Extracting prog: 1h6m28.512212161s
Minimizing prog: 59m35.421102805s
Simplifying prog options: 5m50.17162987s
Extracting C: 6m47.262004305s
Simplifying C: 0s


extracting reproducer from 46 programs
testing a last program of every proc
single: executing 11 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-syz_open_dev$sg-socket$inet_tcp-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-socket$alg-bpf$MAP_CREATE-bpf$PROG_LOAD-openat$cgroup_ro-openat$cgroup_ro-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-socket$netlink
detailed listing:
executing program 0:
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x22081)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socket$alg(0x26, 0x5, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000020000008500000086", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000600)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x2, 0x0, 0x1c, 0x67, 0x0, 0x72, 0x1, 0x0, @private=0xa010101, @remote}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x7}}}}}, 0x0)
socket$netlink(0x10, 0x3, 0xa)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ppp-ioctl$PPPIOCNEWUNIT-mmap-ioctl$PPPIOCSMAXCID-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$PPPIOCSFLAGS1-pwritev
detailed listing:
executing program 0:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000080)=0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r1], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r2}, 0x18)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000380)="00214717a70700000000030600710a5eeb9d0471200000000500000000000000ffff0342844d50e77d0dc450de49c204a803166580ac899c081cb49f1930e7d07fbdf3d8134e72158357ee37fdae", 0x4e}], 0x1, 0xee, 0x1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-setresgid-setuid-openat$cgroup_ro-syz_open_dev$evdev-epoll_create-epoll_ctl$EPOLL_CTL_ADD-io_setup-io_submit-syz_mount_image$ext4-openat-quotactl$Q_QUOTAON-mprotect-openat$cgroup_ro-mmap-syz_mount_image$ext4-unlink-write$char_usb-newfstatat-ioprio_set$uid-utimensat
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x800090, &(0x7f0000000240)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c696f636861727365743d64656661756c742c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c726f6469722c757466383d302c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c756e695f786c6174653d302c646d61736b3d30303030303030303030303030303030303030303030312c747a3d5554432c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c6572726f72733d72656d6f756e742d726f2c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c726f6469722c696f636861727365743d63703733372c73686f72746e616d653d77696e39352c696f636861727365743d6370313235312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c6e6ff6db36ce966e756d746169"], 0x6, 0x2d1, &(0x7f0000000740)="$eJzs3T9rJGUcB/DfbGb/qMVuYSWCA1pYHZdrbTbIHYipPLY4LTR4dyDZRUgg4h9cU4mdjaWvQBB8ITZ2loKtYGeEwMjMzmR3k3GzkWxE8/kUyZOZ5zvP73lmkkyTJ++9ONl/nMXT489+iV4vidawG3GSxCBaUfsilgy/DgDgv+wkz+P3fKbh9M9frcj2NlgXALA5l/z+r6Tlx0dFjx9urjYAYDMePnr7zZ3d3ftvZVkvHky+PBolEVF8np3feRofxDiexN3ox2lE+aLQjvJtoWg+yPN8mmaFQbwymR6NiuTk3R+r6+/8FlHmt6Mfg/LQ2dtGmX9j9/52NrOQnxZ1PFuNPyzy96Ifz5+Fl/L3GvIx6sSrLy/Ufyf68dP78WGM43FZxDz/+XaWvZ5/88en7xTlFflkejTqlv3m8q168OkN3yMAAAAAAAAAAAAAAAAAAAAAAP5/7lR753Sj3L+nOFTtv7N1WnzRjqw2WN6fZ5ZP6gvN9weKVp7n0zy+rffXuZtlWV51nOfTeCGtNhYEAAAAAAAAAAAAAAAAAACAW+7w40/298bjJwfX0qh3A0gj4s+HEf/0OsOFIy/F6s7dasy98bhVNZf7pItHYqvuk0SsLKOYxDUty2WNZy7UXDW++74xVczoMI2mU73LB203j3XFxkft2To29qmfrv29pHkNu2fF94obF+dvXCeaR2/HuSOdv6uwfhTXm06n8VT/ysvSea5sTFf0iWTV98Vrv87KXpjFUp9OuaqN8XbVWIifezbWep6jN4tf/FmR2K0DAAAAAAAAAAAAAAAAAAA2av7Xvw0nj1dGW3l3Y2UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI2a////dRrpcniNVCcODv+tuQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB7/BUAAP//vaZV2Q==")
setresgid(0xee00, 0xee01, 0x0)
setuid(0xee01)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x200000000000000, 0x820b01)
r2 = epoll_create(0x800)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080))
io_setup(0x3, &(0x7f0000000180)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000}])
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0xa00008, &(0x7f0000000000), 0x1, 0x7c8, &(0x7f0000001280)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JrsQ2JQeSqGBQHtOYmTFpJatYMkhNoYklEIvPbT0UGguOTdtesuhl/64tpf+DT2UhLR1QlN6KC4jjRL5hxw7seQ0/nxgrPdmRnrvO2/mzfPMIAWwZw2nf3IRByN60uRgNj+JbEZ0R5yor/dgeamQTkmsrLz6Q1Jb5/7yUiGa3pPan2X+GhFfvBlxKLe+3MrC4vREqVScy/Kj1ZkLo5WFxcPnZyamilPF2aNj4+NHjv3n2NGdi/WnrxcP3HnnpX9+fOKXN/5y8+0vkzgRB7JlzXHslOEYzrZJT7oJV3lxpwvbZcluV4Ankh6aXfWjPA7GYHRt0pL/72jNAIB2uRwRKwDAHpM4/wPAHtO4DnB/eanQmKJ+P+fK464dHG/3xYkOuPtCRPTX42/c36wv6a7fs/umv3YfdOB+UrtH0pBExNAOlD8cEddunb6RTtGm+5AAG7lyNSLODg2v7f/THm7tMwvb9a8trDPcSHxaf9H/Qed8lo5//rt+/BeRy47//trfteOfvuZj9yms/Yz1x3/u9qpszw4U2iQd/x1verbtQVP8maGuLPeH2pivJzl3vlRM+7Y/RsRI9PSl+bFNyhi59+u9Vsuax38/vvv6h2n56eujNXK3u/tWv2dyojrxNDE3u3s14m/dG8WfPGz/pMX499QWy3j5f2990GpZGn8ab2NaH397rVyP+MeG7f/oOahk0+cTR2u7w2hjp9hg//zk2/cHWpXf3P7XbqUlLRUa/wt0Qtr+A5vHP5Q0P69Z2X4ZX10f/LzVstXxn76Rlr86/o33/97ktVq6N5t3aaJanRuL6E1eWT//yKP3NvKN9dP4R/6+Kv6sBXOb7v/pSmez9MpjHn7svvP9R08ef3ul8U+m7Z9kQTy2/befuPlguqtV+Vtr//FaaiSbs77/6173uVut4FNtPAAAAAAAAAAAAAAAAAAAAAAAAADYolxEHIgkl3+YzuXy+fpveP85BnKlcqV66Fx5fnYyar+VPRQ9ucZXXQ42fR/qWPZ9+I38kTX5f0fEnyLivb59tXy+UC5N7nbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDZ3+L3/1Pf9e127QCAtunf7QoAAB23rfO/wQIAPBdanNJ7N569r611AQA6o3b+T7p3uxoAQAe5pA8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG126uTJdFr5eXmpkOYnLy7MT5cvHp4sVqbzM/OFfKE8dyE/VS5PlYr5Qnmm5Qddqb+UyuUL4zE7f2m0WqxURysLi2dmyvOz1TPnZyamimeKPR2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2rrKwOD1RKhXnJDZPXH4mqnE1a7bd3hrPU+Jstk2flfpsI9EXEe0qormX2Nf5jgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgd+K3AAAA//+aBB1p")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x4)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000180)={[{@jqfmt_vfsold}, {@grpid}, {@debug}, {@noload}, {@noauto_da_alloc}, {@mb_optimize_scan}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@nolazytime}, {@mblk_io_submit}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}]}, 0xfe, 0x486, &(0x7f0000000440)="$eJzs3c1vFOUfAPDvbLct8PthK+ILCFIFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EdJo9YBHQ+Ld+F8YT3ox6kUTr3o3JMT0Auplzbzs9oUd2L7Qpeznk8zu88zM7jzfmXlmn2ee7jaAjjWQPiQR/4+I3yOiL88uX2Egf7q5MDf298LcWBK12lt/Jdl6Nxbmxuqr1l/3vzxTqxX53ibbvfJuxOjU1MTFIj80e/6DoZlLl1+YPD96duLsxIWRkyePHd3fc2Lk+IbEmcZ1Y+/H0/v2nHrn6htjp6++91NSjTzuWBFHXaXxsDYD+d5t6um1v+09aeeSdLZjGw78sphudibQTl0RkR6u7qz+90VXbG8s64vXPmtr4YC7qlar1W5zVZ6vAfexJNpdAqA9si7AwYhYmBu7UUyb2f5ot+sv5x2gNO6bxZQvqda7/ge6V/RvN9JARJye/+erdIqS+xAAABvpu7T983ze7lje/qvEI3miJ314oBhD6Y+IByNiV0Q8FBG7I+LhiGzdRyPisVVuf+UIya3tn8q1NQfXgrT991IxtrW8/dcY+OnvKnI7s/i7kzOTUxNHin1yOLp7z0wmE8O32cb3r/72Rdmype2/dEq3X28LFuW4Vu3dtuw146Ozo+sKeonrn0bsrTaLP4n6ME4SEXsiYu8atzH5bLV02Z3jv43yt21Z7euIZ/LjPx8r4q9LSscnh188MXJ8aFtMTRwZqp8Vt/r51ytvlm1/XfFvgPT472h6/jfi70+2RcxcunwuG6+dWf02rvzxeWmfprXzv5E5tbM4/3uSt7MZPcWCj0ZnZy8OR/Qkr986f2Tx3er5+vpp/IcPNq//u2JxTzweEfsiYn9EPJF2CouyPxkRT0VkXegyP75y6P3Vx785Y6Vp/ON3Ov6x9PivPtF17odv7xx/eo0rO/7HstThYk4r179WC7iefQcAAABbRSX7G/ikMphUi/Si3bGjMjU9M/vcmekPL4zny/qju1K/09W35H7ocHFvuJ4fWZE/Wtw3/rJre5YfHJueGm9j3ED+XZ2s/jeuBZXK4GC+7M+udpcOuOs2YBwN2KLUf+hc6j90pkT9h46m/kPnalb/Pylde/Cbu1oYYFP5/IfO1UL9n8+fylsFwNbk8x86l/oPHan0u/GVdX3lf9MT/xa/Z3ivlOf+T0TlnijG8sShiEjaX4wNTVRb/jGLVSRqfXn9T+f0Nl2n+OcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW9x/AQAA///EheJ4")
unlink(&(0x7f0000000100)='./file1\x00')
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2778)
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x1000)
ioprio_set$uid(0x3, r5, 0x0)
utimensat(r0, 0x0, &(0x7f0000000000)={{0x77359400}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_tcp-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000600)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x2, 0x0, 0x1c, 0x67, 0x0, 0x72, 0x1, 0x0, @private=0xa010101, @remote}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x7}}}}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_usb_connect-syz_open_dev$midi-syz_usb_disconnect-writev-mount$tmpfs-bpf$MAP_CREATE
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000007000000480000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r3 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r2)
writev(r3, &(0x7f0000000200)=[{&(0x7f0000000040)="01", 0x1}, {0x0}], 0x2)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x2, &(0x7f00000003c0)={[{@inode64}, {@mpol={'mpol', 0x3d, {'default', '=relative', @void}}}], [{@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000001000000420000004000000002000000", @ANYRES32, @ANYBLOB="00000000000000ecff000000000000000000000098f5577ffcdd6e13d9c61c559f827fe7cf699da5aa3d0adcddb7a3d0939fc6b6b11b0d142b166c9a76ab2ea6337a5bc98531348bec2fbd3cac9d78c8bd3139389eba1186d155fe0877c49df8769c40d5e51211077132103d657bc4a8deb7a6865db501756b44507c7e6b639cdd4ea2deddf1bd1601c4986f5af2ac60d3dd22d70afc84e32ffd53ad6cd4c4e8ac17", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_usb_connect-syz_open_dev$midi-syz_usb_disconnect-writev-mount$tmpfs-bpf$MAP_CREATE
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000007000000480000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r3 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r2)
writev(r3, &(0x7f0000000200)=[{&(0x7f0000000040)="01", 0x1}, {0x0}], 0x2)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x2, &(0x7f00000003c0)={[{@inode64}, {@mpol={'mpol', 0x3d, {'default', '=relative', @void}}}], [{@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000001000000420000004000000002000000", @ANYRES32, @ANYBLOB="00000000000000ecff000000000000000000000098f5577ffcdd6e13d9c61c559f827fe7cf699da5aa3d0adcddb7a3d0939fc6b6b11b0d142b166c9a76ab2ea6337a5bc98531348bec2fbd3cac9d78c8bd3139389eba1186d155fe0877c49df8769c40d5e51211077132103d657bc4a8deb7a6865db501756b44507c7e6b639cdd4ea2deddf1bd1601c4986f5af2ac60d3dd22d70afc84e32ffd53ad6cd4c4e8ac17", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_tcp-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000600)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x2, 0x0, 0x1c, 0x67, 0x0, 0x72, 0x1, 0x0, @private=0xa010101, @remote}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x7}}}}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat-mkdirat-chdir-creat-renameat2-openat$dir-getdents64-getdents-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-accept-openat$kvm-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_RUN-openat$vim2m-ioctl$vim2m_VIDIOC_G_FMT-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_open_procfs-pread64-syz_usb_connect-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$cdc_ncm-fsopen-openat$vicodec0-openat$userio-close_range-pselect6-syz_mount_image$iso9660
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0x1280, &(0x7f0000003780)="$eJzs3UtrJFUbB/Cnk8513lxeHUdnQDzoRhHaSRBXboLMgBhQohlQQagxHW3SuZBuAhFx4sqV4McQdelOUL9ANrpwLQgi2bichVjSl9F0uhNj0tMR+f02fTh1/vVU5VAFFepQB89/sr62WiutZvUYKhSiuDUSxbspUgzFcLTsxVO3fvjx0Vdff+OlhcXFG0sp3Vx4be65lNL0Y1+/+f4Xj39bv3Try+mvxmJ/9q2DX+d/2r+yf/Xg98+jUkuVWtrYrKcs3d7crGe3q+W0UqmtlVJ6pVrOauVU2aiVtzu2r1Y3t7Z2U7axMjW5tV2u1VK2sZvWyrupXkj17d2UvZNVNlKpVEpTk8F5LH92N8/ziDwfidHI8zyfiMm4FP+LqZiOmZiN/8cD8WBcjofiSjwcj8TV5qhm+JuLPnoAAAAAAAAAAAAAAAAAAAD4r/ib9f+FE9b/AwAAAAAAAAAAAAAAAAAAAH1ydP1/MeK03/8HAAAAAAAAAAAAAAAAAAAA+uTw+v/vJyKOfP//yPr/p63/BwAAAAAAAAAAAAAAAAAAgPthvPWzlNJ4xPpHO8s7y63fVv/CalSiGuW4HjPxWzRX/7e02jdfXLxxPTXNxjPrd9r5OzvLw535uZGZmC30zM+18qkzPxaTh/PzMROXe9afne+ZH48nn2jkP2zlSzET370dm1GNlYhC++yb9T+YS+mFlxcnOvPXGuOONXyfpwUAAAD6qZT+1P38vtce1HN7a1P7+Ty1RxZO+P/AkefzYlwrXtRZc09t9721rFotb5+xMXr8fkbPt+euRiEisjjcMz3581KjeN9KnLUxPNCiIyePOcecRvFf8MfsQ+OXTw/1jMdgqw+1L4ms2rh/ni4Ve3l+pqLPnnK+el6MY43GXvNQu1PH3zMKA7gvMRh/TfpFHwkAAAAAAAAAAAD/RM93Biciout9wHe7eu69Ht4Z797z8dU/HsAZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBztwLAAAAAAgzN86jY4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//8uGzL8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0)
chdir(&(0x7f0000000540)='./file0\x00')
r1 = creat(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
renameat2(r0, &(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000200)='./bus\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
accept(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f0000000240)={0x2, @sliced={0x9, [0x1, 0x740, 0x8, 0x8, 0x401, 0x6, 0x6, 0x6, 0x7ff, 0x101, 0x0, 0x4, 0x0, 0xb, 0x3, 0x6, 0x3, 0xfff, 0x3, 0x2, 0xa, 0x8, 0x1, 0x6, 0x1000, 0x9, 0xc000, 0x3, 0x527, 0x3, 0x866, 0x2c, 0x7, 0x7, 0x5, 0x2, 0x9, 0x9, 0x5, 0x3, 0x8, 0xad, 0x364, 0x1, 0xe, 0x2, 0x400, 0xfffa], 0x7}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/if_inet6\x00')
pread64(r5, &(0x7f0000000100)=""/50, 0x67, 0xf)
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xa8, &(0x7f0000000340)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
fsopen(0x0, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$userio(0xffffff9c, &(0x7f0000000040), 0x282, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0xa}, &(0x7f0000000000)={0x1f, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000001240), &(0x7f0000000000)='./file1\x00', 0x204419, &(0x7f00000004c0)=ANY=[], 0x2f, 0x5ae, &(0x7f0000001280)="$eJzs3V1v29Ydx/EfHXuxXaAYtiELjDycJhvgAKlCSY0DoRcDRx3ZbCVSI+nBviqCxi6MyO2QdMDimyU32QZsL6K3w17DXtGKXe7SAx9kW9FTZtlx5n4/Qnso8vDwT1o9/x5bPBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDjN1236qgdhJtbZjy/GUed47fl3kMrdG+gmHBcycn+0eKirherrv/sePO17F93dKN4d0OLWbGogw+u/fjTn87P9fefEPA78fzFwdPHvd7Os4sO5BzdvDp+27oNgyQKOt66NUESmcbamvtgo5WYVtC2yXaS2o7xY+ulUWxW/Xum2mjUja1sR5vhetNr2/7KRx/XXHfNfFbpWi9OovDBZ5XE3wja7SBcz+tkm7M6j7IP4udBalLrdYzZ3evt1KedQFap+jaVatMq1dxarVqt1aprDxsPH7nu/NAK9w0aqnHxH1qcoYfLRz3h0lvuclZdNzCzuTL/q61AoTa1JTPy5aupWJE6Y7aXysTv/PKBnXjck/m/n+WvH29eUZ7/bxXvbmX5//aI/D8mlumv7P8nTrvvyddzvdCBnuqxeuppR8/ytUtn1Posr9vv5CjrsgoV/KalSIE68vI1RoESRTJqaE1rcvWFNtRSIqOWArVllWhbiVLZ/BPlK5aVp1SRYhmtytc9GVXVUEN1GVlVtK1Imwq1rqa8vJVd7amnf8zXJ8SoeSn/4VTHVlnuf+52VJvQ0mz5/9CRyP842w4cmMFhP/8DAAAAAIBLy8l/+56N/xd0M19qBW3rXnRYAAAAAADgDOV/+b+RFQvZ0k05g+P/q2X58oLiAwAAAAAAs3Pye+wcScu6XSztyslvl+JLAAAAAAAAXBL53/9vZUU+B8ptOeWcKoz/AQAAAAC4NP48fo79/lf+u1edf/5bcbzgvOpu/cLZ97KV3v6VYuuVN1tMWyvOh2UjebE2X77z7Q2nnP3yaBLM78tid9pc/84pAviVBgPQX/vzE3/0pCif9LeUWkHbVvyo/WlVnvfhXGq30t9/vfcH5af/l7BTVnv55Te9J3ksr7K3r/bLCRSH5lEcfzH0bT7fQn7PxcgzXshvxCiPu+xod6+34548/7li97n/4Zivdaeoc3elKJePzz875mJ2zGpl3NmXUVRnPPPXultGsXq3KEZEUdOUKGonozjVtRgVRf0/h4fFCeVR1Kddi/qMUQDARdmdkoWc4cR/il7uXLL7iB59taizupJ1rIvzKwcfXFs62rPo0d1pPbp71KMv6TTZ7e9Dz0Aal2Oz4/7tjaz6XbbDd2OOuyCp5mSX8Mq3+7/TtecvDj7e23/81c5XO1/XavU19xPXfVjTQn4aZTE20rf+iAAALqHBZ+yMyv9Tazif6KOixohRdVbjJ0dfKajoS32jnp7ofn63gYrH+oxodfnE1xDu90etd8rntLwxal3O02TxhJf7E8aWP8rvcui3W5tYdzCG+vn/IAAAeIfujMzDxdj+bfP//cFxt/Jx98g8muXyyaPj47rVd3odAAD4IbHx985y+icnjoPuF9VGo+qlG9bEkf+5iYPmujVBmNrY3/DCdWu6cZRGftQ2/d9Lm2Sz243i1LSi2HSjJNjKn/xuyke/J7bjhWngJ9229RJr/ChMPT81zSDx+228jPOdk671g1bge2kQhSaJNmPfVoxJrDXdzV+3g2TDxiZo2jANWkG2GJpuHHS8eNv8Nmpvdqxp2sSPg24aFQ32jxWErSju5M1WLvJCAwDwHnn+4uDp415v59kZLuhwcM1FnyMAABhElgYAAAAAAAAAAAAAAAAAAAAA4P13ipv8NLRmSae5WXC4HRayBedcbsr8/1n4+fsRxnkv/OtZ8V/gjO28LufhPvMIp3YdfzznrgnAOftvAAAA//+bYUXN")

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat-mkdirat-chdir-creat-renameat2-openat$dir-getdents64-getdents-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-accept-openat$kvm-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_RUN-openat$vim2m-ioctl$vim2m_VIDIOC_G_FMT-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_open_procfs-pread64-syz_usb_connect-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$cdc_ncm-fsopen-openat$vicodec0-openat$userio-close_range-pselect6-syz_mount_image$iso9660
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0x1280, &(0x7f0000003780)="$eJzs3UtrJFUbB/Cnk8513lxeHUdnQDzoRhHaSRBXboLMgBhQohlQQagxHW3SuZBuAhFx4sqV4McQdelOUL9ANrpwLQgi2bichVjSl9F0uhNj0tMR+f02fTh1/vVU5VAFFepQB89/sr62WiutZvUYKhSiuDUSxbspUgzFcLTsxVO3fvjx0Vdff+OlhcXFG0sp3Vx4be65lNL0Y1+/+f4Xj39bv3Try+mvxmJ/9q2DX+d/2r+yf/Xg98+jUkuVWtrYrKcs3d7crGe3q+W0UqmtlVJ6pVrOauVU2aiVtzu2r1Y3t7Z2U7axMjW5tV2u1VK2sZvWyrupXkj17d2UvZNVNlKpVEpTk8F5LH92N8/ziDwfidHI8zyfiMm4FP+LqZiOmZiN/8cD8WBcjofiSjwcj8TV5qhm+JuLPnoAAAAAAAAAAAAAAAAAAAD4r/ib9f+FE9b/AwAAAAAAAAAAAAAAAAAAAH1ydP1/MeK03/8HAAAAAAAAAAAAAAAAAAAA+uTw+v/vJyKOfP//yPr/p63/BwAAAAAAAAAAAAAAAAAAgPthvPWzlNJ4xPpHO8s7y63fVv/CalSiGuW4HjPxWzRX/7e02jdfXLxxPTXNxjPrd9r5OzvLw535uZGZmC30zM+18qkzPxaTh/PzMROXe9afne+ZH48nn2jkP2zlSzET370dm1GNlYhC++yb9T+YS+mFlxcnOvPXGuOONXyfpwUAAAD6qZT+1P38vtce1HN7a1P7+Ty1RxZO+P/AkefzYlwrXtRZc09t9721rFotb5+xMXr8fkbPt+euRiEisjjcMz3581KjeN9KnLUxPNCiIyePOcecRvFf8MfsQ+OXTw/1jMdgqw+1L4ms2rh/ni4Ve3l+pqLPnnK+el6MY43GXvNQu1PH3zMKA7gvMRh/TfpFHwkAAAAAAAAAAAD/RM93Biciout9wHe7eu69Ht4Z797z8dU/HsAZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBztwLAAAAAAgzN86jY4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//8uGzL8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0)
chdir(&(0x7f0000000540)='./file0\x00')
r1 = creat(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
renameat2(r0, &(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000200)='./bus\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
accept(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f0000000240)={0x2, @sliced={0x9, [0x1, 0x740, 0x8, 0x8, 0x401, 0x6, 0x6, 0x6, 0x7ff, 0x101, 0x0, 0x4, 0x0, 0xb, 0x3, 0x6, 0x3, 0xfff, 0x3, 0x2, 0xa, 0x8, 0x1, 0x6, 0x1000, 0x9, 0xc000, 0x3, 0x527, 0x3, 0x866, 0x2c, 0x7, 0x7, 0x5, 0x2, 0x9, 0x9, 0x5, 0x3, 0x8, 0xad, 0x364, 0x1, 0xe, 0x2, 0x400, 0xfffa], 0x7}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/if_inet6\x00')
pread64(r5, &(0x7f0000000100)=""/50, 0x67, 0xf)
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xa8, &(0x7f0000000340)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
fsopen(0x0, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$userio(0xffffff9c, &(0x7f0000000040), 0x282, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0xa}, &(0x7f0000000000)={0x1f, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000001240), &(0x7f0000000000)='./file1\x00', 0x204419, &(0x7f00000004c0)=ANY=[], 0x2f, 0x5ae, &(0x7f0000001280)="$eJzs3V1v29Ydx/EfHXuxXaAYtiELjDycJhvgAKlCSY0DoRcDRx3ZbCVSI+nBviqCxi6MyO2QdMDimyU32QZsL6K3w17DXtGKXe7SAx9kW9FTZtlx5n4/Qnso8vDwT1o9/x5bPBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDjN1236qgdhJtbZjy/GUed47fl3kMrdG+gmHBcycn+0eKirherrv/sePO17F93dKN4d0OLWbGogw+u/fjTn87P9fefEPA78fzFwdPHvd7Os4sO5BzdvDp+27oNgyQKOt66NUESmcbamvtgo5WYVtC2yXaS2o7xY+ulUWxW/Xum2mjUja1sR5vhetNr2/7KRx/XXHfNfFbpWi9OovDBZ5XE3wja7SBcz+tkm7M6j7IP4udBalLrdYzZ3evt1KedQFap+jaVatMq1dxarVqt1aprDxsPH7nu/NAK9w0aqnHxH1qcoYfLRz3h0lvuclZdNzCzuTL/q61AoTa1JTPy5aupWJE6Y7aXysTv/PKBnXjck/m/n+WvH29eUZ7/bxXvbmX5//aI/D8mlumv7P8nTrvvyddzvdCBnuqxeuppR8/ytUtn1Posr9vv5CjrsgoV/KalSIE68vI1RoESRTJqaE1rcvWFNtRSIqOWArVllWhbiVLZ/BPlK5aVp1SRYhmtytc9GVXVUEN1GVlVtK1Imwq1rqa8vJVd7amnf8zXJ8SoeSn/4VTHVlnuf+52VJvQ0mz5/9CRyP842w4cmMFhP/8DAAAAAIBLy8l/+56N/xd0M19qBW3rXnRYAAAAAADgDOV/+b+RFQvZ0k05g+P/q2X58oLiAwAAAAAAs3Pye+wcScu6XSztyslvl+JLAAAAAAAAXBL53/9vZUU+B8ptOeWcKoz/AQAAAAC4NP48fo79/lf+u1edf/5bcbzgvOpu/cLZ97KV3v6VYuuVN1tMWyvOh2UjebE2X77z7Q2nnP3yaBLM78tid9pc/84pAviVBgPQX/vzE3/0pCif9LeUWkHbVvyo/WlVnvfhXGq30t9/vfcH5af/l7BTVnv55Te9J3ksr7K3r/bLCRSH5lEcfzH0bT7fQn7PxcgzXshvxCiPu+xod6+34548/7li97n/4Zivdaeoc3elKJePzz875mJ2zGpl3NmXUVRnPPPXultGsXq3KEZEUdOUKGonozjVtRgVRf0/h4fFCeVR1Kddi/qMUQDARdmdkoWc4cR/il7uXLL7iB59taizupJ1rIvzKwcfXFs62rPo0d1pPbp71KMv6TTZ7e9Dz0Aal2Oz4/7tjaz6XbbDd2OOuyCp5mSX8Mq3+7/TtecvDj7e23/81c5XO1/XavU19xPXfVjTQn4aZTE20rf+iAAALqHBZ+yMyv9Tazif6KOixohRdVbjJ0dfKajoS32jnp7ofn63gYrH+oxodfnE1xDu90etd8rntLwxal3O02TxhJf7E8aWP8rvcui3W5tYdzCG+vn/IAAAeIfujMzDxdj+bfP//cFxt/Jx98g8muXyyaPj47rVd3odAAD4IbHx985y+icnjoPuF9VGo+qlG9bEkf+5iYPmujVBmNrY3/DCdWu6cZRGftQ2/d9Lm2Sz243i1LSi2HSjJNjKn/xuyke/J7bjhWngJ9229RJr/ChMPT81zSDx+228jPOdk671g1bge2kQhSaJNmPfVoxJrDXdzV+3g2TDxiZo2jANWkG2GJpuHHS8eNv8Nmpvdqxp2sSPg24aFQ32jxWErSju5M1WLvJCAwDwHnn+4uDp415v59kZLuhwcM1FnyMAABhElgYAAAAAAAAAAAAAAAAAAAAA4P13ipv8NLRmSae5WXC4HRayBedcbsr8/1n4+fsRxnkv/OtZ8V/gjO28LufhPvMIp3YdfzznrgnAOftvAAAA//+bYUXN")

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
getpid()
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x488000, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r0 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, 0x0)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: no output from test machine
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: no output from test machine
suppressed program crash: no output from test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_INSN-syz_open_dev$loop-ioctl$BLKDISCARD-getpid-openat$vicodec0-ioctl$VIDIOC_CREATE_BUFS
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x488000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
r1 = syz_open_dev$loop(0x0, 0xffffffffffffffff, 0x98801)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000400)=0x8000)
getpid()
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0xfffffffb, 0x4, 0x1, {0x2, @raw_data="f39ef0bfae1b5da1f9b1a00ba6e46d47d6a046b29f8aaf82ccada075953b3c31164a657f848da5be2249c36cf6db915930828d9cac8272cfb3d25ed79a638423b2213bf256bcd7c74d88d415100c9183b3c6ce30bba3fcfd10bebe4bd89237908f4c185aaa402ebad370e66d68806a9ecac49e8b2ad109c176050cf5b942f6fd7a2e025b873a2614c0ce650498109ccdbcc5e4e1bac7db526e62d889e362e23c46606e6dd8f0bf3a5f99d749c985a95446f29cda3fe18f8f272109e3cbc0dd1ad5f6279236a5ec92"}, 0x7})

program crashed: INFO: task hung in vivid_fop_release
validation run: crashed=true
reproducing took 2h47m42.564136048s
repro crashed as (corrupted=false):
INFO: task syz.4.21:4400 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.21        state:D stack:27872 pid: 4400 ppid:  4331 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 vivid_fop_release+0x66/0xad0 drivers/media/test-drivers/vivid/vivid-core.c:632
 v4l2_release+0x1f9/0x390 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f54f3716fc9
RSP: 002b:00007f54f2d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007f54f396dfa0 RCX: 00007f54f3716fc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007f54f3799f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f54f396e038 R14: 00007f54f396dfa0 R15: 00007ffedf615f08
 </TASK>
INFO: task syz.0.17:4426 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D
 stack:27400 pid: 4426 ppid:  4320 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fcf5b8cefc9
RSP: 002b:00007fcf5af3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007fcf5bb25fa0 RCX: 00007fcf5b8cefc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007fcf5b951f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcf5bb26038 R14: 00007fcf5bb25fa0 R15: 00007ffe13747528
 </TASK>
INFO: task syz.1.18:4428 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:27200 pid: 4428 ppid:  4317 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fdbd1446fc9
RSP: 002b:00007fdbd0ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007fdbd169dfa0 RCX: 00007fdbd1446fc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007fdbd14c9f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdbd169e038 R14: 00007fdbd169dfa0 R15: 00007ffce76ab868
 </TASK>
INFO: task syz.2.19:4430 blocked for more than 149 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:27680 pid: 4430 ppid:  4323 flags:0x00104006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1722c05fc9
RSP: 002b:00007f1722275038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007f1722e5cfa0 RCX: 00007f1722c05fc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007f1722c88f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1722e5d038 R14: 00007f1722e5cfa0 R15: 00007ffd600e45f8
 </TASK>

Showing all locks held in the system:
2 locks held by init/1:
 #0: ffff88802bad0828 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802bad0828 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
1 lock held by kthreadd/2:
3 locks held by kworker/u4:0/9:
 #0: ffff888016879138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90000ce7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251
1 lock held by khungtaskd/27:
 #0: ffffffff8c11c720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
4 locks held by kworker/u4:1/144:
 #0: ffff8880169cd938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc900011afd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d22cad0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x132/0xb80 net/core/net_namespace.c:589
 #3: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x86b/0xa40 net/core/dev.c:10696
2 locks held by kworker/u4:3/155:
3 locks held by kworker/1:3/2304:
 #0: ffff888016871938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90005c9fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x81/0xa50 net/wireless/reg.c:2437
2 locks held by udevd/3561:
 #0: ffff88807cb90128 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88807cb90128 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3854:
 #0: ffff888140887410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #0: ffff888140887410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff888140887410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 net/socket.c:1336
 #1: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xaa/0x2b0 net/ipv6/ip6mr.c:1584
2 locks held by dhcpcd/3855:
 #0: ffff8880205bdc10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #0: ffff8880205bdc10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff8880205bdc10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 net/socket.c:1336
 #1: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xaa/0x2b0 net/ipv6/ip6mr.c:1584
2 locks held by dhcpcd/3856:
 #0: ffff88802b19f828 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802b19f828 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by getty/3946:
 #0: ffff88802b8dd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30 drivers/tty/n_tty.c:2158
2 locks held by dhcpcd/3987:
 #0: ffff88802a065528 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802a065528 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3988:
 #0: ffff88802a064028 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802a064028 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3992:
 #0: ffff88801e328f28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88801e328f28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3998:
 #0: ffff88801e32b928 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88801e32b928 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/4002:
 #0: ffff88802a062b28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802a062b28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/4003:
 #0: ffff88801e329d28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88801e329d28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by sshd-session/4189:
 #0: ffff88807a50c728 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88807a50c728 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
3 locks held by kworker/1:4/4233:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90002e0fd00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
6 locks held by kworker/u4:5/4281:
 #0: ffff888141fb0938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90002e7fd00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffff88807f0c40e0 (&type->s_umount_key#32){++++}-{3:3}, at: trylock_super+0x1c/0xf0 fs/super.c:418
 #3: ffff88807f0c6bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 fs/ext4/inode.c:2689
 #4: ffff88807f0c8990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1312/0x15a0 fs/jbd2/transaction.c:462
 #5: ffff888074a88278 (&ei->i_data_sem){++++}-{3:3}, at: ext4_map_blocks+0x8b2/0x1b30 fs/ext4/inode.c:666
3 locks held by kworker/0:23/4312:
 #0: ffff88802a485d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000310fd00 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4654
4 locks held by syz.3.20/4389:
2 locks held by syz.4.21/4400:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 #1: ffff8880268b6aa8 (&dev->mutex#4){+.+.}-{3:3}, at: vivid_fop_release+0x66/0xad0 drivers/media/test-drivers/vivid/vivid-core.c:632
1 lock held by syz.0.17/4426:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
1 lock held by syz.1.18/4428:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
1 lock held by syz.2.19/4430:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
1 lock held by syz.5.22/4472:

final repro crashed as (corrupted=false):
INFO: task syz.4.21:4400 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.21        state:D stack:27872 pid: 4400 ppid:  4331 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 vivid_fop_release+0x66/0xad0 drivers/media/test-drivers/vivid/vivid-core.c:632
 v4l2_release+0x1f9/0x390 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f54f3716fc9
RSP: 002b:00007f54f2d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007f54f396dfa0 RCX: 00007f54f3716fc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007f54f3799f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f54f396e038 R14: 00007f54f396dfa0 R15: 00007ffedf615f08
 </TASK>
INFO: task syz.0.17:4426 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D
 stack:27400 pid: 4426 ppid:  4320 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fcf5b8cefc9
RSP: 002b:00007fcf5af3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007fcf5bb25fa0 RCX: 00007fcf5b8cefc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007fcf5b951f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcf5bb26038 R14: 00007fcf5bb25fa0 R15: 00007ffe13747528
 </TASK>
INFO: task syz.1.18:4428 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:27200 pid: 4428 ppid:  4317 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fdbd1446fc9
RSP: 002b:00007fdbd0ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007fdbd169dfa0 RCX: 00007fdbd1446fc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007fdbd14c9f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdbd169e038 R14: 00007fdbd169dfa0 R15: 00007ffce76ab868
 </TASK>
INFO: task syz.2.19:4430 blocked for more than 149 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:27680 pid: 4430 ppid:  4323 flags:0x00104006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 get_signal+0x1222/0x12c0 kernel/signal.c:2672
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1722c05fc9
RSP: 002b:00007f1722275038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffe00 RBX: 00007f1722e5cfa0 RCX: 00007f1722c05fc9
RDX: 0000200000000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 00007f1722c88f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1722e5d038 R14: 00007f1722e5cfa0 R15: 00007ffd600e45f8
 </TASK>

Showing all locks held in the system:
2 locks held by init/1:
 #0: ffff88802bad0828 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802bad0828 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
1 lock held by kthreadd/2:
3 locks held by kworker/u4:0/9:
 #0: ffff888016879138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90000ce7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251
1 lock held by khungtaskd/27:
 #0: ffffffff8c11c720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
4 locks held by kworker/u4:1/144:
 #0: ffff8880169cd938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc900011afd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d22cad0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x132/0xb80 net/core/net_namespace.c:589
 #3: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x86b/0xa40 net/core/dev.c:10696
2 locks held by kworker/u4:3/155:
3 locks held by kworker/1:3/2304:
 #0: ffff888016871938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90005c9fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x81/0xa50 net/wireless/reg.c:2437
2 locks held by udevd/3561:
 #0: ffff88807cb90128 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88807cb90128 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3854:
 #0: ffff888140887410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #0: ffff888140887410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff888140887410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 net/socket.c:1336
 #1: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xaa/0x2b0 net/ipv6/ip6mr.c:1584
2 locks held by dhcpcd/3855:
 #0: ffff8880205bdc10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #0: ffff8880205bdc10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff8880205bdc10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 net/socket.c:1336
 #1: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xaa/0x2b0 net/ipv6/ip6mr.c:1584
2 locks held by dhcpcd/3856:
 #0: ffff88802b19f828 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802b19f828 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by getty/3946:
 #0: ffff88802b8dd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30 drivers/tty/n_tty.c:2158
2 locks held by dhcpcd/3987:
 #0: ffff88802a065528 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802a065528 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3988:
 #0: ffff88802a064028 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802a064028 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3992:
 #0: ffff88801e328f28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88801e328f28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/3998:
 #0: ffff88801e32b928 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88801e32b928 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/4002:
 #0: ffff88802a062b28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802a062b28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by dhcpcd/4003:
 #0: ffff88801e329d28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88801e329d28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
2 locks held by sshd-session/4189:
 #0: ffff88807a50c728 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88807a50c728 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1298
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c1dc6e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x1056/0x27a0 mm/page_alloc.c:5114
3 locks held by kworker/1:4/4233:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90002e0fd00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
6 locks held by kworker/u4:5/4281:
 #0: ffff888141fb0938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90002e7fd00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffff88807f0c40e0 (&type->s_umount_key#32){++++}-{3:3}, at: trylock_super+0x1c/0xf0 fs/super.c:418
 #3: ffff88807f0c6bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 fs/ext4/inode.c:2689
 #4: ffff88807f0c8990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1312/0x15a0 fs/jbd2/transaction.c:462
 #5: ffff888074a88278 (&ei->i_data_sem){++++}-{3:3}, at: ext4_map_blocks+0x8b2/0x1b30 fs/ext4/inode.c:666
3 locks held by kworker/0:23/4312:
 #0: ffff88802a485d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000310fd00 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d238748 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4654
4 locks held by syz.3.20/4389:
2 locks held by syz.4.21/4400:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
 #1: ffff8880268b6aa8 (&dev->mutex#4){+.+.}-{3:3}, at: vivid_fop_release+0x66/0xad0 drivers/media/test-drivers/vivid/vivid-core.c:632
1 lock held by syz.0.17/4426:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
1 lock held by syz.1.18/4428:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
1 lock held by syz.2.19/4430:
 #0: ffff8880268b0448 (&mdev->req_queue_mutex){+.+.}-{3:3}, at: v4l2_release+0x1b9/0x390 drivers/media/v4l2-core/v4l2-dev.c:455
1 lock held by syz.5.22/4472: