Extracting prog: 4m51.849682486s
Minimizing prog: 56m47.867750023s
Simplifying prog options: 3m32.602023481s
Extracting C: 1m47.284534646s
Simplifying C: 0s


extracting reproducer from 37 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6-unshare-socket$kcm-syz_open_procfs-mmap-sched_setscheduler
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r5 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r5, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r6, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)
socket$kcm(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x13, r0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7)

program did not crash
single: failed to extract reproducer
bisect: bisecting 37 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 13, 19, 12, 4, 21, 21, 16, 17, 6, 13, 3, 14, 28, 29, 2, 26, 16, 23, 22, 20, 6, 26, 17, 12, 17, 2, 17, 18, 8, 4, 14, 8, 27, 17, 19, 27]
detailed listing:
executing program 1:
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000004c0))
socket$nl_route(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$kcm(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x20902, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2b;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\xd2\a\x11\xa9\xa5^\xff\xf5\x9e\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%\x94F%\x12\x9d\xbcB$\xe9\xf9\xf7\x19N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdn\x00'/140, 0x5)
socket$inet_sctp(0x2, 0x1, 0x84)
memfd_create(&(0x7f0000000080)=',\xea\x00', 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x723080, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000017c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c2402", @ANYRES8=r0, @ANYBLOB="07b0cf7e2c89cc"], 0x0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x480000, 0x0)
executing program 1:
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd", 0x7e}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa0579531662e6d5fcdddc53becdd0b8a59c3a97fe428e75e7707525647bd822", 0x7a}, {&(0x7f0000000580)="49a6cc7e52cf0644e1fb10e13cb6893bd19afc65f2af20dd1746a881eb4dabcaf163ce54133d2499c296320937b805f1880adf0cb1507df75aaf", 0x3a}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf0160d4bd329ac230e639a58a6538ec01e2de41722469556b03344f32eac19", 0x76}], 0x4, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x2d}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0xc}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)="dc6e94ac2db166801ffce85f6f44f2cb071c6b5113bc6bbf2f503d468253693a01102fcb8157c6e8a2b5620efa5d22400147cce896821150f95c0c69fa587a1f99fcb28cfeb09f45cb836f0ff891be10bb209dc04adc202ef866f27b74faa5ad3a2e5d40ebd6785c4e4a97ac13238c746d1109d12af5446c4e84591f121a494251e43bed18f6269bdd2e56f9c211dd7145f664286911b8bb3acf76a1b5ece94183a6c8cc47f2e1dd4e91dc10be8732e92e8620fa060fb15016c2dc9b6da18325e778660d499aec6215b0f9f679fa76d22cdd4ae3776203e2054240594f1c9b77ad77cf3f5631012fa0788c5b", 0xec}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228185e4d2fcca72d87d81df01c142428158ad7ba84dd6c65d24a8d094308433219872eeda0c235f8be3088a880", 0xfc}, {&(0x7f0000000800)="b56380b7487ff3b0cd079ed795bdeeb3ad75fe878a", 0x15}, {&(0x7f00000011c0)}, {&(0x7f0000001200)="43979d4537ac96f6e22b12acd1fdd3ffc7ef440e65e2e70d511a408f743d4ce7516f4364a00a041dc7b1ffe56ebc713b158ea1aab13ce3db53ab8af3f76ffaa86df636018175c4a8ea922a193ad08ca30d5031b27a4a", 0x56}, {&(0x7f0000001300)="ceff7472ad7240514c6f826361e8daefdb50fe704622e5641d1b096ad682a5682aa51b6eea91858d93228379d70f8489a6de471b8361073ce93c3bf35183529235eed04037cb6851e51dec4562fe30f99bd5de546427fecd0aa008bcbb2983ce2cfff078d49f7ecf297f85da5c094c0e7f07b12ec543a068bd2d654348f0e303f208c9190f58b7a9e0e1d2ba846bc248a3ec1530f702a9bd45a1d7bec2b2ccf08c24fec06bd18667119d19", 0xab}], 0x8, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be48ff1592bc6bcf2b68b4536951c600a0e6d1b5d5b0cdbdf85122560b4", 0xe8}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e", 0x7a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000080)=@x86={0x7, 0xe, 0x2, 0x0, 0xfffffdd2, 0x6, 0x9, 0x1, 0x5, 0xb, 0xa, 0x1, 0x0, 0xf23, 0x1, 0x2, 0x6, 0xc, 0x40, '\x00', 0x9, 0x1})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r0, 0x0)
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000000)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000005c0)=[@mss, @sack_perm, @sack_perm, @window={0x3, 0x0, 0x401}], 0x4)
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000080)=@x86={0x7, 0xe, 0x2, 0x0, 0xfffffdd2, 0x6, 0x9, 0x1, 0x5, 0xb, 0xa, 0x1, 0x0, 0xf23, 0x1, 0x2, 0x6, 0xc, 0x40, '\x00', 0x9, 0x1})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[0x9, 0x4, 0x7d, 0x4, 0x1, 0x0, 0x3, 0x100000012, 0x4, 0x0, 0x0, 0x7, 0x4, 0x4, 0x100000000001], 0x6000, 0x4bb40})
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
executing program 32:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000080)=@x86={0x7, 0xe, 0x2, 0x0, 0xfffffdd2, 0x6, 0x9, 0x1, 0x5, 0xb, 0xa, 0x1, 0x0, 0xf23, 0x1, 0x2, 0x6, 0xc, 0x40, '\x00', 0x9, 0x1})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000480)={[0x9, 0x4, 0x7d, 0x4, 0x1, 0x0, 0x3, 0x100000012, 0x4, 0x0, 0x0, 0x7, 0x4, 0x4, 0x100000000001], 0x6000, 0x4bb40})
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
executing program 5:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)='wchan\x00')
preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000000)=""/234, 0xea}], 0x1, 0xfffffff6, 0x9)
ioctl$HIDIOCSUSAGE(0xffffffffffffffff, 0x4018480c, 0x0)
executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820f", 0x6)
io_setup(0x9, &(0x7f0000000340))
socket$xdp(0x2c, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180))
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000040)={0x0, 0xae, 0x3ff, 0x30315559, 0x0, [], [0x0, 0x0, 0x33f1], [0x8, 0x0, 0x7d], [0x0, 0x0, 0x800000000001]})
executing program 2:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2a80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x3de})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
executing program 5:
mknod$loop(&(0x7f00000004c0)='./file0\x00', 0x6000, 0x1)
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(r0, r0, r0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000080)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$kcm(0x23, 0x5, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x48000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, 0x0, 0x0)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xc)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0xff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xffff, 0x8}, {0x2}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x4, 0x9, 0x2}}]}}]}, 0x44}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000b00000000000500000014000500200100000000000000000100000000001c00"], 0x4c}}, 0x40000)
sendmmsg(r0, 0x0, 0x0, 0xfc)
executing program 2:
r0 = openat$kvm(0xffffff9c, &(0x7f0000000500), 0x8000, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func={0x3, 0x1800, 0x0, 0xc, 0x4}]}}, 0x0, 0x26}, 0x28)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r4}, 0x38)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0xa, 0x7, 0x2, 0x4002804c4, 0x9, 0x5, 0x5, 0x0, 0x4, 0xfff, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x11500})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r8, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x28, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x9, 0x75}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x840}, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000300)={0x0, <r9=>0x0})
getpgrp(r9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42282, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
syz_open_dev$MSR(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(r1, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000200)=""/4, 0x4}], 0x1}, 0x4}], 0x1, 0x40000121, 0x0)
r2 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r2, 0x0, 0x20000011)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$mixer(0xffffffffffffff9c, 0x0, 0x90903, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x800001000091}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x49815, 0x3}, [@IFLA_TXQLEN={0x8, 0xd, 0x1}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='udf\x00', 0x200480, 0x0)
sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
gettid()
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBDIACR(r5, 0x4bfa, &(0x7f0000000080)=""/2)
pipe(&(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940))
socket(0x10, 0x3, 0x0)
dup2(r0, r0)
executing program 4:
r0 = epoll_create1(0x80000)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f00000006c0)={r0, 0xffffffffffffffff, 0x8})
executing program 5:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010800d972a440b72040155ab7010203010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000200)={0x40, 0x17, 0x1, "1f"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f00000000c0), 0x0}, 0x20)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r1, &(0x7f00000001c0)=[{0x0, 0x3f, 0x0, 0x0, @tick, {}, {}, @result={0x2, 0x1}}], 0x1c)
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xfe, {}, {}, @raw32}], 0xffc8)
syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
syz_open_dev$vbi(&(0x7f0000000100), 0x3, 0x2)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r4 = socket$inet6(0xa, 0x3, 0x6)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
socket$inet(0x2, 0xa, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$key(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x2}})
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)='wchan\x00')
preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000000)=""/234, 0xea}], 0x1, 0xfffffff6, 0x9)
ioctl$HIDIOCSUSAGE(0xffffffffffffffff, 0x4018480c, 0x0)
executing program 3:
r0 = inotify_init()
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000540)='\x00')
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x145})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1, 0x80000001}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000007c0)=ANY=[], 0x310)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000390000/0x1000)=nil)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @local}, 0xc)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000100)={@loopback, @local}, 0xc)
syz_open_procfs(0x0, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x72661fa541cfba4c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x188}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CCA_MODE(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x30, r4, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r6 = syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r7 = openat$pfkey(0xffffff9c, &(0x7f0000000000), 0x101600, 0x0)
ioctl$SG_BLKTRACESETUP(r7, 0xc0401273, &(0x7f0000000080)={'\x00', 0x1000, 0x7, 0x0, 0x6, 0xb0, r6})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000011)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r1, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='net/fib_triestat\x00')
r2 = open(0x0, 0x100000, 0x0)
flock(r2, 0x6)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
pread64(r1, &(0x7f000004b680)=""/102363, 0x18fdb, 0x2)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x32}, 0x28)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000680)={&(0x7f0000000080), 0xc, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x20044016}, 0x200080c0)
sendmsg$xdp(r3, 0x0, 0x0)
executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2a80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x3de})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
executing program 3:
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_emit_ethernet(0x1f, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlockall(0x2)
r1 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r1, 0xb)
shmat(r1, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
shmctl$SHM_UNLOCK(r1, 0xc)
unshare(0x2c020400)
r2 = semget(0x1, 0x1, 0x39c)
semop(r2, &(0x7f0000000000), 0x0)
syz_usb_connect$uac3(0x0, 0x0, 0x0, 0x0)
futex(0x0, 0xb, 0x1, 0x0, 0x0, 0x1)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000140)=[0x6])
unshare(0x40400)
r3 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
setsockopt$llc_int(r3, 0x10c, 0x8, &(0x7f0000000000)=0xfffffffd, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x5, 0xa, 0x4})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e20, 0x20, @dev={0xfe, 0x80, '\x00', 0x13}, 0x3}, 0x1c)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x0, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}]}, 0x2c}}, 0x400c010)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_emit_ethernet(0x7a, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd61a7000200442f00fe8000000000000000000000000000bbfe80000000000000000000000000008a0c2088be0000000201009900000086dd080088be000000031c0885140100000000007b40080022eb0000000223022309020000008000000300ebb41b"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000200)={0x1fe, 0x1, 0xf000, 0x2000, &(0x7f0000f9b000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x9, 0xc, 0x0, 0x6, 0x1, 0x86, 0x2, 0x1, 0x0, 0x2, 0x4, 0x0, 0x7, 0x8004, 0xa, 0x5, 0xff, 0x3b, '\x00', 0x8, 0x7ffffffffffffffe})
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0)
executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6d", 0x9)
io_setup(0x9, &(0x7f0000000340))
socket$xdp(0x2c, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180))
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000040)={0x0, 0xae, 0x3ff, 0x30315559, 0x0, [], [0x0, 0x0, 0x33f1], [0x8, 0x0, 0x7d], [0x0, 0x0, 0x800000000001]})
executing program 0:
pipe2(&(0x7f0000000000)={<r0=>0x0, 0x0}, 0x0)
tee(r0, r0, 0x100, 0x0)
executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
io_setup(0x7ffe, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x200013, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102384, 0x18ff0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006})
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))
mlock2(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3})
executing program 5:
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000080)=@x86={0x7, 0xe, 0x2, 0x0, 0xfffffdd2, 0x6, 0x9, 0x3, 0x5, 0xb, 0xa, 0x1, 0x0, 0xf23, 0x1, 0x2, 0x6, 0xc, 0x40, '\x00', 0x9, 0x1})
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2001026, 0x0)
executing program 2:
openat$mixer(0xffffffffffffff9c, 0x0, 0x90903, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4000000)
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r3, 0x0, 0x20, 0x0, 0x0)
syz_emit_ethernet(0x9c, &(0x7f0000000440)={@broadcast, @random="1704b45adbde", @val={@val={0x88a8, 0x2, 0x0, 0x1}, {0x8100, 0x2, 0x0, 0x402}}, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x3, 0x3, 0x86, 0x67, 0x0, 0x86, 0x21, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x4e20, 0x4e24, 0x4, 0x1, 0x0, 0x0, 0x0, 0x6, 0x1, "192436", 0xc, "5c12c4"}, "10c4626e944f6f1a73ce9aa9253f17cca6dca79a4b6999ca60c99c4e4db40487f384b12fa92c94f447a29d7e76ee440119fc52cf92f4350a544a8dfc98ea30d59846438487079054ca0d4c569a709ad02f8eb6ec9743d664632449724ddfba2b9925"}}}}}, 0x0)
executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r0, r0, 0x200000000000000)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r2=>r1, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r2, 0x24, 0x0, 0xffff, &(0x7f0000000000)=[0x0], 0x40e8, 0x0, 0x0, 0x0, 0x0}, 0x40)
executing program 3:
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x4010, 0x3}, 0x18, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r5, 0x0, 0x20, 0x0, 0x0)
writev(r4, &(0x7f00000028c0)=[{&(0x7f0000002600)='u', 0x4000}, {0x0, 0x2}], 0x2)
syz_emit_ethernet(0x9c, &(0x7f0000000440)={@broadcast, @random="1704b45adbde", @val={@val={0x88a8, 0x2, 0x0, 0x1}, {0x8100, 0x2, 0x0, 0x402}}, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x3, 0x3, 0x86, 0x67, 0x0, 0x86, 0x21, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x4e20, 0x4e24, 0x4, 0x1, 0x0, 0x0, 0x0, 0x6, 0x1, "192436", 0xc, "5c12c4"}, "10c4626e944f6f1a73ce9aa9253f17cca6dca79a4b6999ca60c99c4e4db40487f384b12fa92c94f447a29d7e76ee440119fc52cf92f4350a544a8dfc98ea30d59846438487079054ca0d4c569a709ad02f8eb6ec9743d664632449724ddfba2b9925"}}}}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r7, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)
syz_open_dev$vim2m(&(0x7f0000000180), 0x400000100000001, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r9, 0x4068aea3, &(0x7f0000000040)={0x79})
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x19, 0x4, 0x4, 0x2}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
syz_open_dev$usbfs(0x0, 0xa, 0x71f100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
executing program 4:
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd", 0x7e}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa0579531662e6d5fcdddc53becdd0b8a59c3a97fe428e75e7707525647bd822", 0x7a}, {&(0x7f0000000580)="49a6cc7e52cf0644e1fb10e13cb6893bd19afc65f2af20dd1746a881eb4dabcaf163ce54133d2499c296320937b805f1880adf0cb1507df75aaf", 0x3a}, {&(0x7f0000000a80)="190e431aa3b287c28be2f5404c8034cc87b917c381ccff6f8d431e872be3df64fee6c95001ceff12f2e942df6a8738cd4ad9ef7ad532fd0c824bf8d36d616e99807b3be837b3145efe65f7c6b66b9813e122d9be7799ebf016", 0x59}], 0x4, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x2d}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0xc}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)="dc6e94ac2db166801ffce85f6f44f2cb071c6b5113bc6bbf2f503d468253693a01102fcb8157c6e8a2b5620efa5d22400147cce896821150f95c0c69fa587a1f99fcb28cfeb09f45cb836f0ff891be10bb209dc04adc202ef866f27b74faa5ad3a2e5d40ebd6785c4e4a97ac13238c746d1109d12af5446c4e84591f121a494251e43bed18f6269bdd2e56f9c211dd7145f664286911b8bb3acf76a1b5ece94183a6c8cc47f2e1dd4e91dc10be8732e92e8620fa060fb15016c2dc9b6da18325e778660d499aec6215b0f9f679fa76d22cdd4ae3776203e2054240594f1c9b77ad77cf3f5631012fa0788c5b17f98cc34720b0", 0xf3}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228185e4d2fcca72d87d81df01c142428158ad7ba84dd6c65d24a8d094308433219872eeda0c235f8be3088a880", 0xfc}, {&(0x7f0000000800)="b56380b7487ff3b0cd079ed795bdeeb3ad75fe878a", 0x15}, {&(0x7f00000011c0)}, {&(0x7f0000001200)="43979d4537ac96f6e22b12acd1fdd3ffc7ef440e65e2e70d511a408f743d4ce7516f4364a00a041dc7b1ffe56ebc713b158ea1aab13ce3db53ab8af3f76ffaa86df636018175c4a8ea922a193ad08ca30d5031b27a4a", 0x56}, {&(0x7f0000001300)="ceff7472ad7240514c6f826361e8daefdb50fe704622e5641d1b096ad682a5682aa51b6eea91858d93228379d70f8489a6de471b8361073ce93c3bf35183529235eed04037cb6851e51dec4562fe30f99bd5de546427fecd0aa008bcbb2983ce2cfff078d49f7ecf297f85da5c094c0e7f07b12ec543a068bd2d654348f0e303f208c9190f58b7a9e0e1d2ba846bc248a3ec1530f702a9bd45a1d7bec2b2ccf08c24fec06bd18667119d19", 0xab}], 0x8, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be48ff1592bc6bcf2b68b4536951c600a0e6d1b5d5b0cdbdf85122560b4", 0xe8}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e", 0x7a}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r5 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r5, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r6, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)
socket$kcm(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x13, r0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6-unshare-socket$kcm-syz_open_procfs-mmap-sched_setscheduler
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r5 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r5, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r6, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)
socket$kcm(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x13, r0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x7)

program crashed: KASAN: use-after-free Read in dvb_device_open
single: successfully extracted reproducer
found reproducer with 27 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6-unshare-socket$kcm-syz_open_procfs-mmap
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r5 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r5, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r6, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)
socket$kcm(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x13, r0, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6-unshare-socket$kcm-syz_open_procfs
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r5, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)
socket$kcm(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6-unshare-socket$kcm
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r5, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)
socket$kcm(0xa, 0x2, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6-unshare
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r5, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)
unshare(0x2040400)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl-pselect6
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r5, 0x8b22, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000000)={0xa, 0x80000001, 0x2, 0x10000000000006, 0x12, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS-ioctl
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})
ioctl(r5, 0x8b22, &(0x7f0000000040))

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare-ioctl$sock_inet_SIOCSIFPFLAGS
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0x1})

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route-unshare
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40000000)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-socket$nl_route
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})
socket$nl_route(0x10, 0x3, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c16308a633fda925d1085c6b9f70f72ad6cc5f4853700", 0x20}, 0xfffffff9}, {0x27, '\x00', @data, 0x5}, {0x29, '\x00', @st={0x4, [{0x3, @uvalue=0x8}, {0x3, @uvalue=0xa}, {0x1, @uvalue=0xc18}, {0x2, @svalue=0x40}]}, 0x7fe}]})

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-unshare
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
unshare(0x2c020400)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_frontend_release
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-getpid-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-modify_ldt$write-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x3, 0x1000, 0x2000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-prlimit64-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-epoll_create1-prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
epoll_create1(0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_frontend_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(0x0, 0x0, 0x2)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
program did not crash
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-socketpair$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
validation run: crashed=true
reproducing took 1h16m50.357469982s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in dvb_device_open+0xc5/0x360 drivers/media/dvb-core/dvbdev.c:109
Read of size 8 at addr ffff888149f49218 by task syz.2.193/4971

CPU: 0 PID: 4971 Comm: syz.2.193 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 print_address_description+0x60/0x2d0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xdf/0x130 mm/kasan/report.c:451
 dvb_device_open+0xc5/0x360 drivers/media/dvb-core/dvbdev.c:109
 chrdev_open+0x585/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x7f7/0xf90 fs/open.c:826
 do_open fs/namei.c:3616 [inline]
 path_openat+0x2718/0x2fb0 fs/namei.c:3750
 do_filp_open+0x1df/0x400 fs/namei.c:3777
 do_sys_openat2+0x14b/0x500 fs/open.c:1255
 do_sys_open fs/open.c:1271 [inline]
 __do_sys_openat fs/open.c:1287 [inline]
 __se_sys_openat fs/open.c:1282 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1282
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fb1aaf1168e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fb1aa5b1b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fb1aa5b26c0 RCX: 00007fb1aaf1168e
RDX: 0000000000000002 RSI: 00007fb1aa5b1c00 RDI: ffffffffffffff9c
RBP: 00007fb1aa5b1c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007fb1ab1ca038 R14: 00007fb1ab1c9fa0 R15: 00007ffea8636d88
 </TASK>

Allocated by task 1:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc mm/kasan/common.c:513 [inline]
 __kasan_kmalloc+0xaf/0xe0 mm/kasan/common.c:522
 kmalloc include/linux/slab.h:607 [inline]
 kzalloc include/linux/slab.h:738 [inline]
 dvb_register_device+0x300/0x1dc0 drivers/media/dvb-core/dvbdev.c:488
 dvb_register_frontend+0x629/0x900 drivers/media/dvb-core/dvb_frontend.c:3034
 vidtv_bridge_dvb_init drivers/media/test-drivers/vidtv/vidtv_bridge.c:438 [inline]
 vidtv_bridge_probe+0x9c1/0xf30 drivers/media/test-drivers/vidtv/vidtv_bridge.c:510
 platform_probe+0x137/0x1c0 drivers/base/platform.c:1391
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x276/0xc70 drivers/base/dd.c:595
 __driver_probe_device+0x1f5/0x390 drivers/base/dd.c:775
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:805
 __driver_attach+0x45d/0x660 drivers/base/dd.c:1184
 bus_for_each_dev+0x182/0x1f0 drivers/base/bus.c:303
 bus_add_driver+0x324/0x5d0 drivers/base/bus.c:620
 driver_register+0x32d/0x430 drivers/base/driver.c:240
 vidtv_bridge_init+0x39/0x70 drivers/media/test-drivers/vidtv/vidtv_bridge.c:602
 do_one_initcall+0x272/0x730 init/main.c:1315
 do_initcall_level+0x13d/0x1f0 init/main.c:1388
 do_initcalls+0x4b/0x90 init/main.c:1404
 kernel_init_freeable+0x3d5/0x560 init/main.c:1628
 kernel_init+0x19/0x1b0 init/main.c:1519
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

Freed by task 4966:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
 ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1710 [inline]
 slab_free_freelist_hook+0xec/0x170 mm/slub.c:1736
 slab_free mm/slub.c:3504 [inline]
 kfree+0xef/0x2a0 mm/slub.c:4564
 dvb_free_device drivers/media/dvb-core/dvbdev.c:635 [inline]
 kref_put include/linux/kref.h:65 [inline]
 dvb_device_put drivers/media/dvb-core/dvbdev.c:650 [inline]
 dvb_device_open+0x2d2/0x360 drivers/media/dvb-core/dvbdev.c:123
 chrdev_open+0x585/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x7f7/0xf90 fs/open.c:826
 do_open fs/namei.c:3616 [inline]
 path_openat+0x2718/0x2fb0 fs/namei.c:3750
 do_filp_open+0x1df/0x400 fs/namei.c:3777
 do_sys_openat2+0x14b/0x500 fs/open.c:1255
 do_sys_open fs/open.c:1271 [inline]
 __do_sys_openat fs/open.c:1287 [inline]
 __se_sys_openat fs/open.c:1282 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1282
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0

The buggy address belongs to the object at ffff888149f49200
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 24 bytes inside of
 256-byte region [ffff888149f49200, ffff888149f49300)
The buggy address belongs to the page:
page:ffffea000527d200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888149f48a00 pfn:0x149f48
head:ffffea000527d200 order:1 compound_mapcount:0
flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
raw: 057ff00000010200 ffffea00052ff488 ffffea00052ffa88 ffff888016c41b40
raw: ffff888149f48a00 000000000010000f 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 21318428729, free_ts 0
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x24f6/0x2670 mm/page_alloc.c:4192
 __alloc_pages+0x1ee/0x480 mm/page_alloc.c:5501
 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2031
 alloc_slab_page mm/slub.c:1780 [inline]
 allocate_slab mm/slub.c:1917 [inline]
 new_slab+0xc0/0x4b0 mm/slub.c:1980
 ___slab_alloc+0x807/0xdd0 mm/slub.c:3013
 __slab_alloc mm/slub.c:3100 [inline]
 slab_alloc_node mm/slub.c:3191 [inline]
 __kmalloc_node+0x142/0x3a0 mm/slub.c:4456
 kmalloc_node include/linux/slab.h:630 [inline]
 kvmalloc_node+0x84/0x130 mm/util.c:619
 kvmalloc include/linux/mm.h:816 [inline]
 kvzalloc include/linux/mm.h:824 [inline]
 v4l2_ctrl_new+0x70f/0x1310 drivers/media/v4l2-core/v4l2-ctrls-core.c:1306
 v4l2_ctrl_new_std+0x247/0x300 drivers/media/v4l2-core/v4l2-ctrls-core.c:1429
 handler_new_ref+0x14f/0x8d0 drivers/media/v4l2-core/v4l2-ctrls-core.c:1098
 v4l2_ctrl_add_handler+0x197/0x280 drivers/media/v4l2-core/v4l2-ctrls-core.c:1573
 vivid_create_controls+0x2932/0x3380 drivers/media/test-drivers/vivid/vivid-ctrls.c:1921
 vivid_create_instance drivers/media/test-drivers/vivid/vivid-core.c:1860 [inline]
 vivid_probe+0x39ff/0x6240 drivers/media/test-drivers/vivid/vivid-core.c:2031
 platform_probe+0x137/0x1c0 drivers/base/platform.c:1391
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x276/0xc70 drivers/base/dd.c:595
 __driver_probe_device+0x1f5/0x390 drivers/base/dd.c:775
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888149f49100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888149f49180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888149f49200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                            ^
 ffff888149f49280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888149f49300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in dvb_device_open+0xc5/0x360 drivers/media/dvb-core/dvbdev.c:109
Read of size 8 at addr ffff888149f49218 by task syz.2.193/4971

CPU: 0 PID: 4971 Comm: syz.2.193 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 print_address_description+0x60/0x2d0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xdf/0x130 mm/kasan/report.c:451
 dvb_device_open+0xc5/0x360 drivers/media/dvb-core/dvbdev.c:109
 chrdev_open+0x585/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x7f7/0xf90 fs/open.c:826
 do_open fs/namei.c:3616 [inline]
 path_openat+0x2718/0x2fb0 fs/namei.c:3750
 do_filp_open+0x1df/0x400 fs/namei.c:3777
 do_sys_openat2+0x14b/0x500 fs/open.c:1255
 do_sys_open fs/open.c:1271 [inline]
 __do_sys_openat fs/open.c:1287 [inline]
 __se_sys_openat fs/open.c:1282 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1282
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fb1aaf1168e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fb1aa5b1b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fb1aa5b26c0 RCX: 00007fb1aaf1168e
RDX: 0000000000000002 RSI: 00007fb1aa5b1c00 RDI: ffffffffffffff9c
RBP: 00007fb1aa5b1c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007fb1ab1ca038 R14: 00007fb1ab1c9fa0 R15: 00007ffea8636d88
 </TASK>

Allocated by task 1:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc mm/kasan/common.c:513 [inline]
 __kasan_kmalloc+0xaf/0xe0 mm/kasan/common.c:522
 kmalloc include/linux/slab.h:607 [inline]
 kzalloc include/linux/slab.h:738 [inline]
 dvb_register_device+0x300/0x1dc0 drivers/media/dvb-core/dvbdev.c:488
 dvb_register_frontend+0x629/0x900 drivers/media/dvb-core/dvb_frontend.c:3034
 vidtv_bridge_dvb_init drivers/media/test-drivers/vidtv/vidtv_bridge.c:438 [inline]
 vidtv_bridge_probe+0x9c1/0xf30 drivers/media/test-drivers/vidtv/vidtv_bridge.c:510
 platform_probe+0x137/0x1c0 drivers/base/platform.c:1391
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x276/0xc70 drivers/base/dd.c:595
 __driver_probe_device+0x1f5/0x390 drivers/base/dd.c:775
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:805
 __driver_attach+0x45d/0x660 drivers/base/dd.c:1184
 bus_for_each_dev+0x182/0x1f0 drivers/base/bus.c:303
 bus_add_driver+0x324/0x5d0 drivers/base/bus.c:620
 driver_register+0x32d/0x430 drivers/base/driver.c:240
 vidtv_bridge_init+0x39/0x70 drivers/media/test-drivers/vidtv/vidtv_bridge.c:602
 do_one_initcall+0x272/0x730 init/main.c:1315
 do_initcall_level+0x13d/0x1f0 init/main.c:1388
 do_initcalls+0x4b/0x90 init/main.c:1404
 kernel_init_freeable+0x3d5/0x560 init/main.c:1628
 kernel_init+0x19/0x1b0 init/main.c:1519
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

Freed by task 4966:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
 ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1710 [inline]
 slab_free_freelist_hook+0xec/0x170 mm/slub.c:1736
 slab_free mm/slub.c:3504 [inline]
 kfree+0xef/0x2a0 mm/slub.c:4564
 dvb_free_device drivers/media/dvb-core/dvbdev.c:635 [inline]
 kref_put include/linux/kref.h:65 [inline]
 dvb_device_put drivers/media/dvb-core/dvbdev.c:650 [inline]
 dvb_device_open+0x2d2/0x360 drivers/media/dvb-core/dvbdev.c:123
 chrdev_open+0x585/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x7f7/0xf90 fs/open.c:826
 do_open fs/namei.c:3616 [inline]
 path_openat+0x2718/0x2fb0 fs/namei.c:3750
 do_filp_open+0x1df/0x400 fs/namei.c:3777
 do_sys_openat2+0x14b/0x500 fs/open.c:1255
 do_sys_open fs/open.c:1271 [inline]
 __do_sys_openat fs/open.c:1287 [inline]
 __se_sys_openat fs/open.c:1282 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1282
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0

The buggy address belongs to the object at ffff888149f49200
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 24 bytes inside of
 256-byte region [ffff888149f49200, ffff888149f49300)
The buggy address belongs to the page:
page:ffffea000527d200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888149f48a00 pfn:0x149f48
head:ffffea000527d200 order:1 compound_mapcount:0
flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
raw: 057ff00000010200 ffffea00052ff488 ffffea00052ffa88 ffff888016c41b40
raw: ffff888149f48a00 000000000010000f 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 21318428729, free_ts 0
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x24f6/0x2670 mm/page_alloc.c:4192
 __alloc_pages+0x1ee/0x480 mm/page_alloc.c:5501
 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2031
 alloc_slab_page mm/slub.c:1780 [inline]
 allocate_slab mm/slub.c:1917 [inline]
 new_slab+0xc0/0x4b0 mm/slub.c:1980
 ___slab_alloc+0x807/0xdd0 mm/slub.c:3013
 __slab_alloc mm/slub.c:3100 [inline]
 slab_alloc_node mm/slub.c:3191 [inline]
 __kmalloc_node+0x142/0x3a0 mm/slub.c:4456
 kmalloc_node include/linux/slab.h:630 [inline]
 kvmalloc_node+0x84/0x130 mm/util.c:619
 kvmalloc include/linux/mm.h:816 [inline]
 kvzalloc include/linux/mm.h:824 [inline]
 v4l2_ctrl_new+0x70f/0x1310 drivers/media/v4l2-core/v4l2-ctrls-core.c:1306
 v4l2_ctrl_new_std+0x247/0x300 drivers/media/v4l2-core/v4l2-ctrls-core.c:1429
 handler_new_ref+0x14f/0x8d0 drivers/media/v4l2-core/v4l2-ctrls-core.c:1098
 v4l2_ctrl_add_handler+0x197/0x280 drivers/media/v4l2-core/v4l2-ctrls-core.c:1573
 vivid_create_controls+0x2932/0x3380 drivers/media/test-drivers/vivid/vivid-ctrls.c:1921
 vivid_create_instance drivers/media/test-drivers/vivid/vivid-core.c:1860 [inline]
 vivid_probe+0x39ff/0x6240 drivers/media/test-drivers/vivid/vivid-core.c:2031
 platform_probe+0x137/0x1c0 drivers/base/platform.c:1391
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x276/0xc70 drivers/base/dd.c:595
 __driver_probe_device+0x1f5/0x390 drivers/base/dd.c:775
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888149f49100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888149f49180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888149f49200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                            ^
 ffff888149f49280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888149f49300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================