Extracting prog: 27m19.658128153s
Minimizing prog: 55m57.430145153s
Simplifying prog options: 0s
Extracting C: 2m59.259982176s
Simplifying C: 10m43.399618738s


extracting reproducer from 70 programs
testing a last program of every proc
single: executing 20 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_connect$cdc_ecm-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$uac1-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0)
syz_usb_connect_ath9k(0x3, 0xffffffbc, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x57, [{{0x9, 0x2, 0xd6589b66bf929095}}]}}, 0x0) (async)
r1 = syz_usb_connect_ath9k(0x3, 0xffffffbc, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x57, [{{0x9, 0x2, 0xd6589b66bf929095}}]}}, 0x0)
syz_usb_connect(0x0, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003cda2a200a111022"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x59, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x1, 0x1, 0x3, 0x90, 0xb, "", [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0x7, {{0x5}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xb, 0x2, 0x7}, [@network_terminal={0x7, 0x24, 0xa, 0x2, 0x7, 0xfa, 0x7}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0x2}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x4, 0x8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xa4, 0x5, 0xff}}}}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x50, 0x8, 0x3, 0x12, 0xff, 0x9}, 0x23, &(0x7f0000000100)={0x5, 0xf, 0x23, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "d906810905593fea73d6ae251cafe0b2"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x6, 0xfa}]}, 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x140c}}]}) (async)
syz_usb_connect$cdc_ecm(0x0, 0x59, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x1, 0x1, 0x3, 0x90, 0xb, "", [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0x7, {{0x5}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xb, 0x2, 0x7}, [@network_terminal={0x7, 0x24, 0xa, 0x2, 0x7, 0xfa, 0x7}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0x2}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x4, 0x8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xa4, 0x5, 0xff}}}}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x50, 0x8, 0x3, 0x12, 0xff, 0x9}, 0x23, &(0x7f0000000100)={0x5, 0xf, 0x23, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "d906810905593fea73d6ae251cafe0b2"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x6, 0xfa}]}, 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x140c}}]})
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000657"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000e40)={0x84, &(0x7f0000000180)=ANY=[@ANYBLOB="001e1400000009"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000440)={0x29, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x1, 0x40, "2085ce8c4b94a5715f8227fd4236ff070000000000001c9d3f45f2e89c1cffa964866b4b54712851c8825a2f8de125e3470c50febcb7566c61ba4ffbb8c84e5b"}, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$printer-syz_usb_disconnect-syz_open_dev$char_usb-ioctl$EVIOCGMASK-read$char_usb-syz_usb_connect-syz_usb_connect$hid-syz_usb_connect-syz_usb_control_io$hid-syz_open_dev$char_usb-write$char_usb-syz_usb_connect-syz_open_dev$char_usb-read$char_usb-write$char_usb-syz_usb_disconnect-syz_usb_connect-read$char_usb-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io-ioctl$EVIOCRMFF-syz_open_dev$hiddev-ioctl$HIDIOCSREPORT-syz_usb_connect$uac1-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b02, 0x0)
read$char_usb(r1, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[], 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010102000000200f32415040000102"], 0x0)
syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r3, &(0x7f0000000840), 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a8230800090400bc6435fb4d00090503034d00ff", @ANYRES32], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r4, &(0x7f0000000a80)=""/188, 0xba)
write$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000300)=ANY=[], 0x0)
read$char_usb(r1, &(0x7f0000000100)=""/210, 0xd2)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c36919790"], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40045506, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r6, 0x400c4808, &(0x7f00000001c0)={0x2, 0x100, 0xf7})
syz_usb_connect$uac1(0x6, 0xe1, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0xe41, 0x4159, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcf, 0x3, 0x1, 0x4, 0xa0, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xf}, [@selector_unit={0x5, 0x24, 0x5, 0x6, 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x6, 0x7, 0x2, 0x5, 0x2}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x6, 0xfff7, 0x7, "f68bfe"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x2d8, 0x8, 0xb1}, @as_header={0x7, 0x24, 0x1, 0x3, 0x3, 0x4}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x8d3, 0xb, 0x6}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x6, 0x2, 0x2, 0x9c, "41fbfc"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x3, 0xc, 0xd, {0x7, 0x25, 0x1, 0xc, 0x7, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x401}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x0, 0x6, 0xd, "7e9637c0d429c3bf7f"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x6, 0x4, 0x4f, 0x81, 0x6}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x6, 0x1, 0x3, 0x5a, "1c", "355991"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x6, 0x7, 0xff, {0x7, 0x25, 0x1, 0x4, 0xfd, 0x83f9}}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x201, 0x1, 0x80, 0xff, 0x10, 0x10}, 0xfc, &(0x7f0000000200)={0x5, 0xf, 0xfc, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "17b95a3da76f0b839e77c042163d4050"}, @ext_cap={0x7, 0x10, 0x2, 0xe, 0x6, 0x9, 0x200}, @ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0xc2, 0x10, 0x3, "896b710ce8c72862ae97a2eb471ee1c1d1c953bde04beb16d159530e353282c390c2e5ce6c562057a64fb4db9876a9ca1d2cd585b918c9aa1d1d150cd924dc64cba2cdc58a9884a6d1c05c5a7c567c2497549d0ca9d947e973da4ce8a9de7e021bcbde69802f8f6103c274a1bc61e9a18a364cd33f5a7bf1b96684f94d5d9b4a273ff0e2e217a8f9958c68ee108f768ab5ba17f95b403db2367627b83856f434362c0d5a99bf19a97af830d8463b6582d067b86f31da8ac6c96e24cb078360"}, @ssp_cap={0x14, 0x10, 0xa, 0x6, 0x2, 0x4ec, 0xf0f, 0x9, [0x3ff0, 0x3f30]}]}, 0x3, [{0x85, &(0x7f0000000300)=@string={0x85, 0x3, "fefd3d873bb5eb191425cd847d86fcf797ec650cd69bbf2d4c1433fbd59c093a800bd310e44bde6689570965392cc41cf26b8ff71eb76e428303aec7791386e8516e7c76831d9372c6a18e180c8403e544f60625623c786ea9b1f8eb638f388b3f9a500f9d32e695243dc903af436738d1ee2c5b39fa05877e621b3dc9aff48071f9f3"}}, {0x32, &(0x7f00000003c0)=@string={0x32, 0x3, "263615baeb777d81953dcc782403ccf3d30afb68b3a162bb56bbf39be5af519c8a22c92ae8bd417fc71ac6f4bb096243"}}, {0x3a, &(0x7f0000000400)=@string={0x3a, 0x3, "dd7abd273360a447054c8e4a22292b8943acf7180654c3c08c91a0dbce4a8b3f0005c5bc30abbcfd5661935ce515d9519047192dc8c02a5c"}}]})
syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120100001ca37b10720c1300bebaaf0203010902120001000000000904"], 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_connect$lan78xx-syz_usb_control_io$lan78xx-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_connect-syz_usb_connect-syz_usb_control_io$printer-syz_usb_control_io$hid-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_control_io$lan78xx-syz_usb_connect$cdc_ncm-syz_usb_connect$hid-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_usb_ep_write$ath9k_ep1-syz_usb_disconnect-syz_usb_ep_write$ath9k_ep1-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000001300)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x9}}, {[{{0x9, 0x5, 0x81, 0x3, 0x460, 0x81, 0x1, 0x4}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0xfe}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x81}}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r1, &(0x7f0000000ac0)={0x14, &(0x7f0000000980)={0x20, 0x22, 0xda, {0xda, 0xb, "0470ab899d7c31c6d722a8464286feae5a97afa1195db392a8efe64afe0a404a7283514de29c4e4cbdf616d421ecf3e656bc839e7f4bef4dafbeee7f93eb432637afd8812b8e9038be74820810e6529c3cd96d769372130a46a18ee36784881d340ec43ab545769c74299850130b879d76b6fb79ec07509875870d1cedcccff1024102784a1117a5ba3695db72e6031619bdb9dc83fb2a29190884905cf687c64b5eebd1c0eb923ae76bb9e117632560ac42ccc216f87e8fb24a9b3a23947f8bf048dd7ed26b1fa2bf4b74abebc825c452489a14e9f36d49"}}, &(0x7f0000000a80)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x402}}}, &(0x7f0000000cc0)={0x34, &(0x7f0000000b00)={0x40, 0x3, 0x4, "a9412f58"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0xb}, &(0x7f0000000b80)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000bc0)={0xc0, 0xa1, 0x4, 0x6}, &(0x7f0000000c00)={0x40, 0xa0, 0x4, 0x7fff}, &(0x7f0000000c80)={0xc0, 0xa2, 0x2f, "d8d569c48a7b30b05c8e3723a114c177424312b6a678ed03a8018aa2a658f909ab2473579bdad81345370540897909"}})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000c40)={{0x12, 0x1, 0x310, 0x6e, 0x8b, 0x74, 0x20, 0x12d1, 0x5328, 0xbc39, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xc, 0x2, 0xc0, 0x6, "", [{{0x9, 0x4, 0x63, 0x89, 0x0, 0xff, 0x3, 0x64, 0x5}}]}}]}}, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, 0x1555555555555483, [{0x0, &(0x7f00000002c0)=@string={0x0, 0x3, "f546def20fffa01715daebad83f344456585c342b85190e21c"}}, {0x0, &(0x7f0000001380)=@lang_id={0x0, 0x3, 0x200a}}]})
r2 = syz_usb_connect$cdc_ecm(0x1, 0xf4, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe2, 0x1, 0x1, 0x53, 0x80, 0xe, "", [{{0x9, 0x4, 0x0, 0x58, 0x2, 0x2, 0x6, 0x0, 0x4, {{0x9, 0x24, 0x6, 0x0, 0x0, "de319b48"}, {0x5, 0x24, 0x0, 0x83e5}, {0xd, 0x24, 0xf, 0x1, 0xc07, 0xcce, 0x4, 0x3}, [@mbim={0xc, 0x24, 0x1b, 0x5, 0x56c, 0xc2, 0xff, 0x2, 0xd}, @acm={0x4}, @mdlm_detail={0x86, 0x24, 0x13, 0x0, "b05b4d8f60dfa8d0c0142d7647949dfa0bb27722a2a678a88b23263755411a9da65b13cf2f71576c6eff0d59b140e7c95c9d22517be619fd3d703e367133463113c7c8ade297da78e89b0f31c2d71418ec2d3ecbfd56b2dcc53cfda3e2bf9d03323de55af115530f1a078799ff3c3e3e3414b76df7db0fd12e653776ffb0cda721d6"}, @acm={0x4, 0x24, 0x2, 0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x4, 0x8c}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x1, 0xf9, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x9, 0x7, 0xce}}}}}]}}]}}, &(0x7f0000000900)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x341, 0x29, 0xeb, 0x6, 0x10, 0x40}, 0xc5, &(0x7f0000000540)={0x5, 0xf, 0xc5, 0x6, [@generic={0x96, 0x10, 0x4, "6b876916471fbe8bac5a705cb14113b6298a01935f2dcc7130f5e250576c969266d8f0400ee4cb9ea5eae7d2c0234798db025b7100ed06137ade317b7f0d729c3f6f7f32920b2ab78f410fc097f4306e7b9ffa66a708957ea3e11ae59131078bcaf3ed4cab43779ee150d546f8a32f98334b2d0a99685e953ab0bbeeaab575ebfd57de9a7057d0eb3d1471562271f37118b6e2"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4, 0x4, 0x1, 0x3, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x4, 0x2, 0x5}, @wireless={0xb, 0x10, 0x1, 0x2, 0xd, 0x80, 0x9, 0x890, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x3, 0x1, 0x1}, @ptm_cap={0x3}]}, 0x4, [{0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x441}}, {0xbf, &(0x7f0000001480)=@string={0xbf, 0x3, "fcf39f9853a3a20008a33c96623bd3a464215b3a96735986023b933be8e3d30c7a3e44834d5935bab74cba1b67c4bdb9980c031c65ad15388754913e613d0bdab7a94965c819c769d28468e2660967915f1e61310b77d28b33d645c4a6aed56bf6869d959ce894c74d1b5f6e9753d754e6451eba68ae13bf2ce583e72871de2c42b22ead02dbd31dc559aa14e161569851d9192a74e9bc3b15749eebb1ade701f8e5c96bfcae04119288465597c58b68f411b123e37a8bb6ffbfb8f40e"}}, {0xc3, &(0x7f0000000740)=@string={0xc3, 0x3, "deab8a41f4fc1604d57824118b91826343abc75561cf74581fecf9d08e18ce049511e42a9a8b670fe29a4eb43f4f1abbfbd303dc77b5be5e2fb56a12be04db9e4c6edf1641a6c7116352df0d0f77fa42f4908c5125cf4b8776f90c786cb7b30fda7a3ecf922b3fb0049aa66f4dea5499fccf2fa7ca926bf85f7044f2c65019c5d9744c5a8f6590f4ea23a43a2d4ce99b74e70bb301992af6cb01bd6864d8924c2574abeaa94d0a4149e203162d08fd02b15525ddf7555e424cceea364d3efbeeda"}}, {0xbc, &(0x7f0000000840)=@string={0xbc, 0x3, "505dec0eb11b5f2bd7862acd8e52b01a16698943472d8f6132b937ae6424a5aae5cae98ae9098b817250b6b4a811205b34037cb76e4da89d49c91f6e214f9755315e4e2a96fd569de45e85c2a299352041f36f371eefbb43d4a15b074505ed03ab2665f7d3349df6a87a076714ab27543ca693648e9f8f7fabd2a34bbfa8eb1108f784e9c8a251f139b89b1fb846b5be407f5a7d27b918d6dfe9b8368e786825b27f26d23132a6a756b74199b7bc320407581e95e2d6cc9b89bd"}}]})
syz_usb_connect(0x3, 0x36, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x17d, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000fa5c531046084010c9d00102030109026b0101000000000904620202436f1f0009050802100000fa00cd08dfa9a5fd67f84bd21113acd7fc0e3b35824deb14c9ec5d483d62169d56171de8bc4bc98d302e503f95cf970fcea2490ec47e33f438ea21d7203978d5e2904b6966f7096cf08bba8ddb7691bcbc9ce2c5760af21822ed33fc12b88222be6b3b70d8595ba08893f644fa53c1c55ad648952a80f17ece8bff775682c9a5167111725b5484fd0ab5d334dcfbe28eb0e02bd0fa90c776e4997388fc9442fd3e8657ac92601fd61a184cf49d513b7bf7cdcebe6423101690e5269a5b2be351ef182d84744d9664f21b1c4bd8c72c0905820240"], 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000d40)={0x2c, &(0x7f0000001400)={0x0, 0x22, 0x76, {0x76, 0x28, "1aca0e92a766c77285ba650b2f949238b0c2625d4958849d7dbd04e1d2e72d5f2227c4f792fba0011f7ae09ada4e90cc64022f4f7d27d6bac7549c31f396ac26cd62d4fa21303ca8e591278f153674f1bc583b6978d1b7524eb0cb17d65ea08f491feb82909185501767da05be96cd83bf314d17"}}, &(0x7f0000000380)={0x0, 0x3, 0x21, @string={0x21, 0x3, "952ada8578f3f304e4ca3e5340b6f4efb253dcd1eba68541a74d810cd9a1d1"}}, &(0x7f00000003c0)={0x0, 0xf, 0x31, {0x5, 0xf, 0x31, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x5, 0x5c, 0x400, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "81d62f7db68692cc4c509e771a6e2081"}, @generic={0xd, 0x10, 0x1, "6eaf4a344ee95a38c8e1"}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x1, 0x8, 0x4, "5da24968", "a42f2f2d"}}, &(0x7f0000000d00)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x3, 0x2, 0x0, 0xb, 0xef6, 0x2}}}, &(0x7f0000001240)={0x84, &(0x7f0000000d80)={0x40, 0xb, 0xee, "10b4891274220b6dc6f096d12e4bb0f27dfe3c16564eb298c268a36e2e515cf30cb995b345b8cce4c4cbeea4ea852f6c45af1a609ab9d238e84ce522db458f9688f7b929d66323ee777b75914670c782e58cf558120d09651cdcc67b6c3d15fc6ff98ad59166d5b66af58ea583083cd2779b155d322eb081979c1659a3ffc4de03153acc2a752d6ac194e1e842b628c702b5bddf27774da3f597815f5502e9d6295217c0fc8a3f403273c9589421fce86d3c205505cfc65d6b1a6eaaa87b1796727ae5ee0c2ffa7ddcb37034a75f76d78024b12d0f7d81a62945215882e0aea03d66e2255457a886ea6bcb4fd79c"}, &(0x7f0000000e80)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000000ec0)={0x0, 0x8, 0xfffffffffffffe9f, 0x5}, &(0x7f0000000f00)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000f40)={0x20, 0x0, 0x8, {0x200, 0x20, [0xf00f]}}, &(0x7f0000000f80)={0x40, 0x7, 0x2, 0xfff}, &(0x7f0000000fc0)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000001000)={0x40, 0xb, 0x2, "e139"}, &(0x7f0000001040)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000001080)={0x40, 0x13, 0x6, @link_local}, &(0x7f00000010c0)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000001100)={0x40, 0x19, 0x2, "97ba"}, &(0x7f0000001140)={0x40, 0x1a, 0x2, 0x7f}, &(0x7f0000001180)={0x40, 0x1c, 0x1, 0x81}, &(0x7f00000011c0)={0x40, 0x1e, 0x1, 0xc}, &(0x7f0000001200)={0x40, 0x21, 0x1, 0x7}})
syz_usb_control_io$lan78xx(r3, 0x0, &(0x7f0000000340)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="401745"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ncm(0x9ad50f4e18f5cbf6, 0x0, 0x0, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
r5 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$cdc_ecm(r5, &(0x7f0000000340)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000380)={0x20, 0x17, 0x22, "c96a6401cba6760d815fc0bc7719039576f54c397a725b0bad1019a058c108d3bfaf"}, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0xc38, 0x0)
syz_usb_disconnect(r4)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x34, &(0x7f0000000440)={[{}, {0x5, 0x4e00, "47b073a7ee"}, {0x1e, 0x4e00, "05b8375ccfe610ca8ffcb204f98d2c817cf4dab418d2510f9521d73fcef2"}]})
r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5013, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x21, 0x3, 0x1, 0x1, 0x4, {0x9, 0x21, 0x4, 0x77, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0x8, 0x64}}}}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000004600)={0x24, 0x0, 0x0, &(0x7f0000004580), 0x0}, 0x0)
syz_usb_control_io(r6, &(0x7f00000008c0)={0x2c, &(0x7f00000001c0)={0x0, 0x9, 0x2, {0x2, 0xd}}, &(0x7f0000000600)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$printer-syz_usb_disconnect-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_connect$printer-syz_open_dev$char_usb-syz_usb_disconnect-ioctl$EVIOCGMASK-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x8c6, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a24010100800201020824050503"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2f, &(0x7f0000000100)=ANY=[@ANYBLOB="2f03bac6c75bef54b57901ce9c63dae3933f2b25"]}]})
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0xa2, 0xb9, 0x5b, 0x40, 0x7392, 0xb722, 0x782, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x7, 0x0, 0x4, "", [{{0x9, 0x4, 0xae, 0x1, 0x0, 0xff, 0xff, 0xff, 0x3}}]}}]}}, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b0001000010000904"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x28, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3b, 0x90, 0xab, "", [{{0x9, 0x4, 0x0, 0xfc, 0x2, 0x7, 0x1, 0x3, 0x7, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x4, 0xd, 0x6}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x6, 0xfb, 0x4}}]}}}]}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r2)
ioctl$EVIOCGMASK(r3, 0x60b, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xf, 0x82, 0xbc, 0x40, 0xaf7, 0x101, 0xccda, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1}}]}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_open_dev$char_usb-ioctl$EVIOCGMASK-syz_usb_control_io-syz_usb_control_io$sierra_net-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r4, 0x5b02, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000bc0)=ANY=[@ANYBLOB="001607000000e8c10ac0fbaed2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$sierra_net(r2, &(0x7f0000000480)={0x14, &(0x7f0000000340)={0x20, 0xc, 0x65, {0x65, 0x1, "0d0b8a29828b762223795c62f7ad37aa66198ca82ea273748ef0140f325b1b67e2a71d8086a227c97da27b2725ec71235794469f97e659603bd78e2ba474ff5dc28db7ca3b46e10c138ebf143bc274a742461248a4449115cb40587da040dea36100be"}}, &(0x7f00000003c0)={0x0, 0x3, 0x95, @string={0x95, 0x3, "96ebc894a30ba8a01291a1e60df28c9796a910404e5879f2388fda682e002549a490292dc22593cee85f6879e284c3f6c8ac09cdee33156ef1271259dfa9cb54cc5357f9da995a14a50e137abda4dce3552ae33e9ef3678f9af81636bc202d8eb53caa269eaa6a3287baeac4ca2151f8e22de97b6b68e0864b5ae818f5ff42a013304a3b6bfcb6bac3f684c0dee7d7cbde20c6"}}}, &(0x7f0000001600)={0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="00158100000011969c35f3e98f0efa3d59d7a45614834d4a1ead2519bbdb9726759b6d5d32f4fce939b667fb27c5912aa64107d484c9ec27c3f7430c0a061bafb257a783e12d53c4f78d380dcac46598a4d562d76c6e815076284d3a680bc69425dce02f7a173950af3568a3a0647b03162df93b336b6051fe563f68662152a29bfbe9d487d47624b0d9367777fa"], &(0x7f0000001180)={0xa1, 0x1, 0x400, "0586f5f948797cd1c4358425ae155ce12a24a0008982c13a3c69f3a474fd81869cf17f656bc11e3e47a22208fc8f10c332c3892ed98e1c1f4ca367a04b9528041850d6d546d335fd61798fd18013491daee81d26ae3e3c084792feb9feee411ab88d727badfaa87bc9fca2037cf8542a326bed20c9351dbdb064e35eab79a1c18dd3daad1303cffc39dd32a22f513552bccfe4edb47352b51cf1e9df1fc54e784b4ddbabd3a5fe1b1b2f43c07b9f668f2d39ad531a205c577787da6ee7019143fa92e9b4fce74ab75e2c2a60f80094c2c9aed8d0efc22761d9f98fe8deb26ed3138b9594a3e17e51a8dc3191788a367148611ddb88e0d8a07d08a252555d9c636bfeea0c3a7e6e4de5472c85a98f1555f2624983b012b4c2b2d14913e5c3511f56d267e612d12705cc523433fdf29ec164405280240e8d9dd1c5380ed090321c6bd2d61acfc09c0face33a11b18ce3807e0a8865b0ae023523aa1e1ffbaed66eb17cd17c8e2820c0cb3e5baac2ccdd7530267f998d07d952461ec8f65a75d3ed854711fc3343f3c19993b90d42e91794281c6dd3c34ac0ef29c7936f4c56f0dfbcee579fd8783d730714d317c99a30b758d2993694ec9afd5ebc42730ab60b6345e7fda4d7dbfe432f4366fb34f7bc2ce56d417de359e80cc1143dc0fd2df47e51d8a81529c7667e765c460c078cd7888eee23bb093f4fdb849dd91bca2ff231980e724881cae8ac2446f5ca164da0a96e721999bf9226f12e129af17d37c72420b7c8e22886758c2f205399890a9f324ed0eaa036c1068fa86cb7b037142097fd98abb2d12264ccc2819f6e85478a0dafe3c6b5f1364b84005aff9e82927fe8077304d1de2c80c66ba8d0cc35578f0193527c5bff50625d2abee3cfa744527a66b08ceb5bac4520f46926c4866a3805b10e75ea8b50633f65013405a36aee30e5fff2b4a6f8482169b998148396739ec8da1406dd1480850505ced1060ab5e945ca4d46303c6863f900c0be6c5fe13ecf3207c6daf598aea712a21174d5b94900c01a5580b25621eaf4b66d123280b04d36c65d887b7d826f603c66d2560423d56a99f760085a6b0bc75d54bb31be1f6a46618d68de225f34ffb4ddcba7919a3c572615800a4a851d587393f211f991d2f987b8a44fe84e85be09314cf8ddb3bde4648d82b513af6bdafe2f3b6d8569f81a743493a9c3e2d565d3f5cc22abf60c99ef0134608330cc2ce0a92d97e8724b51f7b4e393ee3298b4bbb5908677e5d3fa388e2c26552eb05ef2e0c24506b7bab830b1fae84917e62d77f655b987a4d8882944aa275f0f23a012e59186eb6c3a6e64a263a92e6bcb87d894c25904241b9a56a32efed54cc360af909ee37fe510c564da4e0a8eae81c2f71b343f4c6685e02e3b0acdb732426020e4fb8c6ae2666e93dea041a27fe97e6403c302123d"}, &(0x7f00000015c0)={0x21, 0x0, 0x1, "d5"}})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
single: successfully extracted reproducer
found reproducer with 23 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_open_dev$char_usb-ioctl$EVIOCGMASK-syz_usb_control_io-syz_usb_control_io$sierra_net
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r4, 0x5b02, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000bc0)=ANY=[@ANYBLOB="001607000000e8c10ac0fbaed2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$sierra_net(r2, &(0x7f0000000480)={0x14, &(0x7f0000000340)={0x20, 0xc, 0x65, {0x65, 0x1, "0d0b8a29828b762223795c62f7ad37aa66198ca82ea273748ef0140f325b1b67e2a71d8086a227c97da27b2725ec71235794469f97e659603bd78e2ba474ff5dc28db7ca3b46e10c138ebf143bc274a742461248a4449115cb40587da040dea36100be"}}, &(0x7f00000003c0)={0x0, 0x3, 0x95, @string={0x95, 0x3, "96ebc894a30ba8a01291a1e60df28c9796a910404e5879f2388fda682e002549a490292dc22593cee85f6879e284c3f6c8ac09cdee33156ef1271259dfa9cb54cc5357f9da995a14a50e137abda4dce3552ae33e9ef3678f9af81636bc202d8eb53caa269eaa6a3287baeac4ca2151f8e22de97b6b68e0864b5ae818f5ff42a013304a3b6bfcb6bac3f684c0dee7d7cbde20c6"}}}, &(0x7f0000001600)={0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="00158100000011969c35f3e98f0efa3d59d7a45614834d4a1ead2519bbdb9726759b6d5d32f4fce939b667fb27c5912aa64107d484c9ec27c3f7430c0a061bafb257a783e12d53c4f78d380dcac46598a4d562d76c6e815076284d3a680bc69425dce02f7a173950af3568a3a0647b03162df93b336b6051fe563f68662152a29bfbe9d487d47624b0d9367777fa"], &(0x7f0000001180)={0xa1, 0x1, 0x400, "0586f5f948797cd1c4358425ae155ce12a24a0008982c13a3c69f3a474fd81869cf17f656bc11e3e47a22208fc8f10c332c3892ed98e1c1f4ca367a04b9528041850d6d546d335fd61798fd18013491daee81d26ae3e3c084792feb9feee411ab88d727badfaa87bc9fca2037cf8542a326bed20c9351dbdb064e35eab79a1c18dd3daad1303cffc39dd32a22f513552bccfe4edb47352b51cf1e9df1fc54e784b4ddbabd3a5fe1b1b2f43c07b9f668f2d39ad531a205c577787da6ee7019143fa92e9b4fce74ab75e2c2a60f80094c2c9aed8d0efc22761d9f98fe8deb26ed3138b9594a3e17e51a8dc3191788a367148611ddb88e0d8a07d08a252555d9c636bfeea0c3a7e6e4de5472c85a98f1555f2624983b012b4c2b2d14913e5c3511f56d267e612d12705cc523433fdf29ec164405280240e8d9dd1c5380ed090321c6bd2d61acfc09c0face33a11b18ce3807e0a8865b0ae023523aa1e1ffbaed66eb17cd17c8e2820c0cb3e5baac2ccdd7530267f998d07d952461ec8f65a75d3ed854711fc3343f3c19993b90d42e91794281c6dd3c34ac0ef29c7936f4c56f0dfbcee579fd8783d730714d317c99a30b758d2993694ec9afd5ebc42730ab60b6345e7fda4d7dbfe432f4366fb34f7bc2ce56d417de359e80cc1143dc0fd2df47e51d8a81529c7667e765c460c078cd7888eee23bb093f4fdb849dd91bca2ff231980e724881cae8ac2446f5ca164da0a96e721999bf9226f12e129af17d37c72420b7c8e22886758c2f205399890a9f324ed0eaa036c1068fa86cb7b037142097fd98abb2d12264ccc2819f6e85478a0dafe3c6b5f1364b84005aff9e82927fe8077304d1de2c80c66ba8d0cc35578f0193527c5bff50625d2abee3cfa744527a66b08ceb5bac4520f46926c4866a3805b10e75ea8b50633f65013405a36aee30e5fff2b4a6f8482169b998148396739ec8da1406dd1480850505ced1060ab5e945ca4d46303c6863f900c0be6c5fe13ecf3207c6daf598aea712a21174d5b94900c01a5580b25621eaf4b66d123280b04d36c65d887b7d826f603c66d2560423d56a99f760085a6b0bc75d54bb31be1f6a46618d68de225f34ffb4ddcba7919a3c572615800a4a851d587393f211f991d2f987b8a44fe84e85be09314cf8ddb3bde4648d82b513af6bdafe2f3b6d8569f81a743493a9c3e2d565d3f5cc22abf60c99ef0134608330cc2ce0a92d97e8724b51f7b4e393ee3298b4bbb5908677e5d3fa388e2c26552eb05ef2e0c24506b7bab830b1fae84917e62d77f655b987a4d8882944aa275f0f23a012e59186eb6c3a6e64a263a92e6bcb87d894c25904241b9a56a32efed54cc360af909ee37fe510c564da4e0a8eae81c2f71b343f4c6685e02e3b0acdb732426020e4fb8c6ae2666e93dea041a27fe97e6403c302123d"}, &(0x7f00000015c0)={0x21, 0x0, 0x1, "d5"}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_open_dev$char_usb-ioctl$EVIOCGMASK-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r4, 0x5b02, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000bc0)=ANY=[@ANYBLOB="001607000000e8c10ac0fbaed2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_open_dev$char_usb-ioctl$EVIOCGMASK
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r4, 0x5b02, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_open_dev$char_usb
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1ed32361000000000000280101100000140904000003fe03010009cd8d1f0002000000090505020001000000004e45bf"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect-syz_usb_disconnect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)
syz_usb_disconnect(r2)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="4015a2000000941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687c929f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105030f1b1b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$rtl8150
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "055d3457"}]}}, 0x0}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c500000000000109022400010000000009040800010300000009210000000122050009058103"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm-syz_usb_disconnect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})
syz_usb_disconnect(r0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ncm
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x85, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0x4, 0x20, 0x2c, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4c4fa7ed8a79"}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x6, 0x5}, {0x6, 0x24, 0x1a, 0x8, 0x6}, [@acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1e, 0x7, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x9, 0xb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xe, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0xf, 0x6e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x140, 0x3, 0xff, 0x2, 0xff, 0x3}, 0x57, &(0x7f0000000100)={0x5, 0xf, 0x57, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x3, 0x1, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x9, 0xf00, 0x9, [0xc000, 0xffc00f, 0x3fc0, 0x3f00, 0xc000, 0xff30]}, @ssp_cap={0xc, 0x10, 0xa, 0x72, 0x0, 0x4, 0xf00, 0x7ac2}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x4, 0xa}, @ss_container_id={0x14, 0x10, 0x4, 0x1a, "5edb0a8532b367ff0c31a02359c15ae4"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x140c}}, {0x73, &(0x7f0000000200)=@string={0x73, 0x3, "303bb9c9572a2f19347f09a58eff8bbcf66a44c6795d6f46acda1fc6a4596242cad69ff60f3eb2f4278451447d71acc01bc1579f4c2591f561a0bf62d4fc606268c809efc76f3765053e99fcd17d0b93cc58dab1d2373939646e9f9e371b28ec1ebb981dc8e555dfb935f8dd779ad45cd2"}}]})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB], 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_open
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
validation run: crashed=true
reproducing took 1h42m3.927421636s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
Read of size 4 at addr ffff888121388858 by task v4l_id/5852

CPU: 0 UID: 0 PID: 5852 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x13d/0x4b0 mm/kasan/report.c:482
 kasan_report+0xdf/0x1d0 mm/kasan/report.c:595
 v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x68b/0x14b0 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0x7f0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f31fd311407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd6b151080 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f31fd223880 RCX: 00007f31fd311407
RDX: 0000000000000000 RSI: 00007ffd6b151f24 RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd6b1512d0 R14: 00007f31fdaa7000 R15: 0000563a231cf4d8
 </TASK>

Allocated by task 5794:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:2707
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
 process_scheduled_works kernel/workqueue.c:3397 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x69a/0xc80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 5794:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6251 [inline]
 kfree+0x204/0x650 mm/slub.c:6566
 kref_put.isra.0+0x53/0x75 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:3078
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
 process_scheduled_works kernel/workqueue.c:3397 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x69a/0xc80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888121388000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 2136 bytes inside of
 freed 8192-byte region [ffff888121388000, ffff88812138a000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121388
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2898, tgid 2898 (dhcpcd), ts 18816867373, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0xfd/0x120 mm/page_alloc.c:1853
 prep_new_page mm/page_alloc.c:1861 [inline]
 get_page_from_freelist+0x20a5/0x3850 mm/page_alloc.c:3941
 __alloc_frozen_pages_noprof+0x273/0x28a0 mm/page_alloc.c:5221
 alloc_slab_page mm/slub.c:3278 [inline]
 allocate_slab mm/slub.c:3467 [inline]
 new_slab+0xa6/0x6b0 mm/slub.c:3525
 refill_objects+0x277/0x420 mm/slub.c:7272
 refill_sheaf mm/slub.c:2816 [inline]
 __pcs_replace_empty_main+0x375/0x650 mm/slub.c:4652
 alloc_from_pcs mm/slub.c:4750 [inline]
 slab_alloc_node mm/slub.c:4884 [inline]
 __do_kmalloc_node mm/slub.c:5295 [inline]
 __kvmalloc_node_noprof+0x72c/0x950 mm/slub.c:6833
 kvmalloc_array_node_noprof include/linux/slab.h:1216 [inline]
 __ptr_ring_init_queue_alloc_noprof include/linux/ptr_ring.h:481 [inline]
 ptr_ring_init_noprof include/linux/ptr_ring.h:499 [inline]
 skb_array_init_noprof include/linux/skb_array.h:182 [inline]
 pfifo_fast_init+0x177/0x3b0 net/sched/sch_generic.c:895
 qdisc_create_dflt+0x128/0x4b0 net/sched/sch_generic.c:1038
 mq_init_common+0x1e5/0x490 net/sched/sch_mq.c:91
 mq_init+0x26/0x60 net/sched/sch_mq.c:112
 qdisc_create_dflt+0x128/0x4b0 net/sched/sch_generic.c:1038
 attach_default_qdiscs net/sched/sch_generic.c:1220 [inline]
 dev_activate+0xaa3/0xcd0 net/sched/sch_generic.c:1274
 __dev_open+0x486/0x7a0 net/core/dev.c:1711
 __dev_change_flags+0x596/0x7e0 net/core/dev.c:9758
 netif_change_flags+0x8d/0x160 net/core/dev.c:9821
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888121388700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888121388780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888121388800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                    ^
 ffff888121388880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888121388900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
Read of size 4 at addr ffff888121388858 by task v4l_id/5852

CPU: 0 UID: 0 PID: 5852 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x13d/0x4b0 mm/kasan/report.c:482
 kasan_report+0xdf/0x1d0 mm/kasan/report.c:595
 v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x68b/0x14b0 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0x7f0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f31fd311407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd6b151080 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f31fd223880 RCX: 00007f31fd311407
RDX: 0000000000000000 RSI: 00007ffd6b151f24 RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd6b1512d0 R14: 00007f31fdaa7000 R15: 0000563a231cf4d8
 </TASK>

Allocated by task 5794:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:2707
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
 process_scheduled_works kernel/workqueue.c:3397 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x69a/0xc80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 5794:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6251 [inline]
 kfree+0x204/0x650 mm/slub.c:6566
 kref_put.isra.0+0x53/0x75 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:3078
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
 process_scheduled_works kernel/workqueue.c:3397 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x69a/0xc80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888121388000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 2136 bytes inside of
 freed 8192-byte region [ffff888121388000, ffff88812138a000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121388
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2898, tgid 2898 (dhcpcd), ts 18816867373, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0xfd/0x120 mm/page_alloc.c:1853
 prep_new_page mm/page_alloc.c:1861 [inline]
 get_page_from_freelist+0x20a5/0x3850 mm/page_alloc.c:3941
 __alloc_frozen_pages_noprof+0x273/0x28a0 mm/page_alloc.c:5221
 alloc_slab_page mm/slub.c:3278 [inline]
 allocate_slab mm/slub.c:3467 [inline]
 new_slab+0xa6/0x6b0 mm/slub.c:3525
 refill_objects+0x277/0x420 mm/slub.c:7272
 refill_sheaf mm/slub.c:2816 [inline]
 __pcs_replace_empty_main+0x375/0x650 mm/slub.c:4652
 alloc_from_pcs mm/slub.c:4750 [inline]
 slab_alloc_node mm/slub.c:4884 [inline]
 __do_kmalloc_node mm/slub.c:5295 [inline]
 __kvmalloc_node_noprof+0x72c/0x950 mm/slub.c:6833
 kvmalloc_array_node_noprof include/linux/slab.h:1216 [inline]
 __ptr_ring_init_queue_alloc_noprof include/linux/ptr_ring.h:481 [inline]
 ptr_ring_init_noprof include/linux/ptr_ring.h:499 [inline]
 skb_array_init_noprof include/linux/skb_array.h:182 [inline]
 pfifo_fast_init+0x177/0x3b0 net/sched/sch_generic.c:895
 qdisc_create_dflt+0x128/0x4b0 net/sched/sch_generic.c:1038
 mq_init_common+0x1e5/0x490 net/sched/sch_mq.c:91
 mq_init+0x26/0x60 net/sched/sch_mq.c:112
 qdisc_create_dflt+0x128/0x4b0 net/sched/sch_generic.c:1038
 attach_default_qdiscs net/sched/sch_generic.c:1220 [inline]
 dev_activate+0xaa3/0xcd0 net/sched/sch_generic.c:1274
 __dev_open+0x486/0x7a0 net/core/dev.c:1711
 __dev_change_flags+0x596/0x7e0 net/core/dev.c:9758
 netif_change_flags+0x8d/0x160 net/core/dev.c:9821
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888121388700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888121388780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888121388800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                    ^
 ffff888121388880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888121388900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================