program: syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0035de937e8e1b26ce9bd355819db1a6abda330df4831ffdbbf3dfa77aca3418100187bc8591108841612f023a7939f7fdcc7f4034bf07f88afd63d2af1c39d6da7e423f"], 0x1, 0x14d1, &(0x7f00000015c0)="$eJzs3AlwlcW2KOBe3f1DiBG3EZl79fphiwGaiIjIICIyiIiICIjMIiBiRERERISATCICIgIyRkSGEAGRIUDEMM/zPBg5iIiIyCSTQL/C47ncczy3uO+8cy+vKuur6kqv/Hut3Z1VyT9UZf/UdViNxjWrNiAi8a9Qf5vAX78kCyFihBADhRC3CSECIUTZ+LLx147nUpD8L70J+x/SMPVmr4DdTNz/7I37n71x/7M37n/2xv3P3rj/2Rv3P3vj/jOWraUVuJ1H9h38/D874/N/9sb9z964/9kb9z974/5nb9z/7I37n71x/7M37j9j2dr/B8+gedzEwRhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM/S+44K/TQoi/zW/2uhhjjDHGGGOMMfbv43Pe7BUwxhhjjDHGGGPsfx4IKZTQIhA5RE4RI3KJWHGLiBO3itziNhERt4t4cYfII+4UeUU+kV8UEAVFIVFYGIHCChKhKCKKiqi4SxQTd4sEUVyUECWFE6VEorhHlBb3ijLiPlFW3C/KiQdEeVFBVBSVxIOisnhIVBEPi6riEVFNVBc1RE3xqKglHhO1xeOijnhC1BVPinriKVFfPC0aiIaikXhGNBbPiiaiqWgmmosWoqVo9S/lvyV6iLdFT9FLJIveoo94R/QV/UR/MUAMFO+KQeI9MVi8L4aIoWKY+EAMFx+KEeIjMVKMEqPFx2KMGCvGifFigpgoUsQnYpL4VEwWn4kpYqqYJqaLVDFDpInPxUwxS8wWX4g54ksxV8wT88UCkS4WikViscgQX4kl4muRKZaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdopdYrfYI/aKfWK/OCC+EVni2//L/PP/kN8NBAiQIEGDhhyQA2IgBmIhFuIgDnJDbohABOIhHvJAHsgLeSE/5IeCUBAKQ2FAQCAgKAJFIApRKAbFIAESoASUAAcOEiERSsO9UAbKQFkoC+WgHJSHClABKkElqAyVoQpUgapQFapBNagBNeBReBQeg9pQG+pAHagLdaEe1IP6UB8aQANoBI2gMTSGJtAEmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIAk6QkfoBJ2gM3SGLtAFukJX6AZvwpvwFrwFb8Pb0Auqyd7QB/pAX+gL/WEADIB3YRC8B+/B+zAEhsIw+AA+gA9hBJyDkTAKRsNoqCzHwjgYDyQnQgqkwCSYBJNhMkyBqTAVpkMqzIA0SIOZMAtmwRcwB76EL2EezIMFkA7psAgWQwZkwBI4D5mwFJbBclgBK2EFrIY1sBrWwXpYBxthI2yGzbAVtsJ22A47YSfsht2wF/bCftgPQyALsuAgHIRDcAgOw2E4AkfgKByFY3AMjsNxOAEn4CScgtNwCs7CWTgH5+ECXIBLcAkuw2W4Clev/fLLa7TUMofMIWNkjIyVsTJOxsncMreMyIiMl/Eyj8wj88q8Mr/MLwvKgrKwLCxRoiQZyiKyiIzKqCwmi8kEmSBLyBLSSScTZaIsLUvLMrKMLCvvl+XkA7K8rCDbukqykqws27kq8mFZVVaV1WR1WUPWlDVlLVlL1pa1ZR1ZR9aVdWU9+ZSsL3tDf2gor3WmsRwKTeQwaCabyxaypfwQnpOt5QhoI9vKdvIFOQpGQgfZ2iXJl2VHOQ46yVfleHhNdpEToat8Q3aTb8ru8i3ZQ7ZxPWUvOQV6yz5yOvSV/WR/OUDOhOryWsdqyPflEDlUDpMfyAXwoRwhP5Ij5Sg5Wn4sx8ixcpwcLyfIiTJFfiInyU/lZPmZnCKnymlyukyVM2Sa/FzOlLPkbPmFnCO/lHPlPDlfLpDpcqFcJBfLDPmVXCK/lplyqVwml8sVcqVcJVfLNXKtXCfXyw1yo9wkN8stcqvcJrfLHXKn3CV3yz1yr9wn98sD8huZJb+VB+Vf5CH5nTwsv5dH5A/yqPxRHpM/yePyZ3lC/iJPylPytDwjz8pf5Tl5Xl6QF+Ul+Zu8LK/Iq9JLoUBJpZRWgcqhcqoYlUvFqltUnLpV5Va3qYi6XcWrO1QedafKq/Kp/KqAKqgKqcLKKFRWkQpVEVVURdVdqpi6WyWo4qqEKqmcKqUS1T2qtLpXlVH3qbLqflVOPaDKqwqqoqqkHlSV1UOqinpYVVWPqGqquqqhaqpHVS31mKqtHld11BOqrnpS1VNPqfrqadVANVSN1DOqsXpWNVFNVTPVXLVQLVUr9ZxqrZ5XbVRb1U69oNqrF1UH9ZJKUi+rjuoV1Um9qjqr11QX9brqqt5Q3dSbqru6oq4qr3qqXipZ9VZ91Duqr+qn+qsBaqB6Vw1S76nB6n01RA1Vw9QHarj6UI1QH6mRapQarT5WY9RYNU6NVxPURJWiPlGT1KdqsvpMTVFT1TQ1XaWqGar/H5Vm/zfyP/0n+YN/f/fNaovaqrap7WqH2ql2qd1qj9qj9ql96oA6oLJUljqoDqpD6pA6rA6rI+qIOqqOqmPqmDqujqsT6oQ6qU6pi+qMOqt+VefUeXVeXVSX1CV1+Y+fgdCgpVZa60Dn0Dl1jM6lY/UtOk7fqnPr23RE367j9R06j75T59X5dH5dQBfUhXRhbTRqq0mHuoguqqP6Ll1M360TdHFdQpfUTpfSifqe/+f8G62vlW6lW+vWuo1uo9vpdrq9bq876A46SSfpjrqj7qQ76c66s+6iu+iuuqvuprvp7rq77qF76J66p07WybqPfkf31f10fz1AD9Tv6kF6kB6sB+sheogepofp4Xq4HqFH6JF6pB6tR+sxeowep8fpCXqCTtEpepKepCfryXqKnqKn6Wk6VafqNJ2mZ+qZeraerefoOXqunqvn6/k6XafrRXqRztAZeoleojP1Ur1UL9fL9Uq9Uq/Wq/VavVav1+v1Rr1RZ+oteoveprfpHXqH3qV36T16j96n9+kD+oDO0ln6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+gT+qQ+qU/r0/qsPqvP6XP6gr6gL+lL+rK+rK/qq9cu+wIZyEAHOsgR5AhigpggNogN4oK4IHeQO4gEkSA+iA/yBHcGeYN8Qf6gQFAwKBQUDkyAgQ0oCIMiQdEgGtwVFAvuDhKC4kGJoGTgglJBYnBPUDq4NygT3BeUDe4PygUPBOWDCkHFoFLwYFA5eCioEjwcVA0eCaoF1YMaQc3g0aBW8FhQO3g8qBM8EdQNngzqBU8F9YOngwZBw6BR8EzQOHg2aBI0DZoFzYMWQcug1b+1vvfn8j3veppeJtn0Nn3MO6av6Wf6mwFmoHnXDDLvmcHmfTPEDDXDzAdmuPnQjDAfmZFmlBltPjZjzFgzzow3E8xEk2I+MZPMp2ay+cxMMVPNNDPdpJoZJs18bmaaWWa2+cLMMV+auWaemW8WmHSz0Cwyi02G+cosMV+bTLPULDPLzQqz0qwyq80as9asM+vNBrPRbDKbzRaz1Wwz280Os9PsMrvNHrPX7DP7zQHzjcky35qD5i/mkPnOHDbfmyPmB3PU/GiOmZ/McfOzOWF+MSfNKXPanDFnza/mnDlvLpiL5pL5zVw2V8xV469d3F87vaNGjTkwB8ZgDMZiLMZhHObG3BjBCMZjPObBPJgX82J+zI8FsSAWxsJ4DSFhESyCUYxiMSyGCZiAJbAEOnSYiIlYGktjGSyDZbEslsNyWB7LY0WsiA/ig/gQPoQP48P4CD6C1bE61sSaWAtrYW2sjXWwDtbFulgP62F9rI8NsAE2wkbYGBtjE2yCzbAZtsAW2ApbYWtsjW2wDbbDdtge22MH7IBJmIQdsSN2wk7YGTtjF+yCXbErdsNu2B27Yw/sgT2xJyZjMvbBPtgX+2J/7I8DcSAOwkE4GAfjEByCw3AYDsfhOAJH4EgchaPxYxyDY3EcjscJOBFTMAUn4SScjJNxCk7BaTgNUzEV0zANZ+JMnI2zcQ7Owbk4F+fjfEzHdFyEizADM3AJLsFMzMRluAxX4ApchatwDa7BdbgON+AG3ISbcAtuwW24DXfgDtyFu3AP7sF9uA8P4AHMwiw8iAfxEB7Cw3gYj+ARPIpH8Rgew+N4HE/gCTyJJ/E0nsazeBbP4Tm8gBfwEv6Gl/EKXkWPMTaXjbW32Dh7q81tb7P/GOe3BWxBW8gWtsbmtfn+LkZrbYItbkvYktbZUjbR3vOnuLytYCvaSvZBW9k+ZKv8Ka5lH7O17eO2jn3C1rSP/l1c1z5p69lnbX3b1DawzW0j29I2ts/aJrapbWab2xa2pW1vX7Qd7Es2yb5sO9pX/hQvsovtGrvWrrPr7T67316wF+0x+5O9ZH+zPW0vO9C+awfZ9+xg+74dYof+KR5tP7Zj7Fg7zo63E+zEP8XT7HSbamfYNPu5nWln/SlOtwvtHJth59p5dr5d8Ht8bU0Z9iu7xH5tM+1Su8wutyvsSrvKrv6PtS63G+0mu9nusXvtNrvd7rA77S67+/f42j4O2G9slv3WHrU/2kP2O3vYHrdH7A+/x9f2d9z+bE/YX+xJe8qetmfsWfurPWfP/77/a3s/Y6/Yq9ZbQUCSFGkKKAflpBjKRbF0C8XRrZSbbqMI3U7xdAfloTspL+Wj/FSAClIhKkyGkCwRhVSEilKU7qJidDclUHEqQSXJUSlKpHuoNN1LZeg+Kkv3Uzl6gMpTBapIlehBqkwPURV6mKrSI1SNqlMNqkmPUi16jGrT41SHnqC69CTVo6eoPj1NDaghNaJnqDE9S02oKTWj5tSCWlIreo5a0/PUhtpSO3qB2tOL1IFeoiR6mTrSK9SJXqXO9Bp1odepK71B3ehN6k5vUQ96m3pSL0qm3tSH3qG+1I/60wAaSO/SIHqPBtP7NISG0jD6gIbThzSCPqKRNIpG08c0hsbSOBpPE2gipdAnNIk+pcn0GU2hqTSNplMqzaA0+pxm0iyaTV/QHPqS5tI8mk8LKJ0W0iJaTBn0FS2hrymTltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ+2i3bSH9tI+2k8H6BvKom/pIP2FDtF3dJi+pyP0Ax2lH+kY/UTH6Wc6Qb/QSTpFp+kMnaVf6Rydpwt0kS7Rb3SZrtBV8iRCCGWoQh0GYY4wZxgT5gpjw1vCuPDWMHd4WxgJbw/jwzvCPOGdYd4wX5g/LBAWDAuFhUMTYmhDCsOwSFg0jIZ3hcXCu8OEsHhYIiwZurBUmBjeE5YO7w3LhPeFZcP7w3LhA2H5sEJYMawUPhhWDh8Kq4QPh1XDR8JqYfWwRlgzfDSsFT4W1g4fD+uET4RlwifDeuFTYf3w6bBB2DBsFD4TNg6fDZuETcNmYfOwRdgybBU+F7YOnw/bhG3DduELYfvwxbBD+FKYFL4cdgxfueHx5LB32Cd8J3wn9P5xNT+6IJoeXRhdFF0czYh+FV0S/TqaGV0aXRZdHl0RXRldFV0dXRNdG10XXR/dEN0Y3RTdHPW+Zk7hwEmnnHaBy+FyuhiXy8W6W1ycu9Xldre5iLvdxbs7XB53p8vr8rn8roAr6Aq5ws44dNaRC10RV9RF3V2umLvbJbjiroQr6Zwr5RJdS9fKtXKt3fOujWvr2rkX3AvuRfeie8m95F52Hd0rrpN71XV2r7ku7nX3unvDdXNvuu7uLdfDve16ul4u2SW7Pq6P6+v6uv6uvxvoBrpBbpAb7Aa7IW6IG+aGueFuuBvhRriRbqQb7Ua7MW6MG+fGuQlugktxKW6Sm+Qmu8luipviprlpLtWlujSX5ma6mW62m+3muDlurpvr5rv5Lt2lu0VukctwGW6JW+IyXaZb5pa5FW6FW+VWuTVujVvn1rkNboPb5Da5LW6L2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3JZ7qA76A65Q+6w+94dcT+4o+5Hd8z95I67n90J94s76U650+6MO+t+defceXfBXXSX3G/usrvirjrvUiKfRCZFPo1MjnwWmRKZGpkWmR5JjcyIpEU+j8yMzIrMjnwRmRP5MjI3Mi8yP7Igkh5ZGFkUWRzJiHwVWRL5OpIZWRpZFlkeWRFZGfG+0LbQF/FFfdTf5Yv5u32CL+5L+JLe+VI+0d/jS/t7fRl/ny/r7/fl/AO+vK/gK/qmvplv7lv4lr6Vf8639s/7Nr6tb+df8O39i76Df8kn+Zd9R/+K7+Rf9Z39a76Lf9139W/4bv5N392/5Xv4t31P38sn+96+j3/H9/X9fH8/wA/07/pB/j0/2L/vh/ihfpj/wA/3H/oR/iM/0o/yo/3Hfowf68f58X6Cn+hT/Cd+kv/UT/af+Sl+qp/mp/tUP8On+c/9TD/Lz/Zf+Dn+Sz/Xz/Pz/QKf7hf6RX6xz/Bf+SX+a5/pl/plfrlf4Vf6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t9/j9/p9fr8/4L/xWf5bf9D/xR/y3/nD/nt/xP/gj/of/TH/kz/uf/Yn/C/+pD/lT/sz/qz/1Z/z5/0Ff9Ff8r/5y/6Kv8r/s8YYY4wx9t+ibnC89z/5nvxjXNNHCHHr9gJH/rHmhrx/nfeT+zpGhBAv9+ra8G+jYcPk5OQ/XpupRFB0nhAicj0/h7geLxXtxIsiSbQVpf/p+vrJikA3qB+9X4jY/5QTI67H1+vf+1/Ub7rwhvXnCZFQ9HpOLnE9vl6/zH9Rf3f7G9TP9V2KEG3+U06cuB5fr58onheviKS/eyVjjDHGGGOMMfZX/eSlbje6v712f15QX8/JKa7HN7o/Z4wxxhhjjDHG2M332pvdX3ouKaltZ57whCc8+Y/Jzf7LxBhjjDHGGPt3u37Rf7NXwhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMZV//Gx8ndrP3yBhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjN1s/ycAAP//fMhn/w==") truncate(&(0x7f0000000180)='./file0/file0\x00', 0x2000) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000003c0)={0x2, 0x3, 0x3, 0x9, 0x5, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x80, 0xe, @in={0x2, 0x0, @multicast2}}]}, 0x28}}, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0xd0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000002000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e", @ANYRES8], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) fcntl$setpipe(r3, 0x407, 0x8000000000000000) r4 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x80000001, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"}) chdir(&(0x7f0000000240)='./file0\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="9f4b604215a4a234cb5f51a85af05a82eb010018000000000000000000000000000000030000000a00000000000007000000000800000000000007000000000400000000000002030000000000000000000003000000000300000002000000fbffffff0d0000000000000a030000000b0000000000000900000000070000000000000b050000000000000000000003000000000100000002030000000000000000000000000084100000040c0000000000008500100000100000000305000055f3a5a64b0d639d000a000000050000000b0000000a0000000500000005000000000000cb32d5d6fc7573e1a19e32396d7564384d1c416e117200000000000000"], &(0x7f0000001f80)=""/226, 0x13, 0xe2, 0x2}, 0x20) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 109.321511][ T45] Bluetooth: hci0: command tx timeout [ 109.522361][ T5326] loop0: detected capacity change from 0 to 256 [ 109.861813][ T54] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 110.013980][ T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.018779][ T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 110.025123][ T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 110.029359][ T54] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 110.038052][ T54] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 110.042403][ T54] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 110.045844][ T54] usb 5-1: Manufacturer: syz [ 110.059148][ T54] usb 5-1: config 0 descriptor?? [ 110.281134][ T5326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.285722][ T5326] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.401059][ T5326] loop0: detected capacity change from 256 to 0 [ 110.541514][ T5326] Buffer I/O error on dev loop0, logical block 176, async page read [ 110.544957][ T5326] Buffer I/O error on dev loop0, logical block 177, async page read [ 110.557178][ T24] audit: type=1800 audit(1774570787.707:2): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file0" dev="loop0" ino=1048586 res=0 errno=0 [ 110.628620][ T5179] ================================================================== [ 110.632922][ T5179] BUG: KASAN: slab-use-after-free in bpf_trace_run2+0x2c4/0x840 [ 110.639136][ T5179] Read of size 8 at addr ffff888042075c80 by task dhcpcd/5179 [ 110.642750][ T5179] [ 110.643882][ T5179] CPU: 0 UID: 101 PID: 5179 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) [ 110.643898][ T5179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 110.643938][ T5179] Call Trace: [ 110.643976][ T5179] [ 110.644002][ T5179] dump_stack_lvl+0xe8/0x150 [ 110.644024][ T5179] print_report+0xba/0x230 [ 110.644040][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 110.644083][ T5179] kasan_report+0x117/0x150 [ 110.644098][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 110.644117][ T5179] bpf_trace_run2+0x2c4/0x840 [ 110.644136][ T5179] ? __queue_work+0x1a1/0x1020 [ 110.644152][ T5179] ? bpf_trace_run2+0x1c9/0x840 [ 110.644169][ T5179] ? __pfx_bpf_trace_run2+0x10/0x10 [ 110.644186][ T5179] ? seccomp_filter_release+0x22b/0x2d0 [ 110.644207][ T5179] ? seccomp_filter_release+0x22b/0x2d0 [ 110.644220][ T5179] ? seccomp_filter_release+0x22b/0x2d0 [ 110.644234][ T5179] kfree+0x5b2/0x630 [ 110.644250][ T5179] ? queue_work_on+0x159/0x1d0 [ 110.644267][ T5179] seccomp_filter_release+0x22b/0x2d0 [ 110.644281][ T5179] do_exit+0x3b0/0x23c0 [ 110.644293][ T5179] ? fput_close_sync+0x11f/0x240 [ 110.644307][ T5179] ? __x64_sys_close+0x7e/0x110 [ 110.644323][ T5179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.644336][ T5179] ? __pfx_do_exit+0x10/0x10 [ 110.644348][ T5179] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.644364][ T5179] do_group_exit+0x21b/0x2d0 [ 110.644375][ T5179] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.644427][ T5179] get_signal+0x1284/0x1330 [ 110.644448][ T5179] arch_do_signal_or_restart+0xbc/0x830 [ 110.644463][ T5179] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 110.644476][ T5179] ? kmem_cache_free+0x439/0x630 [ 110.644490][ T5179] ? fput_close_sync+0x11f/0x240 [ 110.644507][ T5179] exit_to_user_mode_loop+0x86/0x480 [ 110.644523][ T5179] ? rcu_is_watching+0x15/0xb0 [ 110.644542][ T5179] do_syscall_64+0x32d/0xf80 [ 110.644555][ T5179] ? trace_irq_disable+0x3b/0x150 [ 110.644565][ T5179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.644577][ T5179] ? clear_bhb_loop+0x40/0x90 [ 110.644592][ T5179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.644604][ T5179] RIP: 0033:0x7f5c6e5bc407 [ 110.644619][ T5179] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 110.644629][ T5179] RSP: 002b:00007ffd8bc8a920 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 110.644685][ T5179] RAX: 0000000000000000 RBX: 00007f5c6e532780 RCX: 00007f5c6e5bc407 [ 110.644694][ T5179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 110.644701][ T5179] RBP: 00007ffd8bc9abc0 R08: 0000000000000000 R09: 0000000000000000 [ 110.644708][ T5179] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd8bc9abc0 [ 110.644715][ T5179] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 110.644727][ T5179] [ 110.644732][ T5179] [ 110.780976][ T5179] Allocated by task 5326: [ 110.783466][ T5179] kasan_save_track+0x3e/0x80 [ 110.785678][ T5179] __kasan_kmalloc+0x93/0xb0 [ 110.787816][ T5179] __kmalloc_cache_noprof+0x31c/0x660 [ 110.790182][ T5179] bpf_raw_tp_link_attach+0x278/0x700 [ 110.792423][ T5179] bpf_raw_tracepoint_open+0x1b2/0x220 [ 110.795209][ T5179] __sys_bpf+0x846/0x950 [ 110.797460][ T5179] __x64_sys_bpf+0x7c/0x90 [ 110.799578][ T5179] do_syscall_64+0x14d/0xf80 [ 110.801751][ T5179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.804424][ T5179] [ 110.805541][ T5179] Freed by task 15: [ 110.807269][ T5179] kasan_save_track+0x3e/0x80 [ 110.809422][ T5179] kasan_save_free_info+0x46/0x50 [ 110.812038][ T5179] __kasan_slab_free+0x5c/0x80 [ 110.814710][ T5179] kfree+0x1c1/0x630 [ 110.816838][ T5179] rcu_core+0x7cd/0x1070 [ 110.819079][ T5179] handle_softirqs+0x22a/0x870 [ 110.821286][ T5179] run_ksoftirqd+0x36/0x60 [ 110.823332][ T5179] smpboot_thread_fn+0x541/0xa50 [ 110.825680][ T5179] kthread+0x388/0x470 [ 110.827519][ T5179] ret_from_fork+0x51e/0xb90 [ 110.829691][ T5179] ret_from_fork_asm+0x1a/0x30 [ 110.832241][ T5179] [ 110.833751][ T5179] Last potentially related work creation: [ 110.836981][ T5179] kasan_save_stack+0x3e/0x60 [ 110.839246][ T5179] kasan_record_aux_stack+0xbd/0xd0 [ 110.841636][ T5179] call_rcu+0xee/0x890 [ 110.843536][ T5179] bpf_link_release+0x6b/0x80 [ 110.845801][ T5179] __fput+0x44f/0xa70 [ 110.847691][ T5179] task_work_run+0x1d9/0x270 [ 110.850096][ T5179] exit_to_user_mode_loop+0xed/0x480 [ 110.853260][ T5179] do_syscall_64+0x32d/0xf80 [ 110.855670][ T5179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.858368][ T5179] [ 110.859482][ T5179] The buggy address belongs to the object at ffff888042075c00 [ 110.859482][ T5179] which belongs to the cache kmalloc-192 of size 192 [ 110.865781][ T5179] The buggy address is located 128 bytes inside of [ 110.865781][ T5179] freed 192-byte region [ffff888042075c00, ffff888042075cc0) [ 110.872786][ T5179] [ 110.874354][ T5179] The buggy address belongs to the physical page: [ 110.878042][ T5179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888042075b00 pfn:0x42075 [ 110.882926][ T5179] flags: 0x4fff00000000200(workingset|node=1|zone=1|lastcpupid=0x7ff) [ 110.886812][ T5179] page_type: f5(slab) [ 110.888824][ T5179] raw: 04fff00000000200 ffff88801ac413c0 ffffea0000cefd90 ffffea0000cfc390 [ 110.892583][ T5179] raw: ffff888042075b00 000000080010000f 00000000f5000000 0000000000000000 [ 110.896853][ T5179] page dumped because: kasan: bad access detected [ 110.900309][ T5179] page_owner tracks the page as allocated [ 110.903250][ T5179] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 27793757535, free_ts 27792010569 [ 110.911843][ T5179] post_alloc_hook+0x231/0x280 [ 110.914023][ T5179] get_page_from_freelist+0x24dc/0x2580 [ 110.916526][ T5179] __alloc_frozen_pages_noprof+0x18d/0x380 [ 110.919376][ T5179] allocate_slab+0x77/0x660 [ 110.921362][ T5179] refill_objects+0x331/0x3c0 [ 110.923532][ T5179] __pcs_replace_empty_main+0x2e6/0x730 [ 110.926061][ T5179] __kmalloc_cache_noprof+0x392/0x660 [ 110.928850][ T5179] call_usermodehelper_setup+0x8e/0x270 [ 110.931988][ T5179] kobject_uevent_env+0x658/0x9e0 [ 110.934291][ T5179] kernel_add_sysfs_param+0xb1/0xe0 [ 110.936574][ T5179] param_sysfs_builtin+0x199/0x250 [ 110.938910][ T5179] param_sysfs_builtin_init+0x23/0x30 [ 110.941558][ T5179] do_one_initcall+0x250/0x8d0 [ 110.944155][ T5179] do_initcall_level+0x104/0x190 [ 110.946628][ T5179] do_initcalls+0x59/0xa0 [ 110.948537][ T5179] kernel_init_freeable+0x2a6/0x3e0 [ 110.951015][ T5179] page last free pid 2693 tgid 2693 stack trace: [ 110.954092][ T5179] __free_frozen_pages+0xc2b/0xdb0 [ 110.956894][ T5179] __kasan_populate_vmalloc+0x137/0x1d0 [ 110.960319][ T5179] alloc_vmap_area+0xd73/0x14b0 [ 110.962584][ T5179] __get_vm_area_node+0x1f8/0x300 [ 110.964613][ T5179] __vmalloc_node_range_noprof+0x372/0x1730 [ 110.967074][ T5179] __vmalloc_node_noprof+0xc2/0x100 [ 110.969487][ T5179] dup_task_struct+0x275/0x9a0 [ 110.971890][ T5179] copy_process+0x508/0x3cd0 [ 110.974628][ T5179] kernel_clone+0x248/0x8e0 [ 110.976541][ T5179] user_mode_thread+0x110/0x180 [ 110.978669][ T5179] call_usermodehelper_exec_work+0x5c/0x230 [ 110.981207][ T5179] process_scheduled_works+0xb6e/0x18c0 [ 110.983697][ T5179] worker_thread+0xa53/0xfc0 [ 110.985682][ T5179] kthread+0x388/0x470 [ 110.987689][ T5179] ret_from_fork+0x51e/0xb90 [ 110.990243][ T5179] ret_from_fork_asm+0x1a/0x30 [ 110.992901][ T5179] [ 110.993903][ T5179] Memory state around the buggy address: [ 110.996557][ T5179] ffff888042075b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 111.000408][ T5179] ffff888042075c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.004984][ T5179] >ffff888042075c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 111.008751][ T5179] ^ [ 111.010472][ T5179] ffff888042075d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.013539][ T5179] ffff888042075d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 111.017021][ T5179] ================================================================== [ 111.052582][ T5179] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 111.057136][ T5179] CPU: 0 UID: 101 PID: 5179 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) [ 111.060985][ T5179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 111.065343][ T5179] Call Trace: [ 111.066840][ T5179] [ 111.068289][ T5179] vpanic+0x56c/0xa60 [ 111.070223][ T5179] ? __pfx_vpanic+0x10/0x10 [ 111.072530][ T5179] panic+0xc5/0xd0 [ 111.074276][ T5179] ? __pfx_panic+0x10/0x10 [ 111.076541][ T5179] ? preempt_schedule_thunk+0x16/0x30 [ 111.078976][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 111.081316][ T5179] ? preempt_schedule_thunk+0x16/0x30 [ 111.083893][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 111.086110][ T5179] check_panic_on_warn+0x89/0xb0 [ 111.088505][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 111.090945][ T5179] end_report+0x73/0x180 [ 111.092816][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 111.094932][ T5179] kasan_report+0x128/0x150 [ 111.096900][ T5179] ? bpf_trace_run2+0x2c4/0x840 [ 111.099242][ T5179] bpf_trace_run2+0x2c4/0x840 [ 111.101305][ T5179] ? __queue_work+0x1a1/0x1020 [ 111.103961][ T5179] ? bpf_trace_run2+0x1c9/0x840 [ 111.106391][ T5179] ? __pfx_bpf_trace_run2+0x10/0x10 [ 111.108857][ T5179] ? seccomp_filter_release+0x22b/0x2d0 [ 111.111683][ T5179] ? seccomp_filter_release+0x22b/0x2d0 [ 111.114011][ T5179] ? seccomp_filter_release+0x22b/0x2d0 [ 111.116419][ T5179] kfree+0x5b2/0x630 [ 111.118511][ T5179] ? queue_work_on+0x159/0x1d0 [ 111.120618][ T5179] seccomp_filter_release+0x22b/0x2d0 [ 111.123119][ T5179] do_exit+0x3b0/0x23c0 [ 111.125080][ T5179] ? fput_close_sync+0x11f/0x240 [ 111.127217][ T5179] ? __x64_sys_close+0x7e/0x110 [ 111.129458][ T5179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.132393][ T5179] ? __pfx_do_exit+0x10/0x10 [ 111.134277][ T5179] ? do_raw_spin_lock+0x12b/0x2f0 [ 111.136561][ T5179] do_group_exit+0x21b/0x2d0 [ 111.138903][ T5179] ? _raw_spin_unlock_irq+0x23/0x50 [ 111.141896][ T5179] get_signal+0x1284/0x1330 [ 111.144120][ T5179] arch_do_signal_or_restart+0xbc/0x830 [ 111.146464][ T5179] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 111.148950][ T5179] ? kmem_cache_free+0x439/0x630 [ 111.151219][ T5179] ? fput_close_sync+0x11f/0x240 [ 111.153816][ T5179] exit_to_user_mode_loop+0x86/0x480 [ 111.156859][ T5179] ? rcu_is_watching+0x15/0xb0 [ 111.159380][ T5179] do_syscall_64+0x32d/0xf80 [ 111.161711][ T5179] ? trace_irq_disable+0x3b/0x150 [ 111.164037][ T5179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.166763][ T5179] ? clear_bhb_loop+0x40/0x90 [ 111.168941][ T5179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.171742][ T5179] RIP: 0033:0x7f5c6e5bc407 [ 111.174364][ T5179] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 111.183339][ T5179] RSP: 002b:00007ffd8bc8a920 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 111.187071][ T5179] RAX: 0000000000000000 RBX: 00007f5c6e532780 RCX: 00007f5c6e5bc407 [ 111.191490][ T5179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 111.195476][ T5179] RBP: 00007ffd8bc9abc0 R08: 0000000000000000 R09: 0000000000000000 [ 111.198675][ T5179] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd8bc9abc0 [ 111.201631][ T5179] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.204995][ T5179] [ 111.206538][ T5179] Kernel Offset: disabled [ 111.208376][ T5179] Rebooting in 86400 seconds..