Extracting prog: 1m1.070559593s Minimizing prog: 19m12.531833886s Simplifying prog options: 0s Extracting C: 33.513897907s Simplifying C: 8m21.135491073s extracting reproducer from 66 programs first checking the prog from the crash report single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-setsockopt$SO_ATTACH_FILTER-bpf$PROG_LOAD-sendmsg$nl_route_sched-sendmsg$nl_route_sched-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT-bpf$PROG_LOAD detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000001400000000000000ffff020018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000070000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400003e000000850000008700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x14fc, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0xffe0}, {}, {0x4, 0xffff}}, [@filter_kind_options=@f_fw={{0x7}, {0x14d0, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x4}, @TCA_FW_POLICE={0xc, 0x2, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x8000}]}, @TCA_FW_MASK={0x8, 0x5, 0x6}, @TCA_FW_ACT={0x4}, @TCA_FW_MASK={0x8, 0x5, 0x3}, @TCA_FW_ACT={0x1494, 0x4, [@m_skbmod={0x5c, 0xb, 0x0, 0x0, {{0xb}, {0x4}, {0x2d, 0x6, "9efc599d85ed6e7e164aa705f0951782adaefc1dc52968ea80cff8a3a426622ca8690aa50d5f1643f8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_csum={0x140, 0x5, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffff9, 0x96c, 0xffffffffffffffff, 0x101, 0xf0}, 0x69}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x7, 0x0, 0x4, 0x3}, 0x49}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x4, 0x2, 0x100, 0x4}, 0x42}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffffb, 0xffff, 0x5, 0x40000000, 0xfcda}, 0x6d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x60, 0x4bf, 0x3, 0x2, 0x7}, 0x7a}}]}, {0x88, 0x6, "f32d839bf0afd568ec513bcb6337cfe0c22e3f991fc1b7af65e7e8ca0e1395f880ab69b83c19f47f980cc02340fd307f6da018b9242532ba55f98af530e363b4a255645b4c3c37fce37ef2a17104c9a13c8713b6b1eecda5d1b3ed2cbf623f2ac3cc18b9b3e62ce74e82ab661d77411120e59da8dcbb7c825db3e4748599a0738a43929e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_pedit={0x105c, 0x10, 0x0, 0x0, {{0xa}, {0xfc8, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0xb4, 0x5, 0x0, 0x1, [{0x44, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xf10, 0x2, {{{0x2, 0x8, 0x4, 0x9, 0x800}, 0x6, 0x7, [{0x2eb, 0xffff0000, 0x0, 0x2, 0x5, 0xffffff11}, {0x101, 0x0, 0x0, 0xfa74, 0x3, 0xfffffffc}, {0x3, 0x6, 0x319, 0x17288000, 0x10, 0x7f}, {0x6, 0x1, 0x0, 0x2, 0xd8a, 0x735e2ab5}, {0x8, 0x2, 0xfffffffa, 0x4, 0x9, 0xcd09}, {0x4, 0x5cee, 0xf, 0x9, 0x3, 0x10}, {0x7, 0x1, 0x3, 0x101, 0x9, 0x1}, {0x8, 0x2, 0x10000, 0x10000, 0xc, 0x5}, {0x4, 0x2, 0x1, 0x4, 0x4, 0x6}, {0x1, 0x800, 0x7, 0x2, 0xe01b, 0x2}]}, [{0x6, 0x70, 0x2, 0x9, 0x8, 0x30e}, {0x0, 0x6, 0x5, 0xae90, 0x7, 0x8e2}, {0xe, 0xe6b, 0x4, 0x4, 0x800000, 0x7}, {0xcf, 0x1, 0x1ff, 0x9, 0x800, 0x8}, {0x8001, 0x6, 0xb, 0xfffff000, 0x0, 0x4}, {0x2, 0x65, 0x6, 0x0, 0xffffffff, 0xb}, {0x7, 0x2, 0x80000001, 0x0, 0xa9c, 0x1}, {0x4, 0x7, 0x8b76, 0x3, 0x1, 0x9}, {0xfff, 0x9, 0x4, 0xfd98, 0x3, 0x3}, {0xa, 0x5, 0x0, 0x0, 0x8000, 0x91cf}, {0x200, 0x9a, 0x800, 0x9f63, 0x9, 0x636}, {0x3, 0xfff, 0x3, 0x2, 0xffffffd7, 0x5}, {0x1, 0x9, 0x3dd, 0xa4, 0x2, 0x10001}, {0x91, 0x7fffffff, 0x5, 0x9, 0x9, 0x9}, {0x9, 0xb, 0x3, 0x9, 0x1, 0x6}, {0x101, 0x9, 0x0, 0x4, 0x9, 0x8}, {0x0, 0x7, 0x100, 0x3, 0x7fffffff, 0x1}, {0x124c, 0x4a, 0xa8c5, 0x3, 0xfffffffd, 0x3cfd8a26}, {0x10000, 0x1ff, 0x100, 0x1, 0x1, 0x8}, {0xb, 0x8001, 0x1, 0xc, 0x7, 0x6}, {0x4000008, 0xf, 0x3, 0xa8, 0x9, 0x2}, {0x200, 0x6, 0x8, 0x0, 0x8001, 0x34}, {0x7, 0x9, 0x5, 0x1, 0xf3f, 0xe}, {0xc7b, 0x1, 0x1, 0x9, 0x401, 0x6}, {0x7, 0xa, 0x9, 0x6, 0x8, 0xd625}, {0x3, 0x6, 0x1a, 0x4, 0x10001, 0x2}, {0x3, 0x8, 0x1, 0xd, 0xb, 0x9}, {0x2cae, 0x4, 0x1, 0x10, 0x1, 0x6}, {0x0, 0x10, 0x4, 0x3, 0x7, 0x7fffffff}, {0xfff, 0x1, 0xb8f, 0x35, 0x7fff, 0x5}, {0xd856, 0x5, 0x1000, 0x1a, 0x33, 0x9}, {0x8dd, 0x1, 0x0, 0xb8b1, 0x1, 0xffff}, {0x6, 0x7, 0xab5, 0x6, 0x6, 0xa1}, {0x5, 0x0, 0x2, 0xfffffffe, 0x1, 0x7}, {0x6c, 0x1, 0xea68, 0x10, 0x4, 0xfffff1d7}, {0x7, 0x5, 0x8, 0x79, 0x9}, {0x5, 0x7, 0x398, 0x4, 0x2, 0x3}, {0xb4, 0xffffffff, 0x3a, 0x7, 0x2, 0x8}, {0x8ed1, 0x8001, 0x0, 0x7, 0x100, 0x3}, {0x0, 0x3, 0x6, 0x4, 0x3, 0xc46e}, {0x9, 0x9f, 0xfffffff7, 0xd59, 0x5, 0x9}, {0x14, 0x10001, 0x7, 0x9, 0x5, 0x6}, {0x58a2d54f, 0x2, 0x9, 0x51, 0xfffffffb, 0x4042}, {0x8, 0x1, 0x54, 0x405839b6, 0x6, 0xa1e}, {0x3, 0x2, 0x1, 0x395, 0x82, 0x9}, {0x80, 0xfffffff7, 0xf, 0x6, 0xfffffffc, 0x7}, {0xa29e, 0x8000, 0x7e80, 0x10001, 0x715, 0x400}, {0x6, 0x40, 0xfffffff9, 0x6, 0x1, 0x6}, {0x401, 0x800, 0x4a, 0x2, 0x5, 0x3}, {0x9, 0x6c4, 0x5352004a, 0x5, 0xe92, 0x14000}, {0x207, 0xe, 0x2, 0x51f60870, 0x1, 0x7}, {0x5, 0x3, 0xf1, 0x13a75f20, 0x2, 0x2}, {0x3, 0x10001, 0x7, 0x10, 0xffff0001, 0xa9d}, {0x4, 0x9, 0xff, 0x6, 0x8, 0x5}, {0xceaf, 0x0, 0xfffffffc, 0x3ff, 0x8, 0x80000001}, {0x85ee, 0x12, 0x4, 0x8001, 0x9, 0x4}, {0xa, 0xb, 0x8, 0xd, 0x1df, 0x7}, {0x1, 0x6, 0x0, 0xab6dd36, 0x3}, {0x8, 0x80000000, 0x2, 0x4, 0x1, 0xffffffc8}, {0x1, 0x3, 0xae, 0x5, 0xfffffff2, 0xc03c}, {0xfd, 0x400, 0x9, 0xffffffff, 0x80000001, 0x7}, {0x1, 0x8, 0x8, 0x5, 0x4, 0x8}, {0x2, 0x2, 0xd, 0x5, 0x7, 0xfffffffc}, {0x9, 0x5, 0x39, 0x4, 0x8, 0x70d}, {0x9, 0x0, 0xc68, 0x96, 0x80000000, 0x6}, {0x5, 0x3, 0x7, 0xfffffff7, 0x5, 0x3da5}, {0x0, 0x3ff, 0x400, 0x40, 0xf, 0xca}, {0x9, 0xa, 0x10, 0x2, 0x3, 0x8000}, {0xbebf, 0xbf, 0x5, 0x13, 0x4, 0x4ee}, {0x8c0, 0x6, 0x6, 0x3, 0x3, 0xffffff80}, {0x81, 0x763e, 0x2, 0x4, 0x3, 0x1}, {0x7, 0x5, 0x80d, 0x180000, 0x5, 0x81}, {0x2, 0x30f, 0x178, 0x1000, 0xb75c, 0x7}, {0x9, 0x6, 0x6, 0x8001, 0x0, 0x4}, {0x5, 0x9, 0x4, 0x3, 0xa4a}, {0x0, 0x4, 0x2, 0x2, 0xfffffff3, 0x7}, {0x3, 0x8, 0x14000000, 0x5, 0x9, 0x1}, {0x0, 0xfffff32b, 0x3, 0x695c4887, 0x8, 0x2}, {0x7f, 0x7c4f9ef5, 0x4, 0x92, 0x7, 0x9}, {0x9, 0x0, 0x71, 0x7, 0x8, 0x2}, {0xffffffff, 0x8, 0x10001, 0x7b, 0x4, 0x6c6}, {0x10000, 0x5594, 0x7, 0x24, 0x5, 0x9}, {0x0, 0x1, 0x9, 0x10001, 0x80, 0x3}, {0x379, 0x0, 0x5, 0x9, 0x79, 0x1}, {0x8, 0x1, 0x0, 0x0, 0x3}, {0x80, 0x0, 0xe024, 0x9, 0x6581, 0x3}, {0x10000, 0x5822, 0x400000, 0x7, 0x1, 0x7}, {0x4, 0x519, 0x4, 0x4, 0x81, 0xfff00}, {0x10000, 0x3ff, 0x5fc1, 0x4d, 0x2, 0x7}, {0x7, 0x2, 0x3, 0x80000000, 0x7f, 0x7fffffff}, {0xc, 0x0, 0xfffff800, 0x78de, 0xfffffff8, 0x4}, {0x3ff, 0x9, 0xffffffc0, 0x7, 0x4, 0xc5}, {0x5, 0x8, 0x6, 0x80000001, 0x72000, 0x80000001}, {0x2, 0x4, 0x5, 0x3, 0xffffff80, 0x2}, {0x0, 0x3, 0x7, 0xffffffff, 0x47, 0x3}, {0x5, 0x4, 0xf3, 0x10000, 0x5, 0xfffffff8}, {0x7f, 0xfffffffa, 0x3, 0x3, 0x1, 0x7}, {0x4, 0x2, 0x43ab, 0x4, 0x9, 0x1}, {0x8c3, 0x0, 0xffffff9c, 0x7, 0xd, 0x8001}, {0x4, 0x2c, 0x4d06aa5e, 0x3, 0x100, 0x10}, {0x5, 0x4, 0xa, 0xcbf, 0x8000, 0x6}, {0x1, 0x7ff, 0x9, 0xf, 0x3, 0x8}, {0x9, 0xc0c4, 0x40, 0xbcc, 0x80, 0x46}, {0x6c, 0x5, 0x200, 0x1, 0xdf, 0x9da}, {0x1, 0x5, 0x6, 0x1, 0x1, 0x1}, {0xffffffc4, 0x3, 0x9, 0x9, 0x100, 0x7}, {0x40, 0x71, 0x3, 0x3, 0x81, 0x59}, {0x9, 0x2, 0x0, 0x0, 0x1, 0x5}, {0xe3, 0xb9d8, 0x800, 0xb0, 0x7, 0xfffffffc}, {0x0, 0x9, 0x1, 0x6e, 0xfffffffc, 0x2}, {0x2, 0x7, 0x2c000, 0x100, 0x0, 0x10}, {0x3, 0xfffffff9, 0x4, 0x0, 0x2, 0x9}, {0x8, 0x2, 0x4, 0xffffe775, 0xfffffffd}, {0x9, 0x9, 0x4, 0x7, 0xffffffff, 0x8}, {0x6, 0x7, 0x4, 0x3, 0x1, 0x5}, {0x7, 0x9, 0x2, 0x10000, 0x10, 0x1}, {0x3, 0x9, 0x7, 0x4, 0xcc, 0x4}, {0x0, 0x7f, 0x9fb, 0x29, 0x401, 0x4}, {0xfffffff9, 0xfffeffff, 0x1, 0x8001, 0x6904, 0x1cd8f2ad}, {0xffff, 0x4, 0x5778, 0x0, 0x8, 0x100}, {0xf64, 0x0, 0xe62, 0x3ff, 0x8000, 0x4}, {0x4, 0x7, 0xffffffff, 0x684, 0x9, 0x4}, {0xb8, 0xf, 0x5, 0x9, 0x1, 0x7}, {0x9, 0xffffdbde, 0x5, 0x4, 0x1, 0x4}, {0xfffffffa, 0x5, 0x7, 0x8001, 0x5, 0x246c}, {0xb4, 0x4, 0x8, 0x0, 0x8, 0x800}, {0x6, 0xffff, 0x4, 0x228f, 0xffffffb5, 0x3}, {0x8, 0x82, 0x2, 0x1, 0x2592, 0x4}], [{0x3, 0x1}, {0x3}, {0x4}, {0x3}, {0x3, 0x1}, {0x5}, {0x5}, {0x4}, {0x2}, {0x4}, {0x5}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x3}, {0x4}, {0x5}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4}, {0x2, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x4}, {0x2, 0x1}, {0x1}, {0x3}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x4}, {0x3}, {0x2}, {0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x7, 0x1}, {0x4}, {}, {0x2}, {0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x4, 0x1}, {0x1}, {0x2}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x5}, {0x1}, {}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x1}, {0x1}, {0x4}, {0x1, 0x1}, {0x3}, {0x2}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x3}, {0x4}, {0x5}, {0x6}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x9f49cc95d4993663, 0x1}, {0x2}, {0x5}, {0x0, 0x1}, {}, {0x2}, {0x3}, {0x5, 0x1}]}}]}, {0x6c, 0x6, "8d9357a959ebb92429bfcf96eec69874ba91b2c33dbe67a2392fa3bdbce23e3523dbdcfb8e11c1397c4cde005c3f17b14d1c63761f39edaf6c15a13b1f7a369bfc6f1f4d22d2bdcaf4e1b4b1b077589108a9f96e8d21167a2f85436796108fff9d356ade1e184997"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_skbedit={0x130, 0x18, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x5, 0x5}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}]}, {0xe2, 0x6, "0322c7c046e621408c9d1da9e67529776fc7ad1a1cbd8b1a974bedc8ee4c32f88ca851a7b146fda3e6fc03e6d0cf7db60723d2c62b00ced53d46b6652352d82d14dad3875a9f1d6b0421e4174d5e5786532f26cf242ac29620872423d48f96a11687ecaed0e16a12ec242c2b06b7e8d2a27cae71d315568a163d8eb1e426b50bfc91621da7d4d8b56a3cdb2272874ad98c94d5aa03786a94e8289839237ba202da1cdd5cf4f44987930d383322476e5339036ecb08975d8b8b11cc499d45e35289516d9db4bbbb28fa9d6ec3a70c314825689cafddd91bd8399f7c741a47"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x168, 0x14, 0x0, 0x0, {{0xb}, {0xb4, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0xb, 0x20000000, 0x5491, 0x8}, 0x10}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x5, 0x2, 0xffffffffffffffff, 0x0, 0x4}, 0x10}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3ff, 0x3, 0x8, 0x1, 0x19cb9b69}, 0x8}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xffff}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xb, 0x9, 0x1, 0x8, 0x9}, 0xb}}]}, {0x8a, 0x6, "9fdd0bd6c22f308aadacb56509d78b70bda8b1577846ea618816e578d58af786c24e31e53c3c02ea549e81b9d76365266ade7cbf50c41c7d1f9a25fc48d1786676b0ddff559765a8691aff2d1114925fcf716efe42f861bf5fa518acc12041a1c31502eba7013482b22959f853f06d5b9cd2ecbd508e2c86b4cbe5669096693170cbd2148472"}, {0xc, 0x7, {0x1, 0x1245edbc2fbe6948}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_FW_MASK={0x8, 0x5, 0x1}, @TCA_FW_CLASSID={0x8, 0x1, {0x9, 0xfff2}}]}}]}, 0x14fc}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) program crashed: KASAN: use-after-free Write in pppol2tp_release single: successfully extracted reproducer found reproducer with 30 syscalls minimizing guilty program testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-setsockopt$SO_ATTACH_FILTER-bpf$PROG_LOAD-sendmsg$nl_route_sched-sendmsg$nl_route_sched-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000001400000000000000ffff020018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000070000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400003e000000850000008700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x14fc, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0xffe0}, {}, {0x4, 0xffff}}, [@filter_kind_options=@f_fw={{0x7}, {0x14d0, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x4}, @TCA_FW_POLICE={0xc, 0x2, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x8000}]}, @TCA_FW_MASK={0x8, 0x5, 0x6}, @TCA_FW_ACT={0x4}, @TCA_FW_MASK={0x8, 0x5, 0x3}, @TCA_FW_ACT={0x1494, 0x4, [@m_skbmod={0x5c, 0xb, 0x0, 0x0, {{0xb}, {0x4}, {0x2d, 0x6, "9efc599d85ed6e7e164aa705f0951782adaefc1dc52968ea80cff8a3a426622ca8690aa50d5f1643f8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_csum={0x140, 0x5, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffff9, 0x96c, 0xffffffffffffffff, 0x101, 0xf0}, 0x69}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x7, 0x0, 0x4, 0x3}, 0x49}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x4, 0x2, 0x100, 0x4}, 0x42}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffffb, 0xffff, 0x5, 0x40000000, 0xfcda}, 0x6d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x60, 0x4bf, 0x3, 0x2, 0x7}, 0x7a}}]}, {0x88, 0x6, "f32d839bf0afd568ec513bcb6337cfe0c22e3f991fc1b7af65e7e8ca0e1395f880ab69b83c19f47f980cc02340fd307f6da018b9242532ba55f98af530e363b4a255645b4c3c37fce37ef2a17104c9a13c8713b6b1eecda5d1b3ed2cbf623f2ac3cc18b9b3e62ce74e82ab661d77411120e59da8dcbb7c825db3e4748599a0738a43929e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_pedit={0x105c, 0x10, 0x0, 0x0, {{0xa}, {0xfc8, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0xb4, 0x5, 0x0, 0x1, [{0x44, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xf10, 0x2, {{{0x2, 0x8, 0x4, 0x9, 0x800}, 0x6, 0x7, [{0x2eb, 0xffff0000, 0x0, 0x2, 0x5, 0xffffff11}, {0x101, 0x0, 0x0, 0xfa74, 0x3, 0xfffffffc}, {0x3, 0x6, 0x319, 0x17288000, 0x10, 0x7f}, {0x6, 0x1, 0x0, 0x2, 0xd8a, 0x735e2ab5}, {0x8, 0x2, 0xfffffffa, 0x4, 0x9, 0xcd09}, {0x4, 0x5cee, 0xf, 0x9, 0x3, 0x10}, {0x7, 0x1, 0x3, 0x101, 0x9, 0x1}, {0x8, 0x2, 0x10000, 0x10000, 0xc, 0x5}, {0x4, 0x2, 0x1, 0x4, 0x4, 0x6}, {0x1, 0x800, 0x7, 0x2, 0xe01b, 0x2}]}, [{0x6, 0x70, 0x2, 0x9, 0x8, 0x30e}, {0x0, 0x6, 0x5, 0xae90, 0x7, 0x8e2}, {0xe, 0xe6b, 0x4, 0x4, 0x800000, 0x7}, {0xcf, 0x1, 0x1ff, 0x9, 0x800, 0x8}, {0x8001, 0x6, 0xb, 0xfffff000, 0x0, 0x4}, {0x2, 0x65, 0x6, 0x0, 0xffffffff, 0xb}, {0x7, 0x2, 0x80000001, 0x0, 0xa9c, 0x1}, {0x4, 0x7, 0x8b76, 0x3, 0x1, 0x9}, {0xfff, 0x9, 0x4, 0xfd98, 0x3, 0x3}, {0xa, 0x5, 0x0, 0x0, 0x8000, 0x91cf}, {0x200, 0x9a, 0x800, 0x9f63, 0x9, 0x636}, {0x3, 0xfff, 0x3, 0x2, 0xffffffd7, 0x5}, {0x1, 0x9, 0x3dd, 0xa4, 0x2, 0x10001}, {0x91, 0x7fffffff, 0x5, 0x9, 0x9, 0x9}, {0x9, 0xb, 0x3, 0x9, 0x1, 0x6}, {0x101, 0x9, 0x0, 0x4, 0x9, 0x8}, {0x0, 0x7, 0x100, 0x3, 0x7fffffff, 0x1}, {0x124c, 0x4a, 0xa8c5, 0x3, 0xfffffffd, 0x3cfd8a26}, {0x10000, 0x1ff, 0x100, 0x1, 0x1, 0x8}, {0xb, 0x8001, 0x1, 0xc, 0x7, 0x6}, {0x4000008, 0xf, 0x3, 0xa8, 0x9, 0x2}, {0x200, 0x6, 0x8, 0x0, 0x8001, 0x34}, {0x7, 0x9, 0x5, 0x1, 0xf3f, 0xe}, {0xc7b, 0x1, 0x1, 0x9, 0x401, 0x6}, {0x7, 0xa, 0x9, 0x6, 0x8, 0xd625}, {0x3, 0x6, 0x1a, 0x4, 0x10001, 0x2}, {0x3, 0x8, 0x1, 0xd, 0xb, 0x9}, {0x2cae, 0x4, 0x1, 0x10, 0x1, 0x6}, {0x0, 0x10, 0x4, 0x3, 0x7, 0x7fffffff}, {0xfff, 0x1, 0xb8f, 0x35, 0x7fff, 0x5}, {0xd856, 0x5, 0x1000, 0x1a, 0x33, 0x9}, {0x8dd, 0x1, 0x0, 0xb8b1, 0x1, 0xffff}, {0x6, 0x7, 0xab5, 0x6, 0x6, 0xa1}, {0x5, 0x0, 0x2, 0xfffffffe, 0x1, 0x7}, {0x6c, 0x1, 0xea68, 0x10, 0x4, 0xfffff1d7}, {0x7, 0x5, 0x8, 0x79, 0x9}, {0x5, 0x7, 0x398, 0x4, 0x2, 0x3}, {0xb4, 0xffffffff, 0x3a, 0x7, 0x2, 0x8}, {0x8ed1, 0x8001, 0x0, 0x7, 0x100, 0x3}, {0x0, 0x3, 0x6, 0x4, 0x3, 0xc46e}, {0x9, 0x9f, 0xfffffff7, 0xd59, 0x5, 0x9}, {0x14, 0x10001, 0x7, 0x9, 0x5, 0x6}, {0x58a2d54f, 0x2, 0x9, 0x51, 0xfffffffb, 0x4042}, {0x8, 0x1, 0x54, 0x405839b6, 0x6, 0xa1e}, {0x3, 0x2, 0x1, 0x395, 0x82, 0x9}, {0x80, 0xfffffff7, 0xf, 0x6, 0xfffffffc, 0x7}, {0xa29e, 0x8000, 0x7e80, 0x10001, 0x715, 0x400}, {0x6, 0x40, 0xfffffff9, 0x6, 0x1, 0x6}, {0x401, 0x800, 0x4a, 0x2, 0x5, 0x3}, {0x9, 0x6c4, 0x5352004a, 0x5, 0xe92, 0x14000}, {0x207, 0xe, 0x2, 0x51f60870, 0x1, 0x7}, {0x5, 0x3, 0xf1, 0x13a75f20, 0x2, 0x2}, {0x3, 0x10001, 0x7, 0x10, 0xffff0001, 0xa9d}, {0x4, 0x9, 0xff, 0x6, 0x8, 0x5}, {0xceaf, 0x0, 0xfffffffc, 0x3ff, 0x8, 0x80000001}, {0x85ee, 0x12, 0x4, 0x8001, 0x9, 0x4}, {0xa, 0xb, 0x8, 0xd, 0x1df, 0x7}, {0x1, 0x6, 0x0, 0xab6dd36, 0x3}, {0x8, 0x80000000, 0x2, 0x4, 0x1, 0xffffffc8}, {0x1, 0x3, 0xae, 0x5, 0xfffffff2, 0xc03c}, {0xfd, 0x400, 0x9, 0xffffffff, 0x80000001, 0x7}, {0x1, 0x8, 0x8, 0x5, 0x4, 0x8}, {0x2, 0x2, 0xd, 0x5, 0x7, 0xfffffffc}, {0x9, 0x5, 0x39, 0x4, 0x8, 0x70d}, {0x9, 0x0, 0xc68, 0x96, 0x80000000, 0x6}, {0x5, 0x3, 0x7, 0xfffffff7, 0x5, 0x3da5}, {0x0, 0x3ff, 0x400, 0x40, 0xf, 0xca}, {0x9, 0xa, 0x10, 0x2, 0x3, 0x8000}, {0xbebf, 0xbf, 0x5, 0x13, 0x4, 0x4ee}, {0x8c0, 0x6, 0x6, 0x3, 0x3, 0xffffff80}, {0x81, 0x763e, 0x2, 0x4, 0x3, 0x1}, {0x7, 0x5, 0x80d, 0x180000, 0x5, 0x81}, {0x2, 0x30f, 0x178, 0x1000, 0xb75c, 0x7}, {0x9, 0x6, 0x6, 0x8001, 0x0, 0x4}, {0x5, 0x9, 0x4, 0x3, 0xa4a}, {0x0, 0x4, 0x2, 0x2, 0xfffffff3, 0x7}, {0x3, 0x8, 0x14000000, 0x5, 0x9, 0x1}, {0x0, 0xfffff32b, 0x3, 0x695c4887, 0x8, 0x2}, {0x7f, 0x7c4f9ef5, 0x4, 0x92, 0x7, 0x9}, {0x9, 0x0, 0x71, 0x7, 0x8, 0x2}, {0xffffffff, 0x8, 0x10001, 0x7b, 0x4, 0x6c6}, {0x10000, 0x5594, 0x7, 0x24, 0x5, 0x9}, {0x0, 0x1, 0x9, 0x10001, 0x80, 0x3}, {0x379, 0x0, 0x5, 0x9, 0x79, 0x1}, {0x8, 0x1, 0x0, 0x0, 0x3}, {0x80, 0x0, 0xe024, 0x9, 0x6581, 0x3}, {0x10000, 0x5822, 0x400000, 0x7, 0x1, 0x7}, {0x4, 0x519, 0x4, 0x4, 0x81, 0xfff00}, {0x10000, 0x3ff, 0x5fc1, 0x4d, 0x2, 0x7}, {0x7, 0x2, 0x3, 0x80000000, 0x7f, 0x7fffffff}, {0xc, 0x0, 0xfffff800, 0x78de, 0xfffffff8, 0x4}, {0x3ff, 0x9, 0xffffffc0, 0x7, 0x4, 0xc5}, {0x5, 0x8, 0x6, 0x80000001, 0x72000, 0x80000001}, {0x2, 0x4, 0x5, 0x3, 0xffffff80, 0x2}, {0x0, 0x3, 0x7, 0xffffffff, 0x47, 0x3}, {0x5, 0x4, 0xf3, 0x10000, 0x5, 0xfffffff8}, {0x7f, 0xfffffffa, 0x3, 0x3, 0x1, 0x7}, {0x4, 0x2, 0x43ab, 0x4, 0x9, 0x1}, {0x8c3, 0x0, 0xffffff9c, 0x7, 0xd, 0x8001}, {0x4, 0x2c, 0x4d06aa5e, 0x3, 0x100, 0x10}, {0x5, 0x4, 0xa, 0xcbf, 0x8000, 0x6}, {0x1, 0x7ff, 0x9, 0xf, 0x3, 0x8}, {0x9, 0xc0c4, 0x40, 0xbcc, 0x80, 0x46}, {0x6c, 0x5, 0x200, 0x1, 0xdf, 0x9da}, {0x1, 0x5, 0x6, 0x1, 0x1, 0x1}, {0xffffffc4, 0x3, 0x9, 0x9, 0x100, 0x7}, {0x40, 0x71, 0x3, 0x3, 0x81, 0x59}, {0x9, 0x2, 0x0, 0x0, 0x1, 0x5}, {0xe3, 0xb9d8, 0x800, 0xb0, 0x7, 0xfffffffc}, {0x0, 0x9, 0x1, 0x6e, 0xfffffffc, 0x2}, {0x2, 0x7, 0x2c000, 0x100, 0x0, 0x10}, {0x3, 0xfffffff9, 0x4, 0x0, 0x2, 0x9}, {0x8, 0x2, 0x4, 0xffffe775, 0xfffffffd}, {0x9, 0x9, 0x4, 0x7, 0xffffffff, 0x8}, {0x6, 0x7, 0x4, 0x3, 0x1, 0x5}, {0x7, 0x9, 0x2, 0x10000, 0x10, 0x1}, {0x3, 0x9, 0x7, 0x4, 0xcc, 0x4}, {0x0, 0x7f, 0x9fb, 0x29, 0x401, 0x4}, {0xfffffff9, 0xfffeffff, 0x1, 0x8001, 0x6904, 0x1cd8f2ad}, {0xffff, 0x4, 0x5778, 0x0, 0x8, 0x100}, {0xf64, 0x0, 0xe62, 0x3ff, 0x8000, 0x4}, {0x4, 0x7, 0xffffffff, 0x684, 0x9, 0x4}, {0xb8, 0xf, 0x5, 0x9, 0x1, 0x7}, {0x9, 0xffffdbde, 0x5, 0x4, 0x1, 0x4}, {0xfffffffa, 0x5, 0x7, 0x8001, 0x5, 0x246c}, {0xb4, 0x4, 0x8, 0x0, 0x8, 0x800}, {0x6, 0xffff, 0x4, 0x228f, 0xffffffb5, 0x3}, {0x8, 0x82, 0x2, 0x1, 0x2592, 0x4}], [{0x3, 0x1}, {0x3}, {0x4}, {0x3}, {0x3, 0x1}, {0x5}, {0x5}, {0x4}, {0x2}, {0x4}, {0x5}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x3}, {0x4}, {0x5}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4}, {0x2, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x4}, {0x2, 0x1}, {0x1}, {0x3}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x4}, {0x3}, {0x2}, {0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x7, 0x1}, {0x4}, {}, {0x2}, {0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x4, 0x1}, {0x1}, {0x2}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x5}, {0x1}, {}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x1}, {0x1}, {0x4}, {0x1, 0x1}, {0x3}, {0x2}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x3}, {0x4}, {0x5}, {0x6}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x9f49cc95d4993663, 0x1}, {0x2}, {0x5}, {0x0, 0x1}, {}, {0x2}, {0x3}, {0x5, 0x1}]}}]}, {0x6c, 0x6, "8d9357a959ebb92429bfcf96eec69874ba91b2c33dbe67a2392fa3bdbce23e3523dbdcfb8e11c1397c4cde005c3f17b14d1c63761f39edaf6c15a13b1f7a369bfc6f1f4d22d2bdcaf4e1b4b1b077589108a9f96e8d21167a2f85436796108fff9d356ade1e184997"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_skbedit={0x130, 0x18, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x5, 0x5}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}]}, {0xe2, 0x6, "0322c7c046e621408c9d1da9e67529776fc7ad1a1cbd8b1a974bedc8ee4c32f88ca851a7b146fda3e6fc03e6d0cf7db60723d2c62b00ced53d46b6652352d82d14dad3875a9f1d6b0421e4174d5e5786532f26cf242ac29620872423d48f96a11687ecaed0e16a12ec242c2b06b7e8d2a27cae71d315568a163d8eb1e426b50bfc91621da7d4d8b56a3cdb2272874ad98c94d5aa03786a94e8289839237ba202da1cdd5cf4f44987930d383322476e5339036ecb08975d8b8b11cc499d45e35289516d9db4bbbb28fa9d6ec3a70c314825689cafddd91bd8399f7c741a47"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x168, 0x14, 0x0, 0x0, {{0xb}, {0xb4, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0xb, 0x20000000, 0x5491, 0x8}, 0x10}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x5, 0x2, 0xffffffffffffffff, 0x0, 0x4}, 0x10}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3ff, 0x3, 0x8, 0x1, 0x19cb9b69}, 0x8}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xffff}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xb, 0x9, 0x1, 0x8, 0x9}, 0xb}}]}, {0x8a, 0x6, "9fdd0bd6c22f308aadacb56509d78b70bda8b1577846ea618816e578d58af786c24e31e53c3c02ea549e81b9d76365266ade7cbf50c41c7d1f9a25fc48d1786676b0ddff559765a8691aff2d1114925fcf716efe42f861bf5fa518acc12041a1c31502eba7013482b22959f853f06d5b9cd2ecbd508e2c86b4cbe5669096693170cbd2148472"}, {0xc, 0x7, {0x1, 0x1245edbc2fbe6948}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_FW_MASK={0x8, 0x5, 0x1}, @TCA_FW_CLASSID={0x8, 0x1, {0x9, 0xfff2}}]}}]}, 0x14fc}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-setsockopt$SO_ATTACH_FILTER-bpf$PROG_LOAD-sendmsg$nl_route_sched-sendmsg$nl_route_sched detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000001400000000000000ffff020018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000070000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400003e000000850000008700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x14fc, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0xffe0}, {}, {0x4, 0xffff}}, [@filter_kind_options=@f_fw={{0x7}, {0x14d0, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x4}, @TCA_FW_POLICE={0xc, 0x2, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x8000}]}, @TCA_FW_MASK={0x8, 0x5, 0x6}, @TCA_FW_ACT={0x4}, @TCA_FW_MASK={0x8, 0x5, 0x3}, @TCA_FW_ACT={0x1494, 0x4, [@m_skbmod={0x5c, 0xb, 0x0, 0x0, {{0xb}, {0x4}, {0x2d, 0x6, "9efc599d85ed6e7e164aa705f0951782adaefc1dc52968ea80cff8a3a426622ca8690aa50d5f1643f8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_csum={0x140, 0x5, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffff9, 0x96c, 0xffffffffffffffff, 0x101, 0xf0}, 0x69}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x7, 0x0, 0x4, 0x3}, 0x49}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x4, 0x2, 0x100, 0x4}, 0x42}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffffb, 0xffff, 0x5, 0x40000000, 0xfcda}, 0x6d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x60, 0x4bf, 0x3, 0x2, 0x7}, 0x7a}}]}, {0x88, 0x6, "f32d839bf0afd568ec513bcb6337cfe0c22e3f991fc1b7af65e7e8ca0e1395f880ab69b83c19f47f980cc02340fd307f6da018b9242532ba55f98af530e363b4a255645b4c3c37fce37ef2a17104c9a13c8713b6b1eecda5d1b3ed2cbf623f2ac3cc18b9b3e62ce74e82ab661d77411120e59da8dcbb7c825db3e4748599a0738a43929e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_pedit={0x105c, 0x10, 0x0, 0x0, {{0xa}, {0xfc8, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0xb4, 0x5, 0x0, 0x1, [{0x44, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xf10, 0x2, {{{0x2, 0x8, 0x4, 0x9, 0x800}, 0x6, 0x7, [{0x2eb, 0xffff0000, 0x0, 0x2, 0x5, 0xffffff11}, {0x101, 0x0, 0x0, 0xfa74, 0x3, 0xfffffffc}, {0x3, 0x6, 0x319, 0x17288000, 0x10, 0x7f}, {0x6, 0x1, 0x0, 0x2, 0xd8a, 0x735e2ab5}, {0x8, 0x2, 0xfffffffa, 0x4, 0x9, 0xcd09}, {0x4, 0x5cee, 0xf, 0x9, 0x3, 0x10}, {0x7, 0x1, 0x3, 0x101, 0x9, 0x1}, {0x8, 0x2, 0x10000, 0x10000, 0xc, 0x5}, {0x4, 0x2, 0x1, 0x4, 0x4, 0x6}, {0x1, 0x800, 0x7, 0x2, 0xe01b, 0x2}]}, [{0x6, 0x70, 0x2, 0x9, 0x8, 0x30e}, {0x0, 0x6, 0x5, 0xae90, 0x7, 0x8e2}, {0xe, 0xe6b, 0x4, 0x4, 0x800000, 0x7}, {0xcf, 0x1, 0x1ff, 0x9, 0x800, 0x8}, {0x8001, 0x6, 0xb, 0xfffff000, 0x0, 0x4}, {0x2, 0x65, 0x6, 0x0, 0xffffffff, 0xb}, {0x7, 0x2, 0x80000001, 0x0, 0xa9c, 0x1}, {0x4, 0x7, 0x8b76, 0x3, 0x1, 0x9}, {0xfff, 0x9, 0x4, 0xfd98, 0x3, 0x3}, {0xa, 0x5, 0x0, 0x0, 0x8000, 0x91cf}, {0x200, 0x9a, 0x800, 0x9f63, 0x9, 0x636}, {0x3, 0xfff, 0x3, 0x2, 0xffffffd7, 0x5}, {0x1, 0x9, 0x3dd, 0xa4, 0x2, 0x10001}, {0x91, 0x7fffffff, 0x5, 0x9, 0x9, 0x9}, {0x9, 0xb, 0x3, 0x9, 0x1, 0x6}, {0x101, 0x9, 0x0, 0x4, 0x9, 0x8}, {0x0, 0x7, 0x100, 0x3, 0x7fffffff, 0x1}, {0x124c, 0x4a, 0xa8c5, 0x3, 0xfffffffd, 0x3cfd8a26}, {0x10000, 0x1ff, 0x100, 0x1, 0x1, 0x8}, {0xb, 0x8001, 0x1, 0xc, 0x7, 0x6}, {0x4000008, 0xf, 0x3, 0xa8, 0x9, 0x2}, {0x200, 0x6, 0x8, 0x0, 0x8001, 0x34}, {0x7, 0x9, 0x5, 0x1, 0xf3f, 0xe}, {0xc7b, 0x1, 0x1, 0x9, 0x401, 0x6}, {0x7, 0xa, 0x9, 0x6, 0x8, 0xd625}, {0x3, 0x6, 0x1a, 0x4, 0x10001, 0x2}, {0x3, 0x8, 0x1, 0xd, 0xb, 0x9}, {0x2cae, 0x4, 0x1, 0x10, 0x1, 0x6}, {0x0, 0x10, 0x4, 0x3, 0x7, 0x7fffffff}, {0xfff, 0x1, 0xb8f, 0x35, 0x7fff, 0x5}, {0xd856, 0x5, 0x1000, 0x1a, 0x33, 0x9}, {0x8dd, 0x1, 0x0, 0xb8b1, 0x1, 0xffff}, {0x6, 0x7, 0xab5, 0x6, 0x6, 0xa1}, {0x5, 0x0, 0x2, 0xfffffffe, 0x1, 0x7}, {0x6c, 0x1, 0xea68, 0x10, 0x4, 0xfffff1d7}, {0x7, 0x5, 0x8, 0x79, 0x9}, {0x5, 0x7, 0x398, 0x4, 0x2, 0x3}, {0xb4, 0xffffffff, 0x3a, 0x7, 0x2, 0x8}, {0x8ed1, 0x8001, 0x0, 0x7, 0x100, 0x3}, {0x0, 0x3, 0x6, 0x4, 0x3, 0xc46e}, {0x9, 0x9f, 0xfffffff7, 0xd59, 0x5, 0x9}, {0x14, 0x10001, 0x7, 0x9, 0x5, 0x6}, {0x58a2d54f, 0x2, 0x9, 0x51, 0xfffffffb, 0x4042}, {0x8, 0x1, 0x54, 0x405839b6, 0x6, 0xa1e}, {0x3, 0x2, 0x1, 0x395, 0x82, 0x9}, {0x80, 0xfffffff7, 0xf, 0x6, 0xfffffffc, 0x7}, {0xa29e, 0x8000, 0x7e80, 0x10001, 0x715, 0x400}, {0x6, 0x40, 0xfffffff9, 0x6, 0x1, 0x6}, {0x401, 0x800, 0x4a, 0x2, 0x5, 0x3}, {0x9, 0x6c4, 0x5352004a, 0x5, 0xe92, 0x14000}, {0x207, 0xe, 0x2, 0x51f60870, 0x1, 0x7}, {0x5, 0x3, 0xf1, 0x13a75f20, 0x2, 0x2}, {0x3, 0x10001, 0x7, 0x10, 0xffff0001, 0xa9d}, {0x4, 0x9, 0xff, 0x6, 0x8, 0x5}, {0xceaf, 0x0, 0xfffffffc, 0x3ff, 0x8, 0x80000001}, {0x85ee, 0x12, 0x4, 0x8001, 0x9, 0x4}, {0xa, 0xb, 0x8, 0xd, 0x1df, 0x7}, {0x1, 0x6, 0x0, 0xab6dd36, 0x3}, {0x8, 0x80000000, 0x2, 0x4, 0x1, 0xffffffc8}, {0x1, 0x3, 0xae, 0x5, 0xfffffff2, 0xc03c}, {0xfd, 0x400, 0x9, 0xffffffff, 0x80000001, 0x7}, {0x1, 0x8, 0x8, 0x5, 0x4, 0x8}, {0x2, 0x2, 0xd, 0x5, 0x7, 0xfffffffc}, {0x9, 0x5, 0x39, 0x4, 0x8, 0x70d}, {0x9, 0x0, 0xc68, 0x96, 0x80000000, 0x6}, {0x5, 0x3, 0x7, 0xfffffff7, 0x5, 0x3da5}, {0x0, 0x3ff, 0x400, 0x40, 0xf, 0xca}, {0x9, 0xa, 0x10, 0x2, 0x3, 0x8000}, {0xbebf, 0xbf, 0x5, 0x13, 0x4, 0x4ee}, {0x8c0, 0x6, 0x6, 0x3, 0x3, 0xffffff80}, {0x81, 0x763e, 0x2, 0x4, 0x3, 0x1}, {0x7, 0x5, 0x80d, 0x180000, 0x5, 0x81}, {0x2, 0x30f, 0x178, 0x1000, 0xb75c, 0x7}, {0x9, 0x6, 0x6, 0x8001, 0x0, 0x4}, {0x5, 0x9, 0x4, 0x3, 0xa4a}, {0x0, 0x4, 0x2, 0x2, 0xfffffff3, 0x7}, {0x3, 0x8, 0x14000000, 0x5, 0x9, 0x1}, {0x0, 0xfffff32b, 0x3, 0x695c4887, 0x8, 0x2}, {0x7f, 0x7c4f9ef5, 0x4, 0x92, 0x7, 0x9}, {0x9, 0x0, 0x71, 0x7, 0x8, 0x2}, {0xffffffff, 0x8, 0x10001, 0x7b, 0x4, 0x6c6}, {0x10000, 0x5594, 0x7, 0x24, 0x5, 0x9}, {0x0, 0x1, 0x9, 0x10001, 0x80, 0x3}, {0x379, 0x0, 0x5, 0x9, 0x79, 0x1}, {0x8, 0x1, 0x0, 0x0, 0x3}, {0x80, 0x0, 0xe024, 0x9, 0x6581, 0x3}, {0x10000, 0x5822, 0x400000, 0x7, 0x1, 0x7}, {0x4, 0x519, 0x4, 0x4, 0x81, 0xfff00}, {0x10000, 0x3ff, 0x5fc1, 0x4d, 0x2, 0x7}, {0x7, 0x2, 0x3, 0x80000000, 0x7f, 0x7fffffff}, {0xc, 0x0, 0xfffff800, 0x78de, 0xfffffff8, 0x4}, {0x3ff, 0x9, 0xffffffc0, 0x7, 0x4, 0xc5}, {0x5, 0x8, 0x6, 0x80000001, 0x72000, 0x80000001}, {0x2, 0x4, 0x5, 0x3, 0xffffff80, 0x2}, {0x0, 0x3, 0x7, 0xffffffff, 0x47, 0x3}, {0x5, 0x4, 0xf3, 0x10000, 0x5, 0xfffffff8}, {0x7f, 0xfffffffa, 0x3, 0x3, 0x1, 0x7}, {0x4, 0x2, 0x43ab, 0x4, 0x9, 0x1}, {0x8c3, 0x0, 0xffffff9c, 0x7, 0xd, 0x8001}, {0x4, 0x2c, 0x4d06aa5e, 0x3, 0x100, 0x10}, {0x5, 0x4, 0xa, 0xcbf, 0x8000, 0x6}, {0x1, 0x7ff, 0x9, 0xf, 0x3, 0x8}, {0x9, 0xc0c4, 0x40, 0xbcc, 0x80, 0x46}, {0x6c, 0x5, 0x200, 0x1, 0xdf, 0x9da}, {0x1, 0x5, 0x6, 0x1, 0x1, 0x1}, {0xffffffc4, 0x3, 0x9, 0x9, 0x100, 0x7}, {0x40, 0x71, 0x3, 0x3, 0x81, 0x59}, {0x9, 0x2, 0x0, 0x0, 0x1, 0x5}, {0xe3, 0xb9d8, 0x800, 0xb0, 0x7, 0xfffffffc}, {0x0, 0x9, 0x1, 0x6e, 0xfffffffc, 0x2}, {0x2, 0x7, 0x2c000, 0x100, 0x0, 0x10}, {0x3, 0xfffffff9, 0x4, 0x0, 0x2, 0x9}, {0x8, 0x2, 0x4, 0xffffe775, 0xfffffffd}, {0x9, 0x9, 0x4, 0x7, 0xffffffff, 0x8}, {0x6, 0x7, 0x4, 0x3, 0x1, 0x5}, {0x7, 0x9, 0x2, 0x10000, 0x10, 0x1}, {0x3, 0x9, 0x7, 0x4, 0xcc, 0x4}, {0x0, 0x7f, 0x9fb, 0x29, 0x401, 0x4}, {0xfffffff9, 0xfffeffff, 0x1, 0x8001, 0x6904, 0x1cd8f2ad}, {0xffff, 0x4, 0x5778, 0x0, 0x8, 0x100}, {0xf64, 0x0, 0xe62, 0x3ff, 0x8000, 0x4}, {0x4, 0x7, 0xffffffff, 0x684, 0x9, 0x4}, {0xb8, 0xf, 0x5, 0x9, 0x1, 0x7}, {0x9, 0xffffdbde, 0x5, 0x4, 0x1, 0x4}, {0xfffffffa, 0x5, 0x7, 0x8001, 0x5, 0x246c}, {0xb4, 0x4, 0x8, 0x0, 0x8, 0x800}, {0x6, 0xffff, 0x4, 0x228f, 0xffffffb5, 0x3}, {0x8, 0x82, 0x2, 0x1, 0x2592, 0x4}], [{0x3, 0x1}, {0x3}, {0x4}, {0x3}, {0x3, 0x1}, {0x5}, {0x5}, {0x4}, {0x2}, {0x4}, {0x5}, {0x3}, {0x5, 0x1}, {0x1, 0x1}, {0x3}, {0x4}, {0x5}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4}, {0x2, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x4}, {0x2, 0x1}, {0x1}, {0x3}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x4}, {0x3}, {0x2}, {0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x7, 0x1}, {0x4}, {}, {0x2}, {0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x4, 0x1}, {0x1}, {0x2}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {0x5}, {0x1}, {}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x1}, {0x1}, {0x4}, {0x1, 0x1}, {0x3}, {0x2}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x3}, {0x4}, {0x5}, {0x6}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x9f49cc95d4993663, 0x1}, {0x2}, {0x5}, {0x0, 0x1}, {}, {0x2}, {0x3}, {0x5, 0x1}]}}]}, {0x6c, 0x6, "8d9357a959ebb92429bfcf96eec69874ba91b2c33dbe67a2392fa3bdbce23e3523dbdcfb8e11c1397c4cde005c3f17b14d1c63761f39edaf6c15a13b1f7a369bfc6f1f4d22d2bdcaf4e1b4b1b077589108a9f96e8d21167a2f85436796108fff9d356ade1e184997"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_skbedit={0x130, 0x18, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x5, 0x5}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}]}, {0xe2, 0x6, "0322c7c046e621408c9d1da9e67529776fc7ad1a1cbd8b1a974bedc8ee4c32f88ca851a7b146fda3e6fc03e6d0cf7db60723d2c62b00ced53d46b6652352d82d14dad3875a9f1d6b0421e4174d5e5786532f26cf242ac29620872423d48f96a11687ecaed0e16a12ec242c2b06b7e8d2a27cae71d315568a163d8eb1e426b50bfc91621da7d4d8b56a3cdb2272874ad98c94d5aa03786a94e8289839237ba202da1cdd5cf4f44987930d383322476e5339036ecb08975d8b8b11cc499d45e35289516d9db4bbbb28fa9d6ec3a70c314825689cafddd91bd8399f7c741a47"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x168, 0x14, 0x0, 0x0, {{0xb}, {0xb4, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0xb, 0x20000000, 0x5491, 0x8}, 0x10}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x5, 0x2, 0xffffffffffffffff, 0x0, 0x4}, 0x10}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3ff, 0x3, 0x8, 0x1, 0x19cb9b69}, 0x8}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xffff}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xb, 0x9, 0x1, 0x8, 0x9}, 0xb}}]}, {0x8a, 0x6, "9fdd0bd6c22f308aadacb56509d78b70bda8b1577846ea618816e578d58af786c24e31e53c3c02ea549e81b9d76365266ade7cbf50c41c7d1f9a25fc48d1786676b0ddff559765a8691aff2d1114925fcf716efe42f861bf5fa518acc12041a1c31502eba7013482b22959f853f06d5b9cd2ecbd508e2c86b4cbe5669096693170cbd2148472"}, {0xc, 0x7, {0x1, 0x1245edbc2fbe6948}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_FW_MASK={0x8, 0x5, 0x1}, @TCA_FW_CLASSID={0x8, 0x1, {0x9, 0xfff2}}]}}]}, 0x14fc}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) program did not crash testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-setsockopt$SO_ATTACH_FILTER-bpf$PROG_LOAD-sendmsg$nl_route_sched-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000001400000000000000ffff020018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000070000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400003e000000850000008700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-setsockopt$SO_ATTACH_FILTER-bpf$PROG_LOAD-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xc, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000001400000000000000ffff020018150000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000070000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400003e000000850000008700000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-setsockopt$SO_ATTACH_FILTER-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in rcu_segcblist_enqueue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-socketpair$unix-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-read$msr-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$MSR-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-prlimit64-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-prctl$PR_SCHED_CORE-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$SEG6_CMD_DUMPHMAC-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x1) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$sock_SIOCGIFINDEX-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-socket-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket(0x400000000010, 0x3, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_PROG_QUERY-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x1, 0x3) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-fsconfig$FSCONFIG_CMD_CREATE-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-fsopen-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xfff, @empty, 0x10000}}}, 0x32) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-socket$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-socket$inet6_udp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program did not crash testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$pppl2tp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program did not crash testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-openat-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) program did not crash testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-pwrite64-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r0, &(0x7f0000000ac0)="72b714926a3f6fdef4142eee07674c53f3185d6909e8dcbe19a7b7a360d7bcfece4bab76c69cd483b14c2b5acfaf1a3336a5382ecd7390fa29238055c34c5770ecdc69f4618720da7b668cfc1d7ef5a7f11019b9d4a397aa84e15cafc3f19fa7bb64ee6e52a9fa24f61ca06485ccc3c25d760615d8c824e412133f526155b8277b53d21f5b788c01a430aa0449c2b4a9df38f6ee22a4ca9d695f63e517c955a98459ee9ea801a505009a0780a50236a8247615ba1fc8593f63622e9dac1571", 0xbf, 0x8000c61) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in rcu_cblist_dequeue testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x10, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=") r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: r0 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=33.283292503s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release simplifying C reproducer testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program did not crash testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Read in pppol2tp_sock_to_session testing compiled C program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT program crashed: KASAN: use-after-free Write in pppol2tp_release testing program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release validation run: crashed=true testing program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release validation run: crashed=true testing program (duration=33.283292503s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT detailed listing: executing program 0: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) program crashed: KASAN: use-after-free Write in pppol2tp_release validation run: crashed=true reproducing took 31m1.477206856s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: use-after-free in atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1667 [inline] BUG: KASAN: use-after-free in __mutex_trylock_fast kernel/locking/mutex.c:169 [inline] BUG: KASAN: use-after-free in mutex_lock+0x8e/0x1c0 kernel/locking/mutex.c:288 Write of size 8 at addr ffff88811f0e0950 by task syz.2.17/375 CPU: 1 PID: 375 Comm: syz.2.17 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Call Trace: __dump_stack+0x21/0x30 lib/dump_stack.c:88 dump_stack_lvl+0x110/0x170 lib/dump_stack.c:106 print_address_description+0x7f/0x2c0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:427 [inline] kasan_report+0x10f/0x150 mm/kasan/report.c:444 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x249/0x2a0 mm/kasan/generic.c:189 __kasan_check_write+0x14/0x20 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1667 [inline] __mutex_trylock_fast kernel/locking/mutex.c:169 [inline] mutex_lock+0x8e/0x1c0 kernel/locking/mutex.c:288 pppol2tp_release+0x178/0x2b0 net/l2tp/l2tp_ppp.c:442 __sock_release net/socket.c:649 [inline] sock_close+0xb8/0x200 net/socket.c:1335 __fput+0x22b/0x900 fs/file_table.c:311 ____fput+0x15/0x20 fs/file_table.c:339 task_work_run+0x127/0x190 kernel/task_work.c:188 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0xd0/0xe0 kernel/entry/common.c:181 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f115dc7be59 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1d0cc168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00007ffe1d0cc250 RCX: 00007f115dc7be59 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 0000000000006a50 R08: 0000000000000001 R09: 0000000000000000 R10: 0000001b33020000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f115def4fac R14: 00007f115def4fa8 R15: 00007f115def4fa0 Allocated by task 375: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:433 [inline] ____kasan_kmalloc mm/kasan/common.c:512 [inline] __kasan_kmalloc+0xd4/0x100 mm/kasan/common.c:521 kasan_kmalloc include/linux/kasan.h:227 [inline] __kmalloc+0x13d/0x2c0 mm/slub.c:4436 kmalloc include/linux/slab.h:624 [inline] kzalloc include/linux/slab.h:750 [inline] l2tp_session_create+0x39/0xb60 net/l2tp/l2tp_core.c:1616 pppol2tp_connect+0xbf5/0x1640 net/l2tp/l2tp_ppp.c:772 __sys_connect_file net/socket.c:1922 [inline] __sys_connect+0x3cb/0x450 net/socket.c:1939 __do_sys_connect net/socket.c:1949 [inline] __se_sys_connect net/socket.c:1946 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:1946 x64_sys_call+0x7c/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Freed by task 375: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4a/0x70 mm/kasan/common.c:45 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370 ____kasan_slab_free+0x125/0x160 mm/kasan/common.c:365 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:373 kasan_slab_free include/linux/kasan.h:193 [inline] slab_free_hook mm/slub.c:1728 [inline] slab_free_freelist_hook+0xc2/0x190 mm/slub.c:1754 slab_free mm/slub.c:3526 [inline] kfree+0xc4/0x270 mm/slub.c:4588 l2tp_session_free net/l2tp/l2tp_core.c:168 [inline] l2tp_session_put+0xaf/0x1a0 net/l2tp/l2tp_core.c:193 l2tp_session_delete+0x3a9/0x4a0 net/l2tp/l2tp_core.c:1589 pppol2tp_release+0x169/0x2b0 net/l2tp/l2tp_ppp.c:439 __sock_release net/socket.c:649 [inline] sock_close+0xb8/0x200 net/socket.c:1335 __fput+0x22b/0x900 fs/file_table.c:311 ____fput+0x15/0x20 fs/file_table.c:339 task_work_run+0x127/0x190 kernel/task_work.c:188 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0xd0/0xe0 kernel/entry/common.c:181 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 The buggy address belongs to the object at ffff88811f0e0800 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 336 bytes inside of 512-byte region [ffff88811f0e0800, ffff88811f0e0a00) The buggy address belongs to the page: page:ffffea00047c3800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f0e0 head:ffffea00047c3800 order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=1) raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 26, ts 27237672883, free_ts 26044727224 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook+0x192/0x1b0 mm/page_alloc.c:2607 prep_new_page+0x1c/0x110 mm/page_alloc.c:2613 get_page_from_freelist+0x2c3a/0x2cd0 mm/page_alloc.c:4487 __alloc_pages+0x1a2/0x460 mm/page_alloc.c:5824 alloc_slab_page mm/slub.c:-1 [inline] allocate_slab mm/slub.c:1937 [inline] new_slab+0xa0/0x4d0 mm/slub.c:2000 ___slab_alloc+0x3ac/0x840 mm/slub.c:3033 __slab_alloc+0x49/0x90 mm/slub.c:3120 slab_alloc_node mm/slub.c:3211 [inline] slab_alloc mm/slub.c:3255 [inline] __kmalloc+0x16a/0x2c0 mm/slub.c:4432 kmalloc include/linux/slab.h:624 [inline] kzalloc include/linux/slab.h:750 [inline] neigh_alloc net/core/neighbour.c:438 [inline] ___neigh_create+0x6fb/0x1c50 net/core/neighbour.c:591 __neigh_create+0x31/0x40 net/core/neighbour.c:679 ip6_finish_output2+0xae3/0x1790 net/ipv6/ip6_output.c:127 __ip6_finish_output+0x621/0x7e0 net/ipv6/ip6_output.c:201 ip6_finish_output+0x31/0x220 net/ipv6/ip6_output.c:211 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0x1fa/0x410 net/ipv6/ip6_output.c:234 dst_output include/net/dst.h:453 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] mld_sendpack+0x68d/0xba0 net/ipv6/mcast.c:1825 mld_send_cr net/ipv6/mcast.c:2126 [inline] mld_ifc_work+0x83b/0xc20 net/ipv6/mcast.c:2658 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1474 [inline] free_pcp_prepare mm/page_alloc.c:1546 [inline] free_unref_page_prepare+0x5fa/0x600 mm/page_alloc.c:3536 free_unref_page+0xae/0x540 mm/page_alloc.c:3618 free_the_page mm/page_alloc.c:805 [inline] __free_pages+0x6c/0x100 mm/page_alloc.c:5900 __vunmap+0x801/0x980 mm/vmalloc.c:2660 __vfree mm/vmalloc.c:2709 [inline] vfree+0x8b/0xc0 mm/vmalloc.c:2740 kcov_put kernel/kcov.c:417 [inline] kcov_close+0x2b/0x50 kernel/kcov.c:519 __fput+0x22b/0x900 fs/file_table.c:311 ____fput+0x15/0x20 fs/file_table.c:339 task_work_run+0x127/0x190 kernel/task_work.c:188 exit_task_work include/linux/task_work.h:33 [inline] do_exit+0xb70/0x29a0 kernel/exit.c:890 do_group_exit+0x149/0x310 kernel/exit.c:1004 get_signal+0x64f/0x1430 kernel/signal.c:2907 arch_do_signal_or_restart+0xe2/0x1100 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:154 [inline] exit_to_user_mode_loop+0xa7/0xe0 kernel/entry/common.c:178 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:307 Memory state around the buggy address: ffff88811f0e0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f0e0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88811f0e0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811f0e0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f0e0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: use-after-free in atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1667 [inline] BUG: KASAN: use-after-free in __mutex_trylock_fast kernel/locking/mutex.c:169 [inline] BUG: KASAN: use-after-free in mutex_lock+0x8e/0x1c0 kernel/locking/mutex.c:288 Write of size 8 at addr ffff88811f0e0950 by task syz.2.17/375 CPU: 1 PID: 375 Comm: syz.2.17 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Call Trace: __dump_stack+0x21/0x30 lib/dump_stack.c:88 dump_stack_lvl+0x110/0x170 lib/dump_stack.c:106 print_address_description+0x7f/0x2c0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:427 [inline] kasan_report+0x10f/0x150 mm/kasan/report.c:444 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x249/0x2a0 mm/kasan/generic.c:189 __kasan_check_write+0x14/0x20 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1667 [inline] __mutex_trylock_fast kernel/locking/mutex.c:169 [inline] mutex_lock+0x8e/0x1c0 kernel/locking/mutex.c:288 pppol2tp_release+0x178/0x2b0 net/l2tp/l2tp_ppp.c:442 __sock_release net/socket.c:649 [inline] sock_close+0xb8/0x200 net/socket.c:1335 __fput+0x22b/0x900 fs/file_table.c:311 ____fput+0x15/0x20 fs/file_table.c:339 task_work_run+0x127/0x190 kernel/task_work.c:188 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0xd0/0xe0 kernel/entry/common.c:181 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f115dc7be59 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1d0cc168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00007ffe1d0cc250 RCX: 00007f115dc7be59 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 0000000000006a50 R08: 0000000000000001 R09: 0000000000000000 R10: 0000001b33020000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f115def4fac R14: 00007f115def4fa8 R15: 00007f115def4fa0 Allocated by task 375: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:433 [inline] ____kasan_kmalloc mm/kasan/common.c:512 [inline] __kasan_kmalloc+0xd4/0x100 mm/kasan/common.c:521 kasan_kmalloc include/linux/kasan.h:227 [inline] __kmalloc+0x13d/0x2c0 mm/slub.c:4436 kmalloc include/linux/slab.h:624 [inline] kzalloc include/linux/slab.h:750 [inline] l2tp_session_create+0x39/0xb60 net/l2tp/l2tp_core.c:1616 pppol2tp_connect+0xbf5/0x1640 net/l2tp/l2tp_ppp.c:772 __sys_connect_file net/socket.c:1922 [inline] __sys_connect+0x3cb/0x450 net/socket.c:1939 __do_sys_connect net/socket.c:1949 [inline] __se_sys_connect net/socket.c:1946 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:1946 x64_sys_call+0x7c/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Freed by task 375: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4a/0x70 mm/kasan/common.c:45 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370 ____kasan_slab_free+0x125/0x160 mm/kasan/common.c:365 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:373 kasan_slab_free include/linux/kasan.h:193 [inline] slab_free_hook mm/slub.c:1728 [inline] slab_free_freelist_hook+0xc2/0x190 mm/slub.c:1754 slab_free mm/slub.c:3526 [inline] kfree+0xc4/0x270 mm/slub.c:4588 l2tp_session_free net/l2tp/l2tp_core.c:168 [inline] l2tp_session_put+0xaf/0x1a0 net/l2tp/l2tp_core.c:193 l2tp_session_delete+0x3a9/0x4a0 net/l2tp/l2tp_core.c:1589 pppol2tp_release+0x169/0x2b0 net/l2tp/l2tp_ppp.c:439 __sock_release net/socket.c:649 [inline] sock_close+0xb8/0x200 net/socket.c:1335 __fput+0x22b/0x900 fs/file_table.c:311 ____fput+0x15/0x20 fs/file_table.c:339 task_work_run+0x127/0x190 kernel/task_work.c:188 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0xd0/0xe0 kernel/entry/common.c:181 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 The buggy address belongs to the object at ffff88811f0e0800 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 336 bytes inside of 512-byte region [ffff88811f0e0800, ffff88811f0e0a00) The buggy address belongs to the page: page:ffffea00047c3800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f0e0 head:ffffea00047c3800 order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=1) raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 26, ts 27237672883, free_ts 26044727224 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook+0x192/0x1b0 mm/page_alloc.c:2607 prep_new_page+0x1c/0x110 mm/page_alloc.c:2613 get_page_from_freelist+0x2c3a/0x2cd0 mm/page_alloc.c:4487 __alloc_pages+0x1a2/0x460 mm/page_alloc.c:5824 alloc_slab_page mm/slub.c:-1 [inline] allocate_slab mm/slub.c:1937 [inline] new_slab+0xa0/0x4d0 mm/slub.c:2000 ___slab_alloc+0x3ac/0x840 mm/slub.c:3033 __slab_alloc+0x49/0x90 mm/slub.c:3120 slab_alloc_node mm/slub.c:3211 [inline] slab_alloc mm/slub.c:3255 [inline] __kmalloc+0x16a/0x2c0 mm/slub.c:4432 kmalloc include/linux/slab.h:624 [inline] kzalloc include/linux/slab.h:750 [inline] neigh_alloc net/core/neighbour.c:438 [inline] ___neigh_create+0x6fb/0x1c50 net/core/neighbour.c:591 __neigh_create+0x31/0x40 net/core/neighbour.c:679 ip6_finish_output2+0xae3/0x1790 net/ipv6/ip6_output.c:127 __ip6_finish_output+0x621/0x7e0 net/ipv6/ip6_output.c:201 ip6_finish_output+0x31/0x220 net/ipv6/ip6_output.c:211 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0x1fa/0x410 net/ipv6/ip6_output.c:234 dst_output include/net/dst.h:453 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] mld_sendpack+0x68d/0xba0 net/ipv6/mcast.c:1825 mld_send_cr net/ipv6/mcast.c:2126 [inline] mld_ifc_work+0x83b/0xc20 net/ipv6/mcast.c:2658 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1474 [inline] free_pcp_prepare mm/page_alloc.c:1546 [inline] free_unref_page_prepare+0x5fa/0x600 mm/page_alloc.c:3536 free_unref_page+0xae/0x540 mm/page_alloc.c:3618 free_the_page mm/page_alloc.c:805 [inline] __free_pages+0x6c/0x100 mm/page_alloc.c:5900 __vunmap+0x801/0x980 mm/vmalloc.c:2660 __vfree mm/vmalloc.c:2709 [inline] vfree+0x8b/0xc0 mm/vmalloc.c:2740 kcov_put kernel/kcov.c:417 [inline] kcov_close+0x2b/0x50 kernel/kcov.c:519 __fput+0x22b/0x900 fs/file_table.c:311 ____fput+0x15/0x20 fs/file_table.c:339 task_work_run+0x127/0x190 kernel/task_work.c:188 exit_task_work include/linux/task_work.h:33 [inline] do_exit+0xb70/0x29a0 kernel/exit.c:890 do_group_exit+0x149/0x310 kernel/exit.c:1004 get_signal+0x64f/0x1430 kernel/signal.c:2907 arch_do_signal_or_restart+0xe2/0x1100 arch/x86/kernel/signal.c:867 handle_signal_work kernel/entry/common.c:154 [inline] exit_to_user_mode_loop+0xa7/0xe0 kernel/entry/common.c:178 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:307 Memory state around the buggy address: ffff88811f0e0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f0e0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88811f0e0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811f0e0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f0e0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================