Extracting prog: 5m8.362673671s
Minimizing prog: 55m51.059506489s
Simplifying prog options: 3m37.615864568s
Extracting C: 1m48.457232041s
Simplifying C: 0s


extracting reproducer from 37 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_PROG_WITH_BTFID_LOAD-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-openat$sysfs-write$cgroup_int
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x16ba82, 0x10)
write$cgroup_int(r6, &(0x7f0000000180)=0xfe5f, 0x12)

program did not crash
single: failed to extract reproducer
bisect: bisecting 37 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 6, 19, 21, 14, 5, 5, 14, 24, 21, 20, 19, 5, 16, 15, 9, 20, 14, 16, 26, 25, 15, 19, 28, 23, 21, 30, 21, 6, 20, 7, 26, 25, 3, 8, 8, 24]
detailed listing:
executing program 1:
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1", 0x83}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab50447", 0x6f}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)="8f966bd94d169820f6", 0x9}], 0x2, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 1:
socket(0x2b, 0x80801, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x20000020)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0x12, &(0x7f0000000080)={0x0}, 0x8}, 0x0)
executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00'})
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_io_uring_setup(0x8d2, 0x0, 0x0, 0x0, &(0x7f0000000000))
io_uring_setup(0x30aa, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x5, 0x4, 0x4, 0x7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x2, 0x1}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
accept4(r1, &(0x7f0000000140)=@phonet, &(0x7f00000001c0)=0x80, 0x800)
r3 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r3, &(0x7f0000000840)=[{0x0}], 0x1)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r4], 0x48}}, 0x4084)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
executing program 1:
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="18000000000301012abd09000000df2507000002d30000"], 0x18}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
creat(&(0x7f0000000080)='./file0\x00', 0x248)
r2 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r3, 0xc0403d11, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, 0x0, &(0x7f0000000000))
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1020, 0x40000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 1:
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1", 0x83}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62", 0x94}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844", 0xb}], 0x2}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {0x0}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 1:
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
executing program 32:
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
executing program 5:
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1", 0x83}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62", 0x94}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)="8f966bd94d169820f6b844", 0xb}], 0x2}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 5:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mount(&(0x7f0000000180)=@nullb, 0x0, 0x0, 0x800041, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f0002000000"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000b80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_io_uring_setup(0x4175, &(0x7f0000000180)={0x0, 0x1bf58, 0x1000, 0x2, 0x2d0}, &(0x7f0000000440), &(0x7f0000000400), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_NAPI(r1, 0x1b, &(0x7f00000000c0)={0x5, 0x6}, 0x1)
writev(0xffffffffffffffff, 0x0, 0x0)
mount$fuseblk(0x0, 0x0, 0x0, 0x10080a1, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
syz_ublk_setup_io_uring(0x4653, &(0x7f0000000540)={0x0, 0xda76, 0x8, 0x3, 0x39e, 0x0, r1}, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640))
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x58)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}}, 0xc0d4)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="44008390ba068768a9e4f6f6baf29b9f8490db92edb601901e0bd326136a540000", @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c61d7000000000c000280060001000100000008000580", @ANYRES32=r5, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r4, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="0b07f0001e00000000000b00000034b8dd5db64aff421f120c5b81d1bd50946a29e2fda723ab21ecb03f3781e914330e5f5da72c3ef5c643c0a3fbe4c81b105d163e3fad2313adc93d304e171563dbd98ac3a477a8455b2a93871ee0363503797a911314b717458e2d373dbcc97402a5b579a7c29e52d9c30dc263564f970e57d1234ce27df8fc9d42849114d56e6276262bfa3b60bb190b1bac37fcb22ef7c21ba70a"], 0x14}}, 0x4000010)
close_range(r6, 0xffffffffffffffff, 0x0)
executing program 0:
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="18000000000301012abd09000000df2507000002d30000"], 0x18}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
creat(&(0x7f0000000080)='./file0\x00', 0x248)
r2 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r3, 0xc0403d11, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, 0x0, &(0x7f0000000000))
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1020, 0x40000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_GET_THP_DISABLE(0x2a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_out(r5, 0x5460, 0x0)
openat$comedi(0xffffff9c, 0x0, 0x2180, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000280))
socket(0x2a, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4, 0x0, 0xb51b, 0x10}, 0x10)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000180)=0x200)
writev(r4, 0x0, 0x0)
executing program 0:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x85914000)
syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000480)={0x10000004})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="c3", 0x1, 0x20008044, &(0x7f00000001c0)={0xa, 0x2, 0x7, @loopback, 0xfc47}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
executing program 3:
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000020)
r0 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x12, &(0x7f0000000080)={0x0}, 0x8}, 0x0)
executing program 5:
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
ioctl$EXT4_IOC_SETFSUUID(0xffffffffffffffff, 0x4008662c, 0x0)
r2 = gettid()
process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x2000c1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
executing program 3:
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
openat(r3, &(0x7f00000002c0)='./bus\x00', 0x980, 0xa0)
poll(&(0x7f0000000140)=[{r2, 0x2cfc08c20dafc34e}, {r0, 0xf102}], 0x2, 0x8000007)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = getpgrp(0x0)
getpgid(r1)
r2 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000c00000/0x400000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x400000, 0x3})
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x804c000)
getgroups(0x0, &(0x7f0000008500))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
rename(&(0x7f0000000100)='./file1\x00', &(0x7f0000000280)='./file2\x00')
bind$can_j1939(r4, 0x0, 0x0)
sendmsg$can_j1939(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)='\b', 0x1}}, 0x4004001)
executing program 2:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001030000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
syz_clone3(0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x7})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, 0x0, 0xc000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0xc000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0})
executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x33, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x98}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x2, 0x0)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
executing program 0:
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x5)
ioctl$FE_DISEQC_RECV_SLAVE_REPLY(0xffffffffffffffff, 0x800c6f40, &(0x7f0000000100)={""/4, 0x4})
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
dup(r4)
unshare(0x60480)
io_setup(0x42000001, &(0x7f0000000300)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000001e00)=[0x0])
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x90)
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1c}}, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x2, 0x0, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000540)=@multiplanar_fd={0x3ff, 0x2, 0x4, 0x40, 0x1000, {}, {0x3, 0x0, 0x7, 0xed, 0x8, 0x40, "d23ec30b"}, 0x20000000, 0x4, {0x0}, 0x8a52000})
ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000300)=@userptr={0x5, 0x2, 0x4, 0x0, 0x6, {0x77359400}, {0x2, 0x1, 0x7f, 0x6, 0xd, 0x9, "7ee91112"}, 0x81, 0x2, {0x0}, 0xfffffffe})
sendmsg$NFT_BATCH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x2000c1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
executing program 0:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x85914000)
syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000480)={0x10000004})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="c3", 0x1, 0x20008044, &(0x7f00000001c0)={0xa, 0x2, 0x7, @loopback, 0xfc47}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = getpgrp(0x0)
getpgid(r1)
r2 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000c00000/0x400000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x400000, 0x3})
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x804c000)
getgroups(0x0, &(0x7f0000008500))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
rename(&(0x7f0000000100)='./file1\x00', &(0x7f0000000280)='./file2\x00')
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan1\x00'})
bind$can_j1939(r4, 0x0, 0x0)
sendmsg$can_j1939(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)='\b', 0x1}}, 0x4004001)
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000400)={0x0, <r5=>0x0})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x4)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x33)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000440)={0x0, 0x6, 0x6, 0x9, 0x1, [0x0, 0x0, 0x0, r5], [0x9, 0x6, 0x94, 0x7fffffff], [0x1, 0x2, 0x1000, 0x9], [0x58, 0x5d, 0x7fff, 0x89]})
syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x200)
executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003402e60000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044084)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x82000000)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, 0x0, 0x0)
ioprio_get$uid(0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000000206010300000000000000000000fffd0e0003006269746d61703a697000000005000400000000000900020073797a310000000018000780050003001f0000000c00018008001e40ffffffff05000500020000000500010006"], 0x60}}, 0x0)
ioctl$NILFS_IOCTL_GET_CPSTAT(0xffffffffffffffff, 0x80186e83, &(0x7f0000000400))
executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="28cd03569ae6446b6217dbbf0000000308010297ce68f10000000003b6401d7164415dec125ec6b256e030190010020c800800b440000000080000deff04000001"], 0x28}, 0x1, 0x0, 0x0, 0x4015}, 0x4004890)
socket(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x0, &(0x7f0000000340)})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYRES64=r1, @ANYRES32=r2], 0x14}}, 0x0)
recvmmsg(r5, &(0x7f0000003700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x140, 0x0)
lchown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='dctcp', 0x5)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x76)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(&(0x7f0000000080), 0x7, 0x10b902)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xf}}}, 0x78}}, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x3c, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x400003}]}, 0x3c}}, 0x20000018)
r6 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r6, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x28}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
socket$inet6(0xa, 0x80003, 0xff)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
readv(r7, &(0x7f0000000200)=[{&(0x7f0000000140)=""/184, 0x1b}], 0x1)
syz_open_dev$sg(&(0x7f0000000540), 0xb4, 0x42)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'\x00', 0x2})
ioctl$TUNSETGROUP(r8, 0x400454ce, 0xffffffffffffffff)
executing program 4:
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="18000000000301012abd09000000df2507000002d30000"], 0x18}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
creat(&(0x7f0000000080)='./file0\x00', 0x248)
r2 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r3, 0xc0403d11, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, 0x0, &(0x7f0000000000))
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1020, 0x40000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 0:
r0 = creat(0x0, 0xdafbe5d6891b6e4)
write$binfmt_elf32(r0, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x80, 0xc, 0x4, 0x0, 0x100000001, 0x2, 0x6, 0x1, 0xdd, 0x38, 0x345, 0x8, 0x5, 0x20, 0x1, 0x5, 0x9}, [{0x3, 0x4, 0x5, 0x6, 0x80, 0x6, 0x2, 0x5ba2}], "", ['\x00']}, 0x158)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x6)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x3, @mcast2={0xff, 0x5}, 0xaec}, 0x1c)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = getpgrp(0x0)
getpgid(r1)
r2 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000c00000/0x400000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x400000, 0x3})
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x804c000)
getgroups(0x0, &(0x7f0000008500))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vxcan1\x00'})
bind$can_j1939(r4, 0x0, 0x0)
sendmsg$can_j1939(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)='\b', 0x1}}, 0x4004001)
executing program 3:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4d0086d0492082a6d0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000100)={0x2c, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f00000001c0)={0x0, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)={0x0, 0x16, 0x2, "5db8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
executing program 5:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000180000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d0000"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x8080)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x4, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket(0x2, 0x80805, 0x0)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048000}, 0x20040880)
sendmmsg$inet6(r1, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @ipv4={'\x00', '\xff\xff', @local}, 0x3}, 0x1c, 0x0}}], 0x1, 0x4c040)
executing program 2:
syz_open_procfs(0x0, &(0x7f0000001100)='net/ip6_flowlabel\x00')
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$netlink(0x10, 0x3, 0x9)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
socket$inet(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e26, @broadcast}, {0x2, 0x4e21, @local}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x42, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x1, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4000854}, 0x40)
executing program 4:
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
poll(&(0x7f0000000140)=[{r2, 0x2cfc08c20dafc34e}, {r0, 0xf102}], 0x2, 0x8000007)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000040)="89e7ee0c7cda99b4b47380c988cafb", 0xf}, {&(0x7f0000000140)="03be00fbb46ecedbe0090a43dd5802", 0xf}], 0x2)
executing program 2:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x16ba82, 0x10)
write$cgroup_int(r6, &(0x7f0000000180)=0xfe5f, 0x12)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_PROG_WITH_BTFID_LOAD-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-openat$sysfs-write$cgroup_int
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x16ba82, 0x10)
write$cgroup_int(r6, &(0x7f0000000180)=0xfe5f, 0x12)

program crashed: KASAN: use-after-free Read in dvb_device_open
single: successfully extracted reproducer
found reproducer with 24 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_PROG_WITH_BTFID_LOAD-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-openat$sysfs
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x16ba82, 0x10)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_PROG_WITH_BTFID_LOAD-write$RDMA_USER_CM_CMD_RESOLVE_ADDR
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_PROG_WITH_BTFID_LOAD
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)

program crashed: KASAN: use-after-free Read in dvb_frontend_release
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup-openat$rdma_cm
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount-syz_io_uring_setup
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x1, 0x400002d8, 0x0, r1}, 0x0, &(0x7f0000000200), &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-mount
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-writev
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-syz_init_net_socket$nl_generic-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prctl$PR_SCHED_CORE-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-openat$dsp1-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-io_uring_setup-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-setsockopt$inet6_tcp_int-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-membarrier-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$full-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_frontend_release
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, 0x0, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(0x0, 0x0, 0x2)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
program did not crash
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_open_dev$dvb_frontend
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)

program crashed: KASAN: use-after-free Read in dvb_device_open
validation run: crashed=true
reproducing took 1h10m53.013712853s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in dvb_device_open+0xc6/0x370 drivers/media/dvb-core/dvbdev.c:99
Read of size 8 at addr ffff888028d93e18 by task syz.4.21/4567

CPU: 0 PID: 4567 Comm: syz.4.21 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x24e lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:316 [inline]
 print_report+0xa8/0x210 mm/kasan/report.c:420
 kasan_report+0x10b/0x140 mm/kasan/report.c:524
 dvb_device_open+0xc6/0x370 drivers/media/dvb-core/dvbdev.c:99
 chrdev_open+0x5c5/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x7e9/0x10d0 fs/open.c:882
 do_open fs/namei.c:3634 [inline]
 path_openat+0x2635/0x2ee0 fs/namei.c:3791
 do_filp_open+0x1f1/0x430 fs/namei.c:3818
 do_sys_openat2+0x150/0x4b0 fs/open.c:1320
 do_sys_open fs/open.c:1336 [inline]
 __do_sys_openat fs/open.c:1352 [inline]
 __se_sys_openat fs/open.c:1347 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1347
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f99f3f5d60e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007f99f4df7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f99f4df86c0 RCX: 00007f99f3f5d60e
RDX: 0000000000000002 RSI: 00007f99f4df7c00 RDI: ffffffffffffff9c
RBP: 00007f99f4df7c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007f99f4216128 R14: 00007f99f4216090 R15: 00007ffc1c84d4e8
 </TASK>

Allocated by task 1:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:53
 ____kasan_kmalloc mm/kasan/common.c:375 [inline]
 __kasan_kmalloc+0x8e/0xa0 mm/kasan/common.c:384
 kmalloc include/linux/slab.h:563 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 dvb_register_device+0x311/0x2150 drivers/media/dvb-core/dvbdev.c:478
 dvb_register_frontend+0x645/0x920 drivers/media/dvb-core/dvb_frontend.c:3035
 vidtv_bridge_dvb_init drivers/media/test-drivers/vidtv/vidtv_bridge.c:436 [inline]
 vidtv_bridge_probe+0x9a1/0xf70 drivers/media/test-drivers/vidtv/vidtv_bridge.c:508
 platform_probe+0x137/0x1c0 drivers/base/platform.c:1400
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2aa/0xc70 drivers/base/dd.c:639
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:785
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:815
 __driver_attach+0x44a/0x6e0 drivers/base/dd.c:1201
 bus_for_each_dev+0x182/0x1f0 drivers/base/bus.c:303
 bus_add_driver+0x30a/0x5a0 drivers/base/bus.c:620
 driver_register+0x32d/0x430 drivers/base/driver.c:246
 vidtv_bridge_init+0x39/0x67 drivers/media/test-drivers/vidtv/vidtv_bridge.c:600
 do_one_initcall+0x26a/0x840 init/main.c:1310
 do_initcall_level+0x137/0x1e4 init/main.c:1383
 do_initcalls+0x4b/0x8a init/main.c:1399
 kernel_init_freeable+0x415/0x5be init/main.c:1638
 kernel_init+0x19/0x1b0 init/main.c:1526
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Freed by task 4562:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:53
 kasan_save_free_info+0x2d/0x50 mm/kasan/generic.c:516
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1729 [inline]
 slab_free_freelist_hook+0x131/0x1a0 mm/slub.c:1755
 slab_free mm/slub.c:3687 [inline]
 __kmem_cache_free+0xb6/0x1f0 mm/slub.c:3700
 dvb_free_device drivers/media/dvb-core/dvbdev.c:625 [inline]
 kref_put include/linux/kref.h:65 [inline]
 dvb_device_put drivers/media/dvb-core/dvbdev.c:640 [inline]
 dvb_device_open+0x2e7/0x370 drivers/media/dvb-core/dvbdev.c:113
 chrdev_open+0x5c5/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x7e9/0x10d0 fs/open.c:882
 do_open fs/namei.c:3634 [inline]
 path_openat+0x2635/0x2ee0 fs/namei.c:3791
 do_filp_open+0x1f1/0x430 fs/namei.c:3818
 do_sys_openat2+0x150/0x4b0 fs/open.c:1320
 do_sys_open fs/open.c:1336 [inline]
 __do_sys_openat fs/open.c:1352 [inline]
 __se_sys_openat fs/open.c:1347 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1347
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

The buggy address belongs to the object at ffff888028d93e00
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 24 bytes inside of
 256-byte region [ffff888028d93e00, ffff888028d93f00)

The buggy address belongs to the physical page:
page:ffffea0000a36480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28d92
head:ffffea0000a36480 order:1 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441b40
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18713542437, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2559
 prep_new_page mm/page_alloc.c:2566 [inline]
 get_page_from_freelist+0x1a1e/0x1ab0 mm/page_alloc.c:4357
 __alloc_pages+0x1ec/0x4f0 mm/page_alloc.c:5657
 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2115
 alloc_slab_page+0x5d/0x160 mm/slub.c:1799
 allocate_slab mm/slub.c:1944 [inline]
 new_slab+0x87/0x2c0 mm/slub.c:1997
 ___slab_alloc+0xbc6/0x1240 mm/slub.c:3154
 __slab_alloc mm/slub.c:3240 [inline]
 slab_alloc_node mm/slub.c:3325 [inline]
 __kmem_cache_alloc_node+0x1a0/0x260 mm/slub.c:3398
 kmalloc_trace+0x26/0xe0 mm/slab_common.c:1026
 kmalloc include/linux/slab.h:563 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 bus_add_driver+0xda/0x5a0 drivers/base/bus.c:604
 driver_register+0x32d/0x430 drivers/base/driver.c:246
 usb_register_driver+0x202/0x3d0 drivers/usb/core/driver.c:1062
 do_one_initcall+0x26a/0x840 init/main.c:1310
 do_initcall_level+0x137/0x1e4 init/main.c:1383
 do_initcalls+0x4b/0x8a init/main.c:1399
 kernel_init_freeable+0x415/0x5be init/main.c:1638
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888028d93d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888028d93d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888028d93e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                            ^
 ffff888028d93e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888028d93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in dvb_device_open+0xc6/0x370 drivers/media/dvb-core/dvbdev.c:99
Read of size 8 at addr ffff888028d93e18 by task syz.4.21/4567

CPU: 0 PID: 4567 Comm: syz.4.21 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x24e lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:316 [inline]
 print_report+0xa8/0x210 mm/kasan/report.c:420
 kasan_report+0x10b/0x140 mm/kasan/report.c:524
 dvb_device_open+0xc6/0x370 drivers/media/dvb-core/dvbdev.c:99
 chrdev_open+0x5c5/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x7e9/0x10d0 fs/open.c:882
 do_open fs/namei.c:3634 [inline]
 path_openat+0x2635/0x2ee0 fs/namei.c:3791
 do_filp_open+0x1f1/0x430 fs/namei.c:3818
 do_sys_openat2+0x150/0x4b0 fs/open.c:1320
 do_sys_open fs/open.c:1336 [inline]
 __do_sys_openat fs/open.c:1352 [inline]
 __se_sys_openat fs/open.c:1347 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1347
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f99f3f5d60e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007f99f4df7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f99f4df86c0 RCX: 00007f99f3f5d60e
RDX: 0000000000000002 RSI: 00007f99f4df7c00 RDI: ffffffffffffff9c
RBP: 00007f99f4df7c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007f99f4216128 R14: 00007f99f4216090 R15: 00007ffc1c84d4e8
 </TASK>

Allocated by task 1:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:53
 ____kasan_kmalloc mm/kasan/common.c:375 [inline]
 __kasan_kmalloc+0x8e/0xa0 mm/kasan/common.c:384
 kmalloc include/linux/slab.h:563 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 dvb_register_device+0x311/0x2150 drivers/media/dvb-core/dvbdev.c:478
 dvb_register_frontend+0x645/0x920 drivers/media/dvb-core/dvb_frontend.c:3035
 vidtv_bridge_dvb_init drivers/media/test-drivers/vidtv/vidtv_bridge.c:436 [inline]
 vidtv_bridge_probe+0x9a1/0xf70 drivers/media/test-drivers/vidtv/vidtv_bridge.c:508
 platform_probe+0x137/0x1c0 drivers/base/platform.c:1400
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2aa/0xc70 drivers/base/dd.c:639
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:785
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:815
 __driver_attach+0x44a/0x6e0 drivers/base/dd.c:1201
 bus_for_each_dev+0x182/0x1f0 drivers/base/bus.c:303
 bus_add_driver+0x30a/0x5a0 drivers/base/bus.c:620
 driver_register+0x32d/0x430 drivers/base/driver.c:246
 vidtv_bridge_init+0x39/0x67 drivers/media/test-drivers/vidtv/vidtv_bridge.c:600
 do_one_initcall+0x26a/0x840 init/main.c:1310
 do_initcall_level+0x137/0x1e4 init/main.c:1383
 do_initcalls+0x4b/0x8a init/main.c:1399
 kernel_init_freeable+0x415/0x5be init/main.c:1638
 kernel_init+0x19/0x1b0 init/main.c:1526
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Freed by task 4562:
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:53
 kasan_save_free_info+0x2d/0x50 mm/kasan/generic.c:516
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1729 [inline]
 slab_free_freelist_hook+0x131/0x1a0 mm/slub.c:1755
 slab_free mm/slub.c:3687 [inline]
 __kmem_cache_free+0xb6/0x1f0 mm/slub.c:3700
 dvb_free_device drivers/media/dvb-core/dvbdev.c:625 [inline]
 kref_put include/linux/kref.h:65 [inline]
 dvb_device_put drivers/media/dvb-core/dvbdev.c:640 [inline]
 dvb_device_open+0x2e7/0x370 drivers/media/dvb-core/dvbdev.c:113
 chrdev_open+0x5c5/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x7e9/0x10d0 fs/open.c:882
 do_open fs/namei.c:3634 [inline]
 path_openat+0x2635/0x2ee0 fs/namei.c:3791
 do_filp_open+0x1f1/0x430 fs/namei.c:3818
 do_sys_openat2+0x150/0x4b0 fs/open.c:1320
 do_sys_open fs/open.c:1336 [inline]
 __do_sys_openat fs/open.c:1352 [inline]
 __se_sys_openat fs/open.c:1347 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1347
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

The buggy address belongs to the object at ffff888028d93e00
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 24 bytes inside of
 256-byte region [ffff888028d93e00, ffff888028d93f00)

The buggy address belongs to the physical page:
page:ffffea0000a36480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28d92
head:ffffea0000a36480 order:1 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441b40
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18713542437, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2559
 prep_new_page mm/page_alloc.c:2566 [inline]
 get_page_from_freelist+0x1a1e/0x1ab0 mm/page_alloc.c:4357
 __alloc_pages+0x1ec/0x4f0 mm/page_alloc.c:5657
 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2115
 alloc_slab_page+0x5d/0x160 mm/slub.c:1799
 allocate_slab mm/slub.c:1944 [inline]
 new_slab+0x87/0x2c0 mm/slub.c:1997
 ___slab_alloc+0xbc6/0x1240 mm/slub.c:3154
 __slab_alloc mm/slub.c:3240 [inline]
 slab_alloc_node mm/slub.c:3325 [inline]
 __kmem_cache_alloc_node+0x1a0/0x260 mm/slub.c:3398
 kmalloc_trace+0x26/0xe0 mm/slab_common.c:1026
 kmalloc include/linux/slab.h:563 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 bus_add_driver+0xda/0x5a0 drivers/base/bus.c:604
 driver_register+0x32d/0x430 drivers/base/driver.c:246
 usb_register_driver+0x202/0x3d0 drivers/usb/core/driver.c:1062
 do_one_initcall+0x26a/0x840 init/main.c:1310
 do_initcall_level+0x137/0x1e4 init/main.c:1383
 do_initcalls+0x4b/0x8a init/main.c:1399
 kernel_init_freeable+0x415/0x5be init/main.c:1638
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888028d93d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888028d93d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888028d93e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                            ^
 ffff888028d93e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888028d93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================