Extracting prog: 4m4.556367924s
Minimizing prog: 18m6.476948755s
Simplifying prog options: 3m20.247480194s
Extracting C: 51.070873383s
Simplifying C: 0s


extracting reproducer from 35 programs
testing a last program of every proc
single: executing 8 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-open-openat$fuse-mount$fuse-socket$inet6_tcp-setsockopt$inet6_int-getsockopt$inet6_buf-getsockopt$inet6_buf-read$FUSE-read$FUSE-write$FUSE_INIT-write$FUSE_INIT-syz_fuse_handle_req-pipe2-pipe2-openat-ioctl$sock_inet6_tcp_SIOCINQ-dup2-lseek-mkdirat$cgroup_root-openat$cgroup_root-pipe-pipe-setsockopt$inet6_IPV6_IPSEC_POLICY-openat$cgroup_int-openat$cgroup_int-sendfile-syz_mount_image$ext4-openat-link
detailed listing:
executing program 0:
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) (async)
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x33, &(0x7f0000000000)=0x92b1, 0x4)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000040)=""/19, &(0x7f0000000240)=0x13) (async)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000040)=""/19, &(0x7f0000000240)=0x13)
read$FUSE(r0, &(0x7f00000041c0)={0x2020}, 0x2020) (async)
read$FUSE(r0, &(0x7f00000041c0)={0x2020, 0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) (async)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pipe2(&(0x7f0000000000), 0x880) (async)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x880)
r5 = openat(r4, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, &(0x7f0000000180))
r6 = dup2(r5, r0)
lseek(r6, 0x8, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
pipe(&(0x7f0000000200)) (async)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f0000000440)={{{@in=@rand_addr=0x64010101, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x9, 0x4e22, 0x2, 0xa, 0x80, 0x80, 0x2d, 0x0, r3}, {0x2, 0x2, 0x7, 0x0, 0x1, 0x0, 0xbe2, 0xc5b}, {0x0, 0x7, 0x8, 0x4}, 0x9, 0x6e6bbb, 0x0, 0x1, 0x3, 0x2}, {{@in6=@private2, 0x4d4, 0x32}, 0xa, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x3500, 0x0, 0x1, 0xd, 0x6, 0x40, 0x9}}, 0xe8)
openat$cgroup_int(r7, &(0x7f00000002c0)='cpuset.sched_load_balance\x00', 0x2, 0x0) (async)
r9 = openat$cgroup_int(r7, &(0x7f00000002c0)='cpuset.sched_load_balance\x00', 0x2, 0x0)
sendfile(r9, r9, 0x0, 0x9c)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x529400, 0x10)
link(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-mmap-mremap-syz_kvm_setup_cpu$x86-ioctl$KVM_NMI-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x8000000000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f000000c000/0xc000)=nil, 0xc000, 0x400000, 0x3, &(0x7f0000bfe000/0x400000)=nil)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x20, &(0x7f00000002c0), 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-signalfd-gettid-process_vm_writev-setsockopt$inet_MCAST_JOIN_GROUP
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000004f4bf119000000000000000d2e54e4ba000700000000000000c31ffb00f7ff000095000000d3031a006b41aee828c864069da3e1db1b391bc6e6b537c43e49c85f85c5eff5c3ea78d35400000000000004004a48f554dec49b2a20bdb9283b4374407ccf5b8091bd251b0da15db2"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfa, &(0x7f0000000140)=""/250, 0x0, 0x8496e770351ce1c2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = signalfd(r0, &(0x7f0000000000)={[0x7f]}, 0x8)
r2 = gettid()
process_vm_writev(r2, &(0x7f00000000c0)=[{&(0x7f00000003c0)=""/194, 0xc2}], 0x1, &(0x7f0000000dc0)=[{&(0x7f0000000140)=""/43, 0x2b}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000240)={0x7, {{0x2, 0x4e22, @loopback}}}, 0x88)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-sched_setaffinity-getpid-sched_setscheduler-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$MAP_CREATE-bpf$PROG_LOAD-socket$nl_route-bpf$PROG_LOAD_XDP-socket$nl_route-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_mount_image$ext4-socket$inet_tcp-ioctl$sock_inet_SIOCSIFADDR-unshare
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x14, 0x4, &(0x7f0000000340)=@framed={{0x18, 0x2}, [@jmp={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0xc}]}, &(0x7f0000000080)='syzkaller\x00', 0x6, 0x8b, &(0x7f00000000c0)=""/139, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000800)={[{@bsdgroups}, {@nodiscard}, {@auto_da_alloc}, {@grpjquota}, {@nobarrier}, {@noquota}, {@abort}, {@nodiscard}, {@nodiscard}]}, 0x64, 0x50d, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}})
unshare(0x42000000)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-openat$procfs-fsconfig$FSCONFIG_SET_BINARY-ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD-ioctl$BLKIOMIN-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000700)='\x00', &(0x7f0000000740)="19dac8b2cbe69c88f9fad1d5b57496bc977fea0638a1ef403b0e722662d8efa19c74", 0x22)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000000))
ioctl$BLKIOMIN(r2, 0x1278, &(0x7f0000000040))
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program crashed: KASAN: use-after-free Read in lo_release
single: successfully extracted reproducer
found reproducer with 16 syscalls
minimizing guilty program
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-openat$procfs-fsconfig$FSCONFIG_SET_BINARY-ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD-ioctl$BLKIOMIN
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000700)='\x00', &(0x7f0000000740)="19dac8b2cbe69c88f9fad1d5b57496bc977fea0638a1ef403b0e722662d8efa19c74", 0x22)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000000))
ioctl$BLKIOMIN(r2, 0x1278, &(0x7f0000000040))

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-openat$procfs-fsconfig$FSCONFIG_SET_BINARY-ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000700)='\x00', &(0x7f0000000740)="19dac8b2cbe69c88f9fad1d5b57496bc977fea0638a1ef403b0e722662d8efa19c74", 0x22)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000000))
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program crashed: KASAN: use-after-free Read in lo_release
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-openat$procfs-fsconfig$FSCONFIG_SET_BINARY-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000700)='\x00', &(0x7f0000000740)="19dac8b2cbe69c88f9fad1d5b57496bc977fea0638a1ef403b0e722662d8efa19c74", 0x22)
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-openat$procfs-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-syz_open_dev$loop-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, 0xffffffffffffffff)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_GET_NEXT_KEY-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c03, r1)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000180)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r2)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-bpf$MAP_CREATE-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_mount_image$ext4-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4db, &(0x7f0000000200)="$eJzs3c9vE1ceAPDvOAkECJuwuwcWaVm0yyqgXeyELBDtgc1edk+sltJ7miZOFMWJo9gBEqEqqH9Apaq/1J566qVSz1Wlij+hqoTU3qseWqEW6KFSf7iyM4YQnF8liSH+fKTJvDcz9vf7YvnZb97IE0DLOhERQxHRFhGnI6I73Z5Jl1haXqrH3bt7Y7S6JFGpXPkmiSTdVn+uJF0fSh/WGRHP/TfixeTxuKWFxamRQiE/l9Zz5enZXGlh8czk9MhEfiI/MzTQf37wwuC5wb6tNahBrLqLnfHGK+/95+LHf7/2xfDXp16qHtqV7lvZjs1Y2lI6HbX/RV17RMxtJdhTrC1tT0ezEwEAYFOq3/F/GxF/joj7bzc7GwAAAGAnVP7VFT8mERUAAABgz8rUroFNMtn0WoCuyGSy2eVreH8fBzOFYqn8t/Hi/MzY8rWyPdGRGZ8s5PvSa4V7oiOp1vtr5Yf1s6vqAxFxJCJe6z5Qq2dHi4WxZp/8AAAAgBZxaNX4/7vu5fE/AAAAsMf0NDsBAAAAYMcZ/wMAAMDe9/j4/4dKbZW0NyEbAAAAYJv9/9Kl6lKp3/967OrC/FTx6pmxfGkqOz0/mh0tzs1mJ4rFidpv9k1v9HyFYnH2HzEzfz1XzpfKudLC4vB0cX6mPFy7r/dw3n2iAQAAYPcd+dOtz5OIWPrngdpStS/dt4mx+tDOZgfspMzWDk92Kg9g97U1OwGgaVzgC63LfDywYmB/scHu11fVt3jaAAAAeBr0/uGJ5v/NB8IzzEAeWpf5f2hd5v+hdZn/hxa3f+NDOtfa8ck25wIAAOyYrtqSZLLpXGBXZDLZbMTh2m0BOpLxyUK+LyJ+ExGfdXfsr9b7m500AAAAAAAAAAAAAAAAAAAAAAAAADxjKpUkKgAAAMCeFpH5Kklv5N/bfbJr9fmBfcn33bV1RFx758qb10fK5bn+6vZvH2wvv5VuP9uMMxgAAADAavVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb6d7dG6P1ZTfj3vl3RPQ0it8enbV154fdEXHwfhLtKx6XRETbNsRfuhn1510VP6mmFT1pFqvjZyLiwDbFj6OPtz/53/L+9eIf2ob40MpuVfufoUb9TyZO1NaN33/tEY/Uf607J9bq/zL1/q/WzzXq/w5vMsax2x/k1ox/M+JYe6P4yYP4yRP2vy88v7i41r7KuxG9DT9/kkdi5crTs7nSwuKZyemRifxEfmZgoP/84IXBc4N9ufHJQj792zDGq3/86Of12n9wjfg9G7T/5Cbb/9Pt63d/t078U39p/PofXSd+9X//1/RzoLq/t15eWi6vdPz9T4+v1/6xNdq/0et/apPtP3355S83eSgAsAtKC4tTI4VCfk5h64Xk6UhDQWHNwuX0jb7lhze5YwIAALbdwy/9zc4EAAAAAAAAAAAAAAAAAAAAWteO/wjZ/kd/WaCzeU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjXLwEAAP//HQfRZw==")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-sendmmsg$unix-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-prlimit64-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_UPDATE_ELEM_TAIL_CALL-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000080)={[{@usrquota}, {@data_err_ignore}, {@grpjquota}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(0x0, 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
extracting C reproducer
testing compiled C program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
program did not crash
simplifying guilty program options
testing program (duration=41.791838145s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program did not crash
testing program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

program crashed: KASAN: use-after-free Read in lo_open
extracting C reproducer
testing compiled C program (duration=41.791838145s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD
program did not crash
reproducing took 26m22.377164544s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881ea972f78 by task syz-executor/469

CPU: 1 PID: 469 Comm: syz-executor Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
 mutex_lock_killable+0xd8/0x110 kernel/locking/mutex.c:1348
 lo_open+0x18/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x3c8/0x1160 fs/block_dev.c:1581
 blkdev_get+0x2de/0x3a0 fs/block_dev.c:1714
 do_dentry_open+0x964/0x1130 fs/open.c:806
 do_last fs/namei.c:3565 [inline]
 path_openat+0x29bf/0x34b0 fs/namei.c:3683
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fc74b2e2a51
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffcbcb35a30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc74b2e2a51
RDX: 0000000000000002 RSI: 00007ffcbcb35b40 RDI: 00000000ffffff9c
RBP: 00007ffcbcb35b40 R08: 000000000000000a R09: 00007ffcbcb357f7
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fc74b4cd260 R14: 0000000000000003 R15: 00007ffcbcb35b40

Allocated by task 445:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x2da/0x300 kernel/fork.c:2675
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 17:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10b/0x2c0 mm/slub.c:3096
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x492/0xa00 kernel/rcu/tree.c:2167
 rcu_core+0x4c8/0xcb0 kernel/rcu/tree.c:2387
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881ea972f40
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881ea972f40, ffff8881ea973e80)
The buggy address belongs to the page:
page:ffffea0007aa5c00 refcount:1 mapcount:0 mapping:ffff8881f5cf0f00 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf0f00
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4893
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x109/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone kernel/fork.c:2557 [inline]
 __se_sys_clone kernel/fork.c:2538 [inline]
 __x64_sys_clone+0x26b/0x2c0 kernel/fork.c:2538
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 __free_slab+0x221/0x2e0 mm/slub.c:1774
 free_slab mm/slub.c:1789 [inline]
 discard_slab mm/slub.c:1795 [inline]
 unfreeze_partials+0x14e/0x180 mm/slub.c:2288
 put_cpu_partial+0x44/0x180 mm/slub.c:2324
 __slab_free+0x297/0x360 mm/slub.c:2971
 qlist_free_all+0x43/0xb0 mm/kasan/quarantine.c:167
 quarantine_reduce+0x1d9/0x210 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x41/0x210 mm/kasan/common.c:507
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc_trace+0xdc/0x260 mm/slub.c:2854
 kmalloc include/linux/slab.h:556 [inline]
 kzalloc include/linux/slab.h:690 [inline]
 kthread+0x94/0x360 kernel/kthread.c:251
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354

Memory state around the buggy address:
 ffff8881ea972e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881ea972e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881ea972f00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
                                                                ^
 ffff8881ea972f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881ea973000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
BUG: KASAN: use-after-free in mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:973 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
Read of size 4 at addr ffff8881ea972f78 by task syz-executor/469

CPU: 1 PID: 469 Comm: syz-executor Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 mutex_can_spin_on_owner kernel/locking/mutex.c:617 [inline]
 mutex_optimistic_spin kernel/locking/mutex.c:661 [inline]
 __mutex_lock_common kernel/locking/mutex.c:973 [inline]
 __mutex_lock+0xcd7/0x1060 kernel/locking/mutex.c:1114
 mutex_lock_killable+0xd8/0x110 kernel/locking/mutex.c:1348
 lo_open+0x18/0xc0 drivers/block/loop.c:1899
 __blkdev_get+0x3c8/0x1160 fs/block_dev.c:1581
 blkdev_get+0x2de/0x3a0 fs/block_dev.c:1714
 do_dentry_open+0x964/0x1130 fs/open.c:806
 do_last fs/namei.c:3565 [inline]
 path_openat+0x29bf/0x34b0 fs/namei.c:3683
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fc74b2e2a51
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffcbcb35a30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc74b2e2a51
RDX: 0000000000000002 RSI: 00007ffcbcb35b40 RDI: 00000000ffffff9c
RBP: 00007ffcbcb35b40 R08: 000000000000000a R09: 00007ffcbcb357f7
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fc74b4cd260 R14: 0000000000000003 R15: 00007ffcbcb35b40

Allocated by task 445:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone3 kernel/fork.c:2688 [inline]
 __se_sys_clone3 kernel/fork.c:2675 [inline]
 __x64_sys_clone3+0x2da/0x300 kernel/fork.c:2675
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 17:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kmem_cache_free+0x10b/0x2c0 mm/slub.c:3096
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch+0x492/0xa00 kernel/rcu/tree.c:2167
 rcu_core+0x4c8/0xcb0 kernel/rcu/tree.c:2387
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292

The buggy address belongs to the object at ffff8881ea972f40
 which belongs to the cache task_struct of size 3904
The buggy address is located 56 bytes inside of
 3904-byte region [ffff8881ea972f40, ffff8881ea973e80)
The buggy address belongs to the page:
page:ffffea0007aa5c00 refcount:1 mapcount:0 mapping:ffff8881f5cf0f00 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf0f00
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4893
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0x109/0x250 mm/slub.c:2842
 kmem_cache_alloc_node include/linux/slab.h:427 [inline]
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x4f/0x600 kernel/fork.c:882
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone kernel/fork.c:2557 [inline]
 __se_sys_clone kernel/fork.c:2538 [inline]
 __x64_sys_clone+0x26b/0x2c0 kernel/fork.c:2538
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 __free_slab+0x221/0x2e0 mm/slub.c:1774
 free_slab mm/slub.c:1789 [inline]
 discard_slab mm/slub.c:1795 [inline]
 unfreeze_partials+0x14e/0x180 mm/slub.c:2288
 put_cpu_partial+0x44/0x180 mm/slub.c:2324
 __slab_free+0x297/0x360 mm/slub.c:2971
 qlist_free_all+0x43/0xb0 mm/kasan/quarantine.c:167
 quarantine_reduce+0x1d9/0x210 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x41/0x210 mm/kasan/common.c:507
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc_trace+0xdc/0x260 mm/slub.c:2854
 kmalloc include/linux/slab.h:556 [inline]
 kzalloc include/linux/slab.h:690 [inline]
 kthread+0x94/0x360 kernel/kthread.c:251
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354

Memory state around the buggy address:
 ffff8881ea972e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881ea972e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881ea972f00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
                                                                ^
 ffff8881ea972f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881ea973000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================