQf3fzVFjvPL77ww99sGlzudnIvYO9b+9FaFL2d6g+C+PGP/PX/jSS8OOdX4ZcSuOit/dq7Qb65XW1vadlcbCcm25tlat3p+/f/e1e69WK9kcdaU3U33Y316//ezw9kdcHRK/dEz7vzpi+3/1n3d/8OUj4n/9K4PiJ/H8EfHTMfFrI8ZfuPqboct3p/GXhrR/5kD8ywdel9bdHjH+x3/ZXhrxqQDAGLS2tlcX6vXahp16baP3CetELy+dV2LPTPptsXP8zqWo9+aj/i/yOfXOBDslYCyenPSTzgQAAAAAAAAAAAAAABim9b38ln+9CwGSs7mKaP/FcJNuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX/wIAAP//+ci96A==") (async)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x4508, &(0x7f00000000c0), 0xe, 0x4f7, &(0x7f0000002a80)="$eJzs3d9rHFsdAPDvTLI1SXNNrvpwveC9F28lLdpN0tg2+FAriH0qaOujUmOyCSGbbMhu2iYUTfEPEERU8KlPvvgfCJIH/wARBH0XfyLa6oMP6sruzrbpdpMN3t1MST4fmM45Z2fz/Z4pOzsz57ATwJn1XkTcjIihiLgUERNZe5ottxqVvdZ2z54+WmwsSdTrd/+WRJK1df7N8623xEhE3LkV8c3k1bjVnd21hXK5tJXVp2vrm9PVnd3Lq+sLK6WV0sbc3Oy1+evzV+dn+tLPRr9ufPGPP/juT7504+efefC7e3+5+K1GWuPZ69360Q+trhea+6JtOCK2BhEsB0PZutBzy18MPBcAAHprnON/JCI+2Tz/n4ih5tkpAAAAcJrUPz8e/04i6gAAAMCplTbnwCZpMZsLMB5pWiy25vB+LMbScqVa+/RyZXtjqTVXdjIK6fJquTSTzamdjELSqM82yy/qVzrqcxHxZkR8f2K0WS8uVspLed/8AAAAgDPifMf1/z8nWtf/AAAAwCkzmXcCAAAAwMC9dP3/JL88AAAAgMEx/g8AAACn2pdv324s9fbzr5fu72yvVe5fXipV14rr24vFxcrWZnGlUllp/mbfeq+/V65UNj8bG9sPp2ulam26urN7b72yvVG7t/rSI7ABAACAE/Tmu/u/TSJi73OjzaXhXN5JASci6bXBwbt2fxhsLsDJGso7ASA3w3knAOSmkHcCQO563Qc4dPLOL/ufCwAAMBhTH99Ps3uAo+229vh/73sDPUcPgddYmncCAMCJM/4PZ1fBDEA48z7c2ZBE7B2ofvDx/3r9/8kLAADon/HmkqTFbCxwPNK0WIx4o/lYgEKyvFouzWTXB7+ZKHyoUZ9tvjMx+g8AAAAAAAAAAAAAAAAAAAAAAAAAx1SvJ1EHAAAATrWI9M9J9iT/qYkL4533B84l/5poriPiwY/v/vDhQq22Ndto//vz9tqPsvYrnicOAAAAr4P2dXr7Oh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+unZ00eL7eWVF88NLu5fvxARk93iD8dIcz0ShYgY+0cSwwfel0TEUB/i7z2OiLe6xU8aacVklkW3+KM5xk8j4nwf4sNZtt84/tzs9vlL473muvvnr1H+Ux/iH378S2Pk0p39r8VI8zjX7fjzxjFjvL13RPzHEW8Pdz/+tI+/ySHx3z9m/G98dXf3sNfqTyKmun7/JC/Fmq6tb05Xd3Yvr64vrJRWShtzc7PX5q/PX52fmV5eLZeyf7vG+N4nfvbfo/o/dkj8yVb/3+3s/1CW04Vj9v8/v3749KOtYqFb/Ivvd//+fasV/5X9n2Y5fCorP6vXvz2VlZO91v486J2f/uqdo/q/dEj/e/3/Xzxm/y995Tu/P+amAMAJqO7sri2Uy6Wtkaxh63nLIAtfH4sYcIg+Fer1jh2loHA6CjFy1DZ5HpUAAIBBeHHSn3cmAAAAAAAAAAAAAAAAAAAAcHadxC+NdcY84ueoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy878AAAD//0Tz0oQ=")
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_clone(0xc4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1278438, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC], 0xb, 0x0, &(0x7f0000000000))

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-ioctl$sock_SIOCGIFINDEX-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_open_dev$ptys-ioctl$TCSETSW-socket$inet6-setsockopt$inet6_mreq-syz_kvm_setup_cpu$x86-sendmsg$WG_CMD_SET_DEVICE-recvmmsg$unix-ioctl$KVM_RUN-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r2=>0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000000)={0x9, 0xf51, 0x57, 0x10000, 0x5, "9bcbd4ebc939577630c2252d47ce026277e77f"})
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000006c0)="f3440fc7b729000000f20f5f0d00000080460f5ba4b07a000000470f38c9403736460fc7b10f240000660f3881078fa9189021da820001c0fef3440f0966b881000f00d8", 0x44}], 0xaaaabbc, 0x74, 0x0, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000005740)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24040810}, 0x4084)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004b00)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x63, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x272, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0xffff, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x1, 0x0, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x7f}}]}}]}, 0x45c}}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-syz_mount_image$vfat-syz_mount_image$ext4-syz_mount_image$ext4-chroot-chroot-openat$tun-ioctl$TUNSETIFF-socket$packet-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_int-ioctl$sock_SIOCGIFINDEX-sendto$packet-openat$tun-openat$tun-ioctl$TUNSETIFF-ioctl$TUNATTACHFILTER-ioctl$TUNSETIFF-open_tree
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./bus\x00', 0x280008a, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c666c7573682c726f6469722c726f6469722c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c756e695f786c6174653d302c757466383d302c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c001762a07a915c8f6c3378b924fc250bdae45cd22bb33f29d72cf1c8410df88b83b9710b49374a748455718cc4af5f3ced9aa10632d595e9c8c3a89f41b650b9ebd4886ae65bf02b7c8ea4e76ef2cc241ac9f89f2753df98db0ba9558c753363f296424ec60e703fac2db7e9f31283852e115cf6acb8d77b3e5d68"], 0x96, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO") (async)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./bus\x00', 0x280008a, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c666c7573682c726f6469722c726f6469722c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c756e695f786c6174653d302c757466383d302c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c001762a07a915c8f6c3378b924fc250bdae45cd22bb33f29d72cf1c8410df88b83b9710b49374a748455718cc4af5f3ced9aa10632d595e9c8c3a89f41b650b9ebd4886ae65bf02b7c8ea4e76ef2cc241ac9f89f2753df98db0ba9558c753363f296424ec60e703fac2db7e9f31283852e115cf6acb8d77b3e5d68"], 0x96, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO")
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) (async)
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') (async)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
r1 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300) (async)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) (async)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000180)="0b03feffe0ff64000200475400f6a13bb1000000080065584820", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]})
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0/../file0/../file0/../file0\x00', 0x80001)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-writev-writev-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$SECCOMP_IOCTL_NOTIF_RECV-getpid
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000280))
getpid()

program crashed: KASAN: use-after-free Read in lo_open
single: successfully extracted reproducer
found reproducer with 40 syscalls
minimizing guilty program
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-writev-writev-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-writev-writev-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-writev-writev-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-writev-writev-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-writev-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000280)="580000001400add427323b472545b45602117fffffff81004e204e227f000001925aa80020007b0009008003000000000000000000ff0000f03ac71002000000fffffffffeffffffffe7ee00000000000000000200000000", 0x58}], 0x1) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-sendto$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-sendto$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-recvmmsg-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
recvmmsg(r4, &(0x7f0000003c40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000600)=""/136, 0x88}, {&(0x7f0000000880)=""/137, 0x89}, {&(0x7f0000000940)=""/214, 0xd6}, {&(0x7f0000000a40)=""/232, 0xe8}], 0x5, &(0x7f00000001c0)=""/41, 0x29}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f0000000c40)=""/113, 0x71}], 0x1, &(0x7f0000000cc0)=""/72, 0x48}, 0x8001}, {{&(0x7f0000000d40)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000dc0)=""/111, 0x6f}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000e40)=""/217, 0xd9}], 0x3, &(0x7f0000000f40)=""/156, 0x9c}, 0xfe6}, {{&(0x7f0000001000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003b00)=[{&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000001080)=""/76, 0x4c}, {&(0x7f0000001100)=""/115, 0x73}, {&(0x7f0000003780)=""/164, 0xa4}, {&(0x7f0000003840)=""/118, 0x76}, {&(0x7f00000038c0)=""/98, 0x62}, {&(0x7f0000003940)=""/17, 0x11}, {&(0x7f0000003980)=""/198, 0xc6}, {&(0x7f0000003a80)=""/124, 0x7c}], 0x9, &(0x7f0000003bc0)=""/114, 0x72}, 0xffff}], 0x4, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-setsockopt$inet6_int-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
setsockopt$inet6_int(r8, 0x29, 0xb, &(0x7f0000000480)=0x7, 0x4)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-bind$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-bind$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x2, @empty}, 0x1c) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-socket$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
socket$inet6(0xa, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-connect$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-connect$inet6-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
r7 = signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}, 0x5}, 0x1c) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
socket$netlink(0x10, 0x3, 0x4)
r5 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_JOIN_GROUP-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x7, {{0xa, 0x4e22, 0x6, @mcast2, 0x9}}}, 0x88)
signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-socket$inet6-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-socket$netlink-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(r5, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-socket$netlink-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
socket$netlink(0x10, 0x3, 0x4) (async)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-syz_mount_image$ext4-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==")
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-syz_mount_image$ext4-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000580)='ext3\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000340)={[{@data_ordered}, {@nomblk_io_submit}, {@nodioread_nolock}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@grpid}, {@data_err_abort}, {@journal_checksum}]}, 0x1, 0x5e6, &(0x7f0000001180)="$eJzs3c1vFVUbAPBnbj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUUPixsRr5nam9LZzW3ppO5X5/ZLLnTnnTs8Zbp+eM+eeMzeAyhpM/6lF7I2I6SSiP5lfzOuMLHNw4XX3/vzodPpIol5/7fckkiwtf32SPfdlB/dExI8/JLGnY2W5M3NXzo9PTU1ezvaHZy9MD8/MXTl47sL42cmzkxdHXxg9dvTI0WMjh9o6r6sFaSevv/t+/ydjb37z1d/JyLe/jCVxPF7OXrj0PDbKYAw2/k+SlVl9xza6sJJ0ZL8nS9/ipLPECrEu+fvXFRFPRH90xP03rz8+fqXUygGbqp5E1IGKSsQ/VFTeD8iv7ZdfB9dK6ZUAW+HuiYUBgJXx37kwNhg9jbGBnfeSWDqsk0REeyNzzXZFxO1bY9fP3Bq7Hps0DgcUm78WEU8WxX/SiP+B6ImBRvzXmuI/7RecSp//qjfSX22z/OVDxeIfts5C/PesGv/RIv7fyp7T9LfbLH/w/uY7vU3x39vuKQEAAAAAAEBl3TwREc8Xff5fW5z/EwXzf/oi4vgGlD+4bH/l5/+1OxtQDFDg7omIlwrn/9by2b8DHdnW/xrzAbqSM+emJg9FxP8j4kB07Uj3RxZ/Yn3F0tuDn+75slX5g9n8v/yRln87mwuY1eNO547mYybGZ8c35OSh4u5ei3iqcP5vstj+JwXtf/r3YPoBy9jz7I1TrfLWjn9gs9S/jthf2P7fv2tFsvr9OYYb/YHhvFew0tMffvZdq/LbjX+3mICHl7b/O1eP/4Fk6f16ZtZfxuG5znqrvHb7/93J641bznRnaR+Mz85eHonoTk52pKlN6aPrrzM8ivJ4yOMljf8Dz6w+/lfU/++NiPllPzv5o3lNce7xf/p+bVUf/X8oTxr/E+tq/9e/MXpj4PtW5T9Y+3+k0dYfyFKM/8GCL/Iw7W5OLwjHzqKsra4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK5La0OJ2rTY0FNEXEY/FztrUpZnZ585ceu/iRJrX+P7/Wv5Nv/0L+0n+/f8DS/ZHl+0fjojdEfF5R29jf+j0pamJsk8eAAAAAAAAAAAAAAAAAAAAtom+Fuv/U791lF07YNN1ll0BoDQF8f9TGfUAtp72H6pL/EN1iX+oLvEP1SX+obrEP1SX+IfqEv8AAAAAAPBI2b3v5s9JRMy/2Nt4pLqzvK5SawZstlrZFQBK4xY/UF2m/kB1ucYHkjXye1oetNaRq5k+/RAHAwAAAAAAAAAAAEDl7N9r/T9UlfX/UF35+n/rgKF68rjfV3I9gK3nGh+INVbyF67/X/MoAAAAAAAAAAAAAGAjzcxdOT8+NTV52cYb26MaW7lRr9evpr8F26U+//GNfCr8dqnPso18rd+DHVXe3yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZvwEAAP//RYcoPA==") (async)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$loop-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={0xffffffffffffffff, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-sched_setscheduler-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000003d40)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-sched_setscheduler-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x9) (async)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-prlimit64-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-prlimit64-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) (async)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000580)=ANY=[@ANYBLOB="090000000000000009020000000000001e"])
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_VCPU_EVENTS-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1})
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x7, 0x4, 0x1}) (async)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000003d40)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000003d40)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-ioctl$KVM_CREATE_VM-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000003d40)={r2, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-openat$kvm-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-mlock2-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1)
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock2-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x1) (async)
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(0x0, 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, 0x0)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)

program crashed: KASAN: use-after-free Read in lo_open
extracting C reproducer
testing compiled C program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
program did not crash
simplifying guilty program options
testing program (duration=53.556588112s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)

program did not crash
testing program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000003d40)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0xfffffffffffffffe, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x3]}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000000c0))
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80400)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)

program crashed: KASAN: use-after-free Read in lo_open
extracting C reproducer
testing compiled C program (duration=53.556588112s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64-setsockopt$inet6_MCAST_MSFILTER-signalfd4-ioctl$SECCOMP_IOCTL_NOTIF_RECV
program did not crash
reproducing took 1h18m10.981854471s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xace/0xe30 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881ea0d4ef8 by task syz-executor/467

CPU: 1 PID: 467 Comm: syz-executor Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack+0x1e/0x20 lib/dump_stack.c:77
 dump_stack+0x15b/0x1b8 lib/dump_stack.c:118
 print_address_description+0x8d/0x4c0 mm/kasan/report.c:384
 __kasan_report+0xef/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:131
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xace/0xe30 kernel/locking/mutex.c:1114
 __mutex_lock_killable_slowpath+0xe/0x10 kernel/locking/mutex.c:1381
 mutex_lock_killable+0xd3/0xe0 kernel/locking/mutex.c:1348
 lo_open+0x1d/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x610/0x1560 fs/block_dev.c:1581
 blkdev_get+0x68/0x380 fs/block_dev.c:1714
 blkdev_open+0x1cb/0x2b0 fs/block_dev.c:1856
 do_dentry_open+0x8b5/0x1030 fs/open.c:806
 vfs_open+0x73/0x80 fs/open.c:920
 do_last fs/namei.c:3565 [inline]
 path_openat+0x2a5e/0x35c0 fs/namei.c:3683
 do_filp_open+0x1ae/0x3f0 fs/namei.c:3713
 do_sys_open+0x2bb/0x5d0 fs/open.c:1123
 __do_sys_openat fs/open.c:1150 [inline]
 __se_sys_openat fs/open.c:1144 [inline]
 __x64_sys_openat+0xa2/0xb0 fs/open.c:1144
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f973a429251
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 72 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffef52e4700 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f973a429251
RDX: 0000000000000002 RSI: 00007ffef52e4810 RDI: 00000000ffffff9c
RBP: 00007ffef52e4810 R08: 000000000000000a R09: 00007ffef52e44c7
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f973a619260 R14: 0000000000000003 R15: 00007ffef52e4810

Allocated by task 440:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x162/0x200 mm/kasan/common.c:529
 kasan_slab_alloc+0x12/0x20 mm/kasan/common.c:537
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xe2/0x270 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x57/0x640 kernel/fork.c:882
 copy_process+0x503/0x2cf0 kernel/fork.c:1889
 _do_fork+0x190/0x860 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x1de/0x1f0 kernel/fork.c:2675
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 10:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1c3/0x280 mm/kasan/common.c:487
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:496
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook+0xb7/0x180 mm/slub.c:1494
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10c/0x2c0 mm/slub.c:3096
 free_task_struct kernel/fork.c:176 [inline]
 free_task+0xe9/0x150 kernel/fork.c:480
 __put_task_struct+0x2b7/0x420 kernel/fork.c:755
 put_task_struct include/linux/sched/task.h:147 [inline]
 delayed_put_task_struct+0x71/0x210 kernel/exit.c:229
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x446/0x980 kernel/rcu/tree.c:2167
 rcu_core+0x4bd/0xbd0 kernel/rcu/tree.c:2387
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2396
 __do_softirq+0x236/0x660 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881ea0d4ec0
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881ea0d4ec0, ffff8881ea0d5e00)
The buggy address belongs to the page:
page:ffffea0007a83400 refcount:1 mapcount:0 mapping:ffff8881f5cf4f00 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf4f00
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x35e/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x1296/0x1310 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x202/0x4b0 mm/page_alloc.c:4894
 alloc_slab_page+0x3c/0x3b0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x93/0x420 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x29e/0x420 mm/slub.c:2667
 __slab_alloc+0x63/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x12c/0x270 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x57/0x640 kernel/fork.c:882
 copy_process+0x503/0x2cf0 kernel/fork.c:1889
 _do_fork+0x190/0x860 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x1de/0x1f0 kernel/fork.c:2675
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x7e4/0x910 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4956 [inline]
 __free_pages+0x8c/0x110 mm/page_alloc.c:4962
 __free_slab+0x218/0x2d0 mm/slub.c:1774
 free_slab mm/slub.c:1789 [inline]
 discard_slab mm/slub.c:1795 [inline]
 unfreeze_partials+0x165/0x1a0 mm/slub.c:2288
 put_cpu_partial+0xc1/0x180 mm/slub.c:2324
 __slab_free+0x2be/0x380 mm/slub.c:2971
 do_slab_free mm/slub.c:3068 [inline]
 ___cache_free+0xbb/0xd0 mm/slub.c:3087
 qlink_free+0x23/0x30 mm/kasan/quarantine.c:148
 qlist_free_all+0x5f/0xb0 mm/kasan/quarantine.c:167
 quarantine_reduce+0x1a8/0x200 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x42/0x200 mm/kasan/common.c:507
 kasan_slab_alloc+0x12/0x20 mm/kasan/common.c:537
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 __kmalloc+0x106/0x2f0 mm/slub.c:3909
 __kmalloc_node include/linux/slab.h:422 [inline]
 kmalloc_node include/linux/slab.h:599 [inline]
 kvmalloc_node+0x88/0xf0 mm/util.c:596
 kvmalloc include/linux/mm.h:761 [inline]
 kvzalloc include/linux/mm.h:769 [inline]
 allocate_hook_entries_size net/netfilter/core.c:61 [inline]
 __nf_hook_entries_try_shrink+0x332/0x730 net/netfilter/core.c:248
 __nf_unregister_net_hook+0x43a/0x5e0 net/netfilter/core.c:411

Memory state around the buggy address:
 ffff8881ea0d4d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881ea0d4e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881ea0d4e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
                                                                ^
 ffff8881ea0d4f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881ea0d4f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xace/0xe30 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881ea0d4ef8 by task syz-executor/467

CPU: 1 PID: 467 Comm: syz-executor Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack+0x1e/0x20 lib/dump_stack.c:77
 dump_stack+0x15b/0x1b8 lib/dump_stack.c:118
 print_address_description+0x8d/0x4c0 mm/kasan/report.c:384
 __kasan_report+0xef/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:131
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xace/0xe30 kernel/locking/mutex.c:1114
 __mutex_lock_killable_slowpath+0xe/0x10 kernel/locking/mutex.c:1381
 mutex_lock_killable+0xd3/0xe0 kernel/locking/mutex.c:1348
 lo_open+0x1d/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x610/0x1560 fs/block_dev.c:1581
 blkdev_get+0x68/0x380 fs/block_dev.c:1714
 blkdev_open+0x1cb/0x2b0 fs/block_dev.c:1856
 do_dentry_open+0x8b5/0x1030 fs/open.c:806
 vfs_open+0x73/0x80 fs/open.c:920
 do_last fs/namei.c:3565 [inline]
 path_openat+0x2a5e/0x35c0 fs/namei.c:3683
 do_filp_open+0x1ae/0x3f0 fs/namei.c:3713
 do_sys_open+0x2bb/0x5d0 fs/open.c:1123
 __do_sys_openat fs/open.c:1150 [inline]
 __se_sys_openat fs/open.c:1144 [inline]
 __x64_sys_openat+0xa2/0xb0 fs/open.c:1144
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f973a429251
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 72 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffef52e4700 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f973a429251
RDX: 0000000000000002 RSI: 00007ffef52e4810 RDI: 00000000ffffff9c
RBP: 00007ffef52e4810 R08: 000000000000000a R09: 00007ffef52e44c7
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f973a619260 R14: 0000000000000003 R15: 00007ffef52e4810

Allocated by task 440:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x162/0x200 mm/kasan/common.c:529
 kasan_slab_alloc+0x12/0x20 mm/kasan/common.c:537
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xe2/0x270 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x57/0x640 kernel/fork.c:882
 copy_process+0x503/0x2cf0 kernel/fork.c:1889
 _do_fork+0x190/0x860 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x1de/0x1f0 kernel/fork.c:2675
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 10:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1c3/0x280 mm/kasan/common.c:487
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:496
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook+0xb7/0x180 mm/slub.c:1494
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10c/0x2c0 mm/slub.c:3096
 free_task_struct kernel/fork.c:176 [inline]
 free_task+0xe9/0x150 kernel/fork.c:480
 __put_task_struct+0x2b7/0x420 kernel/fork.c:755
 put_task_struct include/linux/sched/task.h:147 [inline]
 delayed_put_task_struct+0x71/0x210 kernel/exit.c:229
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x446/0x980 kernel/rcu/tree.c:2167
 rcu_core+0x4bd/0xbd0 kernel/rcu/tree.c:2387
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2396
 __do_softirq+0x236/0x660 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881ea0d4ec0
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881ea0d4ec0, ffff8881ea0d5e00)
The buggy address belongs to the page:
page:ffffea0007a83400 refcount:1 mapcount:0 mapping:ffff8881f5cf4f00 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf4f00
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x35e/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x1296/0x1310 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x202/0x4b0 mm/page_alloc.c:4894
 alloc_slab_page+0x3c/0x3b0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x93/0x420 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x29e/0x420 mm/slub.c:2667
 __slab_alloc+0x63/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x12c/0x270 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x57/0x640 kernel/fork.c:882
 copy_process+0x503/0x2cf0 kernel/fork.c:1889
 _do_fork+0x190/0x860 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x1de/0x1f0 kernel/fork.c:2675
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x7e4/0x910 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4956 [inline]
 __free_pages+0x8c/0x110 mm/page_alloc.c:4962
 __free_slab+0x218/0x2d0 mm/slub.c:1774
 free_slab mm/slub.c:1789 [inline]
 discard_slab mm/slub.c:1795 [inline]
 unfreeze_partials+0x165/0x1a0 mm/slub.c:2288
 put_cpu_partial+0xc1/0x180 mm/slub.c:2324
 __slab_free+0x2be/0x380 mm/slub.c:2971
 do_slab_free mm/slub.c:3068 [inline]
 ___cache_free+0xbb/0xd0 mm/slub.c:3087
 qlink_free+0x23/0x30 mm/kasan/quarantine.c:148
 qlist_free_all+0x5f/0xb0 mm/kasan/quarantine.c:167
 quarantine_reduce+0x1a8/0x200 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x42/0x200 mm/kasan/common.c:507
 kasan_slab_alloc+0x12/0x20 mm/kasan/common.c:537
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 __kmalloc+0x106/0x2f0 mm/slub.c:3909
 __kmalloc_node include/linux/slab.h:422 [inline]
 kmalloc_node include/linux/slab.h:599 [inline]
 kvmalloc_node+0x88/0xf0 mm/util.c:596
 kvmalloc include/linux/mm.h:761 [inline]
 kvzalloc include/linux/mm.h:769 [inline]
 allocate_hook_entries_size net/netfilter/core.c:61 [inline]
 __nf_hook_entries_try_shrink+0x332/0x730 net/netfilter/core.c:248
 __nf_unregister_net_hook+0x43a/0x5e0 net/netfilter/core.c:411

Memory state around the buggy address:
 ffff8881ea0d4d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881ea0d4e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881ea0d4e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
                                                                ^
 ffff8881ea0d4f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881ea0d4f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================