Extracting prog: 4m14.037789298s
Minimizing prog: 1h12m32.292444275s
Simplifying prog options: 3m34.317898184s
Extracting C: 1m47.947970061s
Simplifying C: 0s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND-ioprio_set$uid-ioprio_get$pid-chown-openat-quotactl_fd$Q_GETNEXTQUOTA
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000900, 0xee00, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 13, 29, 7, 26, 25, 23, 1, 22, 13, 14, 7, 5, 21, 17, 28, 25, 13, 17, 4, 30, 17, 22, 14]
detailed listing:
executing program 2:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000900, 0xee00, 0x0)
executing program 2:
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0xf400, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x1000000000002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000000e0c0)=""/102400, 0x19000)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00')
pread64(r1, &(0x7f0000019180)=""/102349, 0x18fcd, 0x80002)
executing program 1:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
rt_sigprocmask(0x0, &(0x7f0000001480)={[0xffffffffffffffff]}, 0x0, 0x8)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0xf)
wait4(r2, 0x0, 0x2, 0x0)
tkill(r2, 0x3)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0x11, 0x148, 0xf8, 0x0, 0x210, 0x2a8, 0x2a8, 0x210, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@addrtype={{0x30}, {0x10, 0xa, 0x3}}, @common=@unspec=@cluster={{0x30}, {0x20, 0xfff, 0x2}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x2, 0x2}}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x2, 0x7f, 0x9, 'syz0\x00', {0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000005580)=""/102392, 0x18ff8)
clock_gettime(0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x77359400}}, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r5, &(0x7f0000003240)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000800)
unshare(0x8000100)
recvfrom(r5, 0x0, 0x0, 0x2101, 0x0, 0x0)
prlimit64(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x6, 0x100000000}, &(0x7f00000000c0))
openat$hwrng(0xffffffffffffff9c, &(0x7f0000003780), 0xf0c0a85915640486, 0x0)
syz_open_dev$sndpcmc(0x0, 0xd7, 0x210201)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000003840)={'\x00', 0x1, 0xf, 0x6, 0x100000000, 0x1, 0xffffffffffffffff})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd7100030000008900000008000300", @ANYRES32=0x0, @ANYBLOB="22c109434229e8fb106b27510e659bb3694927d18b81cb8c0f8da9c6994a1fa5e4330c93c813482ea970bf5f5c25384aa1fab397d4e09656c66164212b18d63bce3c613e4ea73bfabbdb08825358667f85fb8ed71e197ec298066f31012b3daf6376b062424782b9f51fc801974d4488945cd3a6673efc894ba518e0ea1353006fe15d6b7fb83b51ffbb168072b0bd2bd9f783d0bb91"], 0x1c}}, 0x4)
executing program 3:
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80)
acct(&(0x7f0000000180)='./file1\x00')
acct(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181c42, 0x56)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
executing program 0:
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x29, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xc}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000480)=ANY=[@ANYBLOB="38010000", @ANYRES16=r4, @ANYBLOB="01002bbd7000000000000c000000180001801400020076657468305f746f5f626f6e640000000c010380040001000401038010"], 0x138}}, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, 0x0)
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, 0x0)
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r5, 0x3b8d, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000002c0)=[{}], 0xdeadbeef, 0x8, 0x1})
ioctl$IOMMU_DESTROY$hwpt(r5, 0x3b80, &(0x7f0000000300)={0x8})
ioctl$IOMMU_DESTROY$hwpt(r5, 0x3b80, &(0x7f0000000340)={0x8})
ioctl$IOMMU_GET_HW_INFO(r5, 0x3b8a, &(0x7f0000000380)={0x24, 0x0, r7, 0x1c, &(0x7f00000003c0)=""/28})
executing program 3:
r0 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x3, 0x8d)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0xce, &(0x7f0000000000)=0xa2, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x80002, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_emit_ethernet(0x68, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5a, 0xffff, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x22eb, 0x0, 0x0, [0x5]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0xa888, 0x88be, 0x8000000, {{0x0, 0x1, 0xfe}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x9}}}}}}}}, 0x0)
sendmsg$inet(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r6, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x4, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x39565559})
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_FREEZE(r3, 0x400c620e, &(0x7f0000000240)={r0, 0x0, 0x2})
r4 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x2})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c25080000000000020000000500000000000000ffffffff0000000000000000ffffffffffffffff00100000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000240009000f00000000000000810000000000000009000000000200000001000000000000"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3ff}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x844)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="e8000000190001002dbd7000fbdbdf2502202000ff02ff020018000008000100ac1414aac10009"], 0xe8}, 0x1, 0x0, 0x0, 0x44050}, 0x1000)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x4000, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x11, &(0x7f00000002c0), 0x2)
executing program 3:
mount$tmpfs(0x0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000180), 0x400, &(0x7f0000000040)={[{@mpol={'mpol', 0x3d, {'bind', '', @void}}}]})
executing program 1:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000900, 0xee00, 0x0)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4080)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x108b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x8417f, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020)
executing program 3:
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x800, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", <r2=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r2, <r3=>0xffffffffffffffff})
close_range(r0, r1, 0x0)
ppoll(&(0x7f0000000040)=[{r3, 0x21}, {r1, 0x60}], 0x2, 0x0, &(0x7f00000001c0)={[0x4]}, 0x8)
executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
close(0x4)
executing program 2:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = open(&(0x7f00000000c0)='.\x00', 0x210000, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0205647, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x980901, 0x0, '\x00', @p_u16=0x0}})
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="380100001a0001000000000000000000fc0000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000e807d4ecb7cf15b17892f6d70863acee35a822a3c2d899b8de06c399895129e557671e4b28eaeb5a0dc61164e13137df624442d9a70863d8618d8c191b8ee678f8c3f297667f8aa068fbe2016e26caa08634951ab7315cb1a5c58a187e45e32b04de8619c43b8d", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa0000000000000000000000000000000033000000fc0100000000000000000000000000000000000000000000000000000000000002000000"], 0x138}}, 0x0)
r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time\x00')
ioctl$NS_GET_USERNS(r5, 0xb701, 0x0)
executing program 3:
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000580)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6a3, 0xccd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x83, 0xb, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x1}}}}}]}}]}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=@newsa={0x158, 0x10, 0x1, 0x8000000, 0x0, {{@in=@remote, @in6=@loopback, 0x2, 0x0, 0x4e20, 0x50, 0x0, 0x20, 0x0, 0x16}, {@in6=@local, 0xfffffffc, 0x33}, @in=@local, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000, 0x0, 0x0, 0x10000}, {0x401, 0x9}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x90}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @replay_esn_val={0x20, 0x17, {0x1, 0x70bd2d, 0x70bd28, 0x70bd2b, 0x70bd2b, 0x8, [0x8]}}]}, 0x158}}, 0x24000058)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x3b, @rand_addr=0x64010101, 0x4e24, 0x3, 'lc\x00', 0x4, 0x3237, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
recvmsg(0xffffffffffffffff, 0x0, 0x2000)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40080c0}, 0xc000)
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x1}, 0x10)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a000000", 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x1101000000000000, &(0x7f0000000540)=@base={0x5, 0x80, 0x1a00, 0xf7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000000)='U', 0x1}], 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
shutdown(r0, 0x1)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r6=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f0000000240)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x6, @empty, 0x3}, r6}}, 0x30)
executing program 1:
r0 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x3, 0x8d)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0xce, &(0x7f0000000000)=0xa2, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x80002, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_emit_ethernet(0x68, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5a, 0xffff, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x22eb, 0x0, 0x0, [0x5]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0xa888, 0x88be, 0x8000000, {{0x0, 0x1, 0xfe}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x9}}}}}}}}, 0x0)
sendmsg$inet(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r6, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x4, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x39565559})
executing program 2:
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0xf400, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x1000000000002)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00')
pread64(r0, &(0x7f0000019180)=""/102349, 0x18fcd, 0x80002)
executing program 1:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = userfaultfd(0x801)
r1 = syz_io_uring_setup(0x890, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
ioctl$TIOCSETD(r3, 0x5423, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023892)
executing program 0:
r0 = gettid()
timer_create(0x9, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x7, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
executing program 0:
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0x1, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYRES32=r7, @ANYRESDEC=0x0, @ANYRESHEX=r7])
read$FUSE(r7, &(0x7f000000e280)={0x2020, 0x0, <r8=>0x0, <r9=>0x0}, 0x2020)
syz_fuse_handle_req(r7, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b7c447bf9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e7fccfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992fecfc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x1000, 0x0, {0x5, 0x0, 0x480000, 0xc9, 0x0, 0x8000000, 0x0, 0x5, 0x81, 0x6000, 0x2000, 0x0, 0x0, 0x6}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r7, &(0x7f0000000380)={0x50, 0x0, r8, {0x7, 0x29, 0x1c000, 0x0, 0x0, 0x2, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50)
syz_fuse_handle_req(r7, &(0x7f00000041c0)="75ff311821f07fa4703471f11c7f9a343f146bc8a0059adb304af4dda6a635c782f0d1876dc4627e1aec92ca1fa753a923ca393dde13807c4a58e5a359ca9e98080eef63408e6f862bb0163f4d0eb142e97c03e024aa14ae0bedb306245522bb5a9d1fbc0e8655ae0dc9ba5980d67871769aef065383747b762ce0de5431ecd5e635dbb9ec7fe06e6cf812ef5bac0e0ea2daea3849ef66912f02de733073e13d5a4e5432e0d04f561567c0a9968ae8f5ff5a896237069bfb948bc71ccdea121324fec465b4cf31bd464726d15e7c13741869f0c969fe6f173604650e9d37350745066e8a5dc520898df15cf02859f6d508dc8bb5342af839d6ac5cd69bfb102b5c54746c5382dd976382351a7b701f3490a27ae738b93176d55d5de60823ddcd2470bf6c939ed858c53ba880c38db973256e065521c495d3b6f01d89a526e285bd11a1ad902cbad5bd7a240a10c4f955e6f57bf2b734fe658151b69ca497d6a90f930b330f639c3480a03b8ff62d067051ee0fb71df680b4d79ade539e31512d102ae66b75fc632b5af7da47ba3b87489a7c9735a522070c1b9c7f980aca172315b90bef887aaffe72804ff70d6a275513a90722d191c367474102dd5b17cd9e115e6ce1a2d6a787f8beac2fa5e32f88be0902db5bb1ecde5adb2331f1cd97e9a181e722c3fb83a99a53568f94e457c377ee840de8f2dcaf183781fad768431dc0b24ee63e689eaaaf7e75346fc5e5f6ff123d2fedaeee184e8d6a4d9e45f7a06b5de83fce572c5f631beed57641d3e262e57d592256bc38911adc7c4c59b022d532c7a5418fdebc76ff44c1fd9392818934a4f5603f33687d7d0f9e72c7056e55180e9ce336d86f99f243d31b3fcb15bd7a5bac39a93fcd7f747ee2352cf4886123757c7b7f759aa06a65fdfbf1da74f74968c47ef679ae843f9a331159d490578ae0d7c314a833bc31dbcda6bb0c019f189a2f999c29bbeb2586744d2f2682f3336516a92740d031029b83b3d38844390165bf6517521db3d89d016192b916bd9ac2ee5a3c2059d76cca7eddffdc3ac38bba3112298cb2ac79c686027621b212cb2165de3849f217d8e01885c05e4278491585ecd9633335769a431e82d809f4c378f1fe1f6b3560745fc9c9b2ba0f095b27513e3d6e6263c8298c0dab4819e8d170db1f42df4a2aee0a05d5422eb8fe61e7fbcf3ac8b568d2d6e0bd0ebfeed6fda0f8783dd797ebb2978a0e92fb9610d0ff465515adaeccf7d84bf7f90cf0867de6ef4a1102050928f5416fefa01af66779964011532b8abdf30b24dd76988699f6f8f139cb3628a94aaaf80baebb86d27d970cc17a298473cd80657c641c94ab4ca99336d1a95c27b47da153a0787002ea830c29db176b0f5539b40500986f206cdbbbc843ac148e1f583de9db549354cf681162483bf55704d548f523f1f4ce7b42abc127ff33fb70d4f129cc355b19eef3f6a19f903419b63b2f535e70a1e42bb85c94615bf2e2a640264e0a9712f69ed4a3ebfec61083a65096619b5c91f17eea4cc1e709b6b958be70656fc0086dde58cdfcf2f881abe9e26d185fef6b4c4726646ee47733de0645a5a204be01132c8ea667562625550035d0053267f4f80fcd9e827410c9bbcc4e8dcadb6fd603d709450749941fe5a4419b1f11764dbd0dbb251fcdc92acf7ef19eb65effcc2b8f563825a148b33747bd71fe7904d3946f60cee531131cc847e9c030922296f0578653d304501eda09e9aa95dc019be57e660282c47b81d00d502a8f7af8e2d8e5ead13577c7ecaec231b1117932de732c937db995056cd124ab9155f6c30a8efe14dfd47c1324b970be0317abbf68c130971a3672d093cf9c6a0fb897987107a490cfaeb114348fe308d3df65c732d5e5f910c344d632db028350739c5ee84b229114d97493827d405b349117818b29d2bd9117ee09d061c46fa2cb5ad83880d23300c7a11aeece2125c87eacf88279052bad129cb69b841fcae78a153cc31b494e0b0de4d8d9f347dafad6e4c44146def64c255173822aea7983cad710d734b9ddf5edd4369c00af3bff5ea434fd6d23079410bc8dfb4ac2554f6d9589d4d3dbc5757c93fe0bf5143ee2cc2118a07ddfa29756d80d78131c79d84ab0d269147bbf7756ad4e3875db312ea1270091d8d1d6249c6b9f703659bb3c60cc00055b0b3854f7e31a793a518927f5718b6f5738914bb07ed83ad8371111a48f1bc252443cc1f54ddee0e909506f0f5107b9dde26059135bc6a253e721f1ae34f81c023df75c58ff392d37b04a797365902d638ecd523cd8a78ff351318401c6729b7a1cc85f30a72223869df4c2013bfcbc64382fc8612393fd950f4874d215bfef214ea816acd8ad3a41d4b52b83e7a62d42069610f2169b9132b2b73f6a96ec31209facf23f1dd21f6c0c5892e3b9435c1f5b1d4bd9650814a34654de031da54729fbca6feb36e2e3fb80925b82d58982e4a17947ea8d5db9d743a108be3cf71c788625aae1eaf8f31d54b798eac0fd9076cfa0de451fd81eb7667ae88ca1f42c212f09fbc6e51fd7b8f3cbb9b664a09575bcda1e860bffe2c02411baba18087bc7dd8b6550019cb344c2e1a7eda52b0040b847bf8570cfaeed3934e0e90734df9ec8b495d1da4775658599326be1126c4995bab0f25d6c0b52e241a06f376f1f2b786da2cf4ffc61ffb1554930c02f34cc1136ffd1013bf2bff1adad5a9aad0360f508dd79765723e19de228d99a4895d51b5e6c5a820b883cc42529c8e1cff24fd31a7085869818d28de64956ec221603dd30c4e148ee34e3dbaf24ecbbf2c32f535be5ecf453d736c90ed28bfca01f4c54a9dd0ba2d16602c5681d70be98a5cc32ac862cc2675101b23e77ed827e3efb6ed34afb546d22dd96d88170fa98324953c58eb37bbcd9cdf366d88cc09e615029c41ab853e06a990e43394e3f3873703a3256b28416f4f6fe06dedbd2b9865b6974e13d5d7ab0cfbd9a2c57c00f407c002f9d6cd4a9458a1f67d507ea990db074ec5100714b7dce20c1f9ff6ce76d7882eab2930dd6a75cdb0a3712fba6c757bdc31e21a88ad59911c3f9d94c82817808d22b4dafe124fc1060bcfe61538ae5c04f1b394019ab0b028f915cd1b74ad3cc78b66b94af4339873e988e580f32801d2556482c168b690312e710c9889c32cc3c616b046c75d2d89eb160e97756fc5e1bbd0880f1e9e77e3de1e84becc16df56b55b6b9dc123bb8f1ec0417ebdaab62439f9dc7549903b9f1a90ed9b39edea8611268ce74d92f3629bb3bb357b78d669e9ef3bc8f5f1f22d16af63208c85c1b98af509a36dceb2c69c60ed8c21c15ea821ce40f3eee389807c51bd3ef310d811456cc36509705865584ed545085101ddf75bd44f260ab0407f476fb16bb3cba70b2361f4804719ad9775e9f015c2952a070bd93ef96cb6e96c4501b776da4e3221420be5bce977bb8b19f044dc339c0c8579c1c5ecf5e30f049c43241f1539a5520f580b67e30a435fb726e3d00e08e7d6a14d89f01257a28aed0fe773aaaedc0f5a6458e163dbe4d43a83ffd54ae69cb0e62a7f72b667f85f84b0decd84b043c943360a3d287c9a7167b30e0c2ddcc61c6d7c14119d760e1b9ced30a3baec6d3c82635e02726ea02489630f0b77b0e6c435b560358b5df5a16762d77860ae94b8b934794c6282ef45d669652551c05f8a451220138a25449da84a77d8e4fc171aedf4b613fa07710f4479912eba0e0cb0faa39582e2edd08c67e858799d9d5ab93f0791dbf5312dd94b5145c66e401d42805178ae212b5d328b7971371975ba952f5d387e694d24d71970aa1d3d719c560719a6e2a8b32a70f71ae44cac4695d342c4561e8eec605f8335e3ff1663feb569141fe859ef29e346759dcb682ca401177eb7ffcdd30b23aa976c5cff76e0ce19d301b272700b726902bc0765d809518be44cbf33cc63c845a9e97d2999a1f75d54c0caed5165a03e8337bb38f5582cd5a87057aa116f97012dd058a59d31c1cf53cc1492a39d213111ecd2284b76fd847c7cbd6305390baffee8373e525a6540c85317b44660fdda85357c04b885aae5d2e353cf094404df2708228f193600e7534e464f891201fcefb37f09302f234de1f1388645798437ad53d150078749f5080d83de1257cd3c7bedcb9817cb025c23bf3750e7b7be10079b4285c19788d6233c2c07f9c976845873bae54eb6f9196c23273b1e0b79464c23454e7a3de1b791ea60dedf6ba7cf44a197cacd6f22276d9456f1f786afcd468b50608233bfda467814a6a74f5035520e46ab21a822ca0f9feb3a2dfb1562addeffa3725d831351c1429232c1001b79b90eb6cefba15f68bcb3d530a11cd7226345b410cbf97a6fa892bf5c9c4c96e8917b07819c9c2628352ff08787c7a520f737b8b4fc6d27f3ff23256b64cdbc7ebc6cf7822badab4af58b845ec7c8b0d8815358cad4e32709e480c9dd14e0e21fcac30eec45b8744565b0b4efbdab74fbeb3b3feff454e8ae277c967bf6e0e70f15c48fe4c0407e7e446016cd683e36a1913f9be7a200247c37495c9585600897e0803eacdc758d8c37362379090df025772dc8e20fb1acbeff16150baa7361aec5c0d299337cf9497defa20cb8a6f9150b0fd7e80fff83900bc5825f2a02193e7da4c62b27630d12c4e161db7e58d0df7f3bb83777af4c60e2489e64aef23056fa7b363955a0477970503ef2925435ff78df62b58454c57f4106a2ff13e78264fdcb725811d378225f7675ba7046d4034590f1e84fb67f37dab7affc09e0ca51386d0fc206884164a322ff8923aa77a5fbd606a97989027c15e2dcea0f064bf893ca48a0f7ba9ba7519e922964260eb268705040be051c3059f8645200eebd51de1376a6ed88d1556b8a71df8796dfcf465426da4a0108c18608b677cb32b36c1da5f8219297e317c00642a09a548710ba6f9974bdb3d8cbd286bf458af5eda394705de8154d939df7856b9e9fd210c58015c859e33874f6dd5c0209c9f512d6d0a327a2fa6c2342d75cad4a0d4a19b48103666db3fd86493edcdb2b4202b1449a547a6f20911b6f982d66a9ddf54e539c48f5742b0d3221ea5f3f9a9a5198d797439cd1d7bbc269d6430e299ee12e1dc56e4da607fc29e047061db51ab5a8d249e0b2aa0b09b60f1314e5ab117c9ea940ebdf6d4529ea02b73565b0894f1420a4a2a4f25ac8e1cf2feb137e06d638af3e47db14aa721a343a00eb3e660b0ea03d6ff1ecdce42d41605a8fec19b61fb49986c87304057cc08880e5d6ad44158c3c3dd64287e55c0e4d0a577e408c1b44cf6670cd04c9a1d79899d367818c7451d3b95bef3d21f93e7c87667ce10fe1d8dec460523cfdfbbb0a8e01527f86e1268a0ffa98aa51a6b966e4196a37f096b4167c9ac9b31ed85a8c33f222aa15d1fa34cfa042d33189cd7f6255d4393228386253367a10cd501a85ad39011d3fa404146ee228e11446a0118c5be841936693e77f2bacc15b4bde2f58a2283bb82fabb29b897509151efed1a8d19c1deb85181e02183a49477a9857b179849d41c389248715350d9ca35a62e637f804cf3e8cf007582957104832c5c2da3765894b267aa0affcf8129469aabfcb6b854a1e54313f5841a34c1c0809004689cce4175811a958defb457a2ff3781a198114ea016232d74fcb8a5161f129f456848c74bf0f081778779060f3662ac3478d804edcc2340a19e449525336d0e9775bae61cfec557b4ddb0e5357458c6d88e94f46378aa0ea4499a3233cc22d6bd4aceb6cb46a0e9e2d619636a860ced49c8731268c69de345df6abfd5c443eb7e0da26e5bca8c03b5bc7b46b479fe14bc8e33df52419ecc8c551561b140c138625ed647a47471f121608e4ae233adc92bf62556ca0af28f94d629f5e5dcbbcd4239ecf202f7c886148db64b702c5be5b4779db955fd229fb40324fbe8db99270c2599da6d5c09cd93fd5197a1e85c3fc791883a71084c846a7f91202db6fc864d6113e1c5834f3d9634b595b2f1ceeab67f65b9d5833f1069e08d55821655938a35895458eb407352218ad49815d1497fb3cbd3ba2f6da2cb1ea81d4ab04416939528c208c4cc420d6fe119ac2adb6ccf32d7b52fb56b4c88f4357dedbe83b630acd0edb826550e36239f5a1703719abac50c8202c2adacba2e7036dcf42342656190b930a45c5bd617fffea79e3baab98e0bbffc48109127849b37f65d59133bb4fc4548f2414756327081f7208158dbe26742880c3d1e8c534e14f2a572d0f4cc5345fa1604f6bdc7eec5ccdc011911d55c6f79272a30282162b7f3cbffebf78871defb9cec442dc5488efc00a158ac265c0319e44fc39aa9b20f7996727fc2821383f69bc1e3d5fbd0810e484416482b196463a6a4d2e22bab5f1a2e0866348a9c9e4c1df5926042aac3fcb179d514d62972245961c308c4250e01f44274bfd8477d3a64396c714d47efb8f5adfacee7360d061bba505c4230a1993d2f43089e734c36494af93b3d4cd77c2540244e41fb7103db54ca0beec9b67a29a2b702028c5772f34325343335806c3fa058ba3e657e8554e5fdfa1aad253114acd220737428bdc1a0c56fd86ad1ab4f2332a2d0a960bdf300e591f164a34d1af63fa2aa98328829f61ff4a6b6b89afe93bb9967dfbc0b97f949d62886c4890fc77f26b344b83a052be0eda4671730f2dfbc792a67c41f9969789a4227facfbe3903b6826d01788ad5702428f3954227609d75e7d9dd8de82a55b9fef1b65dc9168650351e1b5b2b2db96098771c8b7614bdded244f29c6ebda995843e939f96d986fbadb196cf2d27f5c15a5bc7f65e340a054812b88686e9a4ec036d75a5b57cfb5be1c9fc915559508512d8e3936728e5c26e5849cf7559b4d9c993cfedd1b8ca59d895535d444ea7eb96c361cb4b72226acdd64787e0950e43dc517f30b15534ede3006d425296f36cdb3459500c817c05f729a4dd290d28baa55558902f0553df72bd618713013708304c7ba7bfb4b004af2c9af436d6b04e64dd92adbe41f91d2920106167f3d061d6262d62c5ba810e327240004b97536488dc5d758a051a717670b0b760e0c0aa0bc41e1a501614e51ec4f50eb5a862c3723ce53bb4f75469c92cd4f491dfe81ca8c4bd925fe2275caca49843865c56dac2506be78b610b454fb0408e88b3ea6fdd133b9340ef85ac58b1ca7b1ef1c19f7369d55d68ddf68d19cb0853486abfa0bc847bbdeacbc42675462ca236283b7b3171f3129bce5c705f0da567c408baf7848d8f8067a7cda0834bb9adbe07576b11a4c4560ebf32fab24b11acc14d065b8bcb0a75deab241b24f10789fda3f2359d7dcd96804f8a1b79445fed28224965067cd17dd0535495dae3c13ddbdd0d26d1e6c6a44a76b7b391079f8d375b0ae484e449d24d16fc3783a7a6644664edeb0efb57420f97daf4825a3001a010072bcf5a87ad98bda8eb1ad72ea3b84672b10fae1239118fb9be7e504c1f04d59d08792bd6e4ce7090bc4986386beedbb510a36d4dcd59df09daa064df9d6f6649fa41da815dc647db36ad14d0d9f8014e2d96d7e2f9cc43a50719592954508e15e99209abfcbe0553de67f758f07e9d23bd9173e245d4701bf94591a258d0ef88d4f24dfd692658ac2fb551aa14246e9d3f36172c2559eda27a52191be7d4b4c8b2c7d89a238a18c57a0c6bd2989566390ac90171bff2d90706e520835ce24e28040e811035be6512f974c314d547dcfb13f8d66aa3369aad2d2a2e40058c83c9a3e933b211166ce1848ad98e8023469fe7360415fb288104e037f1eaf9fa39d1c81f674c64c48b9dd21e26385a0fc9caac8027eab7b2ec9c1ba87c5e41a5ef4ea2fe8a55d1edc19468eb184483f5b42401e50bd89526c78db9dd59e8a05ebe3c8b36d1cf1287daee3b4de0652a35c2cbd2d69f4f0b63e1b852a75dcb31bab9ab59f1b5f23310e129c4cb0f67dffdb3528726784460f4136f1c0b3bebead066bacc814f054227fbcdc89eddd429b526c94a255e3489cb329dfcdff5df32c70fdd7b5272ab6c14de9afa2c1c943ad896533c1b9c36030080a6df4515bf1a025506f68f45bf5c8bb6007c4c12c3b9841ec959760193ac031bd67106192bd9dd01d37fa18756d24a033b3078e4dbff0ce4efda48ae89c0d1486694d09b8550cd2aa22ab2407af4a74c9d29d23e7ae79ced6f6e46ecfeccb44ea617167d14607c592ed12952a5bb0a078176ff6aba391fb2152089c42fa048a47525708ba67cdeff99a8e62fde26ac22fe106184be2e054ca94b878e14deaa62cf70967ee2063b3ded9b2c5e4ce7c90bcdd329d50083772c6abb0704ee03c2c9a0a714182e6cb49abccbb3fd5c12d184cfb8a343a7dac685775e39cf1c5f2130d66d2c7e7b4490fe200b25a6bbfbd0a6684b10b0cfd833153c7353356c78b0bae6b3545671e5c9ed7fe645c799f409535f0dd69e063eb826129869718a93cca7b0450eef6a93a80cf3bca7746bb904b04a8bc2b12d50477b400a97ceadb0bfed7e8d4a94cbafb4d496b6b3e3d113d997c373ffa2341bb607346b2b24006ccdae52834a559b5d35c5f27ef05722bd32c7471ada2b535b3d786d27a794f5db55b834aba43f6f46bde855ff533cd6450c2a2900ffff0bc9c37ee6cfacfc2b06a7b10336014b7db868d615c9b3d4f3d86a4834ed97ced9f2cf06e96ec21715ffd46527754f8717a672c6cf69455dd5dcc557328cc0599b2420d89ca2d78c9283da5e3ead128be306980211ae3009e2a339106c244e92a9b1065cd0f7ab74b21edd89f910a8dbe28991df6f2e2946697c59da7eb1c3bc356e991b75a65e89288d0878706a49c289d6a573f394e76eb3b28f9a6f4f23e3181fb97257181adcfd36eba2ad2a81a2e3f45f25f7937c423bc28f59e8aba9dfcea3450711b152eae6d29480760988bfbd3670bdfdc3b1ea808b23cd2b9f950e0e1f7cff1e6880830326d808394e340504315d11f80eaffe6640df91e8ad907f3f7b2aacc39eaedcfca78e73bef99b844fd9f365a9990f26f0d25245dad5757c321aa6d8455bb5b1a0a727115f4b6bac2f554cfdd712c067d2200655db26e009c1375888e7582d74fd1e803b7da21866d57a23ba8183d2b5b23ea6d96fa031d0b9e952424e993d45e88d05098002a33198e4eef4f7fd55f75c7b2aaa5d23e6a95e59b6fc9b763217492b45fa8193caf228ea0955e628a3bb9cf912d73113aef09c4f5b1cd12c6404cdd5e365089bcd9e27a81eda7d7cbfd6d7cedd54eebdda507b170a9c994bc9e8baeb7c750d3c011bc59790c5ed5679ecdfef26f48e4ca88efd755c835566353b7e4d32d313398e00a1b72c70bcc6dceb3c08d62294fcff61554cac9e1b8fdd5cae252e5d1f33415b2ff450c06277817ff0d63e52e6be9ccf9f06e028d1d5bd0f93bd80a5c8242b10da68df985635b2d86ed26e6e2b3976be076ccdb9257fa6b64328d83b0180664f507f20ae883a9404ba0a48aa3b7ca1233099f80a892d7ffdbb5af0a90f71ebaf8922bf670b016d301e52d53af718d17c2467ebd863b9146bf730e05120acabfe4fd1208565e0d408f30f83778742ec651649c2a6f7beb4363e77575185449e92f735526dca023647a807e54f8a562d76502e05efd128f171f5b557d7649699bcda0df779cac291326414c6fb27d0f837895eb2066c4ce0a179e768965ed70f3164a2e84f183dd5e9ed0de7a122371ca7205b298389d7a2d92228ab844d169fe356b571a43197d1181e3e7f1609c9120fff75fc6272b56167528557b55b6f7e590610c3deeb82bf3d9bb68bac455e3239305668fe00d6b8b6fe47dba8bc603f7bef657dc6c8d47d0df722b9c1e891ffa5cb7b2be34c361791ac497d07a4d600f1fd24fea1a399546fcf0e9fca7f85ed1eca2ffa05c3c1b30ed74564358562c500d17065c3eb2421e68bfd86bc7700b66d35a85a07de9355d226744a001a9fa8c2df39034329c9736675e450c7f1b614587b4a77a00607471fd5ae1066522d88c65b3e23fcec27204eed1f60b4fa4a40f816900992f0fddadb5eaa0e478ef1c2202193b4992e0f077c9b8cbf9aaa0cc8ac80c0bfba7c7c42a3bfd072ef3df0d644503e36a70048ad79a7007c994128661afb61510af0fb7f8c049bb48d530be4d8a68f3beab8eca240577879e50103fd7bce6393194520bd3e8bcd899fe5d45ed4f05cc624c4ddc2f5bed56a70a4bcc195c79c039955a5302c332580d8f429ed2f9a1b3b8e5acdb60868ea9b64c640a6a0f7dd4cd07661a9e82d50b468efaa96c787a9c7513b769922e146b3906ffc21cd6d9f2a8a4292da640e6438883cdd4f07ec5556e241739710dd6f1e857cbcc2d95bd8448d71a8c72fc1658e6038dd669e7b3bb183a274386571abe8077f23a9ac2d461786b60093177ece718061a64990ca37166f73c505cdeae12295897a57d96ae439ab57e34546f4f3de44de489ec0e1d22e8abcb3c4eaaba51ffd466b662672552d08d0f1baa32fffd7e030dbe54127f2db1ccd812de4a0ca97dc5d4c426d365996a736998e1b27c00fd8bd1134621eb7b3ab571b09ab4b726facd6027b7f301adf4ffb66b7e51d6a59b786439f174a3841343027be4f6bb23b89a10739eca5967dae44bb35088ebf9ff7d3449aadb0babc3852369f449eb9fcf9c622e4c61eefa8c828f42c9869bcee70f0af771032eb65f35ec09fd287c82521193c831b821839a318590543595a76c25c7dadc0fd5a79e826c618963e602f0de526fb30cd76407545558210aad6e06e6a45247b1d920902aad7e61f15058ae98118137e38243ef403c8982c4235e13c34323d37136d276275cb4aba2b44bacffaf3a11a0a5973349204d29999bb0c722ace31c26595521a30f03fa7c28fb4d22b70d3fbd13185cb19a75d8b8eaf1125ce206c6401eaf2c4b73d1629a8e65bb9e586bdb523de71302899bec87bbe62ac9cac46ccbd66c1e098a9e05fe599039bdfed5e9b789b43312fb0b3c2eb1f3f8f9486dfe07ce180369be6fc8d8107a5a1fbd0c0691044d4015810742a122858e2ce25f6d522e5136da5ebe9eb6ed32d932cb1443ead3584bb998fedd2f707a11a4a076c1d36bea69371cf616d2ef5be3d03031da49e4a2aef49d0ae45e7f2c91fb87bed83da94c77cebde7764565e664f6b8b12911b481d4c94853cf5834e8dc6c7d11fffd38f0680679ad9759b60bb5ef8f70c980f57fa990b3dfa0b1fb9a4f2ad61911c55bcdc15a9ca69444481c38b95d47b5f087c1c081ac308be753410157874009e33e8a1f8911f75486db0459ba025f9d7483a964aa8fc840a1c862a3a0284469e8751682ee3ec84696d9bbba81703d3b922eb6e92d1524c0f5ebd7a3376c42e868d53b710b35d95548c82fb9ddbd7f316391288b6cf2902234d90e062b33033df20c4f02b1c62bbc09d81d42fe54aa426ef02350fd35cd00755c78ab3d6ccc98e77ee6ab5e357df58843390422283f311b4b46dea4fa6d8ef2dceed92819db1ce5f5a827d26e8154dffe4ec8f419c420c72825df0", 0x2000, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)={0x90, 0x0, 0x9, {0x3, 0x0, 0x80000000000007, 0x2000004, 0xfffffff0, 0x2, {0x3, 0xb43d, 0x0, 0xc, 0x8000000000000001, 0x9, 0x4, 0x9f2, 0x45, 0xc000, 0x6, r9, 0x0, 0xffdffffc, 0x80000ffc}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'erspan0\x00', &(0x7f0000000400)={'syztnl1\x00', <r10=>0x0, 0x786e, 0x20, 0x80000000, 0x80000000, {{0x1a, 0x4, 0x1, 0x4, 0x68, 0x66, 0x0, 0x0, 0x4, 0x0, @loopback, @private, {[@timestamp={0x44, 0x1c, 0x21, 0x0, 0x0, [0x3, 0x8, 0x1ff, 0x39ea, 0x7ff, 0xcb9e]}, @ssrr={0x89, 0xb, 0xed, [@local, @multicast2]}, @noop, @rr={0x7, 0x2b, 0xde, [@loopback, @multicast1, @multicast2, @broadcast, @private=0xa010102, @empty, @multicast1, @broadcast, @multicast2, @empty]}]}}}}})
sendmsg$nl_xfrm(r5, &(0x7f00000008c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000880)={&(0x7f0000000900)=ANY=[@ANYBLOB="98020000170020002bbd7000fbdbdf25fc000000000000000000000000000000000004d62b000000fe8000000000000000000000000000aae0000002000000000000000000000000200100000000000000000000000000014e2100014e2301ff0a00", @ANYRES32=r6, @ANYRES32=r9, @ANYBLOB="fe8800000000000000000100000000010000000000eb000000000000000000d7eb8481064e2400020a00a07ca0a300002d732721cc7b53cccfd7eda68e5c608e2313d4eb5ad5db36ac47dc53e02fd916965f247737dc71d2", @ANYRES32=r10, @ANYRES32=0xee00, @ANYBLOB="0100000000000000000001000000000009000000000000000700000000000000020000000000000003000000000000000600000000000000090000000000000007000000000000007f000000000000000300000000000000060000000000000001040000bd6b6e00020001020000000006000000560100000002000025bd70000c000f0004000000000000002c00130000000000000000000000000000000000ac1e0101000000000000000000000000000000000a0000000c0015005d073500ff00000008001d0002000000080016000d00000008001e00de000000d6000200637472286165732d66697865642d74696d652900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070040000c5f5ee99f10c5724c2538961b0337d449e8d9815f14ad4d83ccfb313d06b695b71e5eaf4bfd4e49a32f1953a8ef311c01993a1556e13aa7571767dc00f4cfe67f2d49e7fac4501d2d5ec32af6df516c46bc48137dfaceae55d5809b5dca1cdf880b26703403c60fc8badc60266c83e36249c56bd9551ec753276061d7cb856a69605fb2979b447ff4d8d67e35aac000010000a0025bd700025bd7000070000002c001300e0000002000000000000000000000000fe8000000000000000000000000000aa000000000a000000"], 0x298}}, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r11=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r11, 0x7}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}, r3}}, 0x30)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xc6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x76, 0x8, 0x0, 0x0}}, 0x10)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048011}, 0x8800)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x23, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000000009010300000000000000000a00000008000540000000191800020014000180080001e4f3192765000a010101"], 0x54}, 0x1, 0x0, 0x0, 0x8014}, 0x8840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4)
sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5)
executing program 2:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000900, 0xee00, 0x0)
executing program 3:
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND-ioprio_set$uid-ioprio_get$pid-chown-openat-quotactl_fd$Q_GETNEXTQUOTA
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000900, 0xee00, 0x0)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
single: successfully extracted reproducer
found reproducer with 22 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND-ioprio_set$uid-ioprio_get$pid-chown-openat
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x250942, 0x1cd)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND-ioprio_set$uid-ioprio_get$pid-chown
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND-ioprio_set$uid-ioprio_get$pid
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x3, 0x0)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND-ioprio_set$uid
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})
ioprio_set$uid(0x3, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend-ioctl$FE_SET_FRONTEND
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x1, 0x1e, 0xf, 0x1, 0x3, 0xa}})

program crashed: KFENCE: use-after-free read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$tty1
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-syz_open_dev$sndmidi-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-setsockopt$IPT_SO_SET_REPLACE-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0x228, 0x2d0, 0xffffffff, 0xd8, 0x170, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x640100fc, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3], 0xff}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_frontend_release
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prctl$PR_SCHED_CORE-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-bpf$MAP_CREATE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-bpf$MAP_CREATE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KFENCE: use-after-free read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-bpf$ENABLE_STATS-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-openat$binder_debug-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-mount$tmpfs-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-mkdirat-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setresgid-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
setresgid(0x0, 0xee01, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(0x0, 0x0, 0x40002)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
program did not crash
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_device_open
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)

program crashed: KASAN: slab-use-after-free Read in dvb_frontend_release
validation run: crashed=true
reproducing took 1h26m55.06893771s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in dvb_frontend_release+0x3ff/0x4a0 drivers/media/dvb-core/dvb_frontend.c:2921
Read of size 4 at addr ffff888027100e3c by task syz.3.85/6227

CPU: 0 PID: 6227 Comm: syz.3.85 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0xa8/0x210 mm/kasan/report.c:468
 kasan_report+0x117/0x150 mm/kasan/report.c:581
 dvb_frontend_release+0x3ff/0x4a0 drivers/media/dvb-core/dvb_frontend.c:2921
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1d4/0x260 kernel/task_work.c:245
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7b6f79aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdd75ce068 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f7b6fa17da0 RCX: 00007f7b6f79aeb9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f7b6fa17da0 R08: 0000000000000006 R09: 0000000000000000
R10: 00007f7b6fa17cb0 R11: 0000000000000246 R12: 0000000000020835
R13: 00007f7b6fa1609c R14: 000000000002073f R15: 00007ffdd75ce170
 </TASK>

Allocated by task 1:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
 ____kasan_kmalloc mm/kasan/common.c:375 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:384
 kmalloc include/linux/slab.h:600 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 dvb_register_device+0x2fd/0x2210 drivers/media/dvb-core/dvbdev.c:475
 dvb_register_frontend+0x649/0x930 drivers/media/dvb-core/dvb_frontend.c:3056
 vidtv_bridge_dvb_init drivers/media/test-drivers/vidtv/vidtv_bridge.c:436 [inline]
 vidtv_bridge_probe+0x9ab/0xf80 drivers/media/test-drivers/vidtv/vidtv_bridge.c:508
 platform_probe+0x13b/0x1c0 drivers/base/platform.c:1404
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x25b/0xb20 drivers/base/dd.c:658
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
 __driver_attach+0x44e/0x6e0 drivers/base/dd.c:1216
 bus_for_each_dev+0x235/0x2b0 drivers/base/bus.c:370
 bus_add_driver+0x340/0x630 drivers/base/bus.c:675
 driver_register+0x23a/0x310 drivers/base/driver.c:246
 vidtv_bridge_init+0x3d/0x70 drivers/media/test-drivers/vidtv/vidtv_bridge.c:598
 do_one_initcall+0x242/0x790 init/main.c:1250
 do_initcall_level+0x137/0x1f0 init/main.c:1312
 do_initcalls+0x69/0xd0 init/main.c:1328
 kernel_init_freeable+0x3ed/0x580 init/main.c:1565
 kernel_init+0x1d/0x1c0 init/main.c:1455
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293

Freed by task 6227:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1811 [inline]
 slab_free_freelist_hook+0x130/0x1a0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 __kmem_cache_free+0xba/0x1e0 mm/slub.c:3843
 dvb_free_device drivers/media/dvb-core/dvbdev.c:619 [inline]
 kref_put include/linux/kref.h:65 [inline]
 dvb_device_put drivers/media/dvb-core/dvbdev.c:632 [inline]
 dvb_generic_release+0x123/0x1b0 drivers/media/dvb-core/dvbdev.c:169
 dvb_frontend_release+0x138/0x4a0 drivers/media/dvb-core/dvb_frontend.c:2919
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1d4/0x260 kernel/task_work.c:245
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

The buggy address belongs to the object at ffff888027100e00
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 60 bytes inside of
 freed 256-byte region [ffff888027100e00, ffff888027100f00)

The buggy address belongs to the physical page:
page:ffffea00009c4000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27100
head:ffffea00009c4000 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13945279534, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1c1/0x200 mm/page_alloc.c:1581
 prep_new_page mm/page_alloc.c:1588 [inline]
 get_page_from_freelist+0x1951/0x19e0 mm/page_alloc.c:3220
 __alloc_pages+0x1f0/0x460 mm/page_alloc.c:4486
 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2120
 alloc_slab_page+0x5d/0x160 mm/slub.c:1881
 allocate_slab mm/slub.c:2028 [inline]
 new_slab+0x87/0x2d0 mm/slub.c:2081
 ___slab_alloc+0xc5d/0x12f0 mm/slub.c:3253
 __slab_alloc mm/slub.c:3339 [inline]
 __slab_alloc_node mm/slub.c:3392 [inline]
 slab_alloc_node mm/slub.c:3485 [inline]
 __kmem_cache_alloc_node+0x19e/0x250 mm/slub.c:3534
 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098
 kmalloc include/linux/slab.h:600 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 bus_add_driver+0x162/0x630 drivers/base/bus.c:659
 driver_register+0x23a/0x310 drivers/base/driver.c:246
 usb_register_driver+0x206/0x3d0 drivers/usb/core/driver.c:1062
 pvr_init+0x7b/0x130 drivers/media/usb/pvrusb2/pvrusb2-main.c:112
 do_one_initcall+0x242/0x790 init/main.c:1250
 do_initcall_level+0x137/0x1f0 init/main.c:1312
 do_initcalls+0x69/0xd0 init/main.c:1328
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888027100d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888027100d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888027100e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff888027100e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888027100f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in dvb_frontend_release+0x3ff/0x4a0 drivers/media/dvb-core/dvb_frontend.c:2921
Read of size 4 at addr ffff888027100e3c by task syz.3.85/6227

CPU: 0 PID: 6227 Comm: syz.3.85 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0xa8/0x210 mm/kasan/report.c:468
 kasan_report+0x117/0x150 mm/kasan/report.c:581
 dvb_frontend_release+0x3ff/0x4a0 drivers/media/dvb-core/dvb_frontend.c:2921
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1d4/0x260 kernel/task_work.c:245
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7b6f79aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdd75ce068 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f7b6fa17da0 RCX: 00007f7b6f79aeb9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f7b6fa17da0 R08: 0000000000000006 R09: 0000000000000000
R10: 00007f7b6fa17cb0 R11: 0000000000000246 R12: 0000000000020835
R13: 00007f7b6fa1609c R14: 000000000002073f R15: 00007ffdd75ce170
 </TASK>

Allocated by task 1:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
 ____kasan_kmalloc mm/kasan/common.c:375 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:384
 kmalloc include/linux/slab.h:600 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 dvb_register_device+0x2fd/0x2210 drivers/media/dvb-core/dvbdev.c:475
 dvb_register_frontend+0x649/0x930 drivers/media/dvb-core/dvb_frontend.c:3056
 vidtv_bridge_dvb_init drivers/media/test-drivers/vidtv/vidtv_bridge.c:436 [inline]
 vidtv_bridge_probe+0x9ab/0xf80 drivers/media/test-drivers/vidtv/vidtv_bridge.c:508
 platform_probe+0x13b/0x1c0 drivers/base/platform.c:1404
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x25b/0xb20 drivers/base/dd.c:658
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
 __driver_attach+0x44e/0x6e0 drivers/base/dd.c:1216
 bus_for_each_dev+0x235/0x2b0 drivers/base/bus.c:370
 bus_add_driver+0x340/0x630 drivers/base/bus.c:675
 driver_register+0x23a/0x310 drivers/base/driver.c:246
 vidtv_bridge_init+0x3d/0x70 drivers/media/test-drivers/vidtv/vidtv_bridge.c:598
 do_one_initcall+0x242/0x790 init/main.c:1250
 do_initcall_level+0x137/0x1f0 init/main.c:1312
 do_initcalls+0x69/0xd0 init/main.c:1328
 kernel_init_freeable+0x3ed/0x580 init/main.c:1565
 kernel_init+0x1d/0x1c0 init/main.c:1455
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293

Freed by task 6227:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1811 [inline]
 slab_free_freelist_hook+0x130/0x1a0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 __kmem_cache_free+0xba/0x1e0 mm/slub.c:3843
 dvb_free_device drivers/media/dvb-core/dvbdev.c:619 [inline]
 kref_put include/linux/kref.h:65 [inline]
 dvb_device_put drivers/media/dvb-core/dvbdev.c:632 [inline]
 dvb_generic_release+0x123/0x1b0 drivers/media/dvb-core/dvbdev.c:169
 dvb_frontend_release+0x138/0x4a0 drivers/media/dvb-core/dvb_frontend.c:2919
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1d4/0x260 kernel/task_work.c:245
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

The buggy address belongs to the object at ffff888027100e00
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 60 bytes inside of
 freed 256-byte region [ffff888027100e00, ffff888027100f00)

The buggy address belongs to the physical page:
page:ffffea00009c4000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27100
head:ffffea00009c4000 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13945279534, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1c1/0x200 mm/page_alloc.c:1581
 prep_new_page mm/page_alloc.c:1588 [inline]
 get_page_from_freelist+0x1951/0x19e0 mm/page_alloc.c:3220
 __alloc_pages+0x1f0/0x460 mm/page_alloc.c:4486
 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2120
 alloc_slab_page+0x5d/0x160 mm/slub.c:1881
 allocate_slab mm/slub.c:2028 [inline]
 new_slab+0x87/0x2d0 mm/slub.c:2081
 ___slab_alloc+0xc5d/0x12f0 mm/slub.c:3253
 __slab_alloc mm/slub.c:3339 [inline]
 __slab_alloc_node mm/slub.c:3392 [inline]
 slab_alloc_node mm/slub.c:3485 [inline]
 __kmem_cache_alloc_node+0x19e/0x250 mm/slub.c:3534
 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098
 kmalloc include/linux/slab.h:600 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 bus_add_driver+0x162/0x630 drivers/base/bus.c:659
 driver_register+0x23a/0x310 drivers/base/driver.c:246
 usb_register_driver+0x206/0x3d0 drivers/usb/core/driver.c:1062
 pvr_init+0x7b/0x130 drivers/media/usb/pvrusb2/pvrusb2-main.c:112
 do_one_initcall+0x242/0x790 init/main.c:1250
 do_initcall_level+0x137/0x1f0 init/main.c:1312
 do_initcalls+0x69/0xd0 init/main.c:1328
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888027100d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888027100d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888027100e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff888027100e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888027100f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================