Extracting prog: 20m32.157217289s
Minimizing prog: 16m28.777813428s
Simplifying prog options: 0s
Extracting C: 43.662478395s
Simplifying C: 20m37.235425348s


extracting reproducer from 31 programs
testing a last program of every proc
single: executing 6 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-write$binfmt_format-getpid-bpf$PROG_LOAD-bpf$BPF_LINK_CREATE_XDP
detailed listing:
executing program 0:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x7, 0x4, 0x100, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-sendmmsg$inet6-listen-setsockopt$inet6_IPV6_RTHDRDSTOPTS-accept
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$lan78xx-syz_usb_control_io$lan78xx-syz_usb_control_io$lan78xx-syz_usb_control_io$lan78xx-syz_usb_control_io$lan78xx
detailed listing:
executing program 0:
r0 = syz_usb_connect$lan78xx(0x0, 0xa1, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000800)={0x34, &(0x7f0000000600)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_bcm-connect$can_bcm-sendmsg$can_bcm-sendmsg$can_bcm-sendmsg$can_bcm
detailed listing:
executing program 0:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x5, 0x200, 0x8, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x6, 0x1, 0x0, 0x0, "d79186a4e022ac21"}}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x40)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\a\x00'/13, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000001"], 0x20000408}}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_bcm-connect$can_bcm-sendmsg$can_bcm-sendmsg$can_bcm-sendmsg$can_bcm
detailed listing:
executing program 0:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x5, 0x200, 0x8, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x6, 0x1, 0x0, 0x0, "d79186a4e022ac21"}}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x40)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\a\x00'/13, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000001"], 0x20000408}}, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 31 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5]
detailed listing:
executing program 3:
r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0x8dd3, 0x1, 0x42, 0x235})
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00')
read$FUSE(r1, &(0x7f00000040c0)={0x2020}, 0x2020)
executing program 3:
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x8, 0x1, 0x3d4}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x4, {0x4, 0x1}, 0x8}, 0x1)
executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r0, 0x8008976)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
fstat(r0, &(0x7f00000000c0))
executing program 3:
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000180), 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC")
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="3d46d80f7e2ba80c"}})
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
executing program 3:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000008060001"], 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
executing program 3:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x5, 0x200, 0x8, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x6, 0x1, 0x0, 0x0, "d79186a4e022ac21"}}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x40)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\a\x00'/13, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000001"], 0x20000408}}, 0x0)
executing program 32:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x5, 0x200, 0x8, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x1, 0x1}, 0x6, 0x1, 0x0, 0x0, "d79186a4e022ac21"}}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x40)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\a\x00'/13, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000001"], 0x20000408}}, 0x0)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$tun(r0, &(0x7f00000001c0)={@val={0x70}, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x4e, 0x0, 0x4000, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x3a, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86, "29602ef98255dedb2947149c5a5c1a78addb344a0d34e836716197a6b7b8576f548e"}}}}}}}, 0x60)
executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x23, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x4, 0x2, 0xfffffff4, 0x2}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'erspan0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)
executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x492492492492846, 0x0)
fcntl$setstatus(r1, 0x4, 0x42000)
ppoll(&(0x7f0000000040)=[{r1, 0x8204}], 0x1, 0x0, 0x0, 0x0)
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
executing program 1:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x3, 0x5eb, &(0x7f0000000600)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1Xi+qepyVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk71PGo1GI09LesutE5uXh2b6Hv17DEdPPP7lDccHL5ZWMWDXNZLWZzdQRYn4h4rK+wH5tf3q6+BaKb0SoBsenmkN4KyN/97W2GAMRF9E7H2UxMphnSQitjcy125fRNy/N3n7wr3J27FL43BAsaVbEfGPovhPmvFfj4GoN+O/1hb/ab/gXPacpr+0zfJXDxWLf+ieVvwPrBv/0SH+X0+fb7Zi+I1tll9/vPnmYFv8D273lAAAAAAAAKCy7p6JiP8V/f2/tjz/Jwrm/wxFxOkdKH9k1f7av//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P/1kmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK81bl/Rnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM30XPC312fmNJJuh3pVC86nw3T/T/s2cYL7Wb3M/ubzPJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoN2fAQAA///F/CTd")
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1)
executing program 1:
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4000)
splice(r1, 0x0, r0, 0x0, 0xd9d7, 0x5)
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x6305)
write$FUSE_INIT(r2, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x3, 0xc002e38, 0x7ff, 0x7d, 0x10000, 0xa79, 0x0, 0x0, 0x100}}, 0x50)
executing program 2:
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL")
chdir(&(0x7f0000000340)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/43, 0x2b)
getdents(r0, 0x0, 0xbb)
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
executing program 2:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000100)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, 0x0}}], 0x1, 0x20040804)
sendmmsg(r0, &(0x7f0000001580)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000200)="93", 0x1}], 0x1}}], 0x1, 0x4000080)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0x4, 0x4)
executing program 1:
syz_usb_connect(0x4, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
executing program 2:
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000000)='./file1\x00', 0x4040, &(0x7f00000000c0)=ANY=[], 0x2, 0xc43, &(0x7f0000001200)="$eJzs3U9sHNd9B/DfGy3Fpd1WTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXdSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUlRMiOKEmV9Pjb1nZ19b/e9easZiuCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8euHkqfSwWwEAPEiXxr568rTrPwA8Vi779z8AAAAAAAAAAAAAABx0KYp4KlLMX1pPE9XjjvrFdt+Nm+PDIztXG0hVzUNV+fKrfur0mbNfenHoXDcvtmfvUv9++2y8Pnb5QuOVuevzC9OLi9NTjfHZ9uTc1PSuX2Gv9bc7Xh2AxvU3bkxdvbrYOP3CmS1P3xz8sP/Jo4Pnh5478Wy37PjwyMjYZpF6b/naPTek404zPA5HEScixfPf/UlqRUQRez8W9Qc79tsNVJ04XnVifHik6shMuzW7VD452j0QRUSjp1Kze4x2Houo9T3QPtxZM2K5bH7Z4ONl98bmWwutKzPTjdHWwlJ7qT03O5o6rS3704gizqWIlYhY67/95fqiiFqk+PaR9XQlIg51j8MXq4nBd25HsY993IWynY2+iJXiERizA6w/ingtUvz0vWMxmc8z1bnmCxGvlfn9iHfKfDkilR+MsxEf7PA54tFUiyL+shz/8+tpqjofdM8rF7/W+Mrs1bmest3zSnl9eHv314fbzhQP6fowsC0fjAN+bqpHEa3qjL+e7v2bHQAAAAAAAAAAAAAAAADut4Eo4jOR4tX/+JNqXnFU89KPnB/6w8Ff7Z0z/sxHvE5Z9oWIWC52Nyf3cJ4YOJpGU3rIc4kfZ/Uo4k/z/L+3H3ZjAAAAAAAAAAAAAAAAAAAAHmtF/DhSvPT+sbQSvWuKt2evNS63rsx0VoXtrv3bXTN9Y2Njo5E62cw5kXM550rO1ZxrOaPI9XM2c07kXM65knM151rOOJTr52zmnMi5nHMl52rOtZxRy/VzNnNO5FzOuZJzNedazjgga/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHycFFHEzyPFt76xniJFRDNiIjq52v+wWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlPpTEd+LFI0/at7aV4uIVP3fcaz842w0D5f5yWgOlflyNC/kbFVZa779ENrP3vSlIn4UKfrr794a8Dz+fZ1Htz4G8c43Nx99ttbJQ90nBz/sf/LokfNDI7/xzJ22004NOH6xPXvjZmN8eGRkrGd3Lb/7J3v2Deb3Le5P14mIxTffeqM1MzO9cO8b5UdgD9UfoY1Ue1x6uv8b/RFxAJpx942oHYhmPJy+8xgor/8fRIrfff8/uxf8zvW/Hr/SeXTrCh8/+7PN6/9L219ol9f/2vZ6+fpfXtN3uv4/1bPvpfzdSF8tor50fb7vaER98c23TrSvt65NX5uePXvy5JeHhr585mTf4Yj61fbMdM/WfTlcAAAAAAAAAAAAAAAAAA9OKuL3I0XrR+upERE3q/lag+eHnjvx7KE4VM232jJv+/Wxyxcar8xdn1+YXlycnmqMz7Yn56amd/t29Wq61/jwyL505iMN7HP7B+qvzM2/udC+9sdLOz7/RP3ClcWlhdbkzk/HQBQRzd49x6sGjw+PVI2eabdmq6qjO06m/+X1pSL+K1JMnm2kz+d9ef7/9hn+W+b/L29/oX2a//+Jnn3le6ZUxM8ixe/81TPx+aqdT8RtxyyX+7tIcfzc53K5OFyW67ahc1+BzszAsuz/RYp/+vnWst35kE9tlj216wP7iCjH/0ik+N5ffCd+M+/bev+Hncf/ie0vtE/j/3TPvie23K9gz10nj/+JSPHyU+/Gb+V9d7v/R/feG8dy4Vv359in8f9Uz77B/L6/fX+6DgAAAAAAAAAA8EjrS0X8faT4wUgtvZj37eb3/6a2v9A+/f7Xp3v2Td2f9Yo+cmPPBxUAAAAADoi+VMSPI8W1pXdvzaHeOv+7Z/7n723O/xxO256tfs73a9V9A+7nz/96Deb3ndh7twEAAAAAAAAAAAAAAAAAAOBASamIF/N66hPVfP6pO66nvhopXv2f53O5dLQs110HfrD6s35pbvbEhZmZucnWUuvKzHRjbL41OV3WfTpSrP/t53LdolpfvbvefGeN98212Bcixcg/dMt21mLvrk3+9GbZU2XZT0SK//7HrWW761h/arPs6bLs30SKr//LzmWPbpY9U5b9TqT44dcb3bJPlGW790f99GbZFybnin0YFQAAAAAAAAAAAAAAAAAAAB43famIP48U/3t95dZc/rz+f1/Pw8o73+xZ73+bm9U6/4PV+v+d7YGI6G539t/L+v/VfQWW7/SuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw8ZSiiLcixfyl9bTaXz7uqF9sz964OT48snO1gVTVPFSVL7/qp06fOfulF4fOdfPu9e+3z8TrY5cvNF6Zuz6/ML24OD3VGJ9tT85NTd+lzqEtj375+nd3vDoAjetv3Ji6enWxcfqFM1uevjn4Yf+TRwfPDz134tlu2fHhkZGxnjK1vnt+99ukO+w/HEX8daR4/rs/ST/ojyhi78fiIz47+22g6sTxqhPjwyNVR2bardml8snR7oEoIho9lZrdY/QAxmJPmhHLZfPLBh8vuzc231poXZmZboy2FpbaS+252dHUaW3Zn0YUcS5FrETEWv/tL9cXRbwRKb59ZD39a3/nL0V1HL54aeyrJ0/fuR3FPvZxF8p2NvoiVopHYMwOsP4o4p8jxU/fOxb/1h9Ri85XfCHitTK/H/FOdMY7lR+MsxEf7PA54tFUiyL+vxz/8+vpvf7yfNA9r1z8WuMrs1fnesp2zyuP/PXhQTrg56Z6FPHD6oy/nv7d32sAAAAAAAAAAAAAAACAA6SIX48UL71/LFXzg2/NKW7PXmtcbl2Z6Uzr6879686Z3tjY2GikTjZzTuRczrmSczXnWs4ocv2czTLrGxsT+fFyzpWcqznXcsahXD9nM+dEzuWcKzlXc67ljFqun7OZcyLncs6VnKs513LGAZm7BwAAAAAAAAAAAAAAAAAAfLwU1X8pvvWN9bTR31lfeiI6uWo90I+9XwQAAP//f7f2rw==")
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file1\x00', 0xc3ef0048, &(0x7f0000000500), 0xfe, 0x46d, &(0x7f0000000f00)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQKNbQmQohWD3g0JN6N/4XxpBejXjTxqndDQgwXUC9rZmemLMtu2aXbLnQ/n2S6zzPzdJ/nOzPP7jPz7G4APWsk+5NE/C8ifo+IoTx7a4GR/OHGtYtTf1+7OJVEpfLWX0m13PVrF6fKouX/bcszlUqR39Sg3kvvRkzOzc2cK/Jji2c+GFs4f+GF2TOTp2ZOzZydOHbs8KG9g0cnjnQkziyu67s/nt+z6/g7l9+YOnH5vZ+S/sjjjro4OmUk37sNPd3pyrpse026umOX7fvlZrrRmUA39UVEdrgGqv1/KPpiy/K2oXjts642DlhTlUqlssKr8lIF2MCS6HYLgO4o3+iz699yWaehxz3h6sv5BVAW941iybf0R5on9g3UXd920khEnFj656tsiTW6DwEAUOu7bPzzfKPxXxoP54nB7M//izmU4Yh4ICJ2RMSDEbEzIh6KqJZ9JCIebbP++hmS28c/6ZW7Dq4F2fjvpWJu69bxX1oWGe4rctur8Q8kJ2fnZg4W++RADGw6OZvMjK9Qx/ev/vZFs221479syeovx4JFO670192gm55cnFxNzLWufhqxu79R/EmU0zhJROyKiN13Wcfss/1Nt905/hU0f9qWVb6OeCY//ktRF38paTo/Of7i0YkjY5tjbubgWHlW3O7nXy+92az+VcXfAdnx39rw/F+OfzjZHLFw/sLp6nztQvt1XPrj86bXNG2e/8e3F+f/YPJ2dcVgseGjycXFc+MRg8nrt6+fuPlsZb4sn8V/YH/j/r8jbu6JxyJiT0TsjYjHs4vCou1PRMSTEbF/hfh/fOWp99uPf33mSrP4p+90/KP2+Lef6Dv9w7d3jn9zRDQ7/oerqQPFmlZe/1pt4Gr2HQAAANwv0upn4JN0dDmdpqOj+Wf4d8bWdG5+YfG5k/Mfnp3OPys/HANpeadrqOZ+6Hhxb7jMT9TlDxX3jb/s21LNj07Nz013O3jocdua9P/Mn33dbh2w5jowjwbcp/R/6F36P/SmRP+Hnqb/Q+9q1P8/aVp69Js1bQywrrz/Q+9qof8v5Q/NRwXA/cn7P/Qu/R96UtPvxqer+sr/uif+LX7P8F5pz8ZPRHpPNGPjJ/pb/jGLNhKVobz/Z2s2NSzT7VcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvgvAAD//w3J5b0=")
syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
executing program 2:
r0 = syz_usb_connect$lan78xx(0x0, 0xa1, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000800)={0x34, &(0x7f0000000600)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
executing program 4:
mmap(&(0x7f0000e5b000/0x5000)=nil, 0x5000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
mremap(&(0x7f0000a11000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffa000/0x3000)=nil)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x2, 0x7f, 0x3)
mlock(&(0x7f0000ff3000/0xd000)=nil, 0xd000)
executing program 4:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0)
executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x1)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000b40)=0xe)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00', 0x8}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private2, @in=@rand_addr=0x64010101, 0x0, 0xfffe, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffff235b, 0x0, 0x10000000000, 0x1000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in=@rand_addr=0x64010101, 0x0, 0x6c}, 0x2, @in=@remote, 0x0, 0x2, 0x0, 0xfc, 0xffdffffc, 0x1000000}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 0:
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x1a08050, &(0x7f0000000880)=ANY=[], 0x2, 0x5ae, &(0x7f0000001540)="$eJzs3V9v29YZx/EfHTnRvKEYtiEIgiQ9TTbAAVKHkhsFRq846khmK5ECSRf2VREscmFE7oakA2bfzLkJWmx7CwP6Ina7N7PrYtcbsGkgKXryH0lO7Fpt+v0YLY/FR4fPYQQ+OQwpCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyPGbrltz1AnCjU0zmd+Mo+6U9WV/948spmxXcrL/VK3qRvHSjV/8f/X17H93dav47Zaq2aKq/R9f/+mHP68slO+fktCleLG3/+zJYNB/fsb4ytwzvlhtGwZJFHS9tjVBEpm1RsN9uN5KTCvo2GQrSW3X+LH10ig2y/59U1tbWzV2ZSvaCNtNr2PLFx+/X3fdhvlopWe9OInChx+tJP560OkEYTuPyVZnMY+zD+LHQWpS63WN2d4Z9FdnJZkF1Ubt438AB+NB9Vk91d16vVaR1Hh0dfRBrddrtXq91ni09uix61bcY5S/ZTxi7EPb/lfRx2vudHy/XdShGzi3hVH9V0eBQm1oU+bUH19NxYrUnbB+pKz/v3pop253vP6XVf5G9KNy9U3l9f9O8dudSfVfRtcm5HM5Py+0p3090xMNNFBfz8/X30I5/nmOyWQ79+BskW1ZhQqUKFKgrrz8FaNAVUUyWlNDDbn6VOtqKZFRS4E6skq0pUSpbP6J8hXLylOqSLGMluXrvozyaqtVGVmtaEuRNhSqraa8vJdt7eT7fXVKjodBtbME1acEnSjmJ154rfqPH6SLPYAD5zAs6z8AAAAAAHhrOfnZ92z+v6jbeasVdKw777QAAAAAAMAF+rKVX1/vZPN/SbflTJz/H4xOFAAAAAAAgO8ZJ7/HLpvWL+ndolXeCXV4EmBhvikCAAAAAIBzyv9B/062WMpa78o5Of8/Kf/2s+qlJQkAAAAAAM7ly5nfsZ/0rjl//6fieNF52dv8pbPrZXHe7pXifVeO95i2bmp4rWjnfTUqoy59e8sZffvl4ZdgflMsKhoOp+fhTE2gcjQB553Ru48moD/rvSziH3rvaRH7tFxTbGWpFXTsih91PqzJ895ZSO1m+vvPd/6gfPhfhd0syZ1Bf+U3vx08zXN5mfXycnd0X8SJ2yOm5PJFef7k9ukjXsxvxBhtd8nR9s6g746Pf3RZxomrM6Zs85XuFjF3l4rl0tHxV7Nt1lYmjb7IYlHnHPkr3Sti7i3fKxanZFGfkUW/Pp7FG+2LM2SxOiuL1XNmAQDzsp1/68+pVag8pB+vu29wlNue9beM6dX9jFt5peUiZvlmfmCt3DzliO7OOqK7vc2yMhfV7erU6qYD6fQj+uEzkCbV2Gy7fzncbi0f/dd/lPR1WVVPDD/p1J1sF175Yvd3uv5ib//9nd0nn/U/639er6823A9c91Fdi/kwRgtqDwDgFLOfsTMzwvmgmFUrn1X/Z1gYq3g/G11SUJ4VGOipHuR3G+RXHFR17Uivf/prNhMfuwzhwfFZa0XjFXVYFst/D4fDBzNmdUW/pbPEFo+XAQDgbXJ3vA5Prf+juFPq/4PyVMCEeffRWn78CcGTYmsTMv6K2xEBADgnG3/z39GMvfdpbW2t5qXr1sSR/7GJg2bbmiBMbeyve2Hbml4cpZEfXckanwRNm5hko9eL4tS0otj0oiTYzJ/8bkaPfk9s1wvTwE96Hesl1vhRmHp+appB4pvexq87QbJu4/zNSc/6QSvwvTSIQpNEG7FvV4xJrB0LDJo2TINWkDVD04uDrhdvmU+izkbXmqZN/DjopVHRYbmtIGxFcTfr9uq89zUAAN8VL/b2nz0ZDPrPv8XGvMcIAACOep0qzRVjAAAAAAAAAAAAAAAAAAAAAADMx2Xc/ze78befSPNPY1HSd2Fv0KDxxo2qLqjDWUeOg8s5QAH41vwvAAD//6zgX70=")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000080)=""/109, 0x6d)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
sync()
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r1, &(0x7f0000000b40)=ANY=[@ANYBLOB="5300000007000046009d4063834609532bbcfc85b95499f41b36876d9b0127ecf6067ecd7e4d"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}})
executing program 4:
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7")
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f00000000c0))
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)
executing program 0:
timer_create(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x7, 0x4, 0x100, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 1:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)

program crashed: BUG: Bad page state in z_erofs_do_read_page
bisect: bisecting 31 programs
bisect: split chunks (needed=false): <31>
bisect: split chunk #0 of len 31 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5]
detailed listing:
executing program 1:
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4000)
splice(r1, 0x0, r0, 0x0, 0xd9d7, 0x5)
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x6305)
write$FUSE_INIT(r2, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x3, 0xc002e38, 0x7ff, 0x7d, 0x10000, 0xa79, 0x0, 0x0, 0x100}}, 0x50)
executing program 2:
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL")
chdir(&(0x7f0000000340)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/43, 0x2b)
getdents(r0, 0x0, 0xbb)
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
executing program 2:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000100)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, 0x0}}], 0x1, 0x20040804)
sendmmsg(r0, &(0x7f0000001580)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000200)="93", 0x1}], 0x1}}], 0x1, 0x4000080)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0x4, 0x4)
executing program 1:
syz_usb_connect(0x4, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
executing program 2:
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000000)='./file1\x00', 0x4040, &(0x7f00000000c0)=ANY=[], 0x2, 0xc43, &(0x7f0000001200)="$eJzs3U9sHNd9B/DfGy3Fpd1WTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXdSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUlRMiOKEmV9Pjb1nZ19b/e9easZiuCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8euHkqfSwWwEAPEiXxr568rTrPwA8Vi779z8AAAAAAAAAAAAAABx0KYp4KlLMX1pPE9XjjvrFdt+Nm+PDIztXG0hVzUNV+fKrfur0mbNfenHoXDcvtmfvUv9++2y8Pnb5QuOVuevzC9OLi9NTjfHZ9uTc1PSuX2Gv9bc7Xh2AxvU3bkxdvbrYOP3CmS1P3xz8sP/Jo4Pnh5478Wy37PjwyMjYZpF6b/naPTek404zPA5HEScixfPf/UlqRUQRez8W9Qc79tsNVJ04XnVifHik6shMuzW7VD452j0QRUSjp1Kze4x2Houo9T3QPtxZM2K5bH7Z4ONl98bmWwutKzPTjdHWwlJ7qT03O5o6rS3704gizqWIlYhY67/95fqiiFqk+PaR9XQlIg51j8MXq4nBd25HsY993IWynY2+iJXiERizA6w/ingtUvz0vWMxmc8z1bnmCxGvlfn9iHfKfDkilR+MsxEf7PA54tFUiyL+shz/8+tpqjofdM8rF7/W+Mrs1bmest3zSnl9eHv314fbzhQP6fowsC0fjAN+bqpHEa3qjL+e7v2bHQAAAAAAAAAAAAAAAADut4Eo4jOR4tX/+JNqXnFU89KPnB/6w8Ff7Z0z/sxHvE5Z9oWIWC52Nyf3cJ4YOJpGU3rIc4kfZ/Uo4k/z/L+3H3ZjAAAAAAAAAAAAAAAAAAAAHmtF/DhSvPT+sbQSvWuKt2evNS63rsx0VoXtrv3bXTN9Y2Njo5E62cw5kXM550rO1ZxrOaPI9XM2c07kXM65knM151rOOJTr52zmnMi5nHMl52rOtZxRy/VzNnNO5FzOuZJzNedazjgga/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHycFFHEzyPFt76xniJFRDNiIjq52v+wWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlPpTEd+LFI0/at7aV4uIVP3fcaz842w0D5f5yWgOlflyNC/kbFVZa779ENrP3vSlIn4UKfrr794a8Dz+fZ1Htz4G8c43Nx99ttbJQ90nBz/sf/LokfNDI7/xzJ22004NOH6xPXvjZmN8eGRkrGd3Lb/7J3v2Deb3Le5P14mIxTffeqM1MzO9cO8b5UdgD9UfoY1Ue1x6uv8b/RFxAJpx942oHYhmPJy+8xgor/8fRIrfff8/uxf8zvW/Hr/SeXTrCh8/+7PN6/9L219ol9f/2vZ6+fpfXtN3uv4/1bPvpfzdSF8tor50fb7vaER98c23TrSvt65NX5uePXvy5JeHhr585mTf4Yj61fbMdM/WfTlcAAAAAAAAAAAAAAAAAA9OKuL3I0XrR+upERE3q/lag+eHnjvx7KE4VM232jJv+/Wxyxcar8xdn1+YXlycnmqMz7Yn56amd/t29Wq61/jwyL505iMN7HP7B+qvzM2/udC+9sdLOz7/RP3ClcWlhdbkzk/HQBQRzd49x6sGjw+PVI2eabdmq6qjO06m/+X1pSL+K1JMnm2kz+d9ef7/9hn+W+b/L29/oX2a//+Jnn3le6ZUxM8ixe/81TPx+aqdT8RtxyyX+7tIcfzc53K5OFyW67ahc1+BzszAsuz/RYp/+vnWst35kE9tlj216wP7iCjH/0ik+N5ffCd+M+/bev+Hncf/ie0vtE/j/3TPvie23K9gz10nj/+JSPHyU+/Gb+V9d7v/R/feG8dy4Vv359in8f9Uz77B/L6/fX+6DgAAAAAAAAAA8EjrS0X8faT4wUgtvZj37eb3/6a2v9A+/f7Xp3v2Td2f9Yo+cmPPBxUAAAAADoi+VMSPI8W1pXdvzaHeOv+7Z/7n723O/xxO256tfs73a9V9A+7nz/96Deb3ndh7twEAAAAAAAAAAAAAAAAAAOBASamIF/N66hPVfP6pO66nvhopXv2f53O5dLQs110HfrD6s35pbvbEhZmZucnWUuvKzHRjbL41OV3WfTpSrP/t53LdolpfvbvefGeN98212Bcixcg/dMt21mLvrk3+9GbZU2XZT0SK//7HrWW761h/arPs6bLs30SKr//LzmWPbpY9U5b9TqT44dcb3bJPlGW790f99GbZFybnin0YFQAAAAAAAAAAAAAAAAAAAB43famIP48U/3t95dZc/rz+f1/Pw8o73+xZ73+bm9U6/4PV+v+d7YGI6G539t/L+v/VfQWW7/SuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw8ZSiiLcixfyl9bTaXz7uqF9sz964OT48snO1gVTVPFSVL7/qp06fOfulF4fOdfPu9e+3z8TrY5cvNF6Zuz6/ML24OD3VGJ9tT85NTd+lzqEtj375+nd3vDoAjetv3Ji6enWxcfqFM1uevjn4Yf+TRwfPDz134tlu2fHhkZGxnjK1vnt+99ukO+w/HEX8daR4/rs/ST/ojyhi78fiIz47+22g6sTxqhPjwyNVR2bardml8snR7oEoIho9lZrdY/QAxmJPmhHLZfPLBh8vuzc231poXZmZboy2FpbaS+252dHUaW3Zn0YUcS5FrETEWv/tL9cXRbwRKb59ZD39a3/nL0V1HL54aeyrJ0/fuR3FPvZxF8p2NvoiVopHYMwOsP4o4p8jxU/fOxb/1h9Ri85XfCHitTK/H/FOdMY7lR+MsxEf7PA54tFUiyL+vxz/8+vpvf7yfNA9r1z8WuMrs1fnesp2zyuP/PXhQTrg56Z6FPHD6oy/nv7d32sAAAAAAAAAAAAAAACAA6SIX48UL71/LFXzg2/NKW7PXmtcbl2Z6Uzr6879686Z3tjY2GikTjZzTuRczrmSczXnWs4ocv2czTLrGxsT+fFyzpWcqznXcsahXD9nM+dEzuWcKzlXc67ljFqun7OZcyLncs6VnKs513LGAZm7BwAAAAAAAAAAAAAAAAAAfLwU1X8pvvWN9bTR31lfeiI6uWo90I+9XwQAAP//f7f2rw==")
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file1\x00', 0xc3ef0048, &(0x7f0000000500), 0xfe, 0x46d, &(0x7f0000000f00)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQKNbQmQohWD3g0JN6N/4XxpBejXjTxqndDQgwXUC9rZmemLMtu2aXbLnQ/n2S6zzPzdJ/nOzPP7jPz7G4APWsk+5NE/C8ifo+IoTx7a4GR/OHGtYtTf1+7OJVEpfLWX0m13PVrF6fKouX/bcszlUqR39Sg3kvvRkzOzc2cK/Jji2c+GFs4f+GF2TOTp2ZOzZydOHbs8KG9g0cnjnQkziyu67s/nt+z6/g7l9+YOnH5vZ+S/sjjjro4OmUk37sNPd3pyrpse026umOX7fvlZrrRmUA39UVEdrgGqv1/KPpiy/K2oXjts642DlhTlUqlssKr8lIF2MCS6HYLgO4o3+iz699yWaehxz3h6sv5BVAW941iybf0R5on9g3UXd920khEnFj656tsiTW6DwEAUOu7bPzzfKPxXxoP54nB7M//izmU4Yh4ICJ2RMSDEbEzIh6KqJZ9JCIebbP++hmS28c/6ZW7Dq4F2fjvpWJu69bxX1oWGe4rctur8Q8kJ2fnZg4W++RADGw6OZvMjK9Qx/ev/vZFs221479syeovx4JFO670192gm55cnFxNzLWufhqxu79R/EmU0zhJROyKiN13Wcfss/1Nt905/hU0f9qWVb6OeCY//ktRF38paTo/Of7i0YkjY5tjbubgWHlW3O7nXy+92az+VcXfAdnx39rw/F+OfzjZHLFw/sLp6nztQvt1XPrj86bXNG2e/8e3F+f/YPJ2dcVgseGjycXFc+MRg8nrt6+fuPlsZb4sn8V/YH/j/r8jbu6JxyJiT0TsjYjHs4vCou1PRMSTEbF/hfh/fOWp99uPf33mSrP4p+90/KP2+Lef6Dv9w7d3jn9zRDQ7/oerqQPFmlZe/1pt4Gr2HQAAANwv0upn4JN0dDmdpqOj+Wf4d8bWdG5+YfG5k/Mfnp3OPys/HANpeadrqOZ+6Hhxb7jMT9TlDxX3jb/s21LNj07Nz013O3jocdua9P/Mn33dbh2w5jowjwbcp/R/6F36P/SmRP+Hnqb/Q+9q1P8/aVp69Js1bQywrrz/Q+9qof8v5Q/NRwXA/cn7P/Qu/R96UtPvxqer+sr/uif+LX7P8F5pz8ZPRHpPNGPjJ/pb/jGLNhKVobz/Z2s2NSzT7VcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvgvAAD//w3J5b0=")
syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
executing program 2:
r0 = syz_usb_connect$lan78xx(0x0, 0xa1, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000800)={0x34, &(0x7f0000000600)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
executing program 4:
mmap(&(0x7f0000e5b000/0x5000)=nil, 0x5000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
mremap(&(0x7f0000a11000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffa000/0x3000)=nil)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x2, 0x7f, 0x3)
mlock(&(0x7f0000ff3000/0xd000)=nil, 0xd000)
executing program 4:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0)
executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x1)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000b40)=0xe)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00', 0x8}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private2, @in=@rand_addr=0x64010101, 0x0, 0xfffe, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffff235b, 0x0, 0x10000000000, 0x1000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in=@rand_addr=0x64010101, 0x0, 0x6c}, 0x2, @in=@remote, 0x0, 0x2, 0x0, 0xfc, 0xffdffffc, 0x1000000}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 0:
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x1a08050, &(0x7f0000000880)=ANY=[], 0x2, 0x5ae, &(0x7f0000001540)="$eJzs3V9v29YZx/EfHTnRvKEYtiEIgiQ9TTbAAVKHkhsFRq846khmK5ECSRf2VREscmFE7oakA2bfzLkJWmx7CwP6Ina7N7PrYtcbsGkgKXryH0lO7Fpt+v0YLY/FR4fPYQQ+OQwpCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyPGbrltz1AnCjU0zmd+Mo+6U9WV/948spmxXcrL/VK3qRvHSjV/8f/X17H93dav47Zaq2aKq/R9f/+mHP68slO+fktCleLG3/+zJYNB/fsb4ytwzvlhtGwZJFHS9tjVBEpm1RsN9uN5KTCvo2GQrSW3X+LH10ig2y/59U1tbWzV2ZSvaCNtNr2PLFx+/X3fdhvlopWe9OInChx+tJP560OkEYTuPyVZnMY+zD+LHQWpS63WN2d4Z9FdnJZkF1Ubt438AB+NB9Vk91d16vVaR1Hh0dfRBrddrtXq91ni09uix61bcY5S/ZTxi7EPb/lfRx2vudHy/XdShGzi3hVH9V0eBQm1oU+bUH19NxYrUnbB+pKz/v3pop253vP6XVf5G9KNy9U3l9f9O8dudSfVfRtcm5HM5Py+0p3090xMNNFBfz8/X30I5/nmOyWQ79+BskW1ZhQqUKFKgrrz8FaNAVUUyWlNDDbn6VOtqKZFRS4E6skq0pUSpbP6J8hXLylOqSLGMluXrvozyaqtVGVmtaEuRNhSqraa8vJdt7eT7fXVKjodBtbME1acEnSjmJ154rfqPH6SLPYAD5zAs6z8AAAAAAHhrOfnZ92z+v6jbeasVdKw777QAAAAAAMAF+rKVX1/vZPN/SbflTJz/H4xOFAAAAAAAgO8ZJ7/HLpvWL+ndolXeCXV4EmBhvikCAAAAAIBzyv9B/062WMpa78o5Of8/Kf/2s+qlJQkAAAAAAM7ly5nfsZ/0rjl//6fieNF52dv8pbPrZXHe7pXifVeO95i2bmp4rWjnfTUqoy59e8sZffvl4ZdgflMsKhoOp+fhTE2gcjQB553Ru48moD/rvSziH3rvaRH7tFxTbGWpFXTsih91PqzJ895ZSO1m+vvPd/6gfPhfhd0syZ1Bf+U3vx08zXN5mfXycnd0X8SJ2yOm5PJFef7k9ukjXsxvxBhtd8nR9s6g746Pf3RZxomrM6Zs85XuFjF3l4rl0tHxV7Nt1lYmjb7IYlHnHPkr3Sti7i3fKxanZFGfkUW/Pp7FG+2LM2SxOiuL1XNmAQDzsp1/68+pVag8pB+vu29wlNue9beM6dX9jFt5peUiZvlmfmCt3DzliO7OOqK7vc2yMhfV7erU6qYD6fQj+uEzkCbV2Gy7fzncbi0f/dd/lPR1WVVPDD/p1J1sF175Yvd3uv5ib//9nd0nn/U/639er6823A9c91Fdi/kwRgtqDwDgFLOfsTMzwvmgmFUrn1X/Z1gYq3g/G11SUJ4VGOipHuR3G+RXHFR17Uivf/prNhMfuwzhwfFZa0XjFXVYFst/D4fDBzNmdUW/pbPEFo+XAQDgbXJ3vA5Prf+juFPq/4PyVMCEeffRWn78CcGTYmsTMv6K2xEBADgnG3/z39GMvfdpbW2t5qXr1sSR/7GJg2bbmiBMbeyve2Hbml4cpZEfXckanwRNm5hko9eL4tS0otj0oiTYzJ/8bkaPfk9s1wvTwE96Hesl1vhRmHp+appB4pvexq87QbJu4/zNSc/6QSvwvTSIQpNEG7FvV4xJrB0LDJo2TINWkDVD04uDrhdvmU+izkbXmqZN/DjopVHRYbmtIGxFcTfr9uq89zUAAN8VL/b2nz0ZDPrPv8XGvMcIAACOep0qzRVjAAAAAAAAAAAAAAAAAAAAAADMx2Xc/ze78befSPNPY1HSd2Fv0KDxxo2qLqjDWUeOg8s5QAH41vwvAAD//6zgX70=")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000080)=""/109, 0x6d)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
sync()
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r1, &(0x7f0000000b40)=ANY=[@ANYBLOB="5300000007000046009d4063834609532bbcfc85b95499f41b36876d9b0127ecf6067ecd7e4d"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}})
executing program 4:
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7")
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f00000000c0))
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)
executing program 0:
timer_create(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x7, 0x4, 0x100, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 1:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)

program crashed: BUG: Bad page state in z_erofs_do_read_page
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5]
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private2, @in=@rand_addr=0x64010101, 0x0, 0xfffe, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffff235b, 0x0, 0x10000000000, 0x1000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in=@rand_addr=0x64010101, 0x0, 0x6c}, 0x2, @in=@remote, 0x0, 0x2, 0x0, 0xfc, 0xffdffffc, 0x1000000}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 0:
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x1a08050, &(0x7f0000000880)=ANY=[], 0x2, 0x5ae, &(0x7f0000001540)="$eJzs3V9v29YZx/EfHTnRvKEYtiEIgiQ9TTbAAVKHkhsFRq846khmK5ECSRf2VREscmFE7oakA2bfzLkJWmx7CwP6Ina7N7PrYtcbsGkgKXryH0lO7Fpt+v0YLY/FR4fPYQQ+OQwpCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyPGbrltz1AnCjU0zmd+Mo+6U9WV/948spmxXcrL/VK3qRvHSjV/8f/X17H93dav47Zaq2aKq/R9f/+mHP68slO+fktCleLG3/+zJYNB/fsb4ytwzvlhtGwZJFHS9tjVBEpm1RsN9uN5KTCvo2GQrSW3X+LH10ig2y/59U1tbWzV2ZSvaCNtNr2PLFx+/X3fdhvlopWe9OInChx+tJP560OkEYTuPyVZnMY+zD+LHQWpS63WN2d4Z9FdnJZkF1Ubt438AB+NB9Vk91d16vVaR1Hh0dfRBrddrtXq91ni09uix61bcY5S/ZTxi7EPb/lfRx2vudHy/XdShGzi3hVH9V0eBQm1oU+bUH19NxYrUnbB+pKz/v3pop253vP6XVf5G9KNy9U3l9f9O8dudSfVfRtcm5HM5Py+0p3090xMNNFBfz8/X30I5/nmOyWQ79+BskW1ZhQqUKFKgrrz8FaNAVUUyWlNDDbn6VOtqKZFRS4E6skq0pUSpbP6J8hXLylOqSLGMluXrvozyaqtVGVmtaEuRNhSqraa8vJdt7eT7fXVKjodBtbME1acEnSjmJ154rfqPH6SLPYAD5zAs6z8AAAAAAHhrOfnZ92z+v6jbeasVdKw777QAAAAAAMAF+rKVX1/vZPN/SbflTJz/H4xOFAAAAAAAgO8ZJ7/HLpvWL+ndolXeCXV4EmBhvikCAAAAAIBzyv9B/062WMpa78o5Of8/Kf/2s+qlJQkAAAAAAM7ly5nfsZ/0rjl//6fieNF52dv8pbPrZXHe7pXifVeO95i2bmp4rWjnfTUqoy59e8sZffvl4ZdgflMsKhoOp+fhTE2gcjQB553Ru48moD/rvSziH3rvaRH7tFxTbGWpFXTsih91PqzJ895ZSO1m+vvPd/6gfPhfhd0syZ1Bf+U3vx08zXN5mfXycnd0X8SJ2yOm5PJFef7k9ukjXsxvxBhtd8nR9s6g746Pf3RZxomrM6Zs85XuFjF3l4rl0tHxV7Nt1lYmjb7IYlHnHPkr3Sti7i3fKxanZFGfkUW/Pp7FG+2LM2SxOiuL1XNmAQDzsp1/68+pVag8pB+vu29wlNue9beM6dX9jFt5peUiZvlmfmCt3DzliO7OOqK7vc2yMhfV7erU6qYD6fQj+uEzkCbV2Gy7fzncbi0f/dd/lPR1WVVPDD/p1J1sF175Yvd3uv5ib//9nd0nn/U/639er6823A9c91Fdi/kwRgtqDwDgFLOfsTMzwvmgmFUrn1X/Z1gYq3g/G11SUJ4VGOipHuR3G+RXHFR17Uivf/prNhMfuwzhwfFZa0XjFXVYFst/D4fDBzNmdUW/pbPEFo+XAQDgbXJ3vA5Prf+juFPq/4PyVMCEeffRWn78CcGTYmsTMv6K2xEBADgnG3/z39GMvfdpbW2t5qXr1sSR/7GJg2bbmiBMbeyve2Hbml4cpZEfXckanwRNm5hko9eL4tS0otj0oiTYzJ/8bkaPfk9s1wvTwE96Hesl1vhRmHp+appB4pvexq87QbJu4/zNSc/6QSvwvTSIQpNEG7FvV4xJrB0LDJo2TINWkDVD04uDrhdvmU+izkbXmqZN/DjopVHRYbmtIGxFcTfr9uq89zUAAN8VL/b2nz0ZDPrPv8XGvMcIAACOep0qzRVjAAAAAAAAAAAAAAAAAAAAAADMx2Xc/ze78befSPNPY1HSd2Fv0KDxxo2qLqjDWUeOg8s5QAH41vwvAAD//6zgX70=")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000080)=""/109, 0x6d)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
sync()
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r1, &(0x7f0000000b40)=ANY=[@ANYBLOB="5300000007000046009d4063834609532bbcfc85b95499f41b36876d9b0127ecf6067ecd7e4d"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}})
executing program 4:
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7")
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f00000000c0))
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)
executing program 0:
timer_create(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x7, 0x4, 0x100, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 1:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)

program crashed: BUG: Bad page state in z_erofs_do_read_page
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <9>
bisect: split chunk #0 of len 9 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5]
detailed listing:
executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)
executing program 0:
timer_create(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x7, 0x4, 0x100, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 1:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)

program crashed: BUG: Bad page state in z_erofs_do_read_page
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5]
detailed listing:
executing program 0:
timer_create(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x7, 0x4, 0x100, 0x7}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 1:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5]
detailed listing:
executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER-syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: KASAN: use-after-free Read in __pud_alloc
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER-syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
bisect: concatenation succeeded
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER-syz_mount_image$erofs-openat-symlinkat
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER-syz_mount_image$erofs-openat-fadvise64
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER-syz_mount_image$erofs-symlinkat-fadvise64
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(0xffffffffffffffff, 0xe0ffff, 0x9, 0x3)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, 0x0)
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
extracting C reproducer
testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
simplifying C reproducer
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
program crashed: BUG: Bad page state in z_erofs_do_read_page
testing program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
validation run: crashed=true
testing program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
validation run: crashed=true
testing program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-symlinkat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00')
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

program crashed: BUG: Bad page state in z_erofs_do_read_page
validation run: crashed=true
reproducing took 1h3m6.900365791s
repro crashed as (corrupted=false):
BUG: Bad page state in process syz-executor  pfn:7727e
page:ffffea0001dc9f80 refcount:0 mapcount:0 mapping:ffff8880641387c8 index:0x2 pfn:0x7727e
aops:z_erofs_cache_aops ino:0
flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880641387c8
raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5951, tgid 5951 (syz.0.17), ts 97183610599, free_ts 97161103805
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554
 prep_new_page mm/page_alloc.c:1561 [inline]
 get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191
 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457
 z_erofs_bind_cache fs/erofs/zdata.c:605 [inline]
 z_erofs_pcluster_begin fs/erofs/zdata.c:889 [inline]
 z_erofs_do_read_page+0x20c0/0x3680 fs/erofs/zdata.c:1024
 z_erofs_pcluster_readmore+0x2cf/0x450 fs/erofs/zdata.c:1833
 z_erofs_read_folio+0x208/0x540 fs/erofs/zdata.c:1853
 filemap_read_folio+0x167/0x760 mm/filemap.c:2420
 do_read_cache_folio+0x470/0x7e0 mm/filemap.c:3789
 erofs_bread+0x16f/0x630 fs/erofs/data.c:48
 erofs_find_target_block fs/erofs/namei.c:103 [inline]
 erofs_namei+0x28c/0xf00 fs/erofs/namei.c:177
 erofs_lookup+0x135/0x310 fs/erofs/namei.c:206
 lookup_one_qstr_excl+0x112/0x250 fs/namei.c:1617
 filename_create+0x222/0x460 fs/namei.c:3891
 do_symlinkat+0xbd/0x3f0 fs/namei.c:4500
 __do_sys_symlinkat fs/namei.c:4523 [inline]
 __se_sys_symlinkat fs/namei.c:4520 [inline]
 __x64_sys_symlinkat+0x99/0xb0 fs/namei.c:4520
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x31d/0x410 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x11e/0x2e0 mm/slub.c:3519
 getname_flags+0xbb/0x500 fs/namei.c:140
 do_sys_openat2+0xcb/0x1c0 fs/open.c:1413
 do_sys_open fs/open.c:1434 [inline]
 __do_sys_openat fs/open.c:1450 [inline]
 __se_sys_openat fs/open.c:1445 [inline]
 __x64_sys_openat+0x139/0x160 fs/open.c:1445
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
Modules linked in:
CPU: 1 PID: 5904 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:512
 free_page_is_bad mm/page_alloc.c:961 [inline]
 free_pages_prepare mm/page_alloc.c:1146 [inline]
 free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 detach_page_private include/linux/pagemap.h:539 [inline]
 erofs_try_to_free_all_cached_pages+0x295/0x600 fs/erofs/zdata.c:657
 erofs_try_to_release_workgroup fs/erofs/utils.c:132 [inline]
 erofs_shrink_workstation+0x118/0x290 fs/erofs/utils.c:161
 erofs_shrinker_unregister+0x5d/0x170 fs/erofs/utils.c:198
 erofs_put_super+0x4e/0x150 fs/erofs/super.c:812
 generic_shutdown_super+0x134/0x2b0 fs/super.c:693
 kill_block_super+0x44/0x90 fs/super.c:1660
 erofs_kill_sb+0x4c/0x140 fs/erofs/super.c:794
 deactivate_locked_super+0x97/0x100 fs/super.c:481
 cleanup_mnt+0x429/0x4c0 fs/namespace.c:1259
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xf6/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f37c2d902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffc77eba418 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f37c2e11d7d RCX: 00007f37c2d902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc77eba4d0
RBP: 00007ffc77eba4d0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc77ebb560
R13: 00007f37c2e11d7d R14: 0000000000017b98 R15: 00007ffc77ebb5a0
 </TASK>

final repro crashed as (corrupted=false):
BUG: Bad page state in process syz-executor  pfn:7727e
page:ffffea0001dc9f80 refcount:0 mapcount:0 mapping:ffff8880641387c8 index:0x2 pfn:0x7727e
aops:z_erofs_cache_aops ino:0
flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880641387c8
raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5951, tgid 5951 (syz.0.17), ts 97183610599, free_ts 97161103805
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554
 prep_new_page mm/page_alloc.c:1561 [inline]
 get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191
 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457
 z_erofs_bind_cache fs/erofs/zdata.c:605 [inline]
 z_erofs_pcluster_begin fs/erofs/zdata.c:889 [inline]
 z_erofs_do_read_page+0x20c0/0x3680 fs/erofs/zdata.c:1024
 z_erofs_pcluster_readmore+0x2cf/0x450 fs/erofs/zdata.c:1833
 z_erofs_read_folio+0x208/0x540 fs/erofs/zdata.c:1853
 filemap_read_folio+0x167/0x760 mm/filemap.c:2420
 do_read_cache_folio+0x470/0x7e0 mm/filemap.c:3789
 erofs_bread+0x16f/0x630 fs/erofs/data.c:48
 erofs_find_target_block fs/erofs/namei.c:103 [inline]
 erofs_namei+0x28c/0xf00 fs/erofs/namei.c:177
 erofs_lookup+0x135/0x310 fs/erofs/namei.c:206
 lookup_one_qstr_excl+0x112/0x250 fs/namei.c:1617
 filename_create+0x222/0x460 fs/namei.c:3891
 do_symlinkat+0xbd/0x3f0 fs/namei.c:4500
 __do_sys_symlinkat fs/namei.c:4523 [inline]
 __se_sys_symlinkat fs/namei.c:4520 [inline]
 __x64_sys_symlinkat+0x99/0xb0 fs/namei.c:4520
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x31d/0x410 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x11e/0x2e0 mm/slub.c:3519
 getname_flags+0xbb/0x500 fs/namei.c:140
 do_sys_openat2+0xcb/0x1c0 fs/open.c:1413
 do_sys_open fs/open.c:1434 [inline]
 __do_sys_openat fs/open.c:1450 [inline]
 __se_sys_openat fs/open.c:1445 [inline]
 __x64_sys_openat+0x139/0x160 fs/open.c:1445
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
Modules linked in:
CPU: 1 PID: 5904 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:512
 free_page_is_bad mm/page_alloc.c:961 [inline]
 free_pages_prepare mm/page_alloc.c:1146 [inline]
 free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 detach_page_private include/linux/pagemap.h:539 [inline]
 erofs_try_to_free_all_cached_pages+0x295/0x600 fs/erofs/zdata.c:657
 erofs_try_to_release_workgroup fs/erofs/utils.c:132 [inline]
 erofs_shrink_workstation+0x118/0x290 fs/erofs/utils.c:161
 erofs_shrinker_unregister+0x5d/0x170 fs/erofs/utils.c:198
 erofs_put_super+0x4e/0x150 fs/erofs/super.c:812
 generic_shutdown_super+0x134/0x2b0 fs/super.c:693
 kill_block_super+0x44/0x90 fs/super.c:1660
 erofs_kill_sb+0x4c/0x140 fs/erofs/super.c:794
 deactivate_locked_super+0x97/0x100 fs/super.c:481
 cleanup_mnt+0x429/0x4c0 fs/namespace.c:1259
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xf6/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f37c2d902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffc77eba418 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f37c2e11d7d RCX: 00007f37c2d902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc77eba4d0
RBP: 00007ffc77eba4d0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc77ebb560
R13: 00007f37c2e11d7d R14: 0000000000017b98 R15: 00007ffc77ebb5a0
 </TASK>