Extracting prog: 32.954546833s
Minimizing prog: 18m16.393917942s
Simplifying prog options: 0s
Extracting C: 1m12.52339586s
Simplifying C: 7m53.801896433s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program crashed: KASAN: use-after-free Read in ext4_ext_remove_space
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(0x0, 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(0x0, 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x2000042, &(0x7f0000000280)={[{@resgid}, {@discard}, {@noblock_validity}, {@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@stripe={'stripe', 0x3d, 0x2e}}, {@resgid}, {@sysvgroups}, {@norecovery}, {@nodelalloc}]}, 0x11, 0x4e5, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPDvjOPtryzJAodlJXZX7KJ0BbWTDd1GHEqREJwqUcq9hMSJojhxFDttE1UoFXeQEAIkuHDigsQfgIT6JyCkSnBHBYEQtHDgABh5PC5NsOus6nra5PORXue9Gcff76vlmXkzT54ATqy3I+JKRJQi4r2ImMrXp3npbLtyrfu6Rw/vLHVKEu329b8mkeTreu+V5MtzEbEfEacj4mtfifhm8v9xm7t764v1em07b1dbG1vV5u7ehbWNxdXaam1zfn7ug4VLCxcXZkfSz+mIuPylP/7guz/78uVfffbW72/8+fy3OmlN5tuf7Mcodbtezv4veiYiYvt5BCtAKV+WB2z/TmmMyQAAMFTnHP+jEfGp7Px/KkrZ2SkAAABwnLS/MBn/SiLaAAAAwLGVZnNgk7SSzwWYjDStVLpzeD8eZ9N6o9n6zEpjZ3O5O1d2Osrpylq9NpvPFZ6OctJpz+VzbHvt9w+15yPitYj4/tSZrF1ZatSXi774AQAAACfEuUPj/39MZeP/U0XnBQAAAIzY9NBX/OQjY0kEAAAAeG6Gj/8BAACAl53xPwAAABxrX716tVPavedfL9/c3Vlv3LywXGuuVzZ2lipLje2tymqjsZr9Zt/GsPerNxpbn4vNndvVVq3ZqjZ3925sNHY2WzfWDjwCGwAAABij196697skIvY/fyYrHa8UnRQwFsmQ7dlDQh7kjT+MISFgbEpFJwAUZqLoBIDClItOACjcsOsAAyfv/Hr0uQAAAM/HzCcG3/93bQCOt7ToBACAsXP/H06u8sEZgBeLywQoyrDnez77/f92+0MlBAAAjNxkVpK0kt8LnIw0rVQiXs0eC1BOVtbqtdl8fPDbqfKpTnsu+8tk6JxhAAAAAAAAAAAAAAAAAAAAAAAAAKCr3U6iDQAAABxrEemfkuzX/CNmpt6dPHx94JXkn1PZMiJu/fj6D28vtlrbc531f3u8vvWjfP37RVzBAAAAAA4+3j+iN07vjeMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJQePbyz1CvjjPuXL0bEdN/4b53OFqejHBFn/57ExBN/l0REaQTx9+9GxOv94iedtGI6uln0i3+mwPhpRJwbQXw4ye519j9X+n3/0ng7W/b//k3k5VkN3v+l0dv/lQbsf149Yow37v+iOjD+3Yg3Jvrvf3rxkwHx3zli/G98fW9v0Lb2TyNm+h5/kgOxqq2NrWpzd+/C2sbiam21tjk/P/fBwqWFiwuz1ZW1ei3/t2+M733yl/95Wv/PDog/PaT/7x6x//++f/vhx7rVcr/459/pf/x9fUD8ND/2fTqvd7bP9Or73fqT3vz5b958Wv+XB/T/8eff50DbiXn+iP1/79q3HxzxpQDAGDR399YX6/Xa9stYSeOFSKOASunl/uD6Vk69GGmodCtF75kAAIBR+99Jf9GZAAAAAAAAAAAAAAAAAAAAwMk1jp8TOxxzv5iuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81X8DAAD//w502Uw=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185902, 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=37.595204431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program crashed: KASAN: use-after-free Read in ext4_ext_remove_space
simplifying C reproducer
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program crashed: KASAN: use-after-free Read in ext4_ext_remove_space
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program crashed: KASAN: use-after-free Read in ext4_ext_remove_space
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program crashed: KASAN: use-after-free Read in ext4_ext_remove_space
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
testing compiled C program (duration=37.595204431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat$cgroup_ro-write$binfmt_script-open-mount-open-mmap-openat$hwrng-preadv
program did not crash
reproducing took 27m55.673785678s
repro crashed as (corrupted=false):
EXT4-fs error (device loop0): ext4_ext_check_inode:500: inode #17: comm syz-executor233: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
EXT4-fs error (device loop0): ext4_ext_check_inode:500: inode #17: comm syz-executor233: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
==================================================================
BUG: KASAN: use-after-free in ext4_ext_rm_leaf fs/ext4/extents.c:2594 [inline]
BUG: KASAN: use-after-free in ext4_ext_remove_space+0x3da3/0x4e10 fs/ext4/extents.c:2932
Read of size 4 at addr ffff8881190014a8 by task syz-executor233/287
CPU: 1 PID: 287 Comm: syz-executor233 Not tainted 5.10.232-syzkaller-00746-g49e8ba0a684f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118
print_address_description+0x81/0x3b0 mm/kasan/report.c:248
__kasan_report mm/kasan/report.c:435 [inline]
kasan_report+0x179/0x1c0 mm/kasan/report.c:452
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308
ext4_ext_rm_leaf fs/ext4/extents.c:2594 [inline]
ext4_ext_remove_space+0x3da3/0x4e10 fs/ext4/extents.c:2932
ext4_ext_truncate+0x17f/0x200 fs/ext4/extents.c:4465
ext4_truncate+0xb19/0x1220 fs/ext4/inode.c:4366
ext4_evict_inode+0xf07/0x1730 fs/ext4/inode.c:290
evict+0x526/0x9c0 fs/inode.c:612
iput_final fs/inode.c:1736 [inline]
iput+0x632/0x7e0 fs/inode.c:1762
dentry_unlink_inode+0x2ea/0x3d0 fs/dcache.c:378
__dentry_kill+0x447/0x650 fs/dcache.c:583
shrink_dentry_list+0x38a/0x4e0 fs/dcache.c:1146
shrink_dcache_parent+0xc9/0x340
do_one_tree+0x28/0x4a0 fs/dcache.c:1627
shrink_dcache_for_umount+0x7d/0x120 fs/dcache.c:1644
generic_shutdown_super+0x66/0x320 fs/super.c:447
kill_block_super+0x7e/0xe0 fs/super.c:1469
deactivate_locked_super+0xad/0x110 fs/super.c:335
deactivate_super+0xbe/0xf0 fs/super.c:366
cleanup_mnt+0x45c/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x129/0x190 kernel/task_work.c:189
exit_task_work include/linux/task_work.h:33 [inline]
do_exit+0xc83/0x2a50 kernel/exit.c:863
do_group_exit+0x141/0x310 kernel/exit.c:985
__do_sys_exit_group kernel/exit.c:996 [inline]
__se_sys_exit_group kernel/exit.c:994 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:994
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f9c46383b69
Code: Unable to access opcode bytes at RIP 0x7f9c46383b3f.
RSP: 002b:00007ffffe425be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9c46383b69
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007f9c46402150 R08: ffffffffffffffb8 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000246 R12: 00007f9c46402150
R13: 0000000000000000 R14: 00007f9c46404f80 R15: 00007f9c46348a60
Allocated by task 129:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:430 [inline]
__kasan_slab_alloc+0xb1/0xe0 mm/kasan/common.c:463
kasan_slab_alloc include/linux/kasan.h:244 [inline]
slab_post_alloc_hook+0x61/0x2f0 mm/slab.h:583
slab_alloc_node mm/slub.c:2947 [inline]
slab_alloc mm/slub.c:2955 [inline]
kmem_cache_alloc+0x168/0x2e0 mm/slub.c:2960
vm_area_dup+0x26/0x270 kernel/fork.c:366
__split_vma+0xbd/0x420 mm/mmap.c:2860
split_vma+0x7c/0xd0 mm/mmap.c:2919
mprotect_fixup+0x582/0x860 mm/mprotect.c:474
do_mprotect_pkey+0x731/0x990 mm/mprotect.c:622
__do_sys_mprotect mm/mprotect.c:647 [inline]
__se_sys_mprotect mm/mprotect.c:644 [inline]
__x64_sys_mprotect+0x80/0x90 mm/mprotect.c:644
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Freed by task 129:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x4b/0x70 mm/kasan/common.c:45
kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370
____kasan_slab_free+0x121/0x160 mm/kasan/common.c:362
__kasan_slab_free+0x11/0x20 mm/kasan/common.c:370
kasan_slab_free include/linux/kasan.h:220 [inline]
slab_free_hook mm/slub.c:1595 [inline]
slab_free_freelist_hook+0xc0/0x190 mm/slub.c:1621
slab_free mm/slub.c:3203 [inline]
kmem_cache_free+0xa9/0x1e0 mm/slub.c:3219
vm_area_free+0x52/0xf0 kernel/fork.c:386
__free_vma mm/mmap.c:179 [inline]
put_vma mm/mmap.c:186 [inline]
remove_vma mm/mmap.c:204 [inline]
exit_mmap+0x431/0x560 mm/mmap.c:3381
__mmput+0x95/0x2d0 kernel/fork.c:1153
mmput+0x59/0x170 kernel/fork.c:1176
exit_mm kernel/exit.c:539 [inline]
do_exit+0xbda/0x2a50 kernel/exit.c:850
do_group_exit+0x141/0x310 kernel/exit.c:985
__do_sys_exit_group kernel/exit.c:996 [inline]
__se_sys_exit_group kernel/exit.c:994 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:994
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
The buggy address belongs to the object at ffff8881190014a0
which belongs to the cache vm_area_struct of size 232
The buggy address is located 8 bytes inside of
232-byte region [ffff8881190014a0, ffff888119001588)
The buggy address belongs to the page:
page:ffffea0004640040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119001
flags: 0x4000000000000200(slab)
raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100188600
raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 129, ts 4765381737, free_ts 4763796740
set_page_owner include/linux/page_owner.h:35 [inline]
post_alloc_hook mm/page_alloc.c:2456 [inline]
prep_new_page+0x166/0x180 mm/page_alloc.c:2462
get_page_from_freelist+0x2d8c/0x2f30 mm/page_alloc.c:4254
__alloc_pages_nodemask+0x435/0xaf0 mm/page_alloc.c:5348
allocate_slab mm/slub.c:1808 [inline]
new_slab+0x80/0x400 mm/slub.c:1869
new_slab_objects mm/slub.c:2627 [inline]
___slab_alloc+0x302/0x4b0 mm/slub.c:2791
__slab_alloc+0x63/0xa0 mm/slub.c:2831
slab_alloc_node mm/slub.c:2913 [inline]
slab_alloc mm/slub.c:2955 [inline]
kmem_cache_alloc+0x1b9/0x2e0 mm/slub.c:2960
vm_area_dup+0x26/0x270 kernel/fork.c:366
__split_vma+0xbd/0x420 mm/mmap.c:2860
__do_munmap+0x412/0x8c0 mm/mmap.c:2986
do_munmap mm/mmap.c:3040 [inline]
munmap_vma_range mm/mmap.c:638 [inline]
__mmap_region mm/mmap.c:1822 [inline]
mmap_region+0xa31/0x1cd0 mm/mmap.c:3063
do_mmap+0x800/0xeb0 mm/mmap.c:1649
vm_mmap_pgoff+0x201/0x390 mm/util.c:543
ksys_mmap_pgoff+0x16f/0x1f0 mm/mmap.c:1700
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__x64_sys_mmap+0x103/0x120 arch/x86/kernel/sys_x86_64.c:86
do_syscall_64+0x34/0x70
page last free stack trace:
reset_page_owner include/linux/page_owner.h:28 [inline]
free_pages_prepare mm/page_alloc.c:1349 [inline]
free_pcp_prepare mm/page_alloc.c:1421 [inline]
free_unref_page_prepare+0x2ae/0x2d0 mm/page_alloc.c:3336
free_unref_page_list+0x122/0xb20 mm/page_alloc.c:3443
release_pages+0xea0/0xef0 mm/swap.c:1103
free_pages_and_swap_cache+0x8a/0xa0 mm/swap_state.c:356
tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:240 [inline]
tlb_flush_mmu mm/mmu_gather.c:247 [inline]
tlb_finish_mmu+0x177/0x320 mm/mmu_gather.c:326
exit_mmap+0x306/0x560 mm/mmap.c:3375
__mmput+0x95/0x2d0 kernel/fork.c:1153
mmput+0x59/0x170 kernel/fork.c:1176
exec_mmap fs/exec.c:1040 [inline]
begin_new_exec+0xb8d/0x2380 fs/exec.c:1287
load_elf_binary+0x945/0x2750 fs/binfmt_elf.c:1001
search_binary_handler fs/exec.c:1726 [inline]
exec_binprm fs/exec.c:1767 [inline]
bprm_execve+0x81b/0x1600 fs/exec.c:1843
do_execveat_common+0x959/0xac0 fs/exec.c:1954
do_execve fs/exec.c:2024 [inline]
__do_sys_execve fs/exec.c:2100 [inline]
__se_sys_execve fs/exec.c:2095 [inline]
__x64_sys_execve+0x92/0xb0 fs/exec.c:2095
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Memory state around the buggy address:
ffff888119001380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888119001400: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff888119001480: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
^
ffff888119001500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888119001580: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
==================================================================
EXT4-fs error (device loop0): ext4_free_blocks:5685: comm syz-executor233: Freeing blocks not in datazone - block = 269380761873296, count = 206
EXT4-fs error (device loop0):
final repro crashed as (corrupted=false):
EXT4-fs error (device loop0): ext4_ext_check_inode:500: inode #17: comm syz-executor233: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
EXT4-fs error (device loop0): ext4_ext_check_inode:500: inode #17: comm syz-executor233: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
==================================================================
BUG: KASAN: use-after-free in ext4_ext_rm_leaf fs/ext4/extents.c:2594 [inline]
BUG: KASAN: use-after-free in ext4_ext_remove_space+0x3da3/0x4e10 fs/ext4/extents.c:2932
Read of size 4 at addr ffff8881190014a8 by task syz-executor233/287
CPU: 1 PID: 287 Comm: syz-executor233 Not tainted 5.10.232-syzkaller-00746-g49e8ba0a684f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118
print_address_description+0x81/0x3b0 mm/kasan/report.c:248
__kasan_report mm/kasan/report.c:435 [inline]
kasan_report+0x179/0x1c0 mm/kasan/report.c:452
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308
ext4_ext_rm_leaf fs/ext4/extents.c:2594 [inline]
ext4_ext_remove_space+0x3da3/0x4e10 fs/ext4/extents.c:2932
ext4_ext_truncate+0x17f/0x200 fs/ext4/extents.c:4465
ext4_truncate+0xb19/0x1220 fs/ext4/inode.c:4366
ext4_evict_inode+0xf07/0x1730 fs/ext4/inode.c:290
evict+0x526/0x9c0 fs/inode.c:612
iput_final fs/inode.c:1736 [inline]
iput+0x632/0x7e0 fs/inode.c:1762
dentry_unlink_inode+0x2ea/0x3d0 fs/dcache.c:378
__dentry_kill+0x447/0x650 fs/dcache.c:583
shrink_dentry_list+0x38a/0x4e0 fs/dcache.c:1146
shrink_dcache_parent+0xc9/0x340
do_one_tree+0x28/0x4a0 fs/dcache.c:1627
shrink_dcache_for_umount+0x7d/0x120 fs/dcache.c:1644
generic_shutdown_super+0x66/0x320 fs/super.c:447
kill_block_super+0x7e/0xe0 fs/super.c:1469
deactivate_locked_super+0xad/0x110 fs/super.c:335
deactivate_super+0xbe/0xf0 fs/super.c:366
cleanup_mnt+0x45c/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x129/0x190 kernel/task_work.c:189
exit_task_work include/linux/task_work.h:33 [inline]
do_exit+0xc83/0x2a50 kernel/exit.c:863
do_group_exit+0x141/0x310 kernel/exit.c:985
__do_sys_exit_group kernel/exit.c:996 [inline]
__se_sys_exit_group kernel/exit.c:994 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:994
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f9c46383b69
Code: Unable to access opcode bytes at RIP 0x7f9c46383b3f.
RSP: 002b:00007ffffe425be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9c46383b69
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007f9c46402150 R08: ffffffffffffffb8 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000246 R12: 00007f9c46402150
R13: 0000000000000000 R14: 00007f9c46404f80 R15: 00007f9c46348a60
Allocated by task 129:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:430 [inline]
__kasan_slab_alloc+0xb1/0xe0 mm/kasan/common.c:463
kasan_slab_alloc include/linux/kasan.h:244 [inline]
slab_post_alloc_hook+0x61/0x2f0 mm/slab.h:583
slab_alloc_node mm/slub.c:2947 [inline]
slab_alloc mm/slub.c:2955 [inline]
kmem_cache_alloc+0x168/0x2e0 mm/slub.c:2960
vm_area_dup+0x26/0x270 kernel/fork.c:366
__split_vma+0xbd/0x420 mm/mmap.c:2860
split_vma+0x7c/0xd0 mm/mmap.c:2919
mprotect_fixup+0x582/0x860 mm/mprotect.c:474
do_mprotect_pkey+0x731/0x990 mm/mprotect.c:622
__do_sys_mprotect mm/mprotect.c:647 [inline]
__se_sys_mprotect mm/mprotect.c:644 [inline]
__x64_sys_mprotect+0x80/0x90 mm/mprotect.c:644
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Freed by task 129:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x4b/0x70 mm/kasan/common.c:45
kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370
____kasan_slab_free+0x121/0x160 mm/kasan/common.c:362
__kasan_slab_free+0x11/0x20 mm/kasan/common.c:370
kasan_slab_free include/linux/kasan.h:220 [inline]
slab_free_hook mm/slub.c:1595 [inline]
slab_free_freelist_hook+0xc0/0x190 mm/slub.c:1621
slab_free mm/slub.c:3203 [inline]
kmem_cache_free+0xa9/0x1e0 mm/slub.c:3219
vm_area_free+0x52/0xf0 kernel/fork.c:386
__free_vma mm/mmap.c:179 [inline]
put_vma mm/mmap.c:186 [inline]
remove_vma mm/mmap.c:204 [inline]
exit_mmap+0x431/0x560 mm/mmap.c:3381
__mmput+0x95/0x2d0 kernel/fork.c:1153
mmput+0x59/0x170 kernel/fork.c:1176
exit_mm kernel/exit.c:539 [inline]
do_exit+0xbda/0x2a50 kernel/exit.c:850
do_group_exit+0x141/0x310 kernel/exit.c:985
__do_sys_exit_group kernel/exit.c:996 [inline]
__se_sys_exit_group kernel/exit.c:994 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:994
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
The buggy address belongs to the object at ffff8881190014a0
which belongs to the cache vm_area_struct of size 232
The buggy address is located 8 bytes inside of
232-byte region [ffff8881190014a0, ffff888119001588)
The buggy address belongs to the page:
page:ffffea0004640040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119001
flags: 0x4000000000000200(slab)
raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100188600
raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 129, ts 4765381737, free_ts 4763796740
set_page_owner include/linux/page_owner.h:35 [inline]
post_alloc_hook mm/page_alloc.c:2456 [inline]
prep_new_page+0x166/0x180 mm/page_alloc.c:2462
get_page_from_freelist+0x2d8c/0x2f30 mm/page_alloc.c:4254
__alloc_pages_nodemask+0x435/0xaf0 mm/page_alloc.c:5348
allocate_slab mm/slub.c:1808 [inline]
new_slab+0x80/0x400 mm/slub.c:1869
new_slab_objects mm/slub.c:2627 [inline]
___slab_alloc+0x302/0x4b0 mm/slub.c:2791
__slab_alloc+0x63/0xa0 mm/slub.c:2831
slab_alloc_node mm/slub.c:2913 [inline]
slab_alloc mm/slub.c:2955 [inline]
kmem_cache_alloc+0x1b9/0x2e0 mm/slub.c:2960
vm_area_dup+0x26/0x270 kernel/fork.c:366
__split_vma+0xbd/0x420 mm/mmap.c:2860
__do_munmap+0x412/0x8c0 mm/mmap.c:2986
do_munmap mm/mmap.c:3040 [inline]
munmap_vma_range mm/mmap.c:638 [inline]
__mmap_region mm/mmap.c:1822 [inline]
mmap_region+0xa31/0x1cd0 mm/mmap.c:3063
do_mmap+0x800/0xeb0 mm/mmap.c:1649
vm_mmap_pgoff+0x201/0x390 mm/util.c:543
ksys_mmap_pgoff+0x16f/0x1f0 mm/mmap.c:1700
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__x64_sys_mmap+0x103/0x120 arch/x86/kernel/sys_x86_64.c:86
do_syscall_64+0x34/0x70
page last free stack trace:
reset_page_owner include/linux/page_owner.h:28 [inline]
free_pages_prepare mm/page_alloc.c:1349 [inline]
free_pcp_prepare mm/page_alloc.c:1421 [inline]
free_unref_page_prepare+0x2ae/0x2d0 mm/page_alloc.c:3336
free_unref_page_list+0x122/0xb20 mm/page_alloc.c:3443
release_pages+0xea0/0xef0 mm/swap.c:1103
free_pages_and_swap_cache+0x8a/0xa0 mm/swap_state.c:356
tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:240 [inline]
tlb_flush_mmu mm/mmu_gather.c:247 [inline]
tlb_finish_mmu+0x177/0x320 mm/mmu_gather.c:326
exit_mmap+0x306/0x560 mm/mmap.c:3375
__mmput+0x95/0x2d0 kernel/fork.c:1153
mmput+0x59/0x170 kernel/fork.c:1176
exec_mmap fs/exec.c:1040 [inline]
begin_new_exec+0xb8d/0x2380 fs/exec.c:1287
load_elf_binary+0x945/0x2750 fs/binfmt_elf.c:1001
search_binary_handler fs/exec.c:1726 [inline]
exec_binprm fs/exec.c:1767 [inline]
bprm_execve+0x81b/0x1600 fs/exec.c:1843
do_execveat_common+0x959/0xac0 fs/exec.c:1954
do_execve fs/exec.c:2024 [inline]
__do_sys_execve fs/exec.c:2100 [inline]
__se_sys_execve fs/exec.c:2095 [inline]
__x64_sys_execve+0x92/0xb0 fs/exec.c:2095
do_syscall_64+0x34/0x70
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Memory state around the buggy address:
ffff888119001380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888119001400: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff888119001480: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
^
ffff888119001500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888119001580: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
==================================================================
EXT4-fs error (device loop0): ext4_free_blocks:5685: comm syz-executor233: Freeing blocks not in datazone - block = 269380761873296, count = 206
EXT4-fs error (device loop0):