Extracting prog: 4m7.161624533s
Minimizing prog: 10m5.630208692s
Simplifying prog options: 4m19.152256575s
Extracting C: 1m17.316298018s
Simplifying C: 0s


extracting reproducer from 65 programs
testing a last program of every proc
single: executing 15 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): epoll_create1-close-openat$procfs-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-epoll_wait
detailed listing:
executing program 0:
r0 = epoll_create1(0x0)
close(r0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_wait(r1, &(0x7f0000000380)=[{}], 0x2, 0x1000)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$IPCTNL_MSG_TIMEOUT_NEW-mount$incfs-syz_mount_image$ext4-syz_init_net_socket$bt_hci-ioctl$sock_bt_hci-syz_init_net_socket$bt_hci-bpf$MAP_CREATE-prlimit64-sched_setscheduler-getpid-sched_setaffinity-recvmmsg-socket$inet-bind$inet-creat-lsetxattr$security_capability-sendto$inet
detailed listing:
executing program 0:
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x80)
mount$incfs(0x0, 0x0, 0x0, 0x1208000, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000100)={[{@errors_remount}, {@jqfmt_vfsv0}, {@nojournal_checksum}, {@orlov}]}, 0x2, 0x564, &(0x7f0000000980)="$eJzs3U1vG0UfAPD/OnHf0udpKpUKOKBIPVBU6jQJL0XiUI4IKirBvViJG1Vx6ip2qiZUoj3QCxdUISFEJcQH4M6x4gvwKSpBpQpVERy4BK2zTt3GjuPErV38+0nbzuyOM/P37oxnPbYcwNCaSP/JRbwSEd8kEUeajo1GdnBio9zaoxuz6ZbE+vqnfyaRZPsa5ZPs/7Es83JE/PpVxKnc1nqrK6sLxXK5tJTlJ2uLVyerK6unLy8W50vzpSvTMzNn356Zfu/dd3oW6xsX/v7+k3sfnv36xNp3Pz84eieJc3E4O9Ycxx7cbM5MxET2nOTj3FMFp3pQ2SBJ+t0AdmUk6+f5SMeAIzGS9Xrgv+/LiFgHhlSi/8OQaswDGvf2PboPfmE8/GDjBmhr/MnGeyNxoH5vdGgteeLOKL3fHe9B/Wkdv/xx9066Re/ehwDo6OatiDgzOtp+/Nu9Mzso83Qdxj94fu6l8583W81/cpvzn2gx/xlr0Xd3o3P/zz3oQTVtpfO/91vOfzcXrcZHstz/6nO+fHLpcrmUjm3/j4iTkd+f5rdbzzm7dn+93bHm+V+6pfU35oJZOx6M7n/yMXPFWnEvMTd7eCvi1Q7z36TF+U+fjws7rON46e5r7Y51jv/ZWv8p4vWW5//xilay/frkZP16mGxcFVv9dfv4b+3q7zr+l/YU7hbp+T+0ffzjSfN6bbX7On488E+p3bGJJFs07fL635d8Vk/vy/ZdL9ZqS1MR+5KPt+6ffvzYRr5RPo3/5Intx79W1//BiPh8h/HfPna7bdF+X/9p/HNdnf/uE/c/+uKHdvXvbPx7q546me3Zyfi30wbu5bkDAAAAAACAQZOLiMOR5Aqb6VyuUNj4fMexOJQrV6q1U5cqy1fmov5d2fHI5xor3WNNn4eYyj4P28hPP5WfiYijEfHtyMF6vjBbKc/1O3gAAAAAAAAAAAAAAAAAAAAYEGNbv/+/+TPWv4/0u3XAM+cnv2F4dez/vfilJ2Agef2H4TWa9LsFQL94/Yfhpf/D8NL/YXjp/zC89H8YXvo/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NSF8+fTbX3t0Y3ZND93bWV5oXLt9FypulBYXJ4tzFaWrhbmK5X5cqkwW1ns9PfKlcrVqelYvj5ZK1Vrk9WV1YuLleUrtYuXF4vzpYul/HOJCgAAAAAAAAAAAAAAAAAAAF4s1ZXVhWK5XFqSGNDEgcFoRtvE6GA0Q6KbRD4iOpTp98gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/9GwAA//8xqDPL")
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448e1, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000a00)='./bus\x00', &(0x7f0000000a40), &(0x7f0000000a80)=@v3={0x3000000, [], 0xffffffffffffffff}, 0x18, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, 0x0, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_RAW_TRACEPOINT_OPEN-prlimit64-sched_setscheduler-getpid-sched_setaffinity-socketpair-sched_setscheduler-mmap-fcntl$lock-gettid-sigaltstack-rt_sigqueueinfo-bpf$BPF_BTF_GET_NEXT_ID-bpf$PROG_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD_XDP-bpf$PROG_LOAD-userfaultfd-ioctl$BTRFS_IOC_BALANCE-socketpair$unix-connect$unix-recvmmsg-bpf$MAP_CREATE_CONST_STR-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_clone-wait4-socket$igmp6-sendmsg$inet6
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
socketpair(0xb, 0x6, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000002000)={0x1})
r1 = gettid()
sigaltstack(&(0x7f0000000080)={&(0x7f0000001200)=""/4096, 0x0, 0x1000}, 0x0)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x5, <r2=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = userfaultfd(0x1)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, &(0x7f00000004c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2600, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x80000000, 0xfffffffffffffffc)
r6 = socket$igmp6(0xa, 0x3, 0x2)
sendmsg$inet6(r6, &(0x7f0000000600)={&(0x7f0000000380)={0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0x34}, 0x23}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000540)="caf2bfbda429baf1c08cd6bb940d78759cfebc76a26df3d218463e24940c48fbc483e6a360230962bd418744353b8279737c1eb98026ef910d2f59e2029aafaae382cd487a05f6de797738c38a6806bdce28e47dc9e0d1e8ab2a5f182086a2b3b55fb38eeab42eed3c37d86b4f684abe619b15aaceb4242779bc81844072dff6b30a6e62db2ca18d4b59071731cf6c51f2bc24c25aee76a99360", 0x9a}, {&(0x7f00000008c0)="e79909d453bffeddf8e839d269ff112b28cce8110fce806470047bdf57f649654737998cfe77900507795c55719cae5d69f093a74225cbb228f77b692f3cae0b0cbd8656a2eb0f97868b99ae7be538080be7458d4f53e053035883ae565c5821ef6fbedd5cd56d6a8382f7215f5fb507e515dae1b5a1df1fcbd18e13decf141bb1d0980e061c2cef7ad6372ff8ee674d09d2739da02bc1fff8d7e6940f424c857a2e0163a796827c9460ae86fc625de91e4072d1e7765ffb5df68f66df3a7822eff5ba4423fcc34541c22c2cda0b9a2354ac84e6aa00123492996947", 0xdc}, {&(0x7f00000009c0)="054b95c4b270c1239162461238fd95e49a7e225abc46aefe6f91edc59614cc6d9306d485d416de953d8a52ca757174c6276134a5429b2725677f4436e32a4b23cf258f41541ffe78f9390480879d8e9cf51701667646060b7422befd18d71deb94f133a32b4b03b15321cc579dc7ea9a7f16e4fec2ebf5f1464b34424daa65cf7cc382175609336590afa5efead96d046233df2087c576e856993049fa2436a03e9296da1ae394de9507186050fb48eedf0ad2a35d1622fe0d36c0f23d79da467826f0b4414ddeaa7cec276feb", 0xcd}, {&(0x7f0000000ac0)="dc04bbffa32a683daf367594700e7784b580b80b6591a41a89b64fb61c3d9bce859b6591b9019a9e303814db726afea0a76c4f7108cd4e61353ef556abceb0770887c50840d129414981f4544192e0977e492806dd898f2803666f663cced756d59ac4a2adb893a8750e73fdf4d589954cc915ea04f62a12da956c816dbb959a8b19e4f0dc69cacc2c1e607d3d0821cf0fd40db471e4a9e23715af0a5720ef4fbb004325604f0e5da0caca60b85680c782191fb85181e9d2e92f8407ab4cbc90", 0xc0}, {&(0x7f0000000b80)="9326248997d6942b8446e023d24b9acd6b1efe557bf0d0f685ba96d394092e263d1c3faf47068c83828f8ca953fa9d9029454825ba8498d06f6e23b2e252606c7e03952d31aed56fd5c547a401af4bc2985b7897d2c0322e96f3d0c47e69cb5a99c00671c3e65a446295eb51b68056337397d52e8919076f43d361d24ca979dfec12338f4e590c248966ed1b36f2368928afd753a5d6a92f7a51a4efc9b5bebcfaed54e98a86faf6d6467747", 0xac}, {&(0x7f0000000c40)="5508c6a97cd9e9383b9fd70070ade9f94efb9505085fa573ffb4eeaf899ae620de97619d8d5c2e7330997bd2ecbc4d312fcafb1fe3197425da461e248e83568f86173c3ee54be8f29540d22d1ca729b7be625478a750522e666831f7708bb6878a01b3259c82d0db15b322d57d18ea4c0043b2250aca9eaece0f5dd88267853dd2518920f10368d3e4204a79272969de9b52143a396c05b9db1d19d4f22ea6d477c38736fabee153c45aaf324b07358e6b4a5dd261ee6cf07b28bb2a70021000a5757d55e506cbfeba945d", 0xcb}], 0x6, &(0x7f0000000d40)=[@dontfrag={{0x14, 0x29, 0x3e, 0xd8e9}}, @rthdrdstopts={{0x38, 0x29, 0x37, {0x21, 0x3, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @hao={0xc9, 0x10, @private0}, @enc_lim={0x4, 0x1, 0xa0}]}}}, @hoplimit={{0x14}}, @hopopts={{0x60, 0x29, 0x36, {0x5c, 0x8, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @pad1, @ra={0x5, 0x2, 0x6}, @calipso={0x7, 0x18, {0x1, 0x4, 0x0, 0x9, [0x78d0, 0x8]}}, @hao={0xc9, 0x10, @private0}, @ra={0x5, 0x2, 0x9}, @ra={0x5, 0x2, 0x9}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@local}}}, @rthdr_2292={{0x68, 0x29, 0x39, {0x21, 0xa, 0x0, 0xff, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, @local, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0xffffffac}}, @dstopts_2292={{0x110, 0x29, 0x4, {0x2e, 0x1e, '\x00', [@generic={0x9, 0xed, "f70172285c0742df4eb8252f4c273d68c86332a0977d91ce32339d77ca41aa428997ecd4fd0d239c8ac0876ad664e97752689ee710ced1530dd80b3ad30597a102f98a49b34e51bf627636be8ebe7a31373dc1b42d9deb924e814a200730d4ce517c3ed9af7458d4904969cf6e90faaadf1831b667228ce1a95741567a485d43fd4592a5ebead5340ae231704d479270a5088928fd5455cd853746fe6498c623c91ff4e338e961b48140e70fdc224991f8247d895831c049c1242f989fd518c8abd3d8f6bc31b6800d9d19171b252029c27025613d15cee176bad28f5cf0c12f7223f9dd4ca9d09395fbc88985"}, @pad1]}}}, @rthdr={{0x48, 0x29, 0x39, {0x73, 0x6, 0x2, 0x0, 0x0, [@private2, @mcast2, @rand_addr=' \x01\x00']}}}], 0x2c8}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-bind$inet-syz_open_dev$loop-ioctl$LOOP_SET_DIRECT_IO-syz_open_dev$vcsa-setsockopt$inet6_int-openat$incfs-sendfile-signalfd4-readv-openat$procfs-signalfd4-ftruncate-openat$dir-writev-ioctl$EXT4_IOC_GROUP_ADD-io_uring_setup-setsockopt$packet_fanout-syz_clone-capset-syz_genetlink_get_family_id$nl80211-ioctl$ifreq_SIOCGIFINDEX_team-sendmmsg$inet-syz_open_dev$mouse-bpf$BPF_PROG_TEST_RUN-ioctl$TIOCL_GETKMSGREDIRECT-setsockopt$bt_l2cap_L2CAP_OPTIONS-socket$packet-getitimer-fcntl$getflags
detailed listing:
executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0xc, 0x8d86)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x3, 0x200)
setsockopt$inet6_int(r2, 0x29, 0xb6, &(0x7f00000000c0)=0x401, 0x4)
r3 = openat$incfs(r2, &(0x7f0000000100)='.log\x00', 0x8000, 0x82)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8)
r4 = signalfd4(r0, &(0x7f0000000140)={[0x3]}, 0x8, 0x0)
readv(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/253, 0xfd}, {&(0x7f0000000280)=""/219, 0xdb}, {&(0x7f0000000380)=""/30, 0x1e}], 0x3)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/slabinfo\x00', 0x0, 0x0)
signalfd4(r5, &(0x7f0000000440)={[0x8]}, 0x8, 0xc00)
ftruncate(r3, 0xa68)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80000, 0x8)
writev(r6, &(0x7f00000015c0)=[{&(0x7f00000004c0)="3250f05d3aaf5839f41904a432ee67fbfc420d82045afb585f117e2276131e0763e58f5ba426f101ad3c5a3927dbaef84741084705d079a50703aa66e3a4ef953ffeede6fc180c272adb649e05f016cd202c13794226fb3610316564c0a37a7489ec211448366cd66040497a815f1e4b317085aea4ca3561ecc8a5c391f8212ca5fe4838a9ad2aeb1f1169db1776b580e6795342717e8b3de44a521d2dc08f7641608883e8b01d10df37ec0e3f2ebc6911c30dbb42882eb4d8319cffb0c3f943bd46503e93267b89176e97aa20994c3b85cf475d8445c8c2be783d07a85ee031ce87bb6d8655081c1c3426589b1558f75908072371009837c4f22b4a8dd80d8b5dc12a59d25deae43bb17e72c392a8af5826260b50f455fb015c49605ad2959ee1b2cb9e737d59c666320e13cf9221fbd4fd7e485a609201c19c87b24dee6d3bb72e84bf95e90e1dd5a3e6a6904a2566a2d4063cd7e07d02ed93d9b1f2b3bfdb1d4d28f08dc84ffae458248cfd8ed9f80ced08e6fad246d7ac41ec3a2a488085495b058539b83b375a7e6d2af6e182a354a8fa7d951da84c60fddfb026d82ac7e2e8511a9a7b5c39c8a963ecf479f6a1015a2165bc2676e33dc504d0ace3a630e68476b412852595e7b1b958c8a8aacc019a6d8ee2b932bc269e287c6aed3b1692ce499cad946a7aeb61e40d471f38e1c2bd18867d8b933054219062591bc1e5ce6b3799050b69d7ef181fec48402fe8f70de0de90d74c96b8b747029b774b7f18e26641e0b1f74476a19d4e2b76ca58f8f7e48bcc850f5ef65019dd67238651357401055ca323239b6f131f3727dcaab72c7bdfcfb47d480a028f7e7f2f9657b7923241ec301a711bf2370b9f59afbb1d2ad02c4a8820ae0c637a9aa01b953ddd9b48ac0cecd4f413077a1315d840c7c651a30b55b35d433b04e550cfe677c1a2418ff696a245d327c49ce4a13da54bf4f662934096b16d6b2e0d248f6eed808d236f6a9c29fdd623873f862fcb2ed8a06b331a7f48e7125e8c744b51e9d450cb49d3163b0da552cd8f793ff31f6d228fe610bb1a38d24fc53d7f12cdd79579424a4000379b9b73684030cf901585d3a8db26792233bf41098c18d0af4184ed2f484c73040c6163045061689be8b2d14e5f3fea87a974b5bdb4a846ac0ba898e0b3656ae0d4a22b931ca9b5f3c01adf5a3d987206f5dae816c6baa0f745b33a6be2854e3db998b9f98875531128dfee7edd9e8236412b1bce655291de34f7906de9c944a9a44f86e01b76492dc2176a3a5ce3a20c9fed95909ab9c8028313f7f64a1138f463d133e621ab759bf54c1996a87e66d713a4336601758e986019c3981ce7ef5b8f9096c58fbb0ab26966f96d9609693de200aa1810c26aceaf507734a6f16dd3ba7f4190cbb76b2cd38d28f8c5c76834e35a054fac40a0181de6500be000ab3677729bf8292a738bc47897d464b0fd27ad7ed9396d10dcb237456c571f9039fe48c9a6f3c2e5e0785a0e85879dd62f2d37c887022dcdcb55d7fe449f98fcec7ff2245f16a2c1f066e5ed6a55f93ae3f57405f64d237e03d0b4a5e94b91d79e7e6fcdca0136b302e1272dab484bc116268a4f5170418b11ca5da7f7d1e51f7f332d86a2bd6cb47d08a88df088527495cab90246d7faf8de6cb4134ddf3b61404530c28804a4b9f1f0df2dcb24712ae0ec72acdb3676a02ba5314d04acc8ea6a97f185c0259e0d15e7471b36ee684832777c3e9cf93f2a5b2547a64495b642165511d713b19223d8420f7717c9d7b1462030feba45761c8651a4952f6a87bc5d0a79b781c9ec91e1debd68db476d744141e8e4ddc9064dbae2794506bb43cf4c262484a26078f340a8e110e6d88b390f81e65a2733670e36ca4daadacf5ab4113cd28a95177c6cc0ebc2fa8e2bb05416255241e99d96b48fc7fc5f30b596f9717e91e86d367df20f1856874ec4720afad23db0d6561907624365145df394bfc62387ee54a1d2a927f97c2ef65710cfa728a8e3435665b26089b1416ea4eebc556a6ce4956280b0ec9e87946e8b78ae68352019d94ebe44b136a31999aeaabf6799852ca663abc9b1538420cbe24b4b20acc30d54267730ec49dfd78920b7adf2d6c7021fb87088571d3db1e0a079594fb542a767ae6a5a265b56066d61db0fa5aaf164e4dcf1ecb77c9ebd2cd8e8ee9371afad1d833f7a2941f78001f72e5cd0d1d17eaa6d8410ff234873b29cc5ad0c2e26cf9cb222e3c1f0f959448cc9f80cca0027ebf3ead33b095775a2a096c3e8f596d7da42581c84ded213056e2c5b8b8e97ed3a12c8093f533f9433946593211ffd6a21da475aa5475ec2df6d55ab09429be3a4983bfa7fbd52eb9cfacac3ecfdeb0ff0816f9efffef7c1cd8f53fd4f9a4c08f9e618551846761b9767ded1b1ca706232b8e18380a04370dfff62162cd702ea1a1002c026d9644f61e56fc1e5f1e9d69ce8efbc940efa7cf1b002ca7f4d3265cac0daf53895d7cf5fdb954d77acd90dd919b14ef50c318a911b02b99f7f78cbab0b675c4b0588222bde8bbcfc1856cc9a5b7c1c91e9c9a26af4c2538584f66fd2bb905562715d2e6f6a4061d44c0f6e77e997e03647ca8c0869dfdb021e053a802fd6fa25d06710231c3d0f183dc8bb6d610f7124df9f86e0295cf3ce61ac18a1c6d439fb4247ad5a72e36d9c737275b7405f82ebb999464f7663b1ba46a3a0ca9ace87038657459a6aa7642cef9cc3170ca771c4cc672dbaf7aedcffbe8780266cee2f8ac2f885ec7ee36a23a1db35a6909aa71c14a5a6d12d61505042b3dd99afabf19cd728923551095de86988d841341764048beec143f6a435e46ddf3e786f9216b5103cf1d30280a9f2273076bc30733b7fe9d645734e98eab8e3916f705aca9ded7ca09f1509ca6aefc098521a6a501992ee1f22d0d69ef2558244fd3045242d7016099584b640e20048914a954aeb7d9f4148e74e261733389b4f2e26e872effd74f8ab2d81c32e9145c56de8eb8afd557cd7d471fe2be3ba0aa2ad985e4dc7edc29ccb5ec917ef647d0fca9be141fd7bf2c348a589cfb33e6ef11ce23c515fa6342c4ce2142370e0e1154053ed7d8f78fcdf9cd26363b32e2d1788b701dfe27b1c4209cd50ba96d2969661c37f89730e5cd5fef419d96ef8ba8f16486e99dafb5ca8d83b36c1826f4eacd4b8e10a5039fa9908ff8afd139f844d2c717c2f972257768abc0db99133cf7cd0c0e70e9114acd20a8027ffcf443f302a5cd4858b81f6056dad521f4ab52846c32851dd4a3e31ed809e781ff641f1aab3621c2b76f2f63e81073f9784e43f58e1e51f01b83b6b92fb458780bf3032ae5c0b704024127611a8c3e4748edf11a92948d83768fb2ffe89c6303a62ad091171795047d502de9e03b3fdba28fb11d73c08147bdfb0b76507c0211d9d745bede1862c36a36fd92132b3e5eaa3004edc69067a1c88a671c134b5c1ef268ee61b956f29e7a360df0d02b80f737cf1f7e984e9c67303c11ba22333294488f87fae372897b884b5560a3070d88675e16b304656a7f1859394a2f84f9fe87bc912ef776f86690dd790403373a6ee2a023c48643818edf364898431816aeab950bb50a33cae1798530d32be88639222711f75d6baf67ca2a0269cd79b0ea2708d6806df72d443792267c322d2a8d50760cacaece87a813002e1b88177ac757cf1c47dd0507735b7c9775c66fdc63173e761a96a8c7eabbf0ee8bc84f65bce2c7270811983127524e49cce1493919a2922465b2bdbca69d9c322016fd951f010aa400e07822c41ebf5ba4ceabd01031de506a6832c72a9d6e5b7c07059ca19223f4f7c035279691afc9f1ceeb678ef816c53540481f9263d1f37b47e01e4f32e8693a481e3378e61c65ee601ec4b19a9060749491969953477799eafb93f8bc5e3d3871382a80798b9c0e0850c730fc95cde524264ec16e109b62d1297d65a1d571ac4ff6617fa690fa79351813c01bc50e61c1322c52225f4290b27d861d28bdd0036bd4454d177ff49ffd80d5d9112bf3a3dbfc07c247c74bb6fc2acd0bb758cadf63c681711a387796b748f313ea84c6e953db85f094a639b82dc8dfc9675b2178b053f110a2cb5145669d716a58454b833aa6b615db455d11d6d8cb287dc1bcdfabe4806415cd002a308af71d6d54f0321f42784e57d5688b692713ec134509362b1f36c96bb4cf6608354cd59f834e879c5db89e16549fb29e31ff1da9d8a7dc4ce54c8ce291cbe3b687cbb0def3f5dd0ac955f173f182c65a72309e88d04f3e9cf764f0c040d98ab5295a4e38c13c03d8e8d9f30ad097bf49546fc9a9eaf7874c26c4c8f76c116b9e5220b524b14419eaec6d91bbc84b2cac67bc6c5fa3bfe1e45abdb4ad77bfe5a7cff5fd7b4f60d478c6536d9650ba2424f77f6d85a25aeb1ac46298afc0db4efe2689bfabeb1d4112f55560b762d0caaedde79eb8e639c12d1eccff75d58965a0a40201f079528ed46fcbbb4ab5352ebf1787a8732ed5b97a67eaedb7f1b19f4f01561bae7a6e6b9e239c936443d88831bb524eec79acdd4726b5d3baef4b2eeb358a2b2a895f9feee309e2ba5a4097b57df23facb69b602fcd851aec502170fbc74b91bfde3e6a9a098bea2924c1d2d15ba6ccbb82f4d6552d9d74a0cf9651623a82627ce94ab7615421f25f1bcce08051caec722dc90c38f07f6b92d4c256aab0e367d06f2047cf5bb9389afae7595baca1539d9dfb9c382e6543be21a6bb4b612946fcb02854837ae4010c1511aae14bc8b24bb877e21ca346cce9325ec274ec287bf353978f016995c0b94b33bc787b8c2b951d876d3784750bf1b1dc05d2c2ae0353b7580b035970ef5ec8664bd326c12abfc07cbe5329ace33b4f5522af84e098c466c2a1a5823a32b4f3b8adba1c0d1d646959d2221f94b6dbebda9fc124cf3cd3a352f0b8dd174a89f4a768f7cb0ee1765c020ff3e003acae1b9fa72526d84a74f839c606d5e350504971f859b6efb9636cbdea5f1a7da1a7394ef26dc8790411bbb51428dd7bf54a194aff78762695b7762f65c6a81d8db72e81d525dd276a6fc0a55569f19e85c02287608899ce9d40883b7d2d0be89bda56ee9dd1176d7047837b06658e1fd93540e8012d7c0fa2274bfeb54be87ba441e59fc6d43b89f17387bc50cae696519d80e1a816e4b5c266fadae3a5c6229d3ccab6c20e9920b0ecd9377249952620c44cde787d8f2efda703993c55b10e1e671ebe0e0bc9144c7a10a4f574a6974333f5637a2a2ef2764b2f41ed76082ad9f39042b6d443cba90881aa7cc777805c19aca6897db8b378231d74801f85cc9d20035a481d09cd0f6ac8dae67fbfab5e61e33a4ebeaccf4b795aa1b43de1c39b5201d8c109afd28e33c1c84c0debbdd1e58fb180adb017557dbe990c4adea126e49548363502a1511f07061e58d08ad7e7f7c63743280cc4110b20c522ef0c7ae5e1a37327c42b7e7b8ef2c576b8e611c09c39bff987e428f34c69d0240302c098db924a3bafee7c9b61f360197deadac01ec620289f180c1f3c93f5514a5229266fd78c590a4c96318732aa3f6f0ebd881424027eafecbe5ee8756fa0aed8d4526af829e996c61bbddf582cb739b21a3378c99f49c47b6ff4f202b198cb63707582b7d86642aae5d9e2ae53470bc8d415274cbb22607f50c69feed1f13c73820de5a2894c1bbc173f7b1877d980752b55864f3d6eee348cdfe7772e102ca2d69db705e9d3af4593b23c0c47466824889f0abf82dd06c", 0x1000}, {&(0x7f00000014c0)="da3fa6ba2a289cdc01f82a57cfceaf8d0af51d962292b1b8c0e3ff143f417ad2116f9fe6c7d38e3779eeb5e2b6281bc5ac137ab064f6cb467e9fd2a178d9eeb296951efe46a9d4b0f8ea788628bf5e4b86082adaff85cd9e3db1ac0623595e2bad7ca08270b920941e3fbfd400987ccc4820df6ffc0125badd", 0x79}, {&(0x7f0000001540)="7978d1e6cf46fa627fad91476b20529ec203441d9eedafdb0781e154a6c1595e948fd67ac84a40522ee03ffc34f9dcad3b5eef7b142cda82f2d00f1672adebd1c1501e0a4c644296998f5aecbe95b4443216c39fe023867176d37ceec6e20086b1", 0x61}], 0x3)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000001600)={0x7, 0x3a, 0xc, 0x63, 0x6, 0x521})
io_uring_setup(0x1d63, &(0x7f0000001640)={0x0, 0x1f8e, 0x200, 0x3, 0x1d3, 0x0, r4})
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f00000016c0)={0x1, 0x3}, 0x4)
r7 = syz_clone(0x40000, &(0x7f0000001700)="ec6dce2121a102d61b3549cf8c9209a830ee389cf8", 0x15, &(0x7f0000001740), &(0x7f0000001780), &(0x7f00000017c0)="40a141a82fd99b4ecf37ab6040f1108344186031c11327b289c39bb655e26ab8d0e051380abaa12ddf08110e9b784a7b58455d45f5b0cae21f00dbe12c5f3683cd2efd52b9ba6a417fa584370d8e373d909a24699234f05a328172119c2de67fb31017044af6db2e74ffbbfa2b70647b6de86c74282f56eb7eaf1d2551392ee1f71e31f90904665c74827e55973d98772c3bbef735157508e2845573f559ce3f445f96665b7640b97e57dfca1d8ed85a8f780249b10e53a4f4cd144df8da333097e4b134667a627a35c705886220799fcddc12927d8b555674df730ac2e1ff5ea7a339d5f04ade109e02794102c8f35b9548ab0da53df8e1d9a89e258e0521b5411896075a3f2c79d17cbe26b28aad742868bd075543534cb3c502f1dedfc4b1fb1d0713c7563126f832974caf3f5bf0e0903f9cbf13e57b2c65d5b04c4d25509fb1a489f272504c52d82070006c1f0b8365aac99bd999d93d80cb3f15139099b7096c0b39d92f52dadf13b97dbc808542b75435a237a5b636f6e00fa1edcac310fcbfe63c7370a9195fee1a594a15db1d560ead0d36dee94e459295c844296a397d5ac9439a580ca272df42328a0e13715a2236477efdb12f52d3cd91008f5f0c26aab0d428f1e21ee291b5863d8a9b6241ce8a813638acf13334c59b7521060127e842d315b04c6b95600126db1f69e9a4ffc2f69601fdcf8ac5e0859b9baaeae74831e3b02b7340cd3b8682d0babd9a77079e88d3aac5147e6d80021764304b972684e74535ea36ccdcebc46d1a937c5833124a1dca0a035d336715b305d5ec602a87770ac9fa689a33f7d1ed4ffc6cd4fb7315857bf97d4011bc6893de5fadc50edaa336276910e9e00b302596d5b2183a2d1e608bb8157696689ce774516693ef5fef436585bf47057c88eb6922096d42b49707558fa9f5411b7990cee3091aa8c76778775d8ed37d9f24ff82b9045de6ecfe33f58a8e15837b70190ac223885f6d2c22ad72b1eb4dff3ef57bfd48789ad2df2a1370913c07e2eeb41e81ba943ad78ee892ac2e7088cb0334ed4e42c01e1d57491d93d1c108565af51a64c8800a5b39364f8054af55e36f5ef62b22ed30f94037552040551b3360b50151a14cab6d19eb4ee08d1a07cfa17cb7320d5d29a30f3d9caacaa9d79ecdc4ccc136b52e235c282e680c7c9e362f080e9a1d976ecfc470eba2a206c0c2fdf2a3911502dc56b241fe4c753b66c347160706c76acc631ef782da2f13dbbfebf5d792f2b92b0183508784ebadc345a8f7d855e1a52fae72d5be92ea95f751c9ae3c08d3adf73526e853a768ca654187999b5249b4e444a00151b5de591392b3b49839c371691fc52e86d06aa1cf0138f09e4c7978be01a5d2d9e36891fbeeec08b98bfa075fd74650d32dcf8056612d04903bd7c841480e6cd1e1f1c10550102c9e26cb9c8a62b8af55c005b0033be169088bbfebb651da37e87fd2287ce6e3febe0252cd9d042231197302d10aa271eb5164926fd62da451974013c1e0a344c382b959f5a0fdb9c089073f2aaafe7aed2db565367824ba5d25fef2d25c23d2cbb3f98265c95180f0e32b70de8c4393b7b03d081ca065295d0713cbe3bc68dbac47539eedefb4a853e2b9a70bff9f2d058853eb26cb751f4d5b8be11e14d8f8adccc4b50c2ca7b93bcf262d1e8dc93f19aaa8ddce210cbaa2e1d1e87986ced465f84917578f877ac86a629fbe6544b749894b51fd9e878051e79b47000a6be8ac4204e069d8ad440a57982b6e0e83d9552ac2f93dbcf6de9bdf7d23119bd0f2fce79a568090a9c085c95fb56e602a5093e6a284b1898995ae3ae3d5892c7454ec2b2c141e58e37487a9996b1f27badc5efc077beda07d2f36a1aab00ab4f856906c0bf8cc47641536fec6b19c8de3d73211c5797713f846d7535bc8488105f39451f6357092b25a0add7aad47b5cb82c8f7d6e6b25f0989d51023808b12edf89409518ab48ab950783e942ed3b25de593de54b1c791fef144feac627faacd64f9c7bf09194a279d4db66807805543e00648ea5c23dbf118a4de722dede08bbce2aac0abba24d44eb9ee570c4e3dcee4dc6cbfb4e4baad7ffda39a757a7e50398edc7c047cff22d708d5d2480a45b263c10123a910184a82039d412d22bfd831165efd70f172e3de32424847895323698d4e314f3ac430ab123ba8b9c80113dee9cca914edd14fb71c7ea485a48a6465f239a4a5d21ffdb54d6a122b660d14c395eaf70fdac5e6cd0264712b076be1fde7cb44d43a1555d1e618f087b7ed9e0f7558dc6204d9cba79c97590bcb83626efc1f10e1ecc26ce94389b0a22a2e98ca40cb49a384b7823aa24912f58a2d83d84af89bc160e22e0be8b952560e76f720684c374951c44bbf7b4c3dd70d7e24ba91ae2df6813d0485c34ca93a64a4270f94ffca5025755ce1fbcf4e50b93074426c1fb3dd4c204e3256cdba3bc9b7197a2b300aada398630161b64ba6751aab56c1e2c7a3cff21e703393b7f15de23e5f3086b72fd6b7d1865229ca5fbbecfef1dcbf3ccc91fd2c85c0032bc1ce57278862d76688dec23ff91674da671e0cb85d68341ea6b27551a09fb7c6a590107311a7f6190d7d8063080ce6968139e9e76aed57e434cbd0a382ad808783c7d75edee48222c464e4d5db9b46ce5fe8e13e31f618dc8deb8d6f7ae2806ce33840d84f9928332e3acf36f393dcf4d0cae50af7c74846374402e6b8dc4df91da98384134556f16808c5f76509af6aeee3f14e29322dc6af5c490a2213d61486581272b90c88e49d8834980f633df9f0ef3026f0066ae67daf2efe32f11f50d962a729084cbea968680670c771ebfb8ded279cac597fe1d13fa28aa8ff0d19ca51427ea41d80ebe0eef7906c279b9b3746a0c344a81be2db0bc7cf7564c456b74046a9e09c9d6af6f1664ce674181079ff9d3b04f5228b4a438c413d9cb0ea55e56f464739e5399ba6d54c5a767100d0ea42743513caa02a25c80366a54e14b840121bfdc9ebc8d5a6afaed6c5f5c710d6ea41eb2c16d15d89958fe71743ff9660fcc027fe9f2cc95f3b458bf98706106e9ca5ca883ecd054e3785835ea6075adedea89fe2bf5720fc2bd0e91c4e7800898b806cdf892a2c7d5e96de7ef93721dc8101c4820e90ca8928f1a7b96de2e00abb816ed81c6ad15ff41edc9914e0231e87fb67bb4f0e6a353169a17b0414db06e67f7301e77f0a4a97115980c3410904e54704f891c933958a6106f43de4264976fc10534a776c1ef37d53b9d0d5ffdb6eb05744726b085168a8cb45b21510e8b48915004f7ab7164099a2b42f53da3118186734ffcf2ee3a78ea2f4e7565f6f91c507290089098dc54680ed2e635db228a2a4bbcafa76e1f64e55906faecfa53f03f8bc05b75ad3d3346fdaf0b79567fe73a3c3939fb01fc88ea65cf1aa1ea31959295c1c46df3eb1dce443bf2c9621e2ad4cc1a24b4b86b23f916af4274144c54895f7c7f323f19fad7d69a4d140d8e76965ee014e8f11523a31254c5820021ab3f7dc5e9c7c58f9a3d42825501a20e20a1b970b4ba4a195e8b1b88de4aa08297fc2af0287526c1bea46ee7521bd5e8bf9c5c9f34f88cf42fc1b09eab124fa530f7a32be40267ca0ac74dd08c33d39bb2f099938e8ffa1b702e191b2c0c530025eb6c12bf01b37509a9aea958c77b712bdd5d3aab7e3bd87070a8dafbc4101cec471e616d00fd06e4f8eb00db2a7a2ee36e38814e177001d326d1b8865a9fe756d4abf9ea6063db16cb31ae727ef154e209f9527fca9c020baa987eb69b733a30268c54edee23d61052a564647908de961930e95b8ecb58b0b5256448f17d89517c01762cc71138919e4e07ead685360c21180bf9d9ad29f76727330b5a82b1ad3967bbf5fd725a13a517525e3b91cc342b1970928fbb79d859c5b2e36bfb7c5ad9359651199dc26194758c0e8c288b0c961810622837d3d0407956776aa48dff7d94ef420cde666207b15400c8ea6fc179188c288ca4f6e4866e1bfe9cef8bb290725030a47f3bf939bf571d5df4d2b691a06d095254da0f1169efe71935e3785bfbc53b4017acfe188cdcfb8c12649d3bd02b0496699327444cb9534fb1e9ffe892eff81ff6a7e71eb3df1884118aecdb2bd2ba6f76ee67db1662ff70fa39e6421ef10de13ea59c36ed8dac59bcf4b0a3768957dc189cb04f912ada6b62153f18a93989e45b1fb0cf880b9a241407b39d38b11d8ae6861dea9548e4d53a857587f173819716e070f51622bc61ca69fbd96291a707fa0b44796431f4386d276ec9ecedde967ac9382c85c87c458a164126f36a5b0974b1cb8833c80012d87d145c028752a13232aba6eab67a84e92b245e5db9d843120219845c76e600fa859f3f4f0243ee1c3f242708b32da09b003d6c11371a8abdddc714b29d91bde09ccee191c8d23024137e7e08bc0bcd01e57fd4fb30cdb844377eaea737ff4b31436c3067b43d6c60646a6514d8fd26eb64da898c216fe23b76c5f029dfeb6b84376658eddad46dd4709806747f2a6af21617338cba6f39b9af263501d951cc76994bcf14d38a44d2fd95ab407c45548a55737799f750f9f63e3682781e663a0b7adc5f97131181660d415f8907b7e62a1c9f6eea613e2da9129b1973ccce2f9c0a90783e407fdade0a6df9edd8aafd1703309fb3486ca9ef3b7e6d80ceb9f9dedb92529d10216c32065019801eae9548d4ae3c680c510fcb3999d2e9f600fd3686548c0a53a74aad25a720d6baa277dd2ea0b8bfd1920f67e488f9d9ec2f191cf5e962f26250b84d1f623c90c129ba48fd22e70203f10a03f463e7c47016b05af15314b44d3d9c2ea64f2002b7f0d9aaf2bc84bc8040e25344fac8811365dcb29e054ce9bcc5ef2e24a07547473de03e3ad916b5f73d3937e381f1f66b88504e7a721308b80a86d6a7c7a3120d65743103c52bfa1979f3e7fa31d25493cbf73e7a4e1657921757a1ed4cfa6180a287b4f84608224182887fcdd857b27888a220006eae5fe8426cc34549789720267b244cae06f1961c98779e4a0f14b8341d02562be9d93d3cb7c9affb06691ae2ddf18278db03ba9b17f25ff0e55274e3d91abe5c9faff9a367f04c3eaff5a657db57226fb72db15b9145e19f1b62cae31f9f3be88d968e780cc890011eb25631a93f6e1cdccd4d6bc57a08a7a60490d3f2376d59357e54a5333cbfab4eae3ef50fdb7f4fb0ce8c904fae382aab96e8b8eb5f4a320b87007e6d21776bf38baec400eceffa1683f43783bcf5396312d9051e7d0d2c6adf8827614cb6618abdf2288a45ce4f6d43c6705ece55566edb0148a6b79d442ce03785da68526f56bb51caa76c08f3ca47c78442ce67dd76ca4cfc26cf2b4133e306bf66f907d45cc6ece38ac83733eb68cf220c1be98a5b51f8ec9d04701bb2ea8bdaff961d399a7b6a1cce6285cdc5e12a3732f600327324df44fe58dde21ffe153c011533af89fd0a6b1df5ba2d4700ee175c8a8b55a27cb3c5f3d5f7aaae07ad9c399ba3db7ce41dc80a22cfcb9bd5f338674846fd81ed6c401084d1b0a9fcfeb9addbca2237c4a3362cc6e599b141df64607cd6829534bf3c3b96200b5a0465d73d754569015649508619f002e1dd290fd641aa6145efbac7d0f6d652fc88d4ac84a32f21ca243c934e1b9fe42e7ec0923b65a0ae260ad4b2738ba8d303ba71629f050d755926dbdae3a97411f0bd3129d91f531af06a113e7d457155dd770da6b2776eed14be082d2a61a832072b103ff")
capset(&(0x7f00000027c0)={0x20080522, r7}, &(0x7f0000002800)={0xe6b, 0x4, 0x3, 0x2, 0x2, 0xfffffff7})
syz_genetlink_get_family_id$nl80211(&(0x7f0000002840), r5)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000002a80)={'team0\x00', <r8=>0x0})
sendmmsg$inet(r0, &(0x7f0000002bc0)=[{{&(0x7f0000002880)={0x2, 0x4e21, @private=0x4}, 0x10, &(0x7f0000002a40)=[{&(0x7f00000028c0)="ada91d3f3ecc2932efa4073feac34244603c7e5a2f035183aca504eb994d902baf207435d66acd04a3192fdacb4649816abfddca", 0x34}, {&(0x7f0000002900)="88c50eb238549aaf54754acab86883b9c8a936df5e7391b60072d2f0450dbcc4968efc1f28d99705525d87652c923ac1164074f13b32049e4aa169d4ad5366b082edabb64c552831403ceeb10ef4c650fd48df2cb59a1904ac100d72fb91c41efc73a3ddb7fa9013b9e4b508b46a69f2e122b5d4f87d9d1be9163a7a0d1fffdc3269a278e03018f52818cadbc05c7dcd0d9830054a79e0303c2145e0a42679d916e24aae5068c5d522ee815692e9afff8eecd543c6ad3ecec4b3030edb9b4e0fffe262547d2b91b10e79", 0xca}, {&(0x7f0000002a00)="a624ee61074b2523fc14c514f66b41c2f55e5af30336a6c36d9281f13dc1101802e5a41d69d502e049abf0045a0f249b67245e1c", 0x34}], 0x3, &(0x7f0000002ac0)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@noop, @end, @generic={0x88, 0x2}, @generic={0x89, 0x7, "241c1d0024"}, @generic={0x0, 0xe, "b0893eee6a79992d0fa8134e"}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @multicast1, @loopback}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_retopts={{0x60, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x1c, 0x29, 0x3, 0x4, [{@private=0xa010102, 0x6}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x2}, {@local, 0x401}]}, @lsrr={0x83, 0xf, 0xac, [@dev={0xac, 0x14, 0x14, 0x22}, @multicast2, @dev={0xac, 0x14, 0x14, 0x13}]}, @lsrr={0x83, 0xf, 0x7c, [@rand_addr=0x64010102, @rand_addr=0x64010102, @broadcast]}, @timestamp_addr={0x44, 0x14, 0xff, 0x1, 0x2, [{@remote, 0x7fffffff}, {@local, 0x2}]}]}}}], 0xc8}}], 0x1, 0x4190)
syz_open_dev$mouse(&(0x7f0000002c00), 0x7f, 0x8080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002fc0)={r2, 0x0, 0xdb, 0xe2, &(0x7f0000002c40)="a49acebc531e5996f1b774c68297b0f59222b92d4d6639599d9829ce395d3ef00966afbd0e479a4d8132cbb518883fac65d145eb3da69127776479ac3b17cda8176da2dc4e675b4223835af805280343f4265e20029459ec0fc694c311c2bf5e1b096349960953730ce0e94a74ab71bfd58ce7237d3b7da3db1f7e99832bef57d57b56e4e3cb4d085f55894e08f680fd60e5b7bcc970f6e2f95e5e069081c984700710d47208584f8acd07689f6daefa5490aa2c2e31875e6ff4bb29bd981e6e8c6de59c373c683eba072f73663811e003ad3a841edd168de505ae", &(0x7f0000002d40)=""/226, 0x5, 0x0, 0x87, 0xa2, &(0x7f0000002e40)="a56aa91e706a6a80d8cb846298b6767b61382df555c8ff776c2ab8fb75488e15ba8c02048ee611a43ada1beaa37c3110d04aea47ff31e000b73dd5e4f42a055271634e1eb18e950ffc529c4bfd69e663d1b52dce726f8cc6308a2450833b1aed1ef03d177bbe88d0d67ff1073457d3d49e4108dc2c1618f3da93ca34708e7fd1893cbc6834e3b1", &(0x7f0000002f00)="f31e340f6bfa204741de867a165a1dbec0581ac6a31b5721b66e66e66090c1755856989ae474dfa64ff8987de759001f1e97733413c11ad0690171a5695e6ae3093e84bebbb4545f39c602516dcca27ea4537cedbdcf3b07537f8112bb85daab8385fd5f75b73bfd73269f3b79a0fde874aa14c15e25d9a534affde4204f1c03811da37e03b2bd2b8ba0789ddc87b60f5ebbeae9300349bd73046809acb37c06b67b", 0x2, 0x0, 0x5}, 0x50)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000003040))
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f0000003080)={0xff4c, 0x7, 0x66d, 0x2a, 0x9, 0x7, 0x3}, 0xc)
socket$packet(0x11, 0x2, 0x300)
getitimer(0x0, &(0x7f00000030c0))
fcntl$getflags(0xffffffffffffffff, 0x3)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-write$binfmt_elf32-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000740)=ANY=[], 0x2ff)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in lo_open
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-write$binfmt_elf32-ioctl$LOOP_CONFIGURE
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000740)=ANY=[], 0x2ff)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-write$binfmt_elf32-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000740)=ANY=[], 0x2ff)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(0x0, 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
program did not crash
simplifying guilty program options
testing program (duration=57.201188635s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program did not crash
testing program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe18948224ad548fac11d875397bdb22d0000b420a1a93c5240f40300dcf2f63c3ba28dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in lo_open
extracting C reproducer
testing compiled C program (duration=57.201188635s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_GET_STATUS64
program did not crash
reproducing took 19m50.887952208s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881f37c8ff8 by task syz-executor/490

CPU: 1 PID: 490 Comm: syz-executor Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
 mutex_lock_killable+0xd8/0x110 kernel/locking/mutex.c:1348
 lo_open+0x18/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x3c8/0x1160 fs/block_dev.c:1581
 blkdev_get+0x2de/0x3a0 fs/block_dev.c:1714
 do_dentry_open+0x964/0x1130 fs/open.c:806
 do_last fs/namei.c:3565 [inline]
 path_openat+0x29bf/0x34b0 fs/namei.c:3683
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f9ae6854a51
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffe456cead0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9ae6854a51
RDX: 0000000000000002 RSI: 00007ffe456cebe0 RDI: 00000000ffffff9c
RBP: 00007ffe456cebe0 R08: 000000000000000a R09: 00007ffe456ce897
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f9ae6a3f260 R14: 0000000000000003 R15: 00007ffe456cebe0

Allocated by task 459:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x2da/0x300 kernel/fork.c:2675
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 10:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10b/0x2c0 mm/slub.c:3096
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x492/0xa00 kernel/rcu/tree.c:2167
 rcu_core+0x4c8/0xcb0 kernel/rcu/tree.c:2387
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881f37c8fc0
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881f37c8fc0, ffff8881f37c9f00)
The buggy address belongs to the page:
page:ffffea0007cdf200 refcount:1 mapcount:0 mapping:ffff8881f5cf0f00 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 0000000000000000 0000000100000001 ffff8881f5cf0f00
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4893
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x109/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 kernel_thread+0x16a/0x1d0 kernel/fork.c:2489
 create_kthread kernel/kthread.c:311 [inline]
 kthreadd+0x3b1/0x4f0 kernel/kthread.c:654
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 free_thread_stack kernel/fork.c:299 [inline]
 release_task_stack kernel/fork.c:439 [inline]
 put_task_stack+0x212/0x260 kernel/fork.c:450
 finish_task_switch+0x24a/0x590 kernel/sched/core.c:3479
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 schedule_idle+0x50/0x80 kernel/sched/core.c:4403
 do_idle+0x609/0x660 kernel/sched/idle.c:288
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:356
 start_secondary+0x3a5/0x460 arch/x86/kernel/smpboot.c:277
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

Memory state around the buggy address:
 ffff8881f37c8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881f37c8f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881f37c8f80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
                                                                ^
 ffff8881f37c9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881f37c9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881f37c8ff8 by task syz-executor/490

CPU: 1 PID: 490 Comm: syz-executor Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
 mutex_lock_killable+0xd8/0x110 kernel/locking/mutex.c:1348
 lo_open+0x18/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x3c8/0x1160 fs/block_dev.c:1581
 blkdev_get+0x2de/0x3a0 fs/block_dev.c:1714
 do_dentry_open+0x964/0x1130 fs/open.c:806
 do_last fs/namei.c:3565 [inline]
 path_openat+0x29bf/0x34b0 fs/namei.c:3683
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f9ae6854a51
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffe456cead0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9ae6854a51
RDX: 0000000000000002 RSI: 00007ffe456cebe0 RDI: 00000000ffffff9c
RBP: 00007ffe456cebe0 R08: 000000000000000a R09: 00007ffe456ce897
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f9ae6a3f260 R14: 0000000000000003 R15: 00007ffe456cebe0

Allocated by task 459:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x2da/0x300 kernel/fork.c:2675
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 10:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10b/0x2c0 mm/slub.c:3096
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x492/0xa00 kernel/rcu/tree.c:2167
 rcu_core+0x4c8/0xcb0 kernel/rcu/tree.c:2387
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881f37c8fc0
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881f37c8fc0, ffff8881f37c9f00)
The buggy address belongs to the page:
page:ffffea0007cdf200 refcount:1 mapcount:0 mapping:ffff8881f5cf0f00 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 0000000000000000 0000000100000001 ffff8881f5cf0f00
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4893
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x109/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 kernel_thread+0x16a/0x1d0 kernel/fork.c:2489
 create_kthread kernel/kthread.c:311 [inline]
 kthreadd+0x3b1/0x4f0 kernel/kthread.c:654
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 free_thread_stack kernel/fork.c:299 [inline]
 release_task_stack kernel/fork.c:439 [inline]
 put_task_stack+0x212/0x260 kernel/fork.c:450
 finish_task_switch+0x24a/0x590 kernel/sched/core.c:3479
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 schedule_idle+0x50/0x80 kernel/sched/core.c:4403
 do_idle+0x609/0x660 kernel/sched/idle.c:288
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:356
 start_secondary+0x3a5/0x460 arch/x86/kernel/smpboot.c:277
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

Memory state around the buggy address:
 ffff8881f37c8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881f37c8f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881f37c8f80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
                                                                ^
 ffff8881f37c9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881f37c9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================