Extracting prog: 43m32.53047463s
Minimizing prog: 4h29m21.18874423s
Simplifying prog options: 13m19.360363642s
Extracting C: 6m29.317448644s
Simplifying C: 0s


extracting reproducer from 72 programs
testing a last program of every proc
single: executing 22 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-ioctl$FS_IOC_RESVSP-mmap-syz_usb_connect-syz_usb_control_io-prctl$PR_SET_VMA-syz_usb_control_io$hid-syz_open_dev$char_usb-write$char_usb-mount
detailed listing:
executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x4030582a, &(0x7f0000000300)={0x1100, 0x0, 0x4, 0x2a40})
mmap(&(0x7f0000499000/0x7000)=nil, 0x7000, 0x1000006, 0x28011, r0, 0x0)
r1 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000049e000/0x4000)=nil, 0x4000, &(0x7f0000000080)='].\x00')
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, 0x0, 0x27)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x808000, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-tkill-sendmsg$NFT_BATCH-mprotect-socket$nl_netfilter-prlimit64-creat-write$binfmt_script-close-execve-openat$rnullb-ioctl$BLKZEROOUT-rt_sigprocmask-gettid-openat$kvm-syz_usb_connect-syz_usb_control_io$cdc_ncm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-openat$kvm-ioctl$KVM_GET_VCPU_MMAP_SIZE-mmap$KVM_VCPU-ioctl$KVM_SET_CPUID-ioctl$KVM_RUN-tkill-rt_sigaction-sendmsg$NFT_BATCH-syz_open_dev$usbfs-sendfile
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
tkill(0x0, 0x12)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x3b, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a3100000000090001007b797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a310000000380300000802c000180250001531bf9d18f7733d66b497a177684ab836976aad849351e9cc0c84ce5ab96a0bfbb46fd4e040d58405b8e1ab5427be36e83e7a7aeecfe1b1bd1da13f89f5eafe4dcc7a99e134c42ed36520766c41a135f71bc59b196174c9d8ae8d67160a2d49f4c5b000361a8fe449f1ac4191ff91fa98d441fd8079d7c989a85bfd987262ba09245aaf8a3b044cd3ba3df3e36b6feba22ccd68c084000"/333], 0xf0}, 0x1, 0x0, 0x0, 0x15}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r2, &(0x7f0000000100)={'#! ', '', [{0x20, '\xd9m\xf4\f00\xf4\xfa\t\tT\xf6\xd18\x17\xfa\xd7\xcds\xf4\xd3\x86\x03*\x9b\xcb\x8a\x9d\xff\x8ap\xf6\xd7\x8fA\xd9b?7\xc1ry\xdfh\xd0\xa4\xa3\x919\xfc\x80R\xbf\x94\xd1\x1d\xe1c]\x92\xeaw\xca\xc1\xfa\xa2\x9d\x85=\xcc\x00'/86}]}, 0x5b)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x108202, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000280)={0x6000, 0x84000})
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8)
r4 = gettid()
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = syz_usb_connect(0x0, 0x95, &(0x7f0000000440)=ANY=[@ANYBLOB="120100006f704410720511d86574010203010902830001008000000904760000228b3b000a24010002030201020d24040405005c8fe97f854a2d0c240705000001a485658c620a240801020009b16d850c24020302020106000310070624040500360624060000d805240000040d240f0105000000020006006c0c241b0500020098040c000108241c040040556107240a0704080c"], 0x0)
syz_usb_control_io$cdc_ncm(r6, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r10, 0x300000b, 0x11, r8, 0x0)
ioctl$KVM_SET_CPUID(r8, 0x4008ae8a, &(0x7f0000000140)={0x5, 0x0, [{0x6, 0x4, 0x8000, 0xc7da, 0x9}, {0x40000000, 0x8, 0x4772, 0x8, 0x4}, {0x80000007, 0xa, 0x3ff, 0xc0000000, 0x5}, {0x80000000, 0x6, 0x9, 0x9, 0x3}, {0x40000000, 0x2, 0xfff}]})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
tkill(r4, 0x11)
rt_sigaction(0x20012, &(0x7f0000000080)={0x0, 0x10000006, 0x0, {[0x7ffffffb]}}, 0x0, 0x8, &(0x7f0000000000))
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x8001, 0x440600)
sendfile(r0, r0, 0x0, 0x7fffeffc)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioprio_set$pid-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-ioctl$I2C_RDWR-syz_init_net_socket$bt_l2cap-openat$rnullb-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-mkdirat-mount$fuse-mount-chdir-mkdir-sendmsg$ETHTOOL_MSG_COALESCE_SET-sendmsg$IPCTNL_MSG_CT_NEW-sendmsg$nl_generic-openat$fuse-mount$fuse-open-ioctl$AUTOFS_IOC_PROTOSUBVER
detailed listing:
executing program 0:
ioprio_set$pid(0x1, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x4, 0x5201, 0xfffffffffffffdfa, 0x0}, {0x5, 0x1001, 0x0, 0x0}, {0x1, 0xb200, 0x0, 0x0}], 0x3})
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_LEN={0x8}, @NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0x3a}, @NFTA_BYTEORDER_OP={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x94, 0x0, 0x2, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0xc}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0xb276}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x4a}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x4}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x32}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8010}, 0x4808)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x34, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_TSOFF={0x8}]}, @CTA_TUPLE_ORIG={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000804}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c0001800600060065580000200002801c0017800400ad0014"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r4, 0x40049366, &(0x7f0000000180))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mount-openat$userio-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-fchown
detailed listing:
executing program 0:
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x808000, 0x0)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x284002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, <r1=>0xee01}}, './cgroup\x00'})
fchown(r0, 0x0, r1)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pwritev
detailed listing:
executing program 0:
pwritev(0xffffffffffffffff, &(0x7f0000001280)=[{0x0}, {0x0}, {&(0x7f0000001080)="2b97", 0x2}], 0x3, 0x0, 0xfffffffe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pwritev
detailed listing:
executing program 0:
pwritev(0xffffffffffffffff, &(0x7f0000001280)=[{0x0}, {0x0}, {&(0x7f0000001080)="2b97", 0x2}], 0x3, 0x0, 0xfffffffe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-ioctl$sock_SIOCGIFINDEX-read$watch_queue-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
r12 = accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})
read$watch_queue(r9, 0x0, 0x0) (async)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-ioctl$sock_SIOCGIFINDEX-read$watch_queue-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
r12 = accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})
read$watch_queue(r9, 0x0, 0x0) (async)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
single: successfully extracted reproducer
found reproducer with 40 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-ioctl$sock_SIOCGIFINDEX-read$watch_queue-read$watch_queue
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
r12 = accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})
read$watch_queue(r9, 0x0, 0x0) (async)
read$watch_queue(r9, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-ioctl$sock_SIOCGIFINDEX-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
r12 = accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})
read$watch_queue(r9, 0x0, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-ioctl$sock_SIOCGIFINDEX-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
r12 = accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-read-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000, 0x0, <r10=>0xffffffffffffffff})
close(r10)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r11, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000340)=[0x0], 0x1, 0x80000})
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r10 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r10, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r10, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-mmap-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r7, 0x900) (async)
r8 = syz_open_pts(r7, 0x900)
dup3(r8, r7, 0x80000) (async)
r9 = dup3(r8, r7, 0x80000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000000, 0x11, r6, 0x6100b000)
read(r9, &(0x7f00000000c0)=""/226, 0xe2)
r10 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r10, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r10, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r9, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r6, 0x900) (async)
r7 = syz_open_pts(r6, 0x900)
dup3(r7, r6, 0x80000) (async)
r8 = dup3(r7, r6, 0x80000)
read(r8, &(0x7f00000000c0)=""/226, 0xe2)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r8, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r8, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r6, 0x900) (async)
r7 = syz_open_pts(r6, 0x900)
dup3(r7, r6, 0x80000) (async)
read(0xffffffffffffffff, &(0x7f00000000c0)=""/226, 0xe2)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-syz_open_pts-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r6, 0x900) (async)
r7 = syz_open_pts(r6, 0x900)
r8 = dup3(r7, r6, 0x80000)
read(r8, &(0x7f00000000c0)=""/226, 0xe2)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r8, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r8, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r6, 0x900) (async)
dup3(0xffffffffffffffff, r6, 0x80000) (async)
r7 = dup3(0xffffffffffffffff, r6, 0x80000)
read(r7, &(0x7f00000000c0)=""/226, 0xe2)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r7, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r7, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r7 = syz_open_pts(r6, 0x900)
dup3(r7, r6, 0x80000) (async)
r8 = dup3(r7, r6, 0x80000)
read(r8, &(0x7f00000000c0)=""/226, 0xe2)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r8, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r8, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
r7 = syz_open_pts(r6, 0x900)
dup3(r7, r6, 0x80000) (async)
r8 = dup3(r7, r6, 0x80000)
read(r8, &(0x7f00000000c0)=""/226, 0xe2)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r8, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r8, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-write$binfmt_aout-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r7 = syz_open_pts(r6, 0x900)
dup3(r7, r6, 0x80000) (async)
r8 = dup3(r7, r6, 0x80000)
read(r8, &(0x7f00000000c0)=""/226, 0xe2)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r8, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r8, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-openat$ptmx-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r7 = syz_open_pts(r6, 0x900)
dup3(r7, r6, 0x80000) (async)
r8 = dup3(r7, r6, 0x80000)
read(r8, &(0x7f00000000c0)=""/226, 0xe2)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r9, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r8, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r8, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r6 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r6, 0xffffffffffffffff, 0x80000) (async)
r7 = dup3(r6, 0xffffffffffffffff, 0x80000)
read(r7, &(0x7f00000000c0)=""/226, 0xe2)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r7, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r7, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r6 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r6, 0xffffffffffffffff, 0x80000) (async)
r7 = dup3(r6, 0xffffffffffffffff, 0x80000)
read(r7, &(0x7f00000000c0)=""/226, 0xe2)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r7, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r7, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-ioctl$KVM_CREATE_VM-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x0)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r6 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r6, 0xffffffffffffffff, 0x80000) (async)
r7 = dup3(r6, 0xffffffffffffffff, 0x80000)
read(r7, &(0x7f00000000c0)=""/226, 0xe2)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r7, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r7, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
sendmsg$netlink(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r5 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r5, 0xffffffffffffffff, 0x80000) (async)
r6 = dup3(r5, 0xffffffffffffffff, 0x80000)
read(r6, &(0x7f00000000c0)=""/226, 0xe2)
r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r7, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r7, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r6, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r6, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r5 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r5, 0xffffffffffffffff, 0x80000) (async)
r6 = dup3(r5, 0xffffffffffffffff, 0x80000)
read(r6, &(0x7f00000000c0)=""/226, 0xe2)
r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r7, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r7, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r6, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r6, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-socket$nl_route-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-socket$nl_route-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-openat$kvm-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c000000010000000000140001004500002800680000008490786c01e201ac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="540010009078001c"], 0x36)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-socket$kcm-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-ioctl$TUNSETIFF-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-openat$tun-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-socket$packet-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
socket$packet(0x11, 0x3, 0x300)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300) (async)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-syz_init_net_socket$nl_rdma-socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(r0, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r4, 0xffffffffffffffff, 0x80000) (async)
r5 = dup3(r4, 0xffffffffffffffff, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r5, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"}) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000) (async)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80}) (async)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0)
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="100000001a000100fdffffff01dcdf25fdb5f8056bf1d4e79a788ac1102628d9cd80ecd6c2d1257350f8ca1dda2d10caa630bd1b5d7fed72622cff43579a77130100000091646221a04c5a7502f2ae53d38edd0f007b5f8649429b2b558132daca42bf3d1e2ee4ecd6e67e7a913176eca72ff0ecabf46ff22e9fb8fa6c7d172e9fed7c1265e6cfe7ff70b5efd60f65f2973dab891b207b33e409"], 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, 0x0)
accept$ax25(r4, &(0x7f0000000280)={{0x3, @null}, [@netrom, @default, @null, @null, @netrom, @rose, @bcast, @bcast]}, &(0x7f0000000040)=0x48)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, 0x0)
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: WARNING: suspicious RCU usage in proc_sys_compare
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_int-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-unshare-sendmsg$netlink-fcntl$getown-ioctl$TCSETS-ioctl$TCSETS-syz_open_pts-dup3-dup3-read-openat$vimc2-ioctl$VIDIOC_EXPBUF-ioctl$VIDIOC_EXPBUF-accept$ax25-read$watch_queue-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
unshare(0x6a040880)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x80000000, 0xfc, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x900)
dup3(r3, 0xffffffffffffffff, 0x80000)
r4 = dup3(r3, 0xffffffffffffffff, 0x80000)
read(r4, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x7, 0x8, 0x101, 0x80})
accept$ax25(r4, 0x0, &(0x7f0000000040))
read$watch_queue(r4, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Write in flush_tlb_func
validation run: crashed=true
reproducing took 6h2m41.364559781s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in instrument_atomic_write include/linux/instrumented.h:82 [inline]
BUG: KASAN: slab-use-after-free in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]
BUG: KASAN: slab-use-after-free in cpumask_clear_cpu include/linux/cpumask.h:628 [inline]
BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 arch/x86/mm/tlb.c:1132
Write of size 8 at addr ffff888030ebe000 by task pool_workqueue_/3

CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xd2/0x2b0 mm/kasan/report.c:521
 kasan_report+0x118/0x150 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:189
 instrument_atomic_write include/linux/instrumented.h:82 [inline]
 clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]
 cpumask_clear_cpu include/linux/cpumask.h:628 [inline]
 flush_tlb_func+0x23d/0x6c0 arch/x86/mm/tlb.c:1132
 csd_do_func kernel/smp.c:134 [inline]
 __flush_smp_call_function_queue+0x370/0xaa0 kernel/smp.c:540
 __sysvec_call_function_single+0xa8/0x3d0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x9e/0xc0 arch/x86/kernel/smp.c:266
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:709
RIP: 0010:preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:7019
Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 cb bf 18 f6 e8 f6 f0 4f f6 fb bf 01 00 00 00 <e8> 1b ab ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24
RSP: 0018:ffffc90000087aa0 EFLAGS: 00000286
RAX: bb466a856e42d200 RBX: 0000000000000000 RCX: bb466a856e42d200
RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: 0000000000000001
RBP: ffffc90000087b40 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000010f54
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:196
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:lockdep_unregister_key+0x2c5/0x310 kernel/locking/lockdep.c:6619
Code: 65 48 8b 05 1d a3 25 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 4d 8e d8 09 e8 78 8f d8 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
RSP: 0018:ffffc90000087c00 EFLAGS: 00000246
RAX: bb466a856e42d200 RBX: ffff88805c62f138 RCX: bb466a856e42d200
RDX: ffffffff93876358 RSI: ffffffff8da7d37d RDI: ffffffff8be4b100
RBP: ffff88805c62f100 R08: 0000000000000000 R09: ffffffff81aafe18
R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 0000000000000000
R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000202
 wq_unregister_lockdep kernel/workqueue.c:4819 [inline]
 pwq_release_workfn+0x6d5/0x870 kernel/workqueue.c:5115
 kthread_worker_fn+0x507/0xb60 kernel/kthread.c:1009
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 5989:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4180 [inline]
 slab_alloc_node mm/slub.c:4229 [inline]
 kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4236
 dup_mm kernel/fork.c:1466 [inline]
 copy_mm+0xdb/0x4b0 kernel/fork.c:1528
 copy_process+0x1706/0x3c00 kernel/fork.c:2168
 kernel_clone+0x21e/0x870 kernel/fork.c:2598
 __do_sys_clone kernel/fork.c:2741 [inline]
 __se_sys_clone kernel/fork.c:2725 [inline]
 __x64_sys_clone+0x18b/0x1e0 kernel/fork.c:2725
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 13650:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2417 [inline]
 slab_free mm/slub.c:4680 [inline]
 kmem_cache_free+0x18f/0x400 mm/slub.c:4782
 exit_mm+0x1da/0x2c0 kernel/exit.c:581
 do_exit+0x648/0x2300 kernel/exit.c:947
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1100
 __do_sys_exit_group kernel/exit.c:1111 [inline]
 __se_sys_exit_group kernel/exit.c:1109 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1109
 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888030ebd600
 which belongs to the cache mm_struct of size 2584
The buggy address is located 2560 bytes inside of
 freed 2584-byte region [ffff888030ebd600, ffff888030ebe018)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff888025c0ae01
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801a84bb40 ffffea00009bf400 dead000000000004
raw: 0000000000000000 00000000000b000b 00000000f5000000 ffff888025c0ae01
head: 00fff00000000040 ffff88801a84bb40 ffffea00009bf400 dead000000000004
head: 0000000000000000 00000000000b000b 00000000f5000000 ffff888025c0ae01
head: 00fff00000000003 ffffea0000c3ae01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5881, tgid 5881 (syz-execprog), ts 328123265305, free_ts 326894133357
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1848
 prep_new_page mm/page_alloc.c:1856 [inline]
 get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3855
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5145
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2419
 alloc_slab_page mm/slub.c:2487 [inline]
 allocate_slab+0x8a/0x370 mm/slub.c:2655
 new_slab mm/slub.c:2709 [inline]
 ___slab_alloc+0xbeb/0x1410 mm/slub.c:3891
 __slab_alloc mm/slub.c:3981 [inline]
 __slab_alloc_node mm/slub.c:4056 [inline]
 slab_alloc_node mm/slub.c:4217 [inline]
 kmem_cache_alloc_noprof+0x283/0x3c0 mm/slub.c:4236
 mm_alloc+0x23/0xd0 kernel/fork.c:1103
 bprm_mm_init fs/exec.c:258 [inline]
 alloc_bprm+0x378/0x5b0 fs/exec.c:1461
 do_execveat_common+0x1b3/0x6a0 fs/exec.c:1806
 do_execve fs/exec.c:1929 [inline]
 __do_sys_execve fs/exec.c:2005 [inline]
 __se_sys_execve fs/exec.c:2000 [inline]
 __x64_sys_execve+0x94/0xb0 fs/exec.c:2000
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
----------------
Code disassembly (best guess):
   0:	24 20                	and    $0x20,%al
   2:	f6 44 24 21 02       	testb  $0x2,0x21(%rsp)
   7:	74 0c                	je     0x15
   9:	90                   	nop
   a:	0f 0b                	ud2
   c:	48 f7 03 08 00 00 00 	testq  $0x8,(%rbx)
  13:	74 64                	je     0x79
  15:	bf 01 00 00 00       	mov    $0x1,%edi
  1a:	e8 cb bf 18 f6       	call   0xf618bfea
  1f:	e8 f6 f0 4f f6       	call   0xf64ff11a
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 1b ab ff ff       	call   0xffffab4a <-- trapping instruction
  2f:	48 c7 44 24 40 00 00 	movq   $0x0,0x40(%rsp)
  36:	00 00
  38:	9c                   	pushf
  39:	8f 44 24 40          	pop    0x40(%rsp)
  3d:	8b                   	.byte 0x8b
  3e:	44                   	rex.R
  3f:	24                   	.byte 0x24

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in instrument_atomic_write include/linux/instrumented.h:82 [inline]
BUG: KASAN: slab-use-after-free in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]
BUG: KASAN: slab-use-after-free in cpumask_clear_cpu include/linux/cpumask.h:628 [inline]
BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 arch/x86/mm/tlb.c:1132
Write of size 8 at addr ffff888030ebe000 by task pool_workqueue_/3

CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xd2/0x2b0 mm/kasan/report.c:521
 kasan_report+0x118/0x150 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:189
 instrument_atomic_write include/linux/instrumented.h:82 [inline]
 clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]
 cpumask_clear_cpu include/linux/cpumask.h:628 [inline]
 flush_tlb_func+0x23d/0x6c0 arch/x86/mm/tlb.c:1132
 csd_do_func kernel/smp.c:134 [inline]
 __flush_smp_call_function_queue+0x370/0xaa0 kernel/smp.c:540
 __sysvec_call_function_single+0xa8/0x3d0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x9e/0xc0 arch/x86/kernel/smp.c:266
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:709
RIP: 0010:preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:7019
Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 cb bf 18 f6 e8 f6 f0 4f f6 fb bf 01 00 00 00 <e8> 1b ab ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24
RSP: 0018:ffffc90000087aa0 EFLAGS: 00000286
RAX: bb466a856e42d200 RBX: 0000000000000000 RCX: bb466a856e42d200
RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: 0000000000000001
RBP: ffffc90000087b40 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000010f54
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:196
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:lockdep_unregister_key+0x2c5/0x310 kernel/locking/lockdep.c:6619
Code: 65 48 8b 05 1d a3 25 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 4d 8e d8 09 e8 78 8f d8 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
RSP: 0018:ffffc90000087c00 EFLAGS: 00000246
RAX: bb466a856e42d200 RBX: ffff88805c62f138 RCX: bb466a856e42d200
RDX: ffffffff93876358 RSI: ffffffff8da7d37d RDI: ffffffff8be4b100
RBP: ffff88805c62f100 R08: 0000000000000000 R09: ffffffff81aafe18
R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 0000000000000000
R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000202
 wq_unregister_lockdep kernel/workqueue.c:4819 [inline]
 pwq_release_workfn+0x6d5/0x870 kernel/workqueue.c:5115
 kthread_worker_fn+0x507/0xb60 kernel/kthread.c:1009
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 5989:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4180 [inline]
 slab_alloc_node mm/slub.c:4229 [inline]
 kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4236
 dup_mm kernel/fork.c:1466 [inline]
 copy_mm+0xdb/0x4b0 kernel/fork.c:1528
 copy_process+0x1706/0x3c00 kernel/fork.c:2168
 kernel_clone+0x21e/0x870 kernel/fork.c:2598
 __do_sys_clone kernel/fork.c:2741 [inline]
 __se_sys_clone kernel/fork.c:2725 [inline]
 __x64_sys_clone+0x18b/0x1e0 kernel/fork.c:2725
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 13650:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2417 [inline]
 slab_free mm/slub.c:4680 [inline]
 kmem_cache_free+0x18f/0x400 mm/slub.c:4782
 exit_mm+0x1da/0x2c0 kernel/exit.c:581
 do_exit+0x648/0x2300 kernel/exit.c:947
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1100
 __do_sys_exit_group kernel/exit.c:1111 [inline]
 __se_sys_exit_group kernel/exit.c:1109 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1109
 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888030ebd600
 which belongs to the cache mm_struct of size 2584
The buggy address is located 2560 bytes inside of
 freed 2584-byte region [ffff888030ebd600, ffff888030ebe018)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30eb8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff888025c0ae01
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801a84bb40 ffffea00009bf400 dead000000000004
raw: 0000000000000000 00000000000b000b 00000000f5000000 ffff888025c0ae01
head: 00fff00000000040 ffff88801a84bb40 ffffea00009bf400 dead000000000004
head: 0000000000000000 00000000000b000b 00000000f5000000 ffff888025c0ae01
head: 00fff00000000003 ffffea0000c3ae01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5881, tgid 5881 (syz-execprog), ts 328123265305, free_ts 326894133357
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1848
 prep_new_page mm/page_alloc.c:1856 [inline]
 get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3855
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5145
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2419
 alloc_slab_page mm/slub.c:2487 [inline]
 allocate_slab+0x8a/0x370 mm/slub.c:2655
 new_slab mm/slub.c:2709 [inline]
 ___slab_alloc+0xbeb/0x1410 mm/slub.c:3891
 __slab_alloc mm/slub.c:3981 [inline]
 __slab_alloc_node mm/slub.c:4056 [inline]
 slab_alloc_node mm/slub.c:4217 [inline]
 kmem_cache_alloc_noprof+0x283/0x3c0 mm/slub.c:4236
 mm_alloc+0x23/0xd0 kernel/fork.c:1103
 bprm_mm_init fs/exec.c:258 [inline]
 alloc_bprm+0x378/0x5b0 fs/exec.c:1461
 do_execveat_common+0x1b3/0x6a0 fs/exec.c:1806
 do_execve fs/exec.c:1929 [inline]
 __do_sys_execve fs/exec.c:2005 [inline]
 __se_sys_execve fs/exec.c:2000 [inline]
 __x64_sys_execve+0x94/0xb0 fs/exec.c:2000
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
----------------
Code disassembly (best guess):
   0:	24 20                	and    $0x20,%al
   2:	f6 44 24 21 02       	testb  $0x2,0x21(%rsp)
   7:	74 0c                	je     0x15
   9:	90                   	nop
   a:	0f 0b                	ud2
   c:	48 f7 03 08 00 00 00 	testq  $0x8,(%rbx)
  13:	74 64                	je     0x79
  15:	bf 01 00 00 00       	mov    $0x1,%edi
  1a:	e8 cb bf 18 f6       	call   0xf618bfea
  1f:	e8 f6 f0 4f f6       	call   0xf64ff11a
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 1b ab ff ff       	call   0xffffab4a <-- trapping instruction
  2f:	48 c7 44 24 40 00 00 	movq   $0x0,0x40(%rsp)
  36:	00 00
  38:	9c                   	pushf
  39:	8f 44 24 40          	pop    0x40(%rsp)
  3d:	8b                   	.byte 0x8b
  3e:	44                   	rex.R
  3f:	24                   	.byte 0x24