Extracting prog: 49.573590798s
Minimizing prog: 25m36.467402964s
Simplifying prog options: 0s
Extracting C: 31.622109681s
Simplifying C: 10m16.126497831s


extracting reproducer from 68 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-syz_usb_connect$printer-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-timer_settime-clock_nanosleep-syz_clone-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-syz_usb_connect$printer-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-timer_settime-clock_nanosleep-syz_clone
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-syz_usb_connect$printer-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-timer_settime-clock_nanosleep-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-syz_usb_connect$printer-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-timer_settime-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-syz_usb_connect$printer-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-syz_usb_connect$printer-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101"], 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-timer_create-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
r9 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-gettid-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
gettid()
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-sendmsg$nl_xfrm-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe80000000000000000000000000001be0000001000000000000000000000000000300004e2200000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0100000000000000000000000000e7000000002b855c3eb35bdea132000003000000000000000000000000000000005a0000000000000000b40000000000000200000000000000010000007ffffffe00000000000000000000060000000000000000000000000000000000000000000000000000f1ffffff002000000000000700000000000000fdffffffffffffff00b473ba2632f6b3e337ec69994a3dbd00040000000000e80a000000000000000000000a000200700000ca9d55000000000014000e00fe8000000000000000000000000000bbaccf8ae5e689d18b390cbeee17c4090000000000000033e2b44da69379383fc22701ee352232e8d056e5917099c6a189b9f93aaf5d84bc1f9902c3273cb6159e6589ae11d2fc772c7b29fd8442376c10032f1e2177063af49d902976698deeb0eaadfa84de8b995082f4760346b6b98d327756402a28e8ad53b4abec4fad59ec9b8cdc80f29f92f1202ede1718285a17ce5a3ad0d9afb3ab8d6df0195c"], 0x104}}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-socket$nl_xfrm-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-sendmsg$nl_xfrm-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r7, &(0x7f0000000a00), 0x0}, 0x20)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff000000000000000000000000000000002b000000fc00000000000000000000000000000a03000000000000000100000000000000060000000000000000000000000000000000001000000000010000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a0002fe340002000000000014000e00fe8000000000000000000000000000bb240009008f6b0000000000000100000000000080b4000000000000000500000000000000"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r6}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r6, &(0x7f0000000a00), 0x0}, 0x20)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r6}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-bpf$MAP_CREATE-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x1, 0x8000, 0x1, 0x0, r3, 0x73be, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-syz_mount_image$vfat-mkdir
detailed listing:
executing program 0:
r0 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x2008404, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d00000000160000002c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d6978cdd3109e395ae41a59a4a6ae883265642c7574", @ANYRES16=r0, @ANYRES32=r4, @ANYRES16=r0, @ANYBLOB="c5ce1b9733c91520022860834995bd440de70a56f9b17205184d3be668bd36e2d9b2c62fb43e3a2a12e69d2eea113cf5ab1f668b2855d9a2bb426304b9bbf1debf4d593fe5"], 0x0, 0x2c3, &(0x7f0000001080)="$eJzs3MFrE1sUx/HzkrwmTWmTBw9BQT3oRjehjQuXGqQFMaDUpqgLYWonGjImZSZUImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plJO2nTJm3TJrXfD5R7M+f+mNtkWk4CmdV7b56Wi06maNQkklCJiDRkTSS9Pgv8E4wRbz4kYQ25PPLz69m79x/cyuXzk9OqU7mZK1lVHTv/4dmLtxc+1UZm3429j8tK+uHqj+y3laGV06u/Z56UHC05WqnW1NC5arVmzFmmzpecckb1jmUajqmlimPaLfWiVV1YqKsRmx9NLtim46hRqWvZrGutqjW7rsZjo1TRTCajo0k5wSIisS6WFZanp43cjmU32tNN4dANtzto27lG+2Jh+Qj2BAAABszu/b/f6+/c/+dn/XEv/f+pzv2/SIf+v0L/v0+Nlkcd+n8cV1fDV79t54xk8Pfbiv4fAAAAAAAAAAAAAAAAAAAAAIDjYM11U67rptbH4JD3OC4iCRFxg3qft4lDEn793dBPh9f/Wp+2ix4LfXEvIWK9XiwsFvzRr+eKUhJLTBmXlPzyroeAP5+6mZ8cV09aPlpLQX5psRCVeDPflG6XP/ffhJ/X1vy/kgyfPysp+b/9+bNt80Ny6WIon5GUfH4kVbFk3ruuN/MvJ1Rv3M5vyQ976wAAAAAA+BtkdMO29+9e3VuQkO11Px/6fMB13aXdPh/Y8v46Jme6uUUlAAAAAAA4MKf+vGxYlmnvYxIXkQPEez9xXZH+byMqg/FstE6ui8gAbOOoJgkR8Y/ofuLfN+Jdpdwu1sREpO9Pyx4m/f7PBAAAAKDXNpv+PYS+vDrEHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPJ0ez+w5vptpWZhl3jodNEj/wUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAfInAAD///epHHg=")
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-socket$nl_xfrm-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-bind$netlink-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x2007fffd, 0x100000}, 0x42)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-socket$netlink-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socket$netlink(0x10, 0x3, 0x6)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x4, 0x2004cb, 0x0, 0xa1d, 0x4068ff, 0x5, 0x0, 0x3, 0xa], 0xdddd0000, 0x202})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-ioctl$KVM_CREATE_VCPU-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x280}, 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-ioctl$KVM_CREATE_VM-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-openat$kvm-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-ioctl$KVM_XEN_HVM_CONFIG-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a", 0x0, 0x8})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-openat$kvm-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-syz_kvm_add_vcpu$x86-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-bind$tipc-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir
detailed listing:
executing program 0:
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program did not crash
testing program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
mkdir(0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=34.146007062s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
simplifying C reproducer
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program did not crash
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program did not crash
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program did not crash
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing compiled C program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
testing program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
validation run: crashed=true
testing program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
validation run: crashed=true
testing program (duration=34.146007062s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-mkdir
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./cgroup/../file0\x00', 0x801, &(0x7f0000000240)=ANY=[], 0xff, 0x25b, &(0x7f0000000dc0)="$eJzsmb9rFEEUx7+zu7e3hgS0sLE5i4ARkr3dPZU0gloqghBFLQ+zhphNTu6uyB34I9jY+Af4N1hrkUIs7GzEwsoiBgIWWtooODK/bud+rXdwne9TzL15897MezO7b+AWBEH8txx+/Xnw4srqzWUA81hEWeu/ubmNY9l/eemWtPh+x8H+4HwMAOd53/vH+j6Ad5dd4KmalvNf3B5flHMygLtAoHS34OCsHr8NhtDEygVKTMFwV6sfWLIJHlnK7jWy9fubWRqJJhZNIpoawPvi/7HHsA61vFiBWfG1Ot2tegZcZVLI0qbSZCVu1jGasYLXmydLvRE2Rfvn4fBAnNBFawvEed15/mxP9EOtj+DIvRTEcBDrg6mBYU3rV1FGGIYV3U1jK/9TXj6/q47Nyt8KNyjKNijeiFkLJ1YKbUwSY2zMg28NvdXC4yPl2T0m3BmKw/jDJ4qZc/5kmgT9cUcwC8G88xN6CdPpl3Aqw15+rlkYXL0xYhO6W8uvgKkSZK0Ojqv0lIbpU76kk/4w7HWkBHeS93kiYd/WPBq08THDMzV1c2jo01yWXTcaBK3Ox2t66GTfPKf734Ke4Bc9JHn9ZB5wRpsycO5Zt0K1vf2w2up0Vza36xvpRrqTJLUL0bkoOp9UZW1WbUH9C2R9mrPqX0ldQwN2YnEfu/V2uxnvAu1m7Jt+8lq2VsVde9P4Lv0cWf8cLP3mXF8vJZl2eXQ88v4rKz95b2HJHRs8QRAEQRAEQRAEQRAEQRBEAZXP6lf/db0wj4qjP4SpD1V8NF5yQzr8DQAA//+f2Ekt")
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in z_erofs_decompress
validation run: crashed=true
reproducing took 39m20.368037369s
repro crashed as (corrupted=false):
erofs: (device loop2): mounted with root inode @ nid 36.
erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 110905067 P4D 110905067 PUD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 375 Comm: syz.2.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90000d96da8 EFLAGS: 00010246
RAX: 1ffffffff0a7c1ae RBX: ffffc90000d97700 RCX: ffff888110e593c0
RDX: 0000000000000000 RSI: ffffc90000d97700 RDI: ffffc90000d97260
RBP: ffffc90000d96dd0 R08: ffffc90000d9728f R09: ffffc90000d9728a
R10: dffffc0000000000 R11: fffff520001b2e52 R12: dffffc0000000000
R13: 000000000000073b R14: ffffc90000d97260 R15: ffffffff853e0d70
FS:  000055555d9ea500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000110bb4000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 z_erofs_decompress+0x79/0xb0 fs/erofs/decompressor.c:360
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1110 [inline]
 z_erofs_decompress_queue+0x10ff/0x1a90 fs/erofs/zdata.c:1188
 z_erofs_runqueue+0x11fe/0x1280 fs/erofs/zdata.c:-1
 z_erofs_readpage+0x225/0x500 fs/erofs/zdata.c:1533
 do_read_cache_page+0x69b/0xaa0 mm/filemap.c:-1
 read_cache_page+0x50/0x70 mm/filemap.c:3296
 read_mapping_page include/linux/pagemap.h:498 [inline]
 find_target_block_classic fs/erofs/namei.c:104 [inline]
 erofs_namei+0x162/0x10d0 fs/erofs/namei.c:184
 erofs_lookup+0xa5/0x260 fs/erofs/namei.c:228
 __lookup_slow+0x2b8/0x410 fs/namei.c:1648
 lookup_slow+0x57/0x70 fs/namei.c:1665
 walk_component+0x325/0x460 fs/namei.c:1960
 link_path_walk+0x5b2/0xba0 fs/namei.c:-1
 path_parentat fs/namei.c:2487 [inline]
 filename_parentat+0x200/0x5e0 fs/namei.c:2509
 filename_create+0xd4/0x680 fs/namei.c:3598
 user_path_create fs/namei.c:3673 [inline]
 do_mkdirat+0x5e/0x340 fs/namei.c:3813
 __do_sys_mkdir fs/namei.c:3836 [inline]
 __se_sys_mkdir fs/namei.c:3834 [inline]
 __x64_sys_mkdir+0x60/0x70 fs/namei.c:3834
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fbf667f1e59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdbb6b4918 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007fbf66a6afa0 RCX: 00007fbf667f1e59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
RBP: 00007fbf66887d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbf66a6afac R14: 00007fbf66a6afa0 R15: 00007fbf66a6afa0
Modules linked in:
CR2: 0000000000000000
---[ end trace fdc2c44565c2ce26 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90000d96da8 EFLAGS: 00010246
RAX: 1ffffffff0a7c1ae RBX: ffffc90000d97700 RCX: ffff888110e593c0
RDX: 0000000000000000 RSI: ffffc90000d97700 RDI: ffffc90000d97260
RBP: ffffc90000d96dd0 R08: ffffc90000d9728f R09: ffffc90000d9728a
R10: dffffc0000000000 R11: fffff520001b2e52 R12: dffffc0000000000
R13: 000000000000073b R14: ffffc90000d97260 R15: ffffffff853e0d70
FS:  000055555d9ea500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000110bb4000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
erofs: (device loop2): mounted with root inode @ nid 36.
erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 110905067 P4D 110905067 PUD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 375 Comm: syz.2.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90000d96da8 EFLAGS: 00010246
RAX: 1ffffffff0a7c1ae RBX: ffffc90000d97700 RCX: ffff888110e593c0
RDX: 0000000000000000 RSI: ffffc90000d97700 RDI: ffffc90000d97260
RBP: ffffc90000d96dd0 R08: ffffc90000d9728f R09: ffffc90000d9728a
R10: dffffc0000000000 R11: fffff520001b2e52 R12: dffffc0000000000
R13: 000000000000073b R14: ffffc90000d97260 R15: ffffffff853e0d70
FS:  000055555d9ea500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000110bb4000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 z_erofs_decompress+0x79/0xb0 fs/erofs/decompressor.c:360
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1110 [inline]
 z_erofs_decompress_queue+0x10ff/0x1a90 fs/erofs/zdata.c:1188
 z_erofs_runqueue+0x11fe/0x1280 fs/erofs/zdata.c:-1
 z_erofs_readpage+0x225/0x500 fs/erofs/zdata.c:1533
 do_read_cache_page+0x69b/0xaa0 mm/filemap.c:-1
 read_cache_page+0x50/0x70 mm/filemap.c:3296
 read_mapping_page include/linux/pagemap.h:498 [inline]
 find_target_block_classic fs/erofs/namei.c:104 [inline]
 erofs_namei+0x162/0x10d0 fs/erofs/namei.c:184
 erofs_lookup+0xa5/0x260 fs/erofs/namei.c:228
 __lookup_slow+0x2b8/0x410 fs/namei.c:1648
 lookup_slow+0x57/0x70 fs/namei.c:1665
 walk_component+0x325/0x460 fs/namei.c:1960
 link_path_walk+0x5b2/0xba0 fs/namei.c:-1
 path_parentat fs/namei.c:2487 [inline]
 filename_parentat+0x200/0x5e0 fs/namei.c:2509
 filename_create+0xd4/0x680 fs/namei.c:3598
 user_path_create fs/namei.c:3673 [inline]
 do_mkdirat+0x5e/0x340 fs/namei.c:3813
 __do_sys_mkdir fs/namei.c:3836 [inline]
 __se_sys_mkdir fs/namei.c:3834 [inline]
 __x64_sys_mkdir+0x60/0x70 fs/namei.c:3834
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fbf667f1e59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdbb6b4918 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007fbf66a6afa0 RCX: 00007fbf667f1e59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
RBP: 00007fbf66887d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbf66a6afac R14: 00007fbf66a6afa0 R15: 00007fbf66a6afa0
Modules linked in:
CR2: 0000000000000000
---[ end trace fdc2c44565c2ce26 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc90000d96da8 EFLAGS: 00010246
RAX: 1ffffffff0a7c1ae RBX: ffffc90000d97700 RCX: ffff888110e593c0
RDX: 0000000000000000 RSI: ffffc90000d97700 RDI: ffffc90000d97260
RBP: ffffc90000d96dd0 R08: ffffc90000d9728f R09: ffffc90000d9728a
R10: dffffc0000000000 R11: fffff520001b2e52 R12: dffffc0000000000
R13: 000000000000073b R14: ffffc90000d97260 R15: ffffffff853e0d70
FS:  000055555d9ea500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000110bb4000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400