Extracting prog: 8m36.490041906s
Minimizing prog: 1h42m18.381787302s
Simplifying prog options: 0s
Extracting C: 1m55.225490967s
Simplifying C: 29m56.855899175s


extracting reproducer from 73 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
single: failed to extract reproducer
bisect: bisecting 73 programs with base timeout 30s
testing program (duration=48s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 17, 23, 29, 10, 7, 24, 6, 4, 10, 7, 18, 6, 5, 24, 5, 5, 4, 5, 9, 2, 2, 5, 15, 7, 5, 11, 8, 8, 21, 5, 4, 11, 26, 3, 3, 14, 6, 8, 10, 13, 7, 7, 5, 16, 10, 6, 7, 5, 11, 14, 7, 22, 16, 16, 2, 2, 5, 29, 9, 5, 10, 6, 30, 11, 7, 2, 15, 22, 16, 24, 3, 8]
detailed listing:
executing program 32:
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x10000008, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7fe}, 0x94)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x50, &(0x7f0000000100), 0x48)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}}, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
recvmmsg(r4, &(0x7f0000007bc0)=[{{&(0x7f0000003300)=@x25={0x9, @remote}, 0x80, &(0x7f0000003840)=[{&(0x7f0000003380)=""/11, 0xb}, {0x0}, {&(0x7f0000003500)=""/228, 0xe4}, {&(0x7f0000003600)=""/179, 0xb3}, {&(0x7f00000036c0)=""/95, 0x5f}, {&(0x7f0000003740)=""/250, 0xfa}], 0x6, &(0x7f00000038c0)=""/4096, 0x1000}, 0x80000000}, {{&(0x7f00000048c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000004a40)=[{&(0x7f0000004940)=""/251, 0xfb}], 0x1}, 0x9}, {{&(0x7f0000004a80)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000004c00)=[{&(0x7f0000004b00)=""/63, 0x3f}, {&(0x7f0000004b40)=""/176, 0xb0}], 0x2, &(0x7f0000004c40)=""/185, 0xb9}, 0x4}, {{0x0, 0x0, &(0x7f0000005d40)=[{&(0x7f0000004d00)=""/4096, 0x1000}, {&(0x7f0000005d00)=""/42, 0x2a}], 0x2, &(0x7f0000005d80)=""/185, 0xb9}, 0x5}, {{&(0x7f0000005e40)=@phonet, 0x80, &(0x7f0000006040)=[{&(0x7f0000005ec0)=""/28, 0x1c}, {&(0x7f0000005f00)=""/62, 0x3e}, {&(0x7f0000005f40)=""/242, 0xf2}], 0x3, &(0x7f0000006080)=""/79, 0x4f}, 0xff}, {{0x0, 0x0, &(0x7f0000006540)=[{&(0x7f0000006100)=""/245, 0xf5}, {&(0x7f0000006200)=""/82, 0x52}, {&(0x7f0000006280)=""/43, 0x2b}, {0x0}, {&(0x7f0000006340)=""/134, 0x86}, {&(0x7f0000006400)=""/193, 0xc1}, {0x0}], 0x7, &(0x7f00000065c0)=""/82, 0x52}, 0x64da}, {{&(0x7f0000006640)=@isdn, 0x80, &(0x7f0000007a00)=[{&(0x7f00000066c0)=""/4096, 0x1000}, {&(0x7f00000076c0)=""/222, 0xde}, {&(0x7f00000077c0)=""/244, 0xf4}, {&(0x7f00000078c0)=""/141, 0x8d}, {&(0x7f0000007980)=""/65, 0x41}], 0x5}, 0x3}, {{0x0, 0x0, &(0x7f0000007b00)=[{&(0x7f0000007ac0)=""/19, 0x13}], 0x1, &(0x7f0000007b40)=""/117, 0x75}, 0x4}], 0x8, 0x102, &(0x7f0000007dc0)={0x77359400})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
recvfrom$ax25(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, 0x0)
executing program 33:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x200400c4)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r7)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4", 0x20}, {&(0x7f00000001c0)="43ef6e06729e", 0x6}], 0x2}, 0x4)
executing program 34:
bind$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newtaction={0x18, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
socket(0x18, 0x80000, 0x1)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bridge0\x00', &(0x7f0000000080)=@ethtool_ringparam={0x10, 0x0, 0x3ff, 0x0, 0x0, 0x200000, 0x20, 0x0, 0xffffff7f}})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCGFLAGS1(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRES16, @ANYRES32], 0x30}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
read(r2, &(0x7f0000000200)=""/32, 0x20)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r4, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0x5}, {&(0x7f0000000500)="86e9", 0x2}, {&(0x7f00000005c0)="25062456", 0x4}], 0x4}}], 0x1, 0x4000800)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xf, 0x3, &(0x7f0000000080)=ANY=[@ANYRES16=r3], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
socket(0x15, 0x80005, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r5, &(0x7f0000000140)="41000200010001", 0x7)
executing program 35:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18030000000000000000000000100000851000000600000018000000000000000000000000000000650000000000000018000000000000000000000000000000950000000000000074e9ffffff0000009500000000000001"], &(0x7f0000000000)='GPL\x00'}, 0x94)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0)
sendmsg$tipc(r2, &(0x7f00000000c0)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc084}, 0x880)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000a00)={'filter\x00', 0x104, 0x4, 0x3c0, 0x1f0, 0xe8, 0x0, 0x2d8, 0x2d8, 0x2d8, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0xff000000, 0x0, 0x0, 0x0, {@mac=@local}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'macvlan0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@loopback, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0\x00'}, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x40}, @local, 0xffffff00, 0xffffff00, 0x6, 0x8, {@empty, {[0x0, 0xff, 0x0, 0xff, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0x0, 0xff]}}, 0x2, 0x5, 0x797b, 0x78, 0x96a4, 0x7, 'team0\x00', 'wlan1\x00', {}, {0xff}}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x410)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_addrs=@can})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$inet(0x2b, 0x801, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$alg(0x26, 0x5, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001740)=@newtaction={0x8d4, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x8c0, 0x1, [@m_sample={0x58, 0x20, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x5ff}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x7}}}}, @m_police={0x53c, 0x8, 0x0, 0x0, {{0xb}, {0x414, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE64={0xc, 0x8, 0x4}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xffffffff, 0x2, 0x3, 0xfffffffe, 0x1, 0x0, 0x79e5, 0x0, 0x3ff, 0x9, 0x9, 0xe85, 0x0, 0x0, 0x4, 0x33, 0x4, 0x3, 0xffff, 0x7, 0x80000001, 0x0, 0x1, 0x5, 0x830, 0x3, 0x7fff, 0xe, 0x21, 0x19ed, 0x2, 0x2, 0xeca, 0x5, 0x6, 0x1, 0x400, 0x7, 0x6, 0x81, 0x80000000, 0x8, 0x5, 0x4, 0x9, 0x8, 0x50c8, 0xa6, 0x0, 0x8, 0x7, 0x80000001, 0x94, 0xa, 0x7ff, 0x7, 0x8000, 0xe, 0x16, 0xc73, 0x2, 0x9, 0x401, 0xffff2baf, 0x3, 0x64, 0xff, 0x3, 0x101, 0x0, 0x8, 0x4, 0x7e1e58ef, 0x1f, 0x40, 0x5, 0x7, 0x5, 0x3, 0x10001, 0x18994, 0xfffffd8b, 0x81, 0x10, 0x1ff, 0x1, 0x4f, 0x800, 0x401, 0x6, 0x8, 0x9, 0xa6c2, 0x3, 0xfffff899, 0x9c, 0x0, 0x7, 0xff, 0x1c0, 0x10, 0x0, 0x0, 0x7fff, 0xb, 0xee0b, 0xfffffff6, 0x1ff, 0xdea99b63, 0x0, 0x1ff, 0x10, 0x9, 0x802f, 0x10, 0x1, 0x0, 0xb83, 0xc, 0x5546, 0x0, 0xa, 0x2, 0x4, 0x11, 0x100, 0x1ff, 0x5, 0x8000000, 0x1, 0x5, 0xfffffe00, 0x2, 0xb5f2, 0x62, 0x5d04, 0x4, 0xcb, 0x40, 0x6, 0xfffffffa, 0x401, 0x3, 0x8, 0x3, 0x7, 0xd8e, 0x21, 0x9, 0x8, 0xffff, 0x2, 0xe, 0x800, 0x80, 0x815, 0x6734, 0xd1, 0x8, 0x6, 0x80000000, 0x2, 0x80000000, 0xb, 0x7, 0x6, 0x7, 0x2, 0x7, 0x0, 0x80ff, 0xdb, 0xf, 0x3, 0x2, 0x7, 0x2, 0x1, 0x909e, 0x4, 0xc75, 0xa, 0x2, 0x4, 0x2, 0x7, 0xb46, 0xffffffff, 0x6, 0x1, 0x7fff, 0x2, 0x5, 0x9, 0xfffffffb, 0x421c, 0x2, 0x40, 0x2, 0x8, 0x1, 0x3, 0xfff, 0x5, 0x2, 0x0, 0x1164a774, 0x3, 0x7303ffa7, 0x8001, 0xf, 0x6, 0x7fffffff, 0x401, 0x53, 0x4, 0x3, 0x1000, 0x2, 0x2, 0x101, 0xe, 0x5, 0x7fff, 0xfffffff8, 0x6, 0xc0000000, 0x76, 0x577, 0xacd, 0xdd6, 0x5, 0xd5, 0x8, 0x5, 0x5, 0xffffffff, 0x2, 0x3, 0x6, 0x8, 0x4, 0x5, 0x3, 0x4, 0x4, 0x80000000, 0x8000, 0x2, 0xfffffff7, 0x3, 0x9, 0x91, 0x4000, 0x4, 0x4]}]]}, {0xfe, 0x6, "849dbc0cafede5eac5e48b508eba2e9b4ec0cf7c3b1e8ec22581847749e05aa748d10a33a0943bf20df9db6833b6f651229d3882a8509ef8bdec2b167eb9084a8c5184456058f6f0204723494f974da59f6d817bc70099c5298f3e5d8f98e417bc166c2c141734f0a9e8abf3211a32ffb76ae1975a46b2310c2d69c7422d69b9ae0ad2626a7cc4bb9a5a5ef7b4d5f62d35f17c146b13537bf7e03beed5f72d667ae8cea17d120b6295f004c319dcbde98b249aa8a2e538fbcc963c540e5c571fe92119e5381584f3018dbba843c52748d82c520796816ee240fb09d4aea7b82d4515bfe2a3902adbbf7deafce6fef80b6778ce6dfe873b031849"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x134, 0xc, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x7, 0x5, 0x7, 0x4, 0x579a}, 0xd}}]}, {0xe2, 0x6, "c63042ac1159722836131908c0b0d1d4ac2a9d8398aa9ce8bd6cc70899583111aad190d7b3b089cec985b79adcf3d72d9941db058ee40479c9a99775b70d2d8179294a95e76e0adfca98ca29ef3fbcb08d6af3eb6df9b0fa72fdad6f1383c5096f7f68fa06cab1555dab0d5044e0332924e1efa65aa5e274707e152c306145084700440a4c38ff2ef9ed3050f54cb47d448cf5076d99f0c07159f8eb0bd5bf259b15925d5f04123428ef8b522b399e94abc25026efcc296d91d8a5061b8ab5f0243bb339328f2551d6e1c4c3bc739c7be572bb410e0aefd7a550f2eda927"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_xt={0x144, 0xc, 0x0, 0x0, {{0x7}, {0xd4, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xce, 0x6, {0x800, 'filter\x00', 0x0, 0x3, "7132a7cae632564cf60bf82be07ba61c5e0103fba6520c79dd888629d64dc25172d5559299df024418fbe4501a3589bf29028e65d85550cac8c1973b87db8c5b929963ee19cefb0e1c03d802290f1d278715e25fbc6b70fd91999bfabd3592edb8f1c082500e9df1660e595f08afb4d7dafadae8cbbca3fffcd53a3781297b42650183cbec2cf06b1984236ee882bf61ee6b034da1c5c4e9b4f14f47eb29acddcbd4c44d"}}]}, {0x4a, 0x6, "d8ed4352caed2afa1c1871986801da810abb78586d6332a5fd6fa550941a746f5320afb949e01cc968a581419470e932a69f9dd445caeceecbba56f44b113e9ede271e30ffb9"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_tunnel_key={0xb0, 0x10, 0x0, 0x0, {{0xf}, {0x60, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x5cd}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @mcast2}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x23}}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x16}}]}, {0x22, 0x6, "e3f5bd0f5d7e8613aa354352aff71af9418657ea1c19a58122f4bcd96079"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x8d4}}, 0x20040000)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000200)=[{0x1, 0x1, 0x2, 0x74c7}, {0x4, 0x4, 0x4, 0x7ff}, {0x6, 0x1, 0x6, 0x9}]}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r1, 0x8910, &(0x7f00000002c0)={'veth0_vlan\x00', @ifru_ivalue=0x4})
ioctl$sock_netdev_private(r3, 0x89f4, &(0x7f0000000000))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000003c0)=@l2={0x1f, 0x7f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5cb, 0x1}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000500)="79b915cfe24722688f1b3ff0474edb2a00654d01d4570d910ebe190094e022c3e6b929e1b9277c37451adda8f962151ccd03662fab6d06ddc913e6ecc2b29088b4bc620dbb5b4ee0322f1de66e6d3ed8007fa3d1ef2eeece0a94c33d21f64eb2d0ada6accc2e84ba80ac9abe1ecb16bc9bdf1630aec869dd4d1d9fb881055a5b4cf82f194af9dc31485ec5cfd9ad0833ce5703f439686243381bd9ac8ecb1231773f0be51a2c054e9ca0d0b3926fd326041ed3a9fb21c65adc1d64955a4e5b1977af4743e1338555ea1a53e3500e4923c6f6241af214d89ee8d564981359167f700d80c66d", 0xe5}, {&(0x7f0000000600)="ba74e2d04d82c48c936ed802d2d7188598e30659b5176d1b17c21e7388105357c5e88279be5d83a76ff14764654e9c48b8a8cab96cd6a963368478fae53948239bd588b381e011aab0924e7049508c13d5b5e60b8ef284fdf9c2079025e3aaa8772e167f4ae7560cfbdf44eafe", 0x6d}, {&(0x7f0000000080)="f7b666c48e95", 0x6}, {&(0x7f0000000680)="5b35e1166a17c89b18de4ba928a4892e53bfb9c409295f94e29ded511b6e0efafe0396f512e6d5ad1b6e4e7f4d564390ca4492612df77270b71d21c1d5136da9e41e638cd3281dd343f43569f723b55ef6f1a41524013a425adf", 0x5a}], 0x4}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f00000001c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20000080}, 0x4018005)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
socket$l2tp6(0xa, 0x2, 0x73)
executing program 36:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20081004}, 0x24008008)
executing program 37:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)=ANY=[@ANYBLOB="120100003a982a08cd0ca310a223010203010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="400806000000a61623"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
executing program 38:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8982, 0x0)
removexattr(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(0x0, 0x40)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
io_setup(0x1, &(0x7f00000016c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000880)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x7, r4, &(0x7f0000000580)="1c", 0x1, 0x8800000}])
executing program 39:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x26, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000300)={0x1, 0x0, 0x1, 0x2})
fcntl$lock(r0, 0x25, &(0x7f0000000140)={0x0, 0x1, 0x7, 0x40017})
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r0, &(0x7f0000000240)={@void, @void, @ipv6=@dccp_packet={0xf, 0x6, "38b177", 0x219, 0x21, 0x0, @mcast1, @private2, {[@srh={0x6, 0x2, 0x4, 0x1, 0x0, 0x18, 0x6, [@rand_addr=' \x01\x00']}, @hopopts={0x2e}, @dstopts={0x6, 0x4, '\x00', [@ra={0x5, 0x2, 0xc8f3}, @jumbo={0xc2, 0x4, 0x80000000}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @enc_lim={0x4, 0x1, 0x8}, @enc_lim={0x4, 0x1, 0x6}]}, @hopopts={0x67, 0x24, '\x00', [@hao={0xc9, 0x10, @local}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @generic={0x81, 0xfd, "4b772428fc8b0cc39d58d251db5b21d5862926afe1f69c4173a6d159f702a45c9ac831bbb907a777deaf72b69233b1c1b4a2df6b1ad672454a2d4f54d164e156e69e7e943bf33d07ef504c5ff788ef3ad7be4bd932e1397c5711fd898c2ad9403469e245b77c38436a0750b1069d51b89d5b274bbcfabf629ddd2f70ac730e05dbdb02ab42d860aacfc5eb76f888f22e2785e561b9f8a8e021b160be176db27b293b40172603c41381774fc20bce732b4231811d358834af922f5f1cd22f05a6582a608800fdbb39c3a37523f96fc9beabe94e7823b4ef5c57de53de7382ef4ee0dc12945d09e47cda919488b2c5b70c390d3aa7586f7991cc7cb2b5ba"}]}, @fragment={0x2f, 0x0, 0x7f, 0x1, 0x0, 0x4, 0x64}], {{0x4e22, 0x4e21, 0x4, 0x1, 0x6, 0x0, 0x0, 0x4, 0x7, "6de17e", 0x0, "00f600"}, "0d1198143f7e5b3152ca9da9dabff56658b4d3079e6cce1ab98662a450e0fc2b6c032668aab51dcde58d8c338f0123b1e2dd081fdf862d3da4e2c8cb1c59201be121b3145ce2acaabfa3ffde35ef4872f995ab49ad6b21ac3d56f9e348d77bf81175f9a9d6814c099b629902e7e91031fc7213c5f8d991ad77cd2c7005b05917ca"}}}}, 0x241)
executing program 9:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x4, 0x1, 0x2c}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1, 0xca}}, &(0x7f0000000600)={0x0, 0x18, 0x38}}, 0x400}], 0x0, 0x0, 0x0})
executing program 9:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe6}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, 0x0, 0x0, 0x2090)
sendto$inet(r0, &(0x7f0000000f00)="8995b3c271bab84f6e841cd28301f2e02519276836b2ab14ba300f39a71758d74d011771db342aa6df71dc54faabe6ccc2dae1fdf17d4c74618af0933c8c800ec3ce49bd4af9b8cf0b15e8ad756f12238f6649d204a1065dad7cffef082a59ee2b21eb73656d3dc03547888735d83669614e4eb5b9be7e4e76b2bb0c2e504c0f86b616d14acae75b2855f9964778238b006b976edd5e4bbda0c7cb669c25fabc598f5bd5a6ec98a63d59dac5436c04687dad36064d69599f981550ae4beb469332d52226990d21a6f7178ba83cff18b65d698afdf08e245a1868ff7a9117d11ed243932580e8d1f8e4ef583656940b7b2178789b452f611555a8d908cfc703bb8de9e802c65149895c4fe2bc9ecc9bc85eb8815f5f5ca0c2a54a284658de7de7c9ef6b65b2961317534eeeb8b67ab6a5718b94deeb9ef60c21478b343c529aff4079cfbd4e50b006165c839937f0cb2c35a7c7800a523970493819d0a300b581cf0c373dda2e7acd8e91a897e1729e97a5a14480ecf4aeee7792e8b1f21b43cb5552d4b005e933919323e55658bc9de3ec99b69bae43e46a6e2f7064b75e36d4f83b86e1097c83fa6d1296a4c5b62b2d68ad2d8405f686362e5833103905130ef9a8d8df2a3b74ac7b83c2c6506f03191ab4b45688b2389e51258133b3687dafba95f4b835e1730bb03ffb45719ca37786b7e836f4c004bbdc8564e26f994a34e5db06837df0be0322070c47ba3514e0d01ae3422e5e7fb7ce909621d1d223e9164a0cfc270eee5b6581b2c5609a5fef06687717d94242124cf3ef7345020a026173de848dc5aa928d35c3ab936bc840045ada45f7e6fd66b0e3f5aff84b4855c1e86a393ac2a1a8f5660b9cd295e0db9bf7746ef0864334fe9dcb50af3a49eb99bd1320b4169a8d5f54e7e35dd8e705a6364fc62e525d951c83b721e2d9ca60b1365701956712f07f56dce6d4c982c63a420d8b820fd931776d019ecf1ea5564e542093f243b6bb7db6df69e8706e745c485e919da989ea5e3690f1169d7e8ad03185ff21700d61f44abcc8abd6f47d1b5104d217809f13d37ba6986a6c58fd07e18d8e228c664114b64aa84f7302c7e21be253edd78f561872b6573301c947b5f3407c4f4f0576ce5939d220ea898052a048fc8b4c6906c465fc43dd32b83132998ef8ffab3b2601a42a4508507d2b7ada0e23b4efdbff3a673d937397265529ed5ca097406f59b5939f937b9414a60d4347c996db8547f21dac637b4f7da9ca065c2704039d9783ec5582ca65dfbb762d9cffbeab23bcd5eb882335f7d8287e75f49d16de5873f19f1def11ae05ff0879b66154ced85c2999277fe6894b51d3727fe7bafcdd67c31f05e3116db64af893d40c88a1312e4e6668d2842b3bc3c730f9637bd13b1c0e448de9adb3806b2487cc344306da7b9064af7327e1aaedb8a1320d4e9b7b0c2669206b4e9599c1aa35669385a9c3959a48c683ad6281fc70bafa0d8e61830bdadb3907c7371be3fb6a49c82e88ee569c4f8dec3b9d99431647597ddefe581946bfaa6de081aa3ee91bcf82b8046717ac66879adf53856207815d8c1472f2fd0747aff8c98777f76f0c2f8bff16f83ee94cb471669f7e2af11a406fd88537eac8a5e30dfddb3e8311421e366a4715ea8b72609a85d568412e55b22ac5693eb1f199971c8ffd38dd8258bbeb8313440956e74f163b5a04c7e872b3f124f577cdc23435fa15c664e64848e0706dfd31dc048e70b41d5b5850080cb38923232e9182364ac5ab6c31e1fa16f627b5d96657a0c66570c2", 0x4fd, 0x4c840, 0x0, 0x0)
executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x28c, 0x1}, {0x7}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x2000000, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x1, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
executing program 9:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local, 0x6}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000300000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b89efe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 9:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x1000, 0x0)
move_mount(0xffffffffffffff9c, 0x0, r0, &(0x7f0000000240)='./file0\x00', 0x272)
executing program 9:
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x404080, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r0], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000280), 0x12)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='asymmetPic@\xe6u\x18\x8f\x8d\xd0\xb9\xb4d\x97\xee\x9bY\xb3\xa0dI$(\xed\x98S\xdcB\xdf\x99J\x9c&#m\xd0\xb0\x134m\xa7se\x8fvS\x84:\"-\x94\x84\xbd\xf4X\xf2F6\xe44\x1f\xa7f\x82\xd7aLt@%a\x8a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xb4\xc6m39\x9e)\xa5\xe7\xdb\xdc\xb3\xb6\x1f\x1d5\x13\xde\xab\x86\xf5`S<\xd5\xc7@-X0\xa9\xe4l\xab\xf0}\xf0\xeaco\x85kM\x8a<Z\x02\xfc\xb6E\x8c&\f\xb4)l\x93\xb8\xb1\xcfK\x0e\xben \xc3\xc5xH\xa5\t\xcc\"\xcd\xe2\xbb>S\x1bZ\xa1\xba\xb4E\xbc', r4)
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
keyctl$restrict_keyring(0xa, r4, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e')
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e0000000400"], 0x50)
mkdir(0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x20040, 0x0)
executing program 9:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000012000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffd}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000180), &(0x7f0000000080)=0x8)
executing program 40:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000012000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffd}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000180), &(0x7f0000000080)=0x8)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r0, &(0x7f0000000240)={@void, @void, @ipv6=@dccp_packet={0xf, 0x6, "38b177", 0x219, 0x21, 0x0, @mcast1, @private2, {[@srh={0x6, 0x2, 0x4, 0x1, 0x0, 0x18, 0x6, [@rand_addr=' \x01\x00']}, @hopopts={0x2e}, @dstopts={0x6, 0x4, '\x00', [@ra={0x5, 0x2, 0xc8f3}, @jumbo={0xc2, 0x4, 0x80000000}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @enc_lim={0x4, 0x1, 0x8}, @enc_lim={0x4, 0x1, 0x6}]}, @hopopts={0x67, 0x24, '\x00', [@hao={0xc9, 0x10, @local}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @generic={0x81, 0xfd, "4b772428fc8b0cc39d58d251db5b21d5862926afe1f69c4173a6d159f702a45c9ac831bbb907a777deaf72b69233b1c1b4a2df6b1ad672454a2d4f54d164e156e69e7e943bf33d07ef504c5ff788ef3ad7be4bd932e1397c5711fd898c2ad9403469e245b77c38436a0750b1069d51b89d5b274bbcfabf629ddd2f70ac730e05dbdb02ab42d860aacfc5eb76f888f22e2785e561b9f8a8e021b160be176db27b293b40172603c41381774fc20bce732b4231811d358834af922f5f1cd22f05a6582a608800fdbb39c3a37523f96fc9beabe94e7823b4ef5c57de53de7382ef4ee0dc12945d09e47cda919488b2c5b70c390d3aa7586f7991cc7cb2b5ba"}]}, @fragment={0x2f, 0x0, 0x7f, 0x1, 0x0, 0x4, 0x64}], {{0x4e22, 0x4e21, 0x4, 0x1, 0x6, 0x0, 0x0, 0x4, 0x7, "6de17e", 0x0, "00f600"}, "0d1198143f7e5b3152ca9da9dabff56658b4d3079e6cce1ab98662a450e0fc2b6c032668aab51dcde58d8c338f0123b1e2dd081fdf862d3da4e2c8cb1c59201be121b3145ce2acaabfa3ffde35ef4872f995ab49ad6b21ac3d56f9e348d77bf81175f9a9d6814c099b629902e7e91031fc7213c5f8d991ad77cd2c7005b05917ca"}}}}, 0x241)
executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x1000, 0x0)
move_mount(0xffffffffffffff9c, 0x0, r0, &(0x7f0000000240)='./file0\x00', 0x272)
executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe6}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70c", 0xd8}, {&(0x7f0000000a00)="145a977ce90bcec36cee68138cdb7c53108f9e6776eb08ce8c386c", 0x1b}], 0x2}}], 0x1, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000f00)="8995b3c271bab84f6e841cd28301f2e02519276836b2ab14ba300f39a71758d74d011771db342aa6df71dc54faabe6ccc2dae1fdf17d4c74618af0933c8c800ec3ce49bd4af9b8cf0b15e8ad756f12238f6649d204a1065dad7cffef082a59ee2b21eb73656d3dc03547888735d83669614e4eb5b9be7e4e76b2bb0c2e504c0f86b616d14acae75b2855f9964778238b006b976edd5e4bbda0c7cb669c25fabc598f5bd5a6ec98a63d59dac5436c04687dad36064d69599f981550ae4beb469332d52226990d21a6f7178ba83cff18b65d698afdf08e245a1868ff7a9117d11ed243932580e8d1f8e4ef583656940b7b2178789b452f611555a8d908cfc703bb8de9e802c65149895c4fe2bc9ecc9bc85eb8815f5f5ca0c2a54a284658de7de7c9ef6b65b2961317534eeeb8b67ab6a5718b94deeb9ef60c21478b343c529aff4079cfbd4e50b006165c839937f0cb2c35a7c7800a523970493819d0a300b581cf0c373dda2e7acd8e91a897e1729e97a5a14480ecf4aeee7792e8b1f21b43cb5552d4b005e933919323e55658bc9de3ec99b69bae43e46a6e2f7064b75e36d4f83b86e1097c83fa6d1296a4c5b62b2d68ad2d8405f686362e5833103905130ef9a8d8df2a3b74ac7b83c2c6506f03191ab4b45688b2389e51258133b3687dafba95f4b835e1730bb03ffb45719ca37786b7e836f4c004bbdc8564e26f994a34e5db06837df0be0322070c47ba3514e0d01ae3422e5e7fb7ce909621d1d223e9164a0cfc270eee5b6581b2c5609a5fef06687717d94242124cf3ef7345020a026173de848dc5aa928d35c3ab936bc840045ada45f7e6fd66b0e3f5aff84b4855c1e86a393ac2a1a8f5660b9cd295e0db9bf7746ef0864334fe9dcb50af3a49eb99bd1320b4169a8d5f54e7e35dd8e705a6364fc62e525d951c83b721e2d9ca60b1365701956712f07f56dce6d4c982c63a420d8b820fd931776d019ecf1ea5564e542093f243b6bb7db6df69e8706e745c485e919da989ea5e3690f1169d7e8ad03185ff21700d61f44abcc8abd6f47d1b5104d217809f13d37ba6986a6c58fd07e18d8e228c664114b64aa84f7302c7e21be253edd78f561872b6573301c947b5f3407c4f4f0576ce5939d220ea898052a048fc8b4c6906c465fc43dd32b83132998ef8ffab3b2601a42a4508507d2b7ada0e23b4efdbff3a673d937397265529ed5ca097406f59b5939f937b9414a60d4347c996db8547f21dac637b4f7da9ca065c2704039d9783ec5582ca65dfbb762d9cffbeab23bcd5eb882335f7d8287e75f49d16de5873f19f1def11ae05ff0879b66154ced85c2999277fe6894b51d3727fe7bafcdd67c31f05e3116db64af893d40c88a1312e4e6668d2842b3bc3c730f9637bd13b1c0e448de9adb3806b2487cc344306da7b9064af7327e1aaedb8a1320d4e9b7b0c2669206b4e9599c1aa35669385a9c3959a48c683ad6281fc70bafa0d8e61830bdadb3907c7371be3fb6a49c82e88ee569c4f8dec3b9d99431647597ddefe581946bfaa6de081aa3ee91bcf82b8046717ac66879adf53856207815d8c1472f2fd0747aff8c98777f76f0c2f8bff16f83ee94cb471669f7e2af11a406fd88537eac8a5e30dfddb3e8311421e366a4715ea8b72609a85d568412e55b22ac5693eb1f199971c8ffd38dd8258bbeb8313440956e74f163b5a04c7e872b3f124f577cdc23435fa15c664e64848e0706dfd31dc048e70b41d5b5850080cb38923232e9182364ac5ab6c31e1fa16f627b5d96657a0c66570c2771432a17b89619b55f65ad26d4b833ca9a8e52fc52db51d27ccf3792708ef8af3ece815cbc959d63b65414c79b1aff41bd7de44ce4c97b6184ce2426bcd50a445c1ec15816a6b393ceae2a1581838c2301bb5951a1970fe7d122c95ec5715d9397eb22076a9f20f1f457ccef60ed60de11b677de9d44b63a4c90a70be9ee2fa92ce2debaf897fdb058dc697221fd55bf01fd1cb3916cbbb418cfb50c4e9c140b60d711c9f3a1ee2a56e178fb5b868eb0201e21b3d786619a06979192f2c0ab3b65261cadff9532cf36cfa9cf67bcbab4f00110a2f3c4acca93c69eb6f97b149936f2feda56fe5730b95b4c85a113b19fd16cf7da40c723447df047d0b5a7fbd8494af57eeb30d060e4c58f6beb5771ec7771cab58dddd3073b21ff3faec310d87fa7b57afade7b1fb8e8f137f0b1a5c403ee57ce9d751fa0769b3a7b44c36db30df9e0f3d32c769f1355b26cf547a0424b1e573e1b5ad7113b77a4750cb3f1a6d1ed457c828680b7a8a3896b557a6aa73fa29e7870a2f9bd2b4dfc4957abb388fdd8b2178f663ade6afa3e6a9c665191576ca973578b808c95c2916250f5a73f533361824b6f5ca145bd2bafa32c942eaf5f68cec22f22249bd1a7d164f97bb7065086379c98dd90b9d71c0c827f5922aadc26efa6bf969243156475167e16a2979f22b4b9e14cf0394050fce7d958c881681720cdbda2d89f5202729f49610813f442530ced1dc72f8d19d1427e97df561170813da37204a17a34046d4f1d1238f5f8f5f4901d2a741755329f402f8726e43c3381f1be5e2d7931e83332975b59047f23072fa752999ebe9f179f7a20c11dab40565e8a0cf48d6218c3f16f218565361fc435103676e8ae792d408e8c2524d9a847d458fd76d04609fa5e19a975c0ff4b1e0e06a0013005976446ed7106d215a6d0fad7bf9c9f20eb3f96aabdb018b4c01a0b1f4f2abfd812e5dd18b8eaac8503295b573dc40f0be120f0c02c09c166d35de311268c58b108cec5d78d6d8e3f238c42c31a2160e2f5fab218861579871f87a46fff7eac9796626c3d289fb452b42165a565bffe4c9f88fbd4c99f93321ac2abd809ca085d5e091df9911645b819e97e77245eb1100ca1fda9fd0572cf60266062b8c45b49abb118040d235998ecba916ab0f112ce5ebdb3e9568a15ce8331d93267a97a0ed2fbe4d278b850eebffa2a742542d16f64371377b36bc69c968136bf6ed283f94d7045ede693502ab3ed974c5b5876184d4c4e18fe23daafd486b2e401e6781836bb90222d97dd8f9cc02dbe8d4b4bbb4a5ac209eb6ae7c5f8c35799eb155f0c1632efd8e5cc0756d02ae11c5ac6cf24e4d6d773fa9630191789ba030fd15d7a615b9ba7ffdea849d77657a03c6478a208b4825ed5662fa5be99b7113e146fcb7f5c4c537fe2cefcdeab1820f5b2001ee88c199b805c01369e238e16fb22ebadffb", 0x90a, 0x4c840, 0x0, 0x0)
executing program 2:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)
executing program 41:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)
executing program 1:
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8081}, 0x8)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000a00)=""/178, 0xb2}], 0x1}, 0x2}], 0x1, 0x40000022, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4089, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f0000000540)=""/158, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
executing program 1:
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)=ANY=[@ANYBLOB="04000000400800b70400000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000080000000ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c9732"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf9385", 0xa2}], 0x3, 0xc, 0x5)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(0xffffffffffffffff, &(0x7f0000000080)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x12}, @mpls={[], @ipv6=@generic={0x3, 0x6, "b9e7a9", 0x0, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2}}}, 0x36)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x6, @mcast2={0xff, 0x3}}, 0x1c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 1:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e0000000109021200010000000009"], 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, &(0x7f0000000180)={0x14, &(0x7f00000001c0)=ANY=[], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
executing program 1:
r0 = syz_usb_connect$cdc_ncm(0x5, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d00000905820200020000000905", @ANYRES64], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000880)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x1, 0x1, 0x4, 0x7, 0x40, 0x6, 0xe, 0x0, 0x1004}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
executing program 1:
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close(r1)
socket$kcm(0x2, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[], 0xb2)
executing program 42:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close(r1)
socket$kcm(0x2, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[], 0xb2)
executing program 6:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0x6a}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
creat(&(0x7f0000000240)='./bus\x00', 0x21)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1c113e, 0x40)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe)
ftruncate(r3, 0x2008002)
sendfile(r2, r3, 0x0, 0x80000001)
executing program 6:
r0 = syz_usb_connect$cdc_ncm(0x5, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES64], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000880)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x1, 0x1, 0x4, 0x7, 0x40, 0x6, 0xe, 0x0, 0x1004}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
executing program 6:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
writev(r0, 0x0, 0x0)
close(0x3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
executing program 6:
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1}, './file1\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x223}}, './file1\x00'})
executing program 6:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000ea01020000000900010073797a3200000000090001008a797ab0000000000900030073797a32000000000900010073797a32000000000900030073797a3200000000140002"], 0x70}}, 0x20000800)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r6=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b80)={r3, 0xe0, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000940), 0x0, 0x72, &(0x7f0000000980)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000009c0), &(0x7f0000000a00), 0x8, 0xe7, 0x8, 0x8, &(0x7f0000000a40)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000c40)={'ip6gre0\x00', &(0x7f0000000bc0)={'syztnl1\x00', <r8=>0x0, 0x4, 0x3, 0xf9, 0x7, 0x5c, @private1, @empty, 0x8000, 0x40, 0x7, 0x1}})
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="000229bd7000ffdbdf250d0000006c000180080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="1400020070696d7265673100000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="0308004b", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="140002006e696376663000000000000000000000780001801400020065727370616e300000000000000000001400020076657468305f746f5f62617461647600140002006d6163766c616e3100000000000000000800030001000000080003000200000008000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="080003000200000008000100", @ANYRES32=r8, @ANYBLOB="0800030002000000"], 0xf8}, 0x1, 0x0, 0x0, 0x24}, 0x4)
sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYRES16=r4, @ANYBLOB="270e28bd70000000000004"], 0x14}, 0x1, 0x40030000000000}, 0x4000)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0x8008330e, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000000c0), 0x4)
syz_80211_join_ibss(&(0x7f0000000340)='wlan0\x00', &(0x7f0000000400)=@default_ibss_ssid, 0x6, 0x0)
tgkill(r0, r0, 0x25)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x31e7d, 0x51a23}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @rand_addr=0xc0000200}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x85}, 0x20040040)
executing program 6:
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x1, &(0x7f00000006c0)='>', 0x9, 0x1, 0xc45, 0x1010, 0xc3, 0x0, 0x7, 'syz0\x00'})
executing program 43:
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x1, &(0x7f00000006c0)='>', 0x9, 0x1, 0xc45, 0x1010, 0xc3, 0x0, 0x7, 'syz0\x00'})
executing program 4:
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4048aecb, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000700)={0x0, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000040)={0x80, 0x0, 0x4, "6f53d675"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
executing program 4:
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="d56cea33946c0eae3241d3604bfce89adddb2eb96960338db7572fa254eb7c69dc0cb526989630e26224c258c8d70ccacc5564d67723f4756c0399174c5460c4995942d24092c36dc820e97344798b5bb45423f853bf50e374323abacf0388cd091016b7a3d7843f4d3ae1658bd34d967e3323a64908442788dbc99c1f4248da53fb5be2c8001236b994ca594e3b3c588beaf3cb1c32c072d768b9e665e7d87044fdfc1fd6452593e6793963153f3850bf85042a5c139799ba8f6cb8d877fc436c4f1601270d6e29d60a4c80d6315e46f4219494ce897127d0b76f5d681e90f4e9282468ef7993cd92076aed266c1db8b81b93adc4969c9b89b32b8768c9f39f2d148e933dbb651746a9364f49986ef73b4c29f647b82b83216bb8179fe5346fdacdc5fda4bd48875cd2f1cf57a0c9a91e059446bac310a6d68948675c35a8e442168fd84d78d9800e5b05bdbce3a6eac65bee7279a3628f2a08931d3d52ce490652c20f8ae529eaf24bf421dad976c68b234ee6f6210c9f9aac3a55c6939d6aa3805b95619546264ff3ff82d0dc690e8ead61b6ed528c3c117cd771a3b7feb214ce8d720640d97f14b399b7f46dc4aad83117e8e642ccb117d13f345536fc3801c124cfaf8aa7aafff6c8df3fdd4469c077eccbd8ddacad80d9113dfde26ae67b226185743b2d53667fb3016fe114f87484ab614ddf0887c4b2c85351ab21a0ece6c066a154b38b4d7c1792d2db2cc5f8ceb42078187949d354b7a08d1529f3d10814757179c860db031dad4a3dc13ca01d1013238ed5f7a9674fcc77f0d34e2118fb851c970d86ecf9de1cfdb8d3ab197480e263c3207c3d7ebe17f9547c7c56b08e83de875294d0fd68df1926ecac24350b2c70bd73e14122ed480c564353d34049e67c26036fc35d04022cd35d6ac00756d3b8550bb22ae80a4bd630a00268d07fa249b0bf545dfbf01bea2f12b30738c6e13156244eb24e6d69ba7c3acdbbefe8bbc06b821aebf836ca07a3cc7b6b24686ed8f3b23085c893e72188b797651c5ab5cceb1465414a325f793a3af6d06eed7eb734ad05bc1f6619e8485259f570a482a67273ee01fe15dd938afce026f1111c7a38ed6d1aba34f009ce1e99140fd0db2de74150541fd48dd2ec5b1d15669de2ffe3a198184b6186ccda31aa64c585ff8cb65b67fe1455753895a88b6ab4c6bf1bb8329739178147e6f15801bfa707bd9ec9da662573ce07af684bb7c880a7d63b0a0a7300881408c44e95c679ea32b0eab845d0b333f245e8d6006258678704aa8cccdaf80cc46138d5b7a0804fdfa34c91d61a0d2fa6c62e7d1a675e5743f845ab40ea5df0182d6eb9781905c94751c75a411699a76f48433142c5f109d5dfddcc0b1dc6254efd5ea50d6ffbc7b9ca031e1a0123844b63c48b964645c6d24707582825e219bcd61677ed4fc45ee1f4be91b4c1b856d65a86acf22b8b0d08000000248ac040326b1490c2fea24bc0c0a721e2ed63e39973cd4d38df1001dba9b9d995c229655dd26f3cd3d64077ec111e2c370717cb4cd068e0d3a52f1027d3df953e1f1ac768a7215a3695722b1b6714ce43801451a9532212b651d073c780d61712aebadd145c1cd95c1dc0dcf51850046ae5771e365f45858a36e48afe563ec0afee3803ff6a35bc25217b53eda39bb813b8d3d728c21a0b80d014003143666c0d1398cc46a01aaaf97117edda217f984010e7c5cf32535a669d4f11f6b70e3a3b823987ef7c9f878415063bf05205e13bcf7acb287bd0bb0fce77529a711f0ed145ea2ecf2194658dff17c5681cf8c7ad8521d235a705292af4878b3f124be2df661026c091d6c07aae1a74c919f7478d1083f70b3a0fe00c2e220ab998b4595268b6f7cabbfc85e59dfb6ab7a794cd3fd70d5cc4d70ca933a4452df5a345cb31f3267de53519ba39c915d492cd4652843f1d30a5fb311e3b5d868347969f013c5e3b4841b22240abcb61a14ff567186766ce8f6ae64877f672835dbff4fcf19c8230d8a402397630effb698a8b0c9a28ae028d7938ffde488fd64113085bce504cd0551e0eb3730c3f781cbecf0c41d2338766d3f6096661c1f1bec3162b8a0c4099fccd9480e821df8782c2e070530befb62bccd8539fe9dc7d8d3f9bded1bb34db3f2d6050885c8f1d57f5e603f629de7491f5fd9fafcceb565abeaec838b10a763a00a4607d4330bdcedc066d8cf9790d806e03c219866bb8f053a6e602645436d1f469df1d5008f5dcd4bdb7ce5b76ec015a8f4693cb2a63ceb2be00bcf221f0ca32db4efaf8f7022622b335fa8dea4afdd86be10be6c4d66e5f57416add4480509cb98cf31cdda84644eeb782eea041d4bc0e005a20bccc3c4a08cefcdb91cc2c61d9231c4e36e96f6edd2133f9b34e7da90ce20d1c60ff223c6a204bb942766a359b923573bbbaf2a827d79e4f649e79a840216ac4ddb3409c94e71ff08d109bc3f0cf6583219de7d7131a956f835ecf5c131a0b1e056a86d800a0204243f3b695029578c064306a31db53f28a8f0c0302486cd05970904e9b5c53100ac1aabb3110a89820e4d8307c3d46084999d0456c53fec61a9242b486eb41a90f3300fdfd0d8a472e8da7a842588721d1df1f5e4cc425efebc75a904ef4cc881346a4bc23eef4d492e3efccebab86ae4213f42671370579ee7f8341396e9515619e100a8fae2c5cba0139a088579ece7a603c8b8bab9998223fe862dff8480aeaa5970c90b894e5f71c2784e4dfd50ed3e9ed91036e8356c09464de13b4a95227203133b2c2c71cd6323492f083bda58ad7721b6666b9cd93f93f0288482813fd8aade02cca81cd35257e023504ac4f86be1c7a810b67c6d7077f5cdbd305b618a05c03d196894bfb1a6ff511e59ac8ce45d16cee95e1de0797a543728caaa43e5ae42a12b6bb7910d18d4e1ea89d264474287eb23a76095a12a39c46a7c85349e2969edaed3c1fa6a2150494f63f4c98c65fcdd650ac7424ac1ae64421294356ac1e4dbf9d4c817f081f4f7751ebf56788d799bac29dc0bfe83ead7ab3e338b8b84df4cad2b549aaac4e6048a6fa8f8f6f1f7e0e51c8b3c872f18c466e590222b03230f46bc8e9a0171bbd2096c7a480d6a6f29bd74b60105bebda42e59cc830c4b31f6c52687b4ec2ba869149ae363d711d099f94ceade1ada193e931ed9aea0a280ed5f25ad5ab3b4083f140ca17b43e5f6aef2c24a28a0262c80a040187e052ea7d54a528b6fcc176ed3afc07fe6a661d050fb4a3a6abfa3dac5f3230540b45af060781cb5499c2894d6a4a2bf908ddd48d6b34207f56c31229e206c88db3552ceb6e82a0fa2bf7f97baf603d37d6a8b1f2b1f5f95b251129ed05351681908b7cf5cf6cc86dd854174cc19713b4d262b021952b6da5f20f57bbacca62f5b7124409aa625bbea59819baebc1bc2dd188feba48c998d0dbed60d44b8a4f0ac28f6c1c8c9998f7406f1a34e4ce902be2420f7ff51a5ab3b1faa86ab2ec1edbea2493cae090abde43ff27d685c993dedb24eb255772cc56fbd104f4f5275f10d54d7cacb8cbf188ae1a4d29ea880068fb2696b3ba6e8a7c15939e1f7c394ab4bd4c4bef2383121cbeb18646a8e013d570cee3eeecd7fbe84a619f8aa2e34f2e1e9b99d0c7d7d179d9df8d2e2f1cd7ba2c7e60166dc14e5e4ed9c41195935e2884b5bd0057ed0155a5d4c6482e8f554e4cd0d0aef7d6487801ab54d54eb41755d833ab83883b40f47595063ad2a0fee5c661f86b8ab04ad0047d988ad86b3c520eb78dc3d750a57e777f5d766349f1a687e090f744206cb5d048346061b414060f6826d8a884e93f73f1f1f4cb8bd6e8d1215d436d390dbda35b555f550e11e6d8008fce1c429bd9bbd04a1fbb9de28663c1be4d8d7e506bc681ada28a69014b972919b5f70cbb770349324c9af0b7ee7ff4cc8bfe807fb9faa0a69498448b22192d578a1e82582b943051beb543ddca8b643ee6c76ee32278aa8bc92b44a8439a24ed5040545349ab05e831d4511a8da03ca539659585b2267a73775f1cb7c2c5548d3508c896f99a8e5cb55160ab1267e320ac2d7c8f8b57079dd14d301636a1374e24541f8d453978998ed256b381bcf638bb372ce1ebefb341656c02f4092a7667ffec5505e4938dcb03d404654430e244f9f7f7d0fb4189a93f7c2bd7a4fcb3ccff79e41a98adcac3e4c19eebebaec15bd8cea1df0e509cdef62ae10c66734d162caf35a6e511baa717f769c2e449892224fa8ae78de9138cf6ea1d939998a8cb68b0e83cf604e03b99634796d3d495e4617f8fdd9764631e7ed6eafa797deb1159259777bf2915d48b63286f6d6528ad4ca5783609263d9a03aad41ec8ef1e2e1e77734d27229f801192be238468854945c20dab4e1baff9dd593361efda1de95e04561d33cd73a45dff5f85b2e85b0747a49345ac8d38add8ef9c14685eb3d3432f3f994e3ddd4e45b16005870485253afc4f08d8a6d8023b722284d11d56c6ff9209a5bacb7ce1708244bd21878b8cd5c13ab453bd589f6196322de9faede39ce6f94c75d008d2d7ced27a2375cc62c3d5c15c1c4301a01299d8f4c41e5a44e4130e9555a356d6b19728c7d3c86cb9a1ddf906ab63a9447f8233bcd09bd74cf9749f085f0c4689ef40dbc41a7a299f0f891d9d0d3e39409d4d774da53bfb6e8ce668ce50885558e909add2cb9bda2f7e9232541b1a7f742a99740f486ef4f7c98e4052f2da705c56a18d5a8289ae6cbb9dc7de13a8cf420b7a930abaae813b40517d84ae984dfc94cd1021e0e4a7a9e7de841018d474083ca28a829ee03fe625cafcbedadcdef6621ccd679fcd9c9a9ab2136211f8c9a679895aa39facf2d6668e509805dd8e0ad78d8caf250dc38f2c9518bccb353ef3418d3906827514c1959d58344ee11a0ef1c1424495cc1a9910187685a47d6dd91f07e5081c5ac3f1b6e363069694dd9072684c5ab0ba56157c10f5fa8409e5bc43b38b31f24a306ca5f7e3de9a392eac1984e877ecb3dfd044f1449b4ae9b586051b1780c0ce462919f4a4b54ad8011d013c3962fc6697d33c2dc6771fec664c82cb16144619b207deb4391866d6c1976b945c5959d19018f15376ce3b05666747743527f22b54171da4dabee2f4e469a5521067de4f92e2bad02e15e812b6cbd27ec88a9eccf600ce7f5643392da9ff6b6412f8e7c68d8c8b9e0006e41777e2a1363a9556befbbb110dff3a84b179da3838acde0b25f53798733a9fb463d76b630aef7c8a43f6219482b34b893fd99cf3a013ecefde7c5c6528e304c1868ff3fd8dd5aba348a05dc950b1c4c281cbb28b800d6d0da180fdee06ec3bad6f97180295ed1d77078156a885b5b0c501ea563e8871adb97dd6052de0ab369bf2d98f434bb2d172d9967bb73d3eba6b52bb8d55d8963bf58d310afedb51c0f94c7814b6da30fd8056ab7be74ac31b1b75c217e3ab93eadcb2d253e5d8bbe47c0f1a411a9e502cf4301d898d905cd5db828e56a722394fa11cca64a03a42e7fc1b3481b71ca0b6a3d9bd1fc8229f7f9d3e6aa0d48051942579fb759201d4715db9a2d399e0745a66dbbd571accf1f2e15573ce832e91bd1f042ab758d9ec13e354f38454cc42668c8d60358916f7e937015f6c38732bcf6131ecde001892cb20fe47153e7e23b1cd2fc4a22662e7bde09f7df10fcbf475783fe23a0fdcb2c3bd8b28453ce523ac19ff77e68c3e9fa0193b796ea68f44132b3a96adebc04181e503f52be4778ef422ce3e6ca38514fa18b500ca518590479e8c73a7942dc2e237d82cda953ae1b296b97ee8ed62e2e755d6ddea7c0334e1b8d76c278bdc454724003106cb6fdc85340d1e784ac8b6551eaabc33c502163ce0d401627bd22ba6be90089372bfa3f91ee745e45844ef8dc0fe3936bef07f9c1d3aadfa4c8e99be6b038bed6beb9597add881da2acc1a3a471f500d68f639cd2bf6f4afab919a2cf747bcbb42b95684e8741b485c3297cf07c7bd98d6653421b61f701a06b82be0fbeecd32eb00feca9c5732bb5e565bccf8c9feb27a50760a785bbb50402768cbd458811e284a604b3374faf3480e1736743665617de9c32fd10e37105ac6dd5303f1a6dc78950bce56215c2a2f9e0ccbc0bf9fe8ccf7647ed29e2aa4948689d681a7a9fe582631338f3eea3df846f28564038ab75aa2a8ee5416b66ceeda9d8f56ecefe07f6a21ace83a2e15ad408d0a480f56708e3d1c96020b124c58f6ff5247f73aff7f77d389167650b8a0b98c97f87a1e5d6c08fa99874ff144bfa905e9da3812f010eeee00f3c9b594450faab5342e1b6e98fed5714a802b67b3e5b1964a62606aacb8222efd4980823f076675ae859e64de7b08f7a0b3d8bc829e1a93eb3b4975b4761cd7fa743e393da537c91f658ea2b23c94244498cdc4bc32c8b9859b9d9792eeabdce635b2d61c311949204826054dba0880505e2b53cc3521fa8b68bbba2ec05050bd3244c02752af1555625ddf50a3656c0043005c43c26a2dc907d5dd67efa831ad974151067b436a75fe99b8c94c9ca9737279fa1aaa09b0108c48c79c7e4ec1eeccfd43aa8e7ab6cacf5a956fc47d4ce77fe719d6eec1730d3e3b3be71d313f644177b6d16df0180848c28b850fbf71168a1ee4e5639bc46f2555b3984dbb91520538dfa6a1905abfb7238ff344d0a7d760f040718a57cfb56634e7de7584097f69f87630693bcf410796266cc3f50302feacfb556bad2506b7191023817527dfe5973101712bda922472076633133a11a76e8bc7d763a2cdaa53fa8d47d442fcc572f791d66d10d8d6a9058ecbbcd6d3dbe45d67b75e1091dd0368bea33ef0f56ba68885630429c24800922062e1066f2d4c4b795332ab03239548df4e6e01c432fe5eb29e8e63f6c7ba4f2edefa208c69e781786e4717c2f71dc2032a98cf1e6d66c10831e17ee776edc6b060ae20d025dc570a88e17da771acd32b7b93d46e43a917b8e2ba8232ad2707324b9b04dd8ee50c3c5a4372c0b1461ab2b7424faf00c7162bd8e8ffc7fadcb055403b0fa7087226ba4330e746af97a3f915f0b9e105759e81fe94a0df0cd6c324fb0b871491b5516c2fbc82c77b07159e3f4c0b7952b74cb4e203a69f241485191e1afc76d12a56db065b0513a41582f655340603c73cb39b728c97d1e919ecf963b91ec2282d25dc426db873394055beb0f9ba20545e2465ce2d0d962f42e1e4c79bdea4cd2829269ff7ef650bbeb5083d39dc7aad668af0b01c521192c548857473b29991f7bb917b5814fe945f4c3ed9bb3f686ec1027acc866860e9fd6b7c0baae82e4ac033f62a2c6ce6a2311b8700b06b5215e604a9b99d37e00450fc7790e893176e9fecda220f838a078a8ef7da7d499b1fe0eb8780c4b9705a6a10674e61b5c228fae1c13488f98c10c1792fa40229dba44b1cb534f9fab6a14407687761d738c91f4b8d4371a1de1a47bde0563a6fc88c4886be5d48c4cb89078c255eb1639598379daf50a672cbf4d8add2d4af6c02aeb1d0f86b611abd363409c7c7fc0b66f307ad3df24241fe06d0f7617d6c3987bb9e5d8f1712aebf095fad19b3b4fcb9cc4fb39012f333c4b040666259ee7bc43cff299a527a8914d71324e91c774b84e9392e615453e9fc648c539059b66f780c888892fe8b30eba799ed18fab08ebc3b9da8bc12a249456351bc0ebafc9f54d5d24697fb53eeb5e734527d690620989f605f57dc65a15a754d304be592acc616cd528b6986064b4457b96cf1fb0ab383a0585acf9887b18e1d6d3aff1e7f2328ea0313a2b36f6f79d671d9ddc4d34fb8fb55a596b2a16c63757083fb4bd01be2e1d82e47c5a44e052279097c5a18feae9884e102cf087611a3b94467ad61635dae6275974f6e6ca7a42ded0ee4577574d56b142853a8c955d92d1eb780de11dc9289acd193214ed4c9f5f26d0481cb3c0c0b8d4c9ad929c61ffeed66bf2e4f7018049593b99358d93559847d55654cee93da30f6578d2e295909791d227a12c09cd4a0edec25d3155086b64a787997a53265cbffb7fe6a2bfd589e12b4d0e21a600276e920397888443584aa99a06d7cfef8e68eeab8fa739c3d8fb74581ceff295110742e763320bed3a4be982b3ebed15ecde37e849aaa91959327d25149f38854ea1137f870aff99979e5e74cc9e45be12e3f0f9912a0955e718a4917e835bca50f43ce92a6bc60ed006b8f623fbacebbfb3dcb4fabd9941a5487c6f637de9a2005a6bc4062e1210a08a51d6f8a5e3f6f97fe90dc7efbc1918aa00e230a4a0e5c41a4808fb9a731271fcc1e73713c9592aa4b2ddccd0d13c3cb68d51166623153445c9ec955c6870dc8543c0684883186082e34ea5714febf8b46921015c3623220d17529896e1a6edac6e32fea2ba30db203238300353602c17dddad7608cad8170b520f6d9d32cdf0156a1de4e9b9eea78f73255ddc6da6994a6018ff900d9886590602ca6a072d8aa5645e2adac0744e2d5b2e1038c746635d5814692c3498aa9043b68f8ce79c44678c5a7d5bc26c085475853b229b2af3dc822ec58047f313c778aae2b64995148174e42908f3ecacd3921855790c0c5a25814416930293010b4f917979d837f4ef9d2d6dce804f5c0926244097746252124a6e0055559ffab197c38778f717362152af8f6dbf7ee03df050ab9b8909556691c2c2775f0f9c26a545db7ba698a4ce37de877705ea97ac0a002db274ea8360a4aa732c2d5e7417138c60cbea69d3b4993ada6a9d8f51d851543a6500a31bac5a057dbef498001f08a44e3c4141900e18b6d73c28c8c67dca805edeb5376384cefe75be1f127225e4d9724b7047d68fa2ed4629e91711a37c80158a07dbce78918931402b472a98a5d5c6b66a2d116314577e94298c37bc441499a9ecea132d87c5d305a0f8f0b3ed16f3b820941082c73b28391d8482ca0cfa78e1e09aa588b0eb1849c6c7916a6bbe56134a6bd93ea306dec125982628dea1db6d022d210627959e1dc819c841f173ed25f356909222e481a1ebb31185fbaeacbd359d2779efe4554ccdac7f4bcc528f656a45049331e16e9c0c796423ec9c7cba15c69d4a8a7741699910f33cc9798a8bf1e48182f08029a14d0131654fd388225d7509e1d7a484e9c7df34d1680bfc6b8d1f6f3920cc4113509fe42dfbd6b261000da9651f7e18088f6c2564472046e5eb7e8c9f8b5286a7452741a7103ced710bfb8e699fb8b1a85c0ae887cc06ef2ff9e2a2b1a77bb4d44ddd4a4e1ba60afcb92baaef108b60486d409889cbb2b1cc77ddff7e4b6caf8cf3488764d84bf3605eb9df709ac6cb36d1a3de89cdd6657f0e6b4009e6dac5d9be14f4ed997cf61e5aaec932520c321359cf286adf6e2dc3094794ae61a4f16089d06e3dc62c958950e73213c1e865c894fe7b8a30de65f5534a1e9c5d19ed49397980126322cb9c72c46a86d7487571300d85b3b5661555f20ab63a78f846c1b8f51a19610a11ffee44f7ccf0f1d67f4148b2c828d74c7f3993965c9067114467a71d242113a68574e28601fce343a023ecc68a72d75259f9a5dce144a7f61ef327192f6474d2bbd06fde3049fe7fb306ba3f54337008d7dbdeaf28a37a224e38ade23adb076cefd3148efcb62539a96d4dfc53f369e34c3d493ac3a5e8c8881133be630a2a906703da62ce7cc02ace9f666d6c3d4b9763a83548825ee1efb54ee3475b09e2616c5bdde3d193181bf020e8ac9ac25f32604b6c11de8ad1a15b9f908c6d7e79181aad1d741b7434aa92597a835c53b9e4b61d6069fa4ee921824d17c98784a8c04590f8d2cf877662b410cae4ebd1ba3616074c020d8cb6099a095735635490d318821310ddd016150edb80370b8d4e2f05557fd619b17192c13353cdae76d495821c610c8641e5b3dff1e7f2ea77b17810ca7975b8e36b7f501a8710b326ef92672096ef66598510902fe663e2a9ef00c3a052f1cfb1739fccb4371f8f28bb92654de5bf87cc2863e92e6d7e4b45d773f90f434eafc8f8398a48527af829a6cae359e7af5941bef158f53798058351107ce58f79ed21036770f6e10e7da92bbca25f369ee83a0f894bbf366a1361f8125b4ffd8e8b4d47ec68cd6b37c840cc5beb8cf65b2269ea1a0e9c371a571f30458ff8ad9bbf8723c19ddae1de5ca7461a436ffcd103c01a20f3252ba0965ee928cfb0d002b9aa4d4f20c805b77e67c8d991c4d07e5419bec9626a32c115d28253dd5f16c17182c1779edf49bdfe3823d87fec88929801163a27bfaeddfd8cdccae8cc3bfd6a9f2e2fec5971fa560c434debd434ff4d0058dcb05d9f3ac5193c458472d6d1685f9f46c8864900c5edbaeeee08971ee1c087f2e11467ff4766743bccf9e3414feedd6dcb904b92a05eec5de8db95444b920c995c770edcedcf7bffc48836c8f30037dde47f0e66fd79550de0ebc3c0c3eba0b66e2a353542eeb20397800e5f41635c5ec2f9a271461bcee8e570ddf945b186f15ab5cabe2a3123189935c6b9010b31732c425a9b2582b097486a5a7b1880b2f16104484e1ca83fa9c278b87e30e4b0cf6ed66c87a979c05683ac94a295d1c53e6f0975a079dd9a2825fdd6ae0926ba1a69f3f69f408eea9d00fbd43235a52c53d11963a611b81dd9f5e05582e1822398873e883662a64c225be19e0b85e102e23fb73d5dcb11435a5437d7418b0409f2e60793038f55ed54c79882b3a17e74ae2148bd558d131dbf446edeb0d05353492534e216761cfcf6582d066a8235a2bd5eb383350a52d7fc2761514e27b6125cb3e387c103dd62e31f5b789c217811c80ccbe3f10fec7a19ad32dc9271368b6d6ba549c45dfd8018507c40962b6ac6468c3078edb71d8ec7f728be8cc23dea1139ac30c2e8d0fc077280e420fbbffc896863db5f1e76922d7dd8e4479c1be822e74212c6f74765e108f916a1b83f6efc8ea54080e9a28b1ba5813a1fefddbe2d0cda413ee1463985b51b59f818f440c9b6a10e4ebf71d37995ae9694ba5867ca2eb2f7bf4e58d26149f2b25943fba216beb3de1f954bcf1bd32ce358b5d23023ab456ebbc493ead41e25b62b5b4ace6c5c18c9a8d512a9cbb4dd59f33663f6138d6b06bc8eb1ec9caccc0077b2e68e7a09d412dfa352e7e5c3942b710ab1648e16d0adda424d9fc2d15c619f4e8093c2b9521e4cdb3f22e655f52ce0fcc1bfd94e56cba8decadb68214451be53f9286c82d2a4912bd2394d1133be908409d791d6d8c2194ca37a76a38d6d0a1fced6478848891d9264cfc08fa849d720339ce00977cad8d9738372184098a7333dd1564d1d7754b4aa4afd6217585804159d31f53017869cb78b718c837b7fd176ce19e3d6996b6f055ed3ba7cd55b0349676c0c113c33d070081ce4ef29af156c4ac8ce760013688d0295d90271e23ef3ca10ec2b3b889855a153c867ce79297a10a02d21e5e8995fbc10d2f4d4bf521565376053b80937bfafaac688108f9962b7c72cf0111874ac8ae27d024ee2f9d57f15b9910a7486ef7542c6629fb0520c93a445542d00", 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000026c0)=@newtaction={0x14, 0x30, 0x1, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x44007}, 0x2400c800)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x381, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x5032})
io_setup(0xbf, &(0x7f0000000100)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000340)={0x20000000, 0x0, 0x7, 0x8, 0x0, r0, &(0x7f0000000080)='\x00', 0x1}])
executing program 4:
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff3e24852548deb01efd54f11ed2c41d078b9cf1fc8f725616b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633b72fad6265a293e3877adc1660edbc9a0307a25720a170e7f5670e419dc44febf7ddc73fd4a5a0b6c28665f7f46c7084e17c809268103a2584ab40a68e528329dffafc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"})
pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000680)}], 0x4, 0x4, 0x5)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xa, 0x99, '\x00', 0xe})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 4:
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1}, './file1\x00'})
executing program 4:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = dup3(0xffffffffffffffff, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@binder={0x73622a85, 0xa, 0x2}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f0000000600)="9e"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a320004021600080008", 0x65, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)
executing program 44:
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a320004021600080008", 0x65, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)
executing program 7:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1c42, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004400)=@getchain={0x24, 0x66, 0xfff1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xe, 0xfff2}, {0x9, 0xfff1}, {0xffff, 0xa}}}, 0x24}}, 0x800)
executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_TSC_KHZ_cpu(0xffffffffffffffff, 0xaea3)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2, 0x3e5, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
timer_create(0x5, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f0000001b80)=[{&(0x7f0000003c80)}, {0x0}, {&(0x7f0000001c80)}, {0x0}, {&(0x7f0000001900)="3d4da85e8811193ea0e3db71eccf1cd54654a2cea2d0a76faa3bf885a4f53de3967523fb4bba9a5577e79d1eec4414764ce4375955ffa69d71524296b31e5dc9d48ceea19f0e9d2c69335a8d82199af9451724ac25cbcb5572080d7aec3b66a3ead5dde98a6946e65da2aff38604976dd2f39f395a3512b3", 0x78}, {0x0}, {&(0x7f0000000580)="d1671ecbf3af8941d012d1ad40", 0xd}, {&(0x7f0000001a80)="ef706e821875bd93c637ae90197db1bbd9d19f9c61f700a178c0454a0f50f38e63c96f3caf8f1b", 0x27}, {0x0}], 0x9, 0x8)
executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0xccc2, 0x7fff})
executing program 0:
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
readv(r0, &(0x7f0000000280)=[{&(0x7f0000000300)=""/80, 0x50}], 0x1)
executing program 8:
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
prctl$PR_SET_PDEATHSIG(0x1, 0x41)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(r0)
executing program 7:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
dup3(r0, 0xffffffffffffffff, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x28, r1, 0x1, 0xfffffffe, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x2}, @void, @val={0xc, 0x99, {0x1, 0x29}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000080)
executing program 7:
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1}, './file1\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x223}}, './file1\x00'})
executing program 5:
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4048aecb, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000040)={0x80, 0x0, 0x4, "6f53d675"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
executing program 3:
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_dev$mouse(&(0x7f0000000340), 0x0, 0x8042)
read$FUSE(r1, 0x0, 0x0)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00')
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000180))
executing program 7:
readv(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x20000020)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_TSC_KHZ_cpu(0xffffffffffffffff, 0xaea3)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2, 0x3e5, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
timer_create(0x5, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f0000001b80)=[{&(0x7f0000003c80)}, {0x0}, {&(0x7f0000001c80)}, {0x0}, {&(0x7f0000001900)="3d4da85e8811193ea0e3db71eccf1cd54654a2cea2d0a76faa3bf885a4f53de3967523fb4bba9a5577e79d1eec4414764ce4375955ffa69d71524296b31e5dc9d48ceea19f0e9d2c69335a8d82199af9451724ac25cbcb5572080d7aec3b66a3ead5dde98a6946e65da2aff38604976dd2f39f395a3512b3", 0x78}, {0x0}, {&(0x7f0000000580)="d1671ecbf3af8941d012d1ad40", 0xd}, {&(0x7f0000001a80)="ef706e821875bd93c637ae90197db1bbd9d19f9c61f700a178c0454a0f50f38e63c96f3caf8f1b", 0x27}, {0x0}], 0x9, 0x8)
executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
executing program 3:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x10, 0x30, 0x1000, 0x0, 0x8, 0x0, {0x0, 0x9}, {0x9, 0x2, 0xfffffdfd}, {0xf4ef, 0x2}, {0x3, 0x4}, 0x1, 0x100, 0x0, 0xc3, 0x0, 0x0, 0x0, 0x16e3, 0x4, 0xeb7, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4})
executing program 7:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1c42, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004400)=@getchain={0x24, 0x66, 0xfff1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xe, 0xfff2}, {0x9, 0xfff1}, {0xffff, 0xa}}}, 0x24}}, 0x800)
executing program 8:
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd61000005000000fffe0000000000000000000013"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00'}, 0x94)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000000)={0x1}, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x512, &(0x7f0000000280)={0x0, 0xc65f, 0x0, 0x9, 0x40}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r1, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r3, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
executing program 0:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x7, 0x100000000, 0x0, 0x7dd, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x255000, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x4, 0x5, 0x2, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0xffffffffffffffff, 0x2000000, 0x0, 0x3346c4e8, 0x0, 0xffffffffffffffff, 0x6, 0x964], 0x40000, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
dup3(r0, 0xffffffffffffffff, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x28, r1, 0x1, 0xfffffffe, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x2}, @void, @val={0xc, 0x99, {0x1, 0x29}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000080)
executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000bc0)=""/87, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0xccc2, 0x7fff})
executing program 8:
r0 = gettid()
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
write$dsp(r1, 0x0, 0x0)
close_range(r1, r1, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200001c12de8c34750400000004070000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000100)={'sit0\x00', 0x0, 0x7800, 0x7800, 0x4, 0x1000, {{0x2e, 0x4, 0x0, 0x9, 0xb8, 0x64, 0x0, 0x5, 0x4, 0x0, @private=0xa010101, @multicast2, {[@ssrr={0x89, 0xb, 0x80, [@remote, @rand_addr=0x64010102]}, @ssrr={0x89, 0x1f, 0x70, [@remote, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @multicast1, @broadcast, @private=0xa010102]}, @timestamp={0x44, 0x20, 0x25, 0x0, 0x8, [0x2, 0x6, 0x400, 0x60e, 0x6, 0x2, 0x9]}, @cipso={0x86, 0x12, 0x3, [{0x7, 0xc, "59b4ff6d19e60696bb0e"}]}, @noop, @timestamp_addr={0x44, 0x44, 0x43, 0x1, 0x6, [{@rand_addr=0x64010101, 0xc}, {@broadcast, 0x1}, {@dev={0xac, 0x14, 0x14, 0x1d}, 0x1}, {@private=0xa010100, 0xb29}, {@broadcast, 0x6}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@remote, 0x5}, {@multicast2, 0xf1cb}]}]}}}}})
r3 = socket(0x28, 0x5, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x2, 0x300)
r5 = socket(0x200000000000011, 0x2, 0x1)
bind$packet(r5, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xd50, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040), 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="13022cbd7000fbdbdf25010000000000000009410000004c00180000008662726f6164636173742d6c696e6b"], 0x68}}, 0x4000080)
listen(r3, 0x0)
r9 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r9, 0x0, 0x0)
sendmmsg(r9, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x200440d4)
r10 = accept4$unix(r3, 0x0, 0x0, 0x0)
recvfrom$unix(r10, &(0x7f0000001680)=""/256, 0x100, 0x1120, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x10000, 0x0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)
getsockopt$inet6_int(r0, 0x29, 0x31, 0x0, &(0x7f00000004c0))
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@getspdinfo={0x14, 0x25, 0x1411, 0x70bd25, 0x25dfdbff, 0x101, [""]}, 0x14}}, 0x0)
executing program 3:
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1}, './file1\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x223}}, './file1\x00'})
executing program 5:
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_dev$mouse(&(0x7f0000000340), 0x0, 0x8042)
read$FUSE(r1, 0x0, 0x0)
executing program 8:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
executing program 3:
readv(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x20000020)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
executing program 8:
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getresuid(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000300)=ANY=[], 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
syz_io_uring_setup(0x61be, &(0x7f00000003c0)={0x0, 0x408b, 0x3180, 0xf7fffffd, 0x39a}, 0x0, &(0x7f0000000080))
syz_io_uring_submit(0x0, 0x0, 0x0)
shutdown(r1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r3, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xf}, 0x1}, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x1, 0x88100)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f0000000240)={{0x8, 0x3, 0x29e4, 0x1ff, 'syz1\x00', 0x4}, 0x5, 0x20, 0x25, 0x0, 0x0, 0x95a, 'syz1\x00', 0x0})
write$dsp(r0, 0x0, 0x0)
executing program 7:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_TSC_KHZ_cpu(0xffffffffffffffff, 0xaea3)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2, 0x3e5, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
timer_create(0x5, 0x0, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f0000001b80)=[{&(0x7f0000003c80)}, {0x0}, {&(0x7f0000001c80)}, {0x0}, {&(0x7f0000001900)="3d4da85e8811193ea0e3db71eccf1cd54654a2cea2d0a76faa3bf885a4f53de3967523fb4bba9a5577e79d1eec4414764ce4375955ffa69d71524296b31e5dc9d48ceea19f0e9d2c69335a8d82199af9451724ac25cbcb5572080d7aec3b66a3ead5dde98a6946e65da2aff38604976dd2f39f395a3512b3", 0x78}, {0x0}, {&(0x7f0000000580)="d1671ecbf3af8941d012d1ad40", 0xd}, {&(0x7f0000001a80)="ef706e821875bd93c637ae90197db1bbd9d19f9c61f700a178c0454a0f50f38e63c96f3caf8f1b", 0x27}, {0x0}], 0x9, 0x8)
executing program 8:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)
executing program 5:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x9, 0x0)
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000600))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000004c0)=0x1)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
single: successfully extracted reproducer
found reproducer with 24 syscalls
minimizing guilty program
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-openat$adsp1-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-userfaultfd-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
userfaultfd(0x80001)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(0xffffffffffffffff, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-writev-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-msgrcv-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prctl$PR_SCHED_CORE-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-openat$binderfs-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-ioctl$sock_SIOCGIFINDEX-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32=r1, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: general protection fault in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil})
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, 0x0, 0x0)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0), 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, 0x0, 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program did not crash
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="280000001c0001042bbd7000ffdbdb2507000000", @ANYRES32, @ANYBLOB="4000e4090a000200aa90aaaaaa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
extracting C reproducer
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
simplifying C reproducer
testing compiled C program (duration=1m56.46205068s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program did not crash
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program did not crash
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program did not crash
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program did not crash
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing compiled C program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
validation run: crashed=true
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
validation run: crashed=true
testing program (duration=1m56.46205068s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$binderfs-syz_init_net_socket$bt_l2cap-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-ioctl$KVM_SET_USER_MEMORY_REGION-openat$adsp1-ioctl$SNDCTL_DSP_SETFRAGMENT-ioctl$SNDCTL_DSP_CHANNELS-openat$dsp1-read$dsp-write$dsp-pselect6-openat$sysfs-socket$vsock_stream-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x40000000000000, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006, 0x81}, 0x0, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x482480, 0x138)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4040044)

program crashed: KASAN: slab-use-after-free Read in snd_pcm_stop
validation run: crashed=true
reproducing took 2h29m18.176856355s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
Read of size 1 at addr ffff88803c59a200 by task syz.0.88/6375

CPU: 1 UID: 0 PID: 6375 Comm: syz.0.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xba/0x230 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:574
 kasan_check_byte include/linux/kasan.h:402 [inline]
 lock_acquire+0x84/0x330 kernel/locking/lockdep.c:5842
 rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
 spin_lock include/linux/spinlock_rt.h:44 [inline]
 __wake_up_common_lock+0x2f/0x1e0 kernel/sched/wait.c:124
 snd_pcm_post_stop sound/core/pcm_native.c:1551 [inline]
 snd_pcm_action_single sound/core/pcm_native.c:-1 [inline]
 snd_pcm_action sound/core/pcm_native.c:1398 [inline]
 snd_pcm_stop+0x428/0x550 sound/core/pcm_native.c:1571
 loopback_check_format sound/drivers/aloop.c:363 [inline]
 loopback_trigger+0xb82/0x1b60 sound/drivers/aloop.c:411
 snd_pcm_do_start sound/core/pcm_native.c:1459 [inline]
 snd_pcm_action_single sound/core/pcm_native.c:1315 [inline]
 snd_pcm_action sound/core/pcm_native.c:1398 [inline]
 snd_pcm_start+0x43d/0x5d0 sound/core/pcm_native.c:1506
 __snd_pcm_lib_xfer+0x175a/0x1d10 sound/core/pcm_lib.c:2405
 snd_pcm_oss_write3+0x1bc/0x350 sound/core/oss/pcm_oss.c:1243
 snd_pcm_plug_write_transfer+0x2d1/0x4d0 sound/core/oss/pcm_plugin.c:630
 snd_pcm_oss_write2+0x283/0x440 sound/core/oss/pcm_oss.c:1375
 snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1441 [inline]
 snd_pcm_oss_write+0x6d1/0xbe0 sound/core/oss/pcm_oss.c:2796
 vfs_write+0x2a3/0xba0 fs/read_write.c:684
 ksys_write+0x156/0x270 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3b93ffaeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3b9363d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f3b94276090 RCX: 00007f3b93ffaeb9
RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008
RBP: 00007f3b94068c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3b94276128 R14: 00007f3b94276090 R15: 00007ffd3534b678
 </TASK>

Allocated by task 6371:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __kmalloc_cache_noprof+0x1f2/0x6b0 mm/slub.c:5780
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 snd_pcm_attach_substream+0x5b7/0xb20 sound/core/pcm.c:938
 snd_pcm_open_substream+0xbd/0x2420 sound/core/pcm_native.c:2761
 snd_pcm_oss_open_file sound/core/oss/pcm_oss.c:2439 [inline]
 snd_pcm_oss_open+0xfc2/0x1c50 sound/core/oss/pcm_oss.c:2520
 chrdev_open+0x4d0/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x7d0/0x1270 fs/open.c:962
 vfs_open+0x3b/0x350 fs/open.c:1094
 do_open fs/namei.c:4637 [inline]
 path_openat+0x34c9/0x3e70 fs/namei.c:4796
 do_filp_open+0x22d/0x490 fs/namei.c:4823
 do_sys_openat2+0x12f/0x220 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1447
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 6371:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6674 [inline]
 kfree+0x1bb/0x8f0 mm/slub.c:6882
 snd_pcm_detach_substream+0x1e1/0x290 sound/core/pcm.c:1003
 snd_pcm_oss_release_file sound/core/oss/pcm_oss.c:2398 [inline]
 snd_pcm_oss_release+0x184/0x250 sound/core/oss/pcm_oss.c:2577
 __fput+0x45e/0xa80 fs/file_table.c:468
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 get_signal+0x11c3/0x1310 kernel/signal.c:2807
 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88803c59a000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 512 bytes inside of
 freed 2048-byte region [ffff88803c59a000, ffff88803c59a800)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3c598
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff88813fe27000 0000000000000000 0000000000000001
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000040 ffff88813fe27000 0000000000000000 0000000000000001
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000003 ffffea0000f16601 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5877, tgid 5877 (syz-executor), ts 111431951832, free_ts 111238160378
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x228/0x280 mm/page_alloc.c:1884
 prep_new_page mm/page_alloc.c:1892 [inline]
 get_page_from_freelist+0x28bb/0x2950 mm/page_alloc.c:3945
 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5240
 alloc_pages_mpol+0xd1/0x380 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab+0x86/0x3a0 mm/slub.c:3248
 new_slab mm/slub.c:3302 [inline]
 ___slab_alloc+0xaf8/0x13d0 mm/slub.c:4656
 __slab_alloc+0xc5/0x1f0 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 __kmalloc_cache_noprof+0x100/0x6b0 mm/slub.c:5775
 kmalloc_noprof include/linux/slab.h:957 [inline]
 rtnl_newlink+0x136/0x1be0 net/core/rtnetlink.c:3972
 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x831/0x9f0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x72a/0x7d0 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2209
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
page last free pid 1102 tgid 1102 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0xfd0/0x1160 mm/page_alloc.c:2973
 __slab_free+0x2e6/0x330 mm/slub.c:6008
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_node_noprof+0x22f/0x6d0 mm/slub.c:5315
 __alloc_skb+0x1d7/0x390 net/core/skbuff.c:679
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nlmsg_new include/net/netlink.h:1055 [inline]
 inet_netconf_notify_devconf+0x173/0x240 net/ipv4/devinet.c:2209
 __devinet_sysctl_unregister net/ipv4/devinet.c:2704 [inline]
 devinet_sysctl_unregister net/ipv4/devinet.c:2728 [inline]
 inetdev_destroy net/ipv4/devinet.c:334 [inline]
 inetdev_event+0x79e/0x1610 net/ipv4/devinet.c:1655
 notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
 call_netdevice_notifiers net/core/dev.c:2295 [inline]
 unregister_netdevice_many_notify+0x186a/0x2360 net/core/dev.c:12396
 ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]
 ops_undo_list+0x3d3/0x940 net/core/net_namespace.c:248
 cleanup_net+0x4e5/0x7b0 net/core/net_namespace.c:696
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
 kthread+0x726/0x8b0 kernel/kthread.c:463

Memory state around the buggy address:
 ffff88803c59a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88803c59a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88803c59a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88803c59a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88803c59a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
Read of size 1 at addr ffff88803c59a200 by task syz.0.88/6375

CPU: 1 UID: 0 PID: 6375 Comm: syz.0.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xba/0x230 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:574
 kasan_check_byte include/linux/kasan.h:402 [inline]
 lock_acquire+0x84/0x330 kernel/locking/lockdep.c:5842
 rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
 spin_lock include/linux/spinlock_rt.h:44 [inline]
 __wake_up_common_lock+0x2f/0x1e0 kernel/sched/wait.c:124
 snd_pcm_post_stop sound/core/pcm_native.c:1551 [inline]
 snd_pcm_action_single sound/core/pcm_native.c:-1 [inline]
 snd_pcm_action sound/core/pcm_native.c:1398 [inline]
 snd_pcm_stop+0x428/0x550 sound/core/pcm_native.c:1571
 loopback_check_format sound/drivers/aloop.c:363 [inline]
 loopback_trigger+0xb82/0x1b60 sound/drivers/aloop.c:411
 snd_pcm_do_start sound/core/pcm_native.c:1459 [inline]
 snd_pcm_action_single sound/core/pcm_native.c:1315 [inline]
 snd_pcm_action sound/core/pcm_native.c:1398 [inline]
 snd_pcm_start+0x43d/0x5d0 sound/core/pcm_native.c:1506
 __snd_pcm_lib_xfer+0x175a/0x1d10 sound/core/pcm_lib.c:2405
 snd_pcm_oss_write3+0x1bc/0x350 sound/core/oss/pcm_oss.c:1243
 snd_pcm_plug_write_transfer+0x2d1/0x4d0 sound/core/oss/pcm_plugin.c:630
 snd_pcm_oss_write2+0x283/0x440 sound/core/oss/pcm_oss.c:1375
 snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1441 [inline]
 snd_pcm_oss_write+0x6d1/0xbe0 sound/core/oss/pcm_oss.c:2796
 vfs_write+0x2a3/0xba0 fs/read_write.c:684
 ksys_write+0x156/0x270 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3b93ffaeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3b9363d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f3b94276090 RCX: 00007f3b93ffaeb9
RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008
RBP: 00007f3b94068c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3b94276128 R14: 00007f3b94276090 R15: 00007ffd3534b678
 </TASK>

Allocated by task 6371:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __kmalloc_cache_noprof+0x1f2/0x6b0 mm/slub.c:5780
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 snd_pcm_attach_substream+0x5b7/0xb20 sound/core/pcm.c:938
 snd_pcm_open_substream+0xbd/0x2420 sound/core/pcm_native.c:2761
 snd_pcm_oss_open_file sound/core/oss/pcm_oss.c:2439 [inline]
 snd_pcm_oss_open+0xfc2/0x1c50 sound/core/oss/pcm_oss.c:2520
 chrdev_open+0x4d0/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x7d0/0x1270 fs/open.c:962
 vfs_open+0x3b/0x350 fs/open.c:1094
 do_open fs/namei.c:4637 [inline]
 path_openat+0x34c9/0x3e70 fs/namei.c:4796
 do_filp_open+0x22d/0x490 fs/namei.c:4823
 do_sys_openat2+0x12f/0x220 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1447
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 6371:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6674 [inline]
 kfree+0x1bb/0x8f0 mm/slub.c:6882
 snd_pcm_detach_substream+0x1e1/0x290 sound/core/pcm.c:1003
 snd_pcm_oss_release_file sound/core/oss/pcm_oss.c:2398 [inline]
 snd_pcm_oss_release+0x184/0x250 sound/core/oss/pcm_oss.c:2577
 __fput+0x45e/0xa80 fs/file_table.c:468
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 get_signal+0x11c3/0x1310 kernel/signal.c:2807
 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88803c59a000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 512 bytes inside of
 freed 2048-byte region [ffff88803c59a000, ffff88803c59a800)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3c598
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff88813fe27000 0000000000000000 0000000000000001
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000040 ffff88813fe27000 0000000000000000 0000000000000001
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000003 ffffea0000f16601 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5877, tgid 5877 (syz-executor), ts 111431951832, free_ts 111238160378
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x228/0x280 mm/page_alloc.c:1884
 prep_new_page mm/page_alloc.c:1892 [inline]
 get_page_from_freelist+0x28bb/0x2950 mm/page_alloc.c:3945
 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5240
 alloc_pages_mpol+0xd1/0x380 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab+0x86/0x3a0 mm/slub.c:3248
 new_slab mm/slub.c:3302 [inline]
 ___slab_alloc+0xaf8/0x13d0 mm/slub.c:4656
 __slab_alloc+0xc5/0x1f0 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 __kmalloc_cache_noprof+0x100/0x6b0 mm/slub.c:5775
 kmalloc_noprof include/linux/slab.h:957 [inline]
 rtnl_newlink+0x136/0x1be0 net/core/rtnetlink.c:3972
 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x831/0x9f0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x72a/0x7d0 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2209
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
page last free pid 1102 tgid 1102 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0xfd0/0x1160 mm/page_alloc.c:2973
 __slab_free+0x2e6/0x330 mm/slub.c:6008
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_node_noprof+0x22f/0x6d0 mm/slub.c:5315
 __alloc_skb+0x1d7/0x390 net/core/skbuff.c:679
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nlmsg_new include/net/netlink.h:1055 [inline]
 inet_netconf_notify_devconf+0x173/0x240 net/ipv4/devinet.c:2209
 __devinet_sysctl_unregister net/ipv4/devinet.c:2704 [inline]
 devinet_sysctl_unregister net/ipv4/devinet.c:2728 [inline]
 inetdev_destroy net/ipv4/devinet.c:334 [inline]
 inetdev_event+0x79e/0x1610 net/ipv4/devinet.c:1655
 notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
 call_netdevice_notifiers net/core/dev.c:2295 [inline]
 unregister_netdevice_many_notify+0x186a/0x2360 net/core/dev.c:12396
 ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]
 ops_undo_list+0x3d3/0x940 net/core/net_namespace.c:248
 cleanup_net+0x4e5/0x7b0 net/core/net_namespace.c:696
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
 kthread+0x726/0x8b0 kernel/kthread.c:463

Memory state around the buggy address:
 ffff88803c59a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88803c59a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88803c59a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88803c59a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88803c59a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================