DF-0232
SIOCSPGRP invokes fsetown(-INT_MIN) -> signed-overflow UB on attacker-controlled value
Summary
SIOCSPGRP(:164) fsetown(-(*(int*)data),...). User-controlled value INT_MIN -> -INT_MIN is signed overflow UB. gcc x86_64: benign (ESRCH). Compiler entitled to assume !=INT_MIN. Same antipattern in sys_pipe.c/bpf.c/tap/tun/log. Unpriv via socket fd.