Extracting prog: 10m22.282622862s
Minimizing prog: 58m2.912575027s
Simplifying prog options: 0s
Extracting C: 41.781838784s
Simplifying C: 12m36.483261623s


30 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-syz_io_uring_setup-syz_io_uring_submit-io_uring_enter-syz_io_uring_setup-syz_io_uring_setup-syz_io_uring_submit-bind$vsock_stream-listen-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-unshare-syz_genetlink_get_family_id$nl80211-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_ZEROPAGE-openat$cgroup_ro-close-socketpair$unix-ioctl$SIOCSIFHWADDR-setsockopt$IPT_SO_SET_REPLACE-socket$vsock_stream-connect$vsock_stream-openat$cgroup_ro-write$binfmt_script-mmap-writev
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = syz_io_uring_setup(0x6fa9, &(0x7f0000000440)={0x0, 0x4da5}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x6ed3, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x6908, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r0}, &(0x7f0000000200), &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_setup(0x1867, &(0x7f00000003c0)={0x0, 0x81c3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
unshare(0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$SIOCSIFHWADDR(r7, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random='\rh\x00 \x00'})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x4001, 0x3, 0x1ec, 0x134, 0x0, 0x148, 0x0, 0x148, 0x1d4, 0x240, 0x240, 0x1d4, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x248)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000280)={0x28, 0x0, 0x2710}, 0x10)
r9 = openat$cgroup_ro(r5, &(0x7f0000000300)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r9, 0x0)
writev(r8, &(0x7f0000000680)=[{0x0}], 0x1)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939-connect$can_j1939-sendmmsg-userfaultfd-openat-socket
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)
sendmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}], 0x2, 0x0)
userfaultfd(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
socket(0xa, 0x3, 0x3a)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-ioctl$TUNSETIFF-socket$inet-bind$inet-readv-connect$inet-sendmmsg$inet-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10)
readv(r1, &(0x7f00000000c0), 0x0)
connect$inet(r1, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000440)="c68a76fc052ea9e5861f22eefbe4355322573df4473febc5460a4ac3cf40c7fb7d5f6d", 0x23}], 0x1}}], 0x1, 0x0)
r2 = socket$kcm(0x2, 0x0, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000500)={@val={0x1c, 0xc}, @val={0x0, 0x0, 0x0, 0x0, 0x3d}, @x25={0x0, 0x0, 0x0, "8ad40b074190e37fb928a57450f583253c8a1fa762cf1f9d5378691396e15c121743936a4bf3330f1aab7c458f212a863883d90d05eb8079d5341a37e91f5a9c0189b82e41b871af219aa14e6529328a2bf8c6e176"}}, 0x66)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-sendto$inet6-socket$nl_route-socket-mount_setattr-openat$cgroup_ro-sendmsg$netlink-prctl$PR_SCHED_CORE-openat$hwrng-preadv-syz_open_dev$hiddev-userfaultfd-socket$nl_route-ioctl$KDFONTOP_SET-keyctl$dh_compute-add_key$user-add_key$user-keyctl$dh_compute-getsockopt$sock_cred-sendmsg$nl_generic-sendmsg$nl_route-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x1000a4}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000140), 0x100000000, 0x103)
userfaultfd(0x80001)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x8, 0x16, &(0x7f0000000340)="d3c4f7e5de1029f7c9d49f8ae23bad4c0699ef9bbe32c2d6888de5b064aa94d536c7f837593c4363a0964c3fc548b5d5ff6fb603cf9f3fefd2f60b3d0ba2f24a555d6e0616f58796f2431ae3be01de96c383add6f32f28067c022e846099d07b66d0aec40d14def5d5aa5d8f3e37a6712de9ddaa02027aec24849a1b5b403833fc9e70687141543839be295074f592ad680689b9c98c8fe495f197cadc9250ebb4a5ec065ac0e75a33060f190290603121098dac7f091395998c094b1acd3d465d9ceb5b61d895461cce67a375338559bdf477074738e4cf16b41480c6031238e9f876699e5706891996b36372dc71b942cd9dff7a8ba64cd5331302c7b92d82659ff623b915fdf85df3124189ac720b4d3cf7bf6e1a55c8d39db0c389bbbddf1e294a603260798abd52ec4f5c77bc416465027db99368b38670204b0762077a25d82724fc01ab531a6fcbf5c00c67f87a5bb98f95306b1d99df10abbe6cca16e98b6a8b5dec0af6f21f1f29bb0b4416bdbad80c2d9ec6fd41140a15a9a3a205364c71ff1fd23149c54bf86f725d7ddac71b50f99a25e66a7038fa229fc0211520b7470d011e7b233fde3543702db126567a34bd35aa4a59a05a83760ebe49eb4b9364ba367a62b820eaa487f772a9a0898ab5040d72c4c41a5a7269cd7efdfe731f80697a3da25c6c24619630fc91581b9b5ab8e2ebe35e8b1d1fd8f4cfca4238836c0403d470632503436325b063ddab48e820f81f4043000dd6fa9c60be47689edf59d369114323144f0cc9588148ec4d58e58e9f119926e30c358f6527eb745599b65b88b6062bd5b18140c7d3d64a3e43ed3abf5c49105d069a1f36ac3abd7141979fbf2735f13869f3e76bb8d1b0d92728be1fc39283d7d083d450e07adeb5f23148700266948d54cf5e5e79a274ed4f419e5fc10340d088031265a7d237362166ef22bcd9ae8b1bb8237d57e499cd8d3a3c2924f7266d6295dd40a917f7053e41d2149f2003fee9c1adb53076d4283d66bdb066873dbb05ffc72fa6a53ffaf3274661aafd8343abe65f602c6504fdd949f50922374d04ee3e2980e846fe08a1b578ca4616659b3721685400ec4bc52fec0e166909f02e4f5e3062f6c07a97a44af88e655d1168b14c2d22ba7b3ce0a62691b73828f83795160fdb906b4062b6f63d95292a30d9467e11011f69b91255144202d58b393ed7783b6e4a39754061fc0238b7b93d229e90479242fa77b531afb1f587fbd2a2fcf3aea44bd7fafa3a598837aa80e570272dfb919244e0e032abc5b12488d6b5d95b3165d99e7a9c124b434ab3dc730cc6490f795e222ef0c6b7975b3f56b8be37da25ee94406f0359eb274620171746971ea0215766d2cf116ce09811e1350e1392654fba67c346275d39eefa2bd2352a785c44096ec190f38e4d2ccc1b357d654ba780754c"})
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r3 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000100), 0x0, 0x0, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r4, r4}, &(0x7f0000000040)=""/79, 0x4f, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001e00050300000000000020000000000008080000a726b3a918817543c00dbd0b6a7b48249a4cec57ed70bedb84f0c7c03617f6d626", @ANYRES32=0x0, @ANYBLOB="0c0064007f00000000000000"], 0x28}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffed0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$audio-accept$alg-prctl$PR_SCHED_CORE-openat$hwrng-close_range-close-epoll_create1-epoll_create-openat$random-epoll_ctl$EPOLL_CTL_ADD-epoll_ctl$EPOLL_CTL_MOD-socket$inet_udplite-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$NFT_BATCH-sendfile-syz_open_dev$usbfs-ioctl$USBDEVFS_FREE_STREAMS-mremap
detailed listing:
executing program 0:
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close_range(r0, r0, 0x0)
close(0xffffffffffffffff)
epoll_create1(0x0)
r2 = epoll_create(0x0)
r3 = openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x90000001})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000140)={0xd71255f2c0da879})
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'ip6gretap0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB="000000000000000014000c801000"], 0x34}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
r5 = syz_open_dev$usbfs(0x0, 0x80000000003, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r5, 0x802c550a, &(0x7f0000000100)=ANY=[@ANYBLOB="0200a006002a17006000000002000020d3", @ANYRESDEC=r1])
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x400000, 0x2, &(0x7f0000000000/0x400000)=nil)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 15s
testing program (duration=22s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 30, 22, 7, 30, 10, 30, 4, 26, 30, 2, 15, 22, 8, 30, 10, 9, 9, 30, 19, 4, 30, 22, 30, 8, 10, 30, 30, 30, 29]
detailed listing:
executing program 4:
bpf$PROG_BIND_MAP(0x23, 0xfffffffffffffffc, 0x0) (async)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000), 0x4) (async)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000040)="53049b0e2f51791b2e3ab0b08c20b42b8061cfd778e0916880001445b72a025dc779c7f9a456cfc56737624b174bd59af3f772677bd68bcee0597088a5b169f18ab81a7aeb885aa6a386f5f55f7128553d93", &(0x7f00000000c0)=""/10, &(0x7f0000000100)="b8f4d7a4266873a94ae03103a1703d0a10de9e264b6c3fd99e153bd30c2835e238894eb4d6818152fe303c4b32fa350c3099995e8c80905c114595371abf641a11a02101d34c1cc03e704d25d42c16a5e45f8532cfa1a3fb28b226b04544d2f6ff8b275fe55ea7ba57fb110d183d2ad9bef1dbc3c56dbc80c9f211eee8587a6dc266e5a571da4eed8c52aa14ae0702716b7a5fb2b4436dcc1bd3b1435c2420f329075572e64f6feb8e48c7", &(0x7f00000001c0)="37c850761e7d17ee560350c4e2ac18c4d167fa6d42dd484ff31775aa67c927c30b63bf74c631425a57d54d7acb4c2cd9b4869e9f1cdac1ae2f9f8bde16bc572822d686e52b762d87d6e0eb4959c5b15ed4b49adb9dbc5b693b0478f0fd2bfd5afe78690946aceff35815d3f7b32fd098ce", 0xfffffffd}, 0x38) (async, rerun: 64)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000340)={0x1, &(0x7f0000000280)="2f01548006565c5d515b25cf117609743cb212fcbda389", &(0x7f00000002c0)=""/89, 0x4}, 0x20) (async, rerun: 64)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000003480)={0x0, 0x0}, 0x20) (async)
r0 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r0, 0x0, 0x2, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480480001800a0001"], 0xa0}}, 0x0) (async, rerun: 64)
r1 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014", 0x1d, 0x0, 0x0, 0x0) (async, rerun: 64)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x10000000000c6, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000140)={0x1, @raw_data="cd1c0f81a34f8e7952474233d7cb8d418ee9b7271495f452cf7504b611bbc9804e4060b85cf0d7b9e50bce9e8ce9cc8db6af7fc30dea021e788bf809eb5792b0d70e1cbdb302331d62e7b32fb273609ae0b05b8a382ebc8a58201a6fcac62a855dff9b22dca633e2e3d6e7871179262a7a0f2be2a6719f7eaf50bb7aad3d446e4691c6c6f7b0e669c47d332053ccec74372d1cfddafc259b75b09587bd63360cd3ba82cfb0d32d8ebca4c92d762952826891ea6215ed73bf681a7de78c5a07ef41ec3ebcdd820330"}) (async)
r3 = syz_io_uring_setup(0x24fb, &(0x7f0000000000)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0) (async)
open(0x0, 0x0, 0x0) (async, rerun: 64)
getdents(0xffffffffffffffff, 0x0, 0x0) (rerun: 64)
r6 = socket$inet6_dccp(0xa, 0x6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x7e, 0x0, r6, 0x80, &(0x7f0000000200)=@in6={0xa, 0xfffc, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x0, 0x0, 0x1}) (async, rerun: 32)
unshare(0x2040400) (async, rerun: 32)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0}}) (async)
io_uring_enter(r3, 0x5b43, 0x0, 0x0, 0x0, 0x0) (async)
r7 = socket(0x10, 0x3, 0x0) (async)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_OPENQRY(r8, 0x5600, &(0x7f0000000140)) (async)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000e6d26489"], 0x21) (async)
r9 = socket(0x2, 0x3, 0x67)
sendmmsg$sock(r9, &(0x7f00000004c0)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000400)=[@mark={{0x18, 0x1, 0x41}}], 0x18}}], 0x1, 0x0)
write(r7, &(0x7f0000000380)="26000000000000000020002b1f000a4a511aee839cd53400b017ca5b00"/38, 0x48) (async)
setsockopt$sock_int(r7, 0x1, 0x10, &(0x7f0000000200)=0x1, 0x4)
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, &(0x7f0000000000)={<r0=>0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x4})
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000", @ANYRES16], 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f00000001640705007948b30577f5d20a"], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xc018480b, 0x0)
ioctl$SIOCGETSGCNT_IN6(r0, 0x89e1, &(0x7f00000000c0)={@mcast2, @private0})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f0000000040)={0x0, [0x0, 0xc77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0xf7d, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]})
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)={@ifindex, 0xffffffffffffffff, 0x33, 0x0, r3, @prog_id=0xffffffffffffffff}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, 0x0, 0x0, 0x0, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x44}, 0x90)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="09030000000000fdff0720"], 0x18}, 0x1, 0xf000000}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_all\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'veth1_macvtap\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlinkprop={0x38, 0x6c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_PROP_LIST={0x18, 0x34, 0x0, 0x1, [{0x14, 0x35, 'netpci0\x00'}]}]}, 0x38}}, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e)
executing program 3:
r0 = syz_usb_connect(0x0, 0x4d, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000735aca105e042107c4900102030109023b00010000000009040000000e010000052406000105240300000d240f0100000000000000000006"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, 0x0, &(0x7f0000000400)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000380)={0x24, &(0x7f00000000c0)={0x40, 0x0, 0x2, {0x2}}, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet_sctp(0x2, 0x5, 0x84)
keyctl$setperm(0x5, 0x0, 0x8000004)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x3, @private2, 0xffffffa0}, @in6={0xa, 0x4e23, 0x1, @mcast1, 0x4}], 0x38)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x0)
fadvise64(0xffffffffffffffff, 0xffffffffffffd518, 0x7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
mmap(&(0x7f0000963000/0x3000)=nil, 0x3000, 0x0, 0x8031, r3, 0x1000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00')
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/198, 0xc6}], 0x1, 0x14a, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0x0, 0x0, 0xe6, 0x0, 0x0})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
sendmsg$nl_netfilter(r4, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000140)={0x2c, 0xe, 0x3, 0x201, 0x70bd2b, 0x0, {0x7, 0x0, 0xa}, [@typed={0x14, 0x6, 0x0, 0x0, @ipv6=@local}, @typed={0x4, 0xfe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48041}, 0x8000)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
executing program 2:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x12, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
syz_open_dev$sg(&(0x7f0000000340), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000001dc0)='./binderfs/binder-control\x00', 0x3f000000, 0x0)
executing program 2:
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000080)=@isdn={0x22, 0xf, 0xfc, 0x0, 0x2}, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000ac0)="ee", 0x1}, {0x0}], 0x2, &(0x7f0000000e00)=ANY=[@ANYRES32=r0, @ANYRES16=r0, @ANYRESHEX=r0, @ANYBLOB="f90547cb39ac0b017316cb2390ca0eb90ded3d81032039c4f85f4db49ae4e32ea79367c0c8ca0d5733f421db223049eec90522488339b0778bc4475208a93c1acb84334b7a98061edd301b2ff79eb4a3c4c956a7cea8902208c24884086aa55ed05819e3c606030d9384fb19bfab4da5ef6aa58fe90b607c565f99e94b520a379975e43901b21ee0086fcb79e57c1dec6236857292b5aa2900f95f2e0f5a76adfaf384bac8ef9225c52e559e8b819613dbf5748bf7086463da4fbc8a3804b2b43aa7354879b1fa202181f7e755dd25248f5a432618dcd58e90f83c741f93f07f5a92cd579672d78254f97234bbd81026"], 0x10b8}, 0x8041)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x800, 0x4008c}, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000002000ffe03297cbe7039800004000000000010000000069f7c4d7d80cb582cf40417c2f96e8ff34a03d0f732b89911dcfee437d2f380469bfc14bd747b58a3d276e82b5c6489ef2fb96fc2c31159aec470e2f9cd4f911af660f106174a8bb0df0eec4f61ffee18006685196ca71f22c9c4a5a32c81c6f050000000000000052600d07f7ea000000000000000000b2c53231719c461fda16ebf16ce6349650683396d76624e946b7f1e2f782b5945978c8092cca3ca1050cf6b0b1f238f2ac1073e077af6897d35bc96585ed9ca9e4316ac853a12339ed019c89411cf2c7c53f8806f6dce229381e33511900cec67f359c48b63692d5a44d2c7121bad7c3680fec503c36d44164ec981fb96a056d298e2fca6d4c4911e64155b5ae9afdfc8a1d76856ddffb0fd0a6f53fd80b51b15d59705fbbc5a353602537760e78581d66d91b5933a0bd6779893d72078abc2033d6ca15eb8a32ba288a4ef8130d"], &(0x7f0000000000)='GPL\x00', 0x0, 0x4e}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r4, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
close(r4)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="1d030000000000000000060000bc"], 0x14}}, 0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
vmsplice(r6, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RELEASEINTERFACE(r6, 0x80045510, &(0x7f0000000180)=0x5489)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffb, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x200000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x94042, 0x0)
executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10)
readv(r1, &(0x7f00000000c0), 0x0)
connect$inet(r1, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000440)="c68a76fc052ea9e5861f22eefbe4355322573df4473febc5460a4ac3cf40c7fb7d5f6d", 0x23}], 0x1}}], 0x1, 0x0)
r2 = socket$kcm(0x2, 0x0, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000500)={@val={0x1c, 0xc}, @val={0x0, 0x0, 0x0, 0x0, 0x3d}, @x25={0x0, 0x0, 0x0, "8ad40b074190e37fb928a57450f583253c8a1fa762cf1f9d5378691396e15c121743936a4bf3330f1aab7c458f212a863883d90d05eb8079d5341a37e91f5a9c0189b82e41b871af219aa14e6529328a2bf8c6e176"}}, 0x66)
executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000180)=0x3, 0x4)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000008600)={0x2020, 0x0, <r3=>0x0}, 0x204b)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
write$FUSE_INIT(r2, &(0x7f0000002300)={0x50, 0x0, r3, {0x7, 0x9}}, 0x50)
read$FUSE(r2, &(0x7f0000004580)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r2, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r4}, 0x10)
r5 = open$dir(&(0x7f0000000140)='./file0\x00', 0x101, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r6, 0x2000009)
sendfile(r5, r6, 0x0, 0x7ffff000)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r9 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r9, 0x0, &(0x7f0000000100)={0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="00000100000004"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r9, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000300)={0x0, 0xd, 0xd, "a3fc58d42c678e558d206c95a4"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r9, 0x0, &(0x7f00000007c0)={0x34, &(0x7f0000000540)={0x20, 0xa, 0xb5, "22c8def8fe32c86e4c302704a78581f6a35058b169c9689337f14774b123db62363babe68d25daeb45d3bc7b549e1ba60b79ffbe56650e8afe9abe7370a1d2f161826f75d0c2a37fc2d2793a1d1d74c6aa820b31a6f5959bae5df3c791b171d02aac51ea015c698503225b24800620f11813b7095152361cec4ff4e1dcc34413510a0db26ed15440ff0863c76e7278407ed7805c13bd4845bdbd439c07cf8252cc00d7a4b295bf848607c4aa97f1be60eb73fc87bc"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0xbd}, &(0x7f0000000680)={0x20, 0x0, 0x80, {0x7e, "5a8eca83dfb976481480cb213b25338cb89b9c152c69c63b9e01f805a3f899c3db6fe7ab1d79d44612b620efbdcb1b856027d7d007c44c57230a864255839cc2a8847a408a287fdf7a8df829345bc4c64f1dba0353a89034d27a60d377556b8d09342f3d9abe05a89b4c964cd4fc78f4791934e347f6922da0a3cac40f3a"}}, &(0x7f0000000740)={0x20, 0x1, 0x1, 0x1}, &(0x7f0000000780)={0x20, 0x0, 0x1, 0x9}})
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x80, r8, 0x2, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @broadcast, @broadcast, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x7c}}, @val={0x2d, 0xce}, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_P2P_CTWINDOW={0x0, 0xa2, 0x72}]}, 0x80}}, 0x0)
executing program 0:
r0 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f00000014c0)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/5, 0x5}], 0x1, &(0x7f0000000240)=""/15, 0xf}, 0x1000000)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x2f, &(0x7f00000000c0)=[{&(0x7f0000000080)="ff", 0x45}], 0x1, &(0x7f00000015c0)=ANY=[], 0x11f0}, 0x0)
executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000240))
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f0000000000), 0x4)
syz_usbip_server_init(0x2)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x8, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @multicast2}}}})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000200)=@ccm_128={{0x304}, "76131e58a256d4af", "4448076cc60af592e807e038c4797041", "8076e30e", "f79d7fbbf3985dbb"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000100)=@gcm_256={{}, '\x00', "d830005894bf527ae179a7173985202bbfb61b36f3678de8ea2d0d6616076243", "5615d9f5", "7c5cec21291a43fe"}, 0x38)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x14, 0x6, 0x6, 0x101}, 0x14}}, 0x0)
syz_io_uring_setup(0x2ec1, &(0x7f0000000140), &(0x7f0000000000), &(0x7f0000000040))
io_uring_enter(r1, 0xb15, 0x0, 0x0, 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
unshare(0x20000480)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000200)=@id, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x2b, &(0x7f0000000140)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008004500001d000000000011907800000000ffffffff00004e2000099078e9"], 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x34, r1, 0x301, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x4}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0x4}]}, 0x34}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000040)=0x8000, 0x4)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001800010000000000000000000a00000000000000000000000c001600080001000800000008000400", @ANYRES32=r5, @ANYRESDEC=r3], 0x38}}, 0x0)
mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x8000})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100), 0x4)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e00230000690009047d"], 0x0)
socket$inet6(0xa, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r6, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 3:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet_sctp(r0, &(0x7f00000088c0)=[{&(0x7f0000000300)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000002500)=[{&(0x7f0000000340)="2261ba0ad95a5d371f44b014bccf26ed0e891ca58628dc3f9e15b36e06b9c2a7d68f068af784357e523ad18b31b838d0c240fcdeb98221a8470bb21459e2a95690239e37721512b658d1b496bf50307469a9e3401f9c68c9944fd42947c74c82220c09ea8f318cdd43d43122113d328447f84608f6da271c63675c0a7bc2c5be0617fd2ae2682708db7ee4145c66514a09d78092", 0x94}, {&(0x7f0000000400)="d33773077e90525e4c7c790a783ba076e9a65e7bb149d9384d8073a894ffc23a7a4916db852cc9a17dc84ce8d41b6b285d46e60f77103ea2d27d687863adb6ff0198ee36fc95766fd00623e067cee95a2ac9a51d958b79104c2f4f5007ff8f31fdbb24312219b8361af2493997eb34b026054a7921c038e249b5452b46d99eed5d369fbd9b5d6a805aa3c6f06da585e0953c098fd7bf691e5175cf271e925a3f047aed2d83fd6b95aaed134eff3f1bb671fd81ff7e756049f0e6156e3e543041085338891f98c819433e48392411911ed98f2c42353cc6d95a84b2c5d68f7e351050fe4f1b8497bf04888b96c857e2381567ce73de478e2ed15b44192a473abb2124d81c1922311961a4177f7f5aae51380822cb7ba971242597b44ba6c66a31b3348bbd202ce68d51edd353614bb774699e97457732708cec1cdb61d23e520f7bd8a94e9a16ec08da5f8e6714e93033d369e00e9cda77d05889093185722899c288a744261acd25af3b0dee40bffc54832eb6239b429feaeaddc283f8b647294483a17a23435a8d9e72019e0d83965e862ad3ef3c6343ef1a597424453d248e93558483fb4b6454bda3c321e06fac499515100665efc988353f8539a85db481e4776b84949f13f56c52a0204798b168604d034c45efbfb628cd5beec04deed0bcee429b48effe6eafe98a3dbd5ac4fd884a218a81d3bd68814485694f4a788a7f201ae2cdc1f0e5bff4fa7b8b405af013f3d96fdb6953a5820b87589e1cc278e588dc4c1343f5f34732a09fdbd85248748765aecf5e5f6ad44a33dc493b72d3d7d1fba2c039f82f92041905433b665bebfabcbdaa01683712b2e02084f7a3046a46705f9eef38c44dd293826c25e912402104588e00531aa622e4a2ee03fa769d99093b4f64e31db237c5969f64dfa4702a92188a61e62d0a06ea644bc48398f77560d084b2d213f63d3adbf22f974f583973190e745bb0840df3cb206fa1aa04b94733201e25e37a7f781d25dc0edb872ef18d44cd815caab17de7f9e6850f9e000b9faab06f195aeebec893452d840cc57e1a5bb20d50e37e11a9cf179ac8787678a588ec696755949384a96b01ea88002098582e0be1cbd56338d0bc8163444b7df908a48397e3cb44ac692f3a9c0712ca1288da1c4f78faf8772f5a0e629873d78132661d63f360e0fb332b74883ba544dae94f68c98bd61d444d7df68780c416d6e0dc1acadb29325f7a3349dc0c8d12eb080f145e5b011e3a48d7569c46cbdf2585758ea508797545eda577641534df806ec0f0d03a8e9898d5f2745b7d19782d2f7769c18c996dfe4d7bf75701d783fdaafc832a9dff6ebf4e1bc85ad8ff7e9a34dc9a0aec91fb348b1dc324d8badde275c0090fc03d0271d36c05525e28a914d19e5b1fceac508b6a90450c3972f04802eda08a73cf120305b8d3c0da91497965bf07cbf3a79ff1197b602fde897ddd9451749ea6dbce3be25dede561f385b4386b2377336bf5aad18124e2b14898c2e8c75aac643eba04f95800f68b4aad13018748cc390337b5d1", 0x44d}], 0x2, &(0x7f0000002600)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x8}}], 0x20}], 0x1, 0x48055)
executing program 3:
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={0x0, 0x5c8b}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x4, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897be6acbe1bae8e46b112f1385e7cea9e4daccc6f1b98ce3b4322af8299a45ddcb5be8d3e469fdde9896ca324a2f3c88c616a7dccde331698ce2d39f96220251011b4dfbec953b5c30e94adb5586cec0af234859805bb7df1101ae80318ff127e913178d79cfa918d54585b6184255e872e2dc33a5c7c30a756bbd63c32a3e6a22863781747d185acb64583976c4289394d642b07d18e2932d0a78bd2ccf92b3e94e82f1e9239fa272402f4c9efcf068709a44d6f652a4f23df89f9a15e6bf0c7e65d8f3e32c35e83d30298074d16cb5ff4ded1df81009bbae888fceb9a8109ba319605e1776e52d2069b5cd7de07cf8dc488ba6a9c7559ff49674a490991f323736f302004007d0ccf2e5eaceac6b56f48f2b00592d7a378f118d8b3e5ecd2035c8252374c91bc79cf26ac11ddffe2c09e1aa032da0713732387f950e3f4e301eb1d26e5a2b19318e50d555c832e279894d8c9b03e8940738c0fe391b29907d0d5f9214d6e697a19247f4e8221aca2ac47debd7c45b8344941cbecbaf44af343b24a4f88caf207d72002fb8b7d156997cb7275f535e6a9d6480046246e60bea0cf6f54abc69ff9418b6cb9301eb6890227215b633a886fb13c89698e51e482c42ca99613b20e22e5ce15272f5bda8b18cf53d49130a94135dd8a9692c", 0x34000, 0xbcff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc)
sendmmsg$inet6(r0, &(0x7f0000004800)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000380)='w', 0x1}], 0x5c88}}], 0x1, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000086d0495c20000000000010902"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000b80)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x8}}, 0xb8}}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080))
executing program 0:
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x1000a4}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000140), 0x100000000, 0x103)
userfaultfd(0x80001)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x8, 0x16, &(0x7f0000000340)="d3c4f7e5de1029f7c9d49f8ae23bad4c0699ef9bbe32c2d6888de5b064aa94d536c7f837593c4363a0964c3fc548b5d5ff6fb603cf9f3fefd2f60b3d0ba2f24a555d6e0616f58796f2431ae3be01de96c383add6f32f28067c022e846099d07b66d0aec40d14def5d5aa5d8f3e37a6712de9ddaa02027aec24849a1b5b403833fc9e70687141543839be295074f592ad680689b9c98c8fe495f197cadc9250ebb4a5ec065ac0e75a33060f190290603121098dac7f091395998c094b1acd3d465d9ceb5b61d895461cce67a375338559bdf477074738e4cf16b41480c6031238e9f876699e5706891996b36372dc71b942cd9dff7a8ba64cd5331302c7b92d82659ff623b915fdf85df3124189ac720b4d3cf7bf6e1a55c8d39db0c389bbbddf1e294a603260798abd52ec4f5c77bc416465027db99368b38670204b0762077a25d82724fc01ab531a6fcbf5c00c67f87a5bb98f95306b1d99df10abbe6cca16e98b6a8b5dec0af6f21f1f29bb0b4416bdbad80c2d9ec6fd41140a15a9a3a205364c71ff1fd23149c54bf86f725d7ddac71b50f99a25e66a7038fa229fc0211520b7470d011e7b233fde3543702db126567a34bd35aa4a59a05a83760ebe49eb4b9364ba367a62b820eaa487f772a9a0898ab5040d72c4c41a5a7269cd7efdfe731f80697a3da25c6c24619630fc91581b9b5ab8e2ebe35e8b1d1fd8f4cfca4238836c0403d470632503436325b063ddab48e820f81f4043000dd6fa9c60be47689edf59d369114323144f0cc9588148ec4d58e58e9f119926e30c358f6527eb745599b65b88b6062bd5b18140c7d3d64a3e43ed3abf5c49105d069a1f36ac3abd7141979fbf2735f13869f3e76bb8d1b0d92728be1fc39283d7d083d450e07adeb5f23148700266948d54cf5e5e79a274ed4f419e5fc10340d088031265a7d237362166ef22bcd9ae8b1bb8237d57e499cd8d3a3c2924f7266d6295dd40a917f7053e41d2149f2003fee9c1adb53076d4283d66bdb066873dbb05ffc72fa6a53ffaf3274661aafd8343abe65f602c6504fdd949f50922374d04ee3e2980e846fe08a1b578ca4616659b3721685400ec4bc52fec0e166909f02e4f5e3062f6c07a97a44af88e655d1168b14c2d22ba7b3ce0a62691b73828f83795160fdb906b4062b6f63d95292a30d9467e11011f69b91255144202d58b393ed7783b6e4a39754061fc0238b7b93d229e90479242fa77b531afb1f587fbd2a2fcf3aea44bd7fafa3a598837aa80e570272dfb919244e0e032abc5b12488d6b5d95b3165d99e7a9c124b434ab3dc730cc6490f795e222ef0c6b7975b3f56b8be37da25ee94406f0359eb274620171746971ea0215766d2cf116ce09811e1350e1392654fba67c346275d39eefa2bd2352a785c44096ec190f38e4d2ccc1b357d654ba780754c"})
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r3 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000100), 0x0, 0x0, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r4, r4}, &(0x7f0000000040)=""/79, 0x4f, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001e00050300000000000020000000000008080000a726b3a918817543c00dbd0b6a7b48249a4cec57ed70bedb84f0c7c03617f6d626", @ANYRES32=0x0, @ANYBLOB="0c0064007f00000000000000"], 0x28}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffed0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}]}}}]}, 0x44}}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f0000000040)=r1)
executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
epoll_create1(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000140)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$cgroup_ro(r1, &(0x7f0000000080)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000002280)={<r2=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000042c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r3, @ANYBLOB=',rootmode=0000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
chdir(&(0x7f0000004340)='./file0\x00')
write$FUSE_INIT(r3, &(0x7f00000066c0)={0x50, 0x0, r4, {0x7, 0x21}}, 0x50)
read$FUSE(r3, &(0x7f0000000040)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r3, &(0x7f00000063c0)={0x10, 0x0, r5}, 0x10)
read$FUSE(r3, &(0x7f0000004380)={0x2020, 0x0, <r6=>0x0}, 0x2020)
r7 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=<r9=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r7, 0xb15, 0x0, 0x0, 0x0, 0x0)
r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fchdir(r10)
statx(0xffffffffffffff9c, &(0x7f0000006400)='./file0\x00', 0x0, 0x0, 0x0)
write$FUSE_ENTRY(r3, &(0x7f0000006440)={0x90, 0x0, r6}, 0x90)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000300)={r2})
r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r11, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(r11, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r11, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10)
readv(r1, &(0x7f00000000c0), 0x0)
connect$inet(r1, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000440)="c68a76fc052ea9e5861f22eefbe4355322573df4473febc5460a4ac3cf40c7fb7d5f6d", 0x23}], 0x1}}], 0x1, 0x0)
r2 = socket$kcm(0x2, 0x0, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000500)={@val={0x1c, 0xc}, @val={0x0, 0x0, 0x0, 0x0, 0x3d}, @x25={0x0, 0x0, 0x0, "8ad40b074190e37fb928a57450f583253c8a1fa762cf1f9d5378691396e15c121743936a4bf3330f1aab7c458f212a863883d90d05eb8079d5341a37e91f5a9c0189b82e41b871af219aa14e6529328a2bf8c6e176"}}, 0x66)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x1200, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x2, 0x30}]}}}]}, 0x3c}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000000000000000000000000000000000002c0a199f1fe6b357805f27e440509610315c53e1d8243e2f0c040010f2c6224f27d67e063e40288614af6d82738152e8e92e8d7a329e5eff8ea7fc8415092f6a2051c27e2d93ae48b068d7438f287f6dff8e789cae0b895b11170e9c4b9ab82be0ffc954bd6bf4babb4bdbd1c95490ddf275f23b49bc67b96f00"], 0x14}, 0x1, 0x3000000}, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={<r2=>0x0}, &(0x7f0000000240)=0x8)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000280)={r2}, 0xc)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x3c1, 0x3, 0x298, 0x0, 0x111, 0x4b4, 0xd0, 0xd4feffff, 0x1c8, 0x20a, 0x278, 0x1c8, 0x278, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@private1, @mcast1, [], [], 'netdevsim0\x00', 'veth1_macvtap\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f8)
executing program 1:
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000180)='./file0\x00'}, 0x18)
getsockname$packet(r1, &(0x7f0000000340)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x6b)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="03000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, r3, 0xc3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast2}, @IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0x8001}]}}}]}, 0x40}}, 0x0)
executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x6}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00')
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x1})
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="020300090a000000000000000000000003000600000000e000000900000000000000000000000000000000000000030005002200000002000000e00000010000000000000000417cc67d6addbb0d8e6574a8371da533f6cd73a700"/100], 0x50}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'})
socket(0x10, 0x80002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1000000000000000100100000100000003b9592b3ac82114822973448bad05a4"], 0x10}, 0x8000)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000001c0)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000180)={r6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000002780)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={r7, 0x3, r5, 0x5})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
syz_emit_ethernet(0xfdef, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500002800000000003c907800"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000290780000"], 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r9}, 0x10)
r10 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000040)={0x1000}, 0x10)
executing program 0:
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close_range(r0, r0, 0x0)
close(0xffffffffffffffff)
epoll_create1(0x0)
r2 = epoll_create(0x0)
r3 = openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x90000001})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000140)={0xd71255f2c0da879})
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'ip6gretap0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB="000000000000000014000c801000"], 0x34}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
r5 = syz_open_dev$usbfs(0x0, 0x80000000003, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r5, 0x802c550a, &(0x7f0000000100)=ANY=[@ANYBLOB="0200a006002a17006000000002000020d3", @ANYRESDEC=r1])
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x400000, 0x2, &(0x7f0000000000/0x400000)=nil)
executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
r0 = syz_io_uring_setup(0x233, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x7a98, 0x2000, 0x0, 0x0, 0x0)
executing program 4:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000380)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e23, @empty}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24"], 0x10b8}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mknod(0x0, 0x1, 0x864)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000340), 0x6, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x0, 0x3, 0x4, {0x3, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000240)={0x1, @win={{0x0, 0x0, 0x1, 0xffff}, 0x2, 0x8, &(0x7f0000000380)={{0x4, 0x2, 0x44}, &(0x7f0000000100)={{0x1, 0x8, 0xffffffff, 0x283}}}, 0x80, &(0x7f0000000400)="4c3425e5d22b04b4dff741b1155196d48274b6ec3603eed4c7795069fd80b977d26fe4ce89b50f7f7f35238f72d27d54d59741f0c45e54d78ae6557844e1e3abae44d2c14895a376d0", 0xff}})
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040efc07140c"], 0xff)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2)
openat$cgroup_ro(r0, &(0x7f0000000480)='freezer.state\x00', 0x275a, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
executing program 2:
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x1000a4}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000140), 0x100000000, 0x103)
userfaultfd(0x80001)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x8, 0x16, &(0x7f0000000340)="d3c4f7e5de1029f7c9d49f8ae23bad4c0699ef9bbe32c2d6888de5b064aa94d536c7f837593c4363a0964c3fc548b5d5ff6fb603cf9f3fefd2f60b3d0ba2f24a555d6e0616f58796f2431ae3be01de96c383add6f32f28067c022e846099d07b66d0aec40d14def5d5aa5d8f3e37a6712de9ddaa02027aec24849a1b5b403833fc9e70687141543839be295074f592ad680689b9c98c8fe495f197cadc9250ebb4a5ec065ac0e75a33060f190290603121098dac7f091395998c094b1acd3d465d9ceb5b61d895461cce67a375338559bdf477074738e4cf16b41480c6031238e9f876699e5706891996b36372dc71b942cd9dff7a8ba64cd5331302c7b92d82659ff623b915fdf85df3124189ac720b4d3cf7bf6e1a55c8d39db0c389bbbddf1e294a603260798abd52ec4f5c77bc416465027db99368b38670204b0762077a25d82724fc01ab531a6fcbf5c00c67f87a5bb98f95306b1d99df10abbe6cca16e98b6a8b5dec0af6f21f1f29bb0b4416bdbad80c2d9ec6fd41140a15a9a3a205364c71ff1fd23149c54bf86f725d7ddac71b50f99a25e66a7038fa229fc0211520b7470d011e7b233fde3543702db126567a34bd35aa4a59a05a83760ebe49eb4b9364ba367a62b820eaa487f772a9a0898ab5040d72c4c41a5a7269cd7efdfe731f80697a3da25c6c24619630fc91581b9b5ab8e2ebe35e8b1d1fd8f4cfca4238836c0403d470632503436325b063ddab48e820f81f4043000dd6fa9c60be47689edf59d369114323144f0cc9588148ec4d58e58e9f119926e30c358f6527eb745599b65b88b6062bd5b18140c7d3d64a3e43ed3abf5c49105d069a1f36ac3abd7141979fbf2735f13869f3e76bb8d1b0d92728be1fc39283d7d083d450e07adeb5f23148700266948d54cf5e5e79a274ed4f419e5fc10340d088031265a7d237362166ef22bcd9ae8b1bb8237d57e499cd8d3a3c2924f7266d6295dd40a917f7053e41d2149f2003fee9c1adb53076d4283d66bdb066873dbb05ffc72fa6a53ffaf3274661aafd8343abe65f602c6504fdd949f50922374d04ee3e2980e846fe08a1b578ca4616659b3721685400ec4bc52fec0e166909f02e4f5e3062f6c07a97a44af88e655d1168b14c2d22ba7b3ce0a62691b73828f83795160fdb906b4062b6f63d95292a30d9467e11011f69b91255144202d58b393ed7783b6e4a39754061fc0238b7b93d229e90479242fa77b531afb1f587fbd2a2fcf3aea44bd7fafa3a598837aa80e570272dfb919244e0e032abc5b12488d6b5d95b3165d99e7a9c124b434ab3dc730cc6490f795e222ef0c6b7975b3f56b8be37da25ee94406f0359eb274620171746971ea0215766d2cf116ce09811e1350e1392654fba67c346275d39eefa2bd2352a785c44096ec190f38e4d2ccc1b357d654ba780754c"})
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r3 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000100), 0x0, 0x0, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r4, r4}, &(0x7f0000000040)=""/79, 0x4f, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001e00050300000000000020000000000008080000a726b3a918817543c00dbd0b6a7b48249a4cec57ed70bedb84f0c7c03617f6d626", @ANYRES32=0x0, @ANYBLOB="0c0064007f00000000000000"], 0x28}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffed0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000880)={0x0, r2})
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000380)={0x3, 0xffffffffffffffff, 0x1})
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
sendfile(r3, r3, 0x0, 0x100000000)
r4 = inotify_init1(0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000000), 0x2c)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000b, 0x10012, r6, 0x0)
write$RDMA_USER_CM_CMD_REJECT(r5, &(0x7f0000000f40)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x0, "24e820", "8332916de83850624d0b1b5f7e8fb2181bfe0632994e70c1e6ecd64197c5858abaee5efe855f98e1601d41af34482d3912b9f6c1e273a6edd40e29103e70359f43b53bf38e25ff78cb0bc1cbd5e27643c3b123cccec74091d06c51ab29ac03844f3de7f7afb5eb25a889e079047995d719f74d94a0c8370a7c39e19331ea5577e184759bcf5827fc2935b81e2cee8d5426d85dd9fcf84e68bf9379197b9b20ce7bc361926c608e0f52be60a313ecf320e76052922ecb84af2252086b0ca8e558b5fb68a46f469da897819fc66ca6a0b350642c19e53efdefc6e4d1f09bcd0aa32634d0eea94e68bbc85379523eeeee29a89c83f6600dd9b95883599aad471e5e"}}, 0x110)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
write$binfmt_misc(r8, &(0x7f0000000000)=ANY=[], 0xfffffecc)
ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f0000000080))
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), r8)
sendmsg$SMC_PNETID_DEL(r8, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="200027bd7000fbdbdf250300000009000300fa71ee19000000000900010073797a3000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x44004)
sendmsg$SMC_PNETID_GET(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYRESHEX=r8, @ANYRES16=r9, @ANYRES32=r7], 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x8000)
r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read(r10, &(0x7f0000000100)=""/150, 0x96)
r11 = socket(0x15, 0x5, 0x0)
getsockopt(r11, 0x200000000114, 0x8, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
inotify_add_watch(r4, &(0x7f0000000300)='./file0\x00', 0xd3000e3e)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x2, 0x0, 0x4, 0xabb, 0xf}})
utime(&(0x7f0000000400)='./file0\x00', 0x0)
executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0)
getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYRES32], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe800099"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@ipv6_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8, 0x0, 0x0, r3}}, @RTA_GATEWAY={0x14, 0x5, @dev}]}, 0x3c}, 0x1, 0xe0ffffffffffffff}, 0x0)
executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10)
readv(r1, &(0x7f00000000c0), 0x0)
connect$inet(r1, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000440)="c68a76fc052ea9e5861f22eefbe4355322573df4473febc5460a4ac3cf40c7fb7d5f6d", 0x23}], 0x1}}], 0x1, 0x0)
r2 = socket$kcm(0x2, 0x0, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000500)={@val={0x1c, 0xc}, @val={0x0, 0x0, 0x0, 0x0, 0x3d}, @x25={0x0, 0x0, 0x0, "8ad40b074190e37fb928a57450f583253c8a1fa762cf1f9d5378691396e15c121743936a4bf3330f1aab7c458f212a863883d90d05eb8079d5341a37e91f5a9c0189b82e41b871af219aa14e6529328a2bf8c6e176"}}, 0x66)
executing program 1:
r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, 0x0})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000340)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000000280), 0x0, 0x101, 0xfffffff7)
r2 = dup(r0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r4 = inotify_init1(0xc0000)
fcntl$notify(r1, 0x402, 0x8000003d)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x8, 0x6, 0x9, 0x800, 0xffffffffffffffff, 0x2, '\x00', 0x0, r2, 0x0, 0x5, 0x1, 0x2}, 0x48)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x2cb, 0x2)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r4], 0x1c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8044)
r7 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r9 = dup(r8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x38011, r9, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r7, 0x40045532, &(0x7f0000000440)=""/110)
fsopen(&(0x7f0000000080)='ceph\x00', 0x0)
syz_emit_ethernet(0x1f, &(0x7f0000000380)=ANY=[@ANYRES32=r5, @ANYRES64=r1], 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r6, 0xc0d05640, &(0x7f00000003c0)={0x1, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40]}})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000003c0)={0x0, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071848800000000deff000000ece5ffffff00"}})
executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)
sendmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}], 0x2, 0x0)
userfaultfd(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
socket(0xa, 0x3, 0x3a)
executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
epoll_create1(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000140)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$cgroup_ro(r1, &(0x7f0000000080)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000002280)={<r2=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000042c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r3, @ANYBLOB=',rootmode=0000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
chdir(&(0x7f0000004340)='./file0\x00')
write$FUSE_INIT(r3, &(0x7f00000066c0)={0x50, 0x0, r4, {0x7, 0x21}}, 0x50)
read$FUSE(r3, &(0x7f0000000040)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r3, &(0x7f00000063c0)={0x10, 0x0, r5}, 0x10)
read$FUSE(r3, &(0x7f0000004380)={0x2020, 0x0, <r6=>0x0}, 0x2020)
r7 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=<r9=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r7, 0xb15, 0x0, 0x0, 0x0, 0x0)
r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fchdir(r10)
statx(0xffffffffffffff9c, &(0x7f0000006400)='./file0\x00', 0x0, 0x0, 0x0)
write$FUSE_ENTRY(r3, &(0x7f0000006440)={0x90, 0x0, r6}, 0x90)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000300)={r2})
r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r11, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(r11, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r11, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
executing program 3:
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = syz_io_uring_setup(0x6fa9, &(0x7f0000000440)={0x0, 0x4da5}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x6ed3, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x6908, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r0}, &(0x7f0000000200), &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_setup(0x1867, &(0x7f00000003c0)={0x0, 0x81c3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
unshare(0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$SIOCSIFHWADDR(r7, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random='\rh\x00 \x00'})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x4001, 0x3, 0x1ec, 0x134, 0x0, 0x148, 0x0, 0x148, 0x1d4, 0x240, 0x240, 0x1d4, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x248)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000280)={0x28, 0x0, 0x2710}, 0x10)
r9 = openat$cgroup_ro(r5, &(0x7f0000000300)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r9, 0x0)
writev(r8, &(0x7f0000000680)=[{0x0}], 0x1)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-syz_io_uring_setup-syz_io_uring_submit-io_uring_enter-syz_io_uring_setup-syz_io_uring_setup-syz_io_uring_submit-bind$vsock_stream-listen-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-unshare-syz_genetlink_get_family_id$nl80211-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_ZEROPAGE-openat$cgroup_ro-close-socketpair$unix-ioctl$SIOCSIFHWADDR-setsockopt$IPT_SO_SET_REPLACE-socket$vsock_stream-connect$vsock_stream-openat$cgroup_ro-write$binfmt_script-mmap-writev
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = syz_io_uring_setup(0x6fa9, &(0x7f0000000440)={0x0, 0x4da5}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x6ed3, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x6908, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r0}, &(0x7f0000000200), &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_setup(0x1867, &(0x7f00000003c0)={0x0, 0x81c3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
unshare(0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$SIOCSIFHWADDR(r7, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random='\rh\x00 \x00'})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x4001, 0x3, 0x1ec, 0x134, 0x0, 0x148, 0x0, 0x148, 0x1d4, 0x240, 0x240, 0x1d4, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x248)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000280)={0x28, 0x0, 0x2710}, 0x10)
r9 = openat$cgroup_ro(r5, &(0x7f0000000300)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r9, 0x0)
writev(r8, &(0x7f0000000680)=[{0x0}], 0x1)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939-connect$can_j1939-sendmmsg-userfaultfd-openat-socket
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)
sendmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}], 0x2, 0x0)
userfaultfd(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
socket(0xa, 0x3, 0x3a)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939-connect$can_j1939-sendmmsg-userfaultfd-openat
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)
sendmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}], 0x2, 0x0)
userfaultfd(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939-connect$can_j1939-sendmmsg-userfaultfd
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)
sendmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}], 0x2, 0x0)
userfaultfd(0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939-connect$can_j1939-sendmmsg
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)
sendmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}], 0x2, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939-connect$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x3}, 0x18)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan0\x00'})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$nl_route
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-ioctl$sock_SIOCGIFBR-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f00000004c0)='ipvlan0\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-openat$kvm-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-setsockopt$inet_tcp_int-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f00000001c0), 0x4)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$inet_smc-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
socket$inet_smc(0x2b, 0x1, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2891baf9c47458ca2a20b94d6d8d5c869d1421d7e19fe005506631aa9ab70b211c04591aee3ead9a0df5316e955b1ea746c"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-open-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-preadv-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$inet6_sctp-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-openat$hwrng-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-sendmsg$nl_xfrm-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$nl_xfrm-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-sched_setaffinity-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-prctl$PR_SCHED_CORE-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-sendmsg$inet-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="9dd96509b40d8596385eb5818edfee546ace975d82da2b171cfecc23a937f85d0e5495a25524e3fbed23142b2de6642bae55e950974e752fe3028a2ec1eb5ad37e691b2629c45b92a20ee51a0e5ff026945ff087fc7600d3f8053d90a1af89e7a3e4e614939ff95a7868b179c3be9d75cb3d35b76461c08308fe810d24bb0c299d08f1984447c4ae5114e24c9e3984fda072f4a9ef743becf89122b07465f3ae", 0xa0}, {&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0700147ea64e21160af3650ab68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000814030011000000", 0x5c}, {&(0x7f0000000540)="f3c2d1f292caf530852fb640b000cab5dce3d1462711188ca6a878394be9237ac1a63bd9ea5d5726e200b45b754d3a0c913833a7ea0891d85d645967c5a6f449b4e7b604cea21f22a77d982b70c3950306189a4f725f99ad57198b1bfcb134273b21bc9c59ca", 0x66}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x4014)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-socket$kcm-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x4)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-socket$vsock_stream-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-readv-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/244, 0xf4}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x3)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0fcd621030109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$can_j1939
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
reproducing took 1h21m43.460327242s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
Read of size 8 at addr ffff8880799393d0 by task v4l_id/5430

CPU: 1 UID: 0 PID: 5430 Comm: v4l_id Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
 v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x14c/0x9d0 drivers/media/usb/em28xx/em28xx-video.c:2155
 v4l2_open+0x232/0x370 drivers/media/v4l2-core/v4l2-dev.c:427
 chrdev_open+0x5b0/0x630 fs/char_dev.c:414
 do_dentry_open+0x970/0x1440 fs/open.c:959
 vfs_open+0x3e/0x330 fs/open.c:1089
 do_open fs/namei.c:3727 [inline]
 path_openat+0x2b3e/0x3470 fs/namei.c:3886
 do_filp_open+0x235/0x490 fs/namei.c:3913
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd2fb1169a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffdc09e9a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffdc09e9c48 RCX: 00007fd2fb1169a4
RDX: 0000000000000000 RSI: 00007ffdc09e9f22 RDI: 00000000ffffff9c
RBP: 00007ffdc09e9f22 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdc09e9c60 R14: 0000563418ca9670 R15: 00007fd2fb639a80
 </TASK>

Allocated by task 5228:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4189
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 em28xx_v4l2_init+0xfd/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2534
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 5228:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2252 [inline]
 slab_free mm/slub.c:4473 [inline]
 kfree+0x149/0x360 mm/slub.c:4594
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2120 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x16d7/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2903
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888079938000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 5072 bytes inside of
 freed 8192-byte region [ffff888079938000, ffff88807993a000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79938
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 00fff00000000040 ffff888015842280 ffffea0001e61e00 0000000000000002
raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
head: 00fff00000000040 ffff888015842280 ffffea0001e61e00 0000000000000002
head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
head: 00fff00000000003 ffffea0001e64e01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5072, tgid 5072 (sshd), ts 43074287649, free_ts 43073419991
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3438
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4696
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x5f/0x120 mm/slub.c:2321
 allocate_slab+0x5a/0x2f0 mm/slub.c:2484
 new_slab mm/slub.c:2537 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3723
 __slab_alloc+0x58/0xa0 mm/slub.c:3813
 __slab_alloc_node mm/slub.c:3866 [inline]
 slab_alloc_node mm/slub.c:4025 [inline]
 __kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4184
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 tomoyo_print_bprm security/tomoyo/audit.c:26 [inline]
 tomoyo_init_log+0x11ce/0x2050 security/tomoyo/audit.c:264
 tomoyo_supervisor+0x38a/0x11f0 security/tomoyo/common.c:2089
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1809 [inline]
 exec_binprm fs/exec.c:1863 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1914
 do_execveat_common+0x55f/0x6f0 fs/exec.c:2021
page last free pid 5072 tgid 5072 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0xd22/0xea0 mm/page_alloc.c:2608
 discard_slab mm/slub.c:2583 [inline]
 __put_partials+0xeb/0x130 mm/slub.c:3051
 put_cpu_partial+0x17c/0x250 mm/slub.c:3126
 __slab_free+0x2ea/0x3d0 mm/slub.c:4343
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3988 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 __do_kmalloc_node mm/slub.c:4157 [inline]
 __kmalloc_noprof+0x1a6/0x400 mm/slub.c:4170
 kmalloc_noprof include/linux/slab.h:685 [inline]
 tomoyo_add_entry security/tomoyo/common.c:2023 [inline]
 tomoyo_supervisor+0xe0d/0x11f0 security/tomoyo/common.c:2095
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1809 [inline]
 exec_binprm fs/exec.c:1863 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1914
 do_execveat_common+0x55f/0x6f0 fs/exec.c:2021
 do_execve fs/exec.c:2095 [inline]
 __do_sys_execve fs/exec.c:2171 [inline]
 __se_sys_execve fs/exec.c:2166 [inline]
 __x64_sys_execve+0x92/0xb0 fs/exec.c:2166

Memory state around the buggy address:
 ffff888079939280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888079939300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888079939380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                 ^
 ffff888079939400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888079939480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
Read of size 8 at addr ffff8880799393d0 by task v4l_id/5430

CPU: 1 UID: 0 PID: 5430 Comm: v4l_id Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
 v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x14c/0x9d0 drivers/media/usb/em28xx/em28xx-video.c:2155
 v4l2_open+0x232/0x370 drivers/media/v4l2-core/v4l2-dev.c:427
 chrdev_open+0x5b0/0x630 fs/char_dev.c:414
 do_dentry_open+0x970/0x1440 fs/open.c:959
 vfs_open+0x3e/0x330 fs/open.c:1089
 do_open fs/namei.c:3727 [inline]
 path_openat+0x2b3e/0x3470 fs/namei.c:3886
 do_filp_open+0x235/0x490 fs/namei.c:3913
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd2fb1169a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffdc09e9a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffdc09e9c48 RCX: 00007fd2fb1169a4
RDX: 0000000000000000 RSI: 00007ffdc09e9f22 RDI: 00000000ffffff9c
RBP: 00007ffdc09e9f22 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdc09e9c60 R14: 0000563418ca9670 R15: 00007fd2fb639a80
 </TASK>

Allocated by task 5228:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4189
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 em28xx_v4l2_init+0xfd/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2534
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 5228:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2252 [inline]
 slab_free mm/slub.c:4473 [inline]
 kfree+0x149/0x360 mm/slub.c:4594
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2120 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x16d7/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2903
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888079938000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 5072 bytes inside of
 freed 8192-byte region [ffff888079938000, ffff88807993a000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79938
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 00fff00000000040 ffff888015842280 ffffea0001e61e00 0000000000000002
raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
head: 00fff00000000040 ffff888015842280 ffffea0001e61e00 0000000000000002
head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
head: 00fff00000000003 ffffea0001e64e01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5072, tgid 5072 (sshd), ts 43074287649, free_ts 43073419991
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3438
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4696
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x5f/0x120 mm/slub.c:2321
 allocate_slab+0x5a/0x2f0 mm/slub.c:2484
 new_slab mm/slub.c:2537 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3723
 __slab_alloc+0x58/0xa0 mm/slub.c:3813
 __slab_alloc_node mm/slub.c:3866 [inline]
 slab_alloc_node mm/slub.c:4025 [inline]
 __kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4184
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 tomoyo_print_bprm security/tomoyo/audit.c:26 [inline]
 tomoyo_init_log+0x11ce/0x2050 security/tomoyo/audit.c:264
 tomoyo_supervisor+0x38a/0x11f0 security/tomoyo/common.c:2089
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1809 [inline]
 exec_binprm fs/exec.c:1863 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1914
 do_execveat_common+0x55f/0x6f0 fs/exec.c:2021
page last free pid 5072 tgid 5072 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0xd22/0xea0 mm/page_alloc.c:2608
 discard_slab mm/slub.c:2583 [inline]
 __put_partials+0xeb/0x130 mm/slub.c:3051
 put_cpu_partial+0x17c/0x250 mm/slub.c:3126
 __slab_free+0x2ea/0x3d0 mm/slub.c:4343
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3988 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 __do_kmalloc_node mm/slub.c:4157 [inline]
 __kmalloc_noprof+0x1a6/0x400 mm/slub.c:4170
 kmalloc_noprof include/linux/slab.h:685 [inline]
 tomoyo_add_entry security/tomoyo/common.c:2023 [inline]
 tomoyo_supervisor+0xe0d/0x11f0 security/tomoyo/common.c:2095
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1809 [inline]
 exec_binprm fs/exec.c:1863 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1914
 do_execveat_common+0x55f/0x6f0 fs/exec.c:2021
 do_execve fs/exec.c:2095 [inline]
 __do_sys_execve fs/exec.c:2171 [inline]
 __se_sys_execve fs/exec.c:2166 [inline]
 __x64_sys_execve+0x92/0xb0 fs/exec.c:2166

Memory state around the buggy address:
 ffff888079939280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888079939300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888079939380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                 ^
 ffff888079939400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888079939480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================