Extracting prog: 27m24.885827622s
Minimizing prog: 45m18.916687138s
Simplifying prog options: 0s
Extracting C: 1m16.362725952s
Simplifying C: 10m35.556071016s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1e5e, 0x313, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6a, 0x20, 0x5, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x2, 0x7, {0x9, 0x21, 0x8001, 0x7f, 0x1, {0x22, 0x671}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x9, 0x3, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x0, 0x7f, 0x96}}]}}}]}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0x42, 0x56, 0x1, 0x8}, 0x108, &(0x7f0000000080)={0x5, 0xf, 0x108, 0x5, [@generic={0xd3, 0x10, 0x3, "e841360b8166495df958b1402e77c98695da0398ba0d0cdfc436c8029a649638d2e2cc344929f56be7103885b6d489eb1ce024f6bff675f2b01f64146893d33f42784f153e642087749ee9fae2892a5ca4601f8b077ac91aa990561b538b7a96641a8eb767c46ce6cf6b8bf7757012173b9b94901ae825e177f506cb62a8dc29a3efe125052cc4ebe7e8e6447504181cd60199112c8cd7936dc04b1de41226ad04242a9ffe334934836c882079b976588c18a47f2789a137e19637976e06bf911b4fcf95b463aa3bcc3bfd85d2d10abe"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x8, 0x1, 0xa0d}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x4, 0x1, 0x8}, @wireless={0xb, 0x10, 0x1, 0x4, 0x18, 0x8, 0x5, 0x1, 0x81}, @ss_container_id={0x14, 0x10, 0x4, 0xb, "ecd4ad506d88b8946dd03763655e2007"}]}, 0x8, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x3c01}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x2801}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf8d2}}, {0x88, &(0x7f0000000280)=@string={0x88, 0x3, "1b3b2ea48596a121bcb63e9de99c8162239f6f416411491b9c2fe9e81d2671cdb458bdf32f27a6fa74f5a9195f5a13dc59ccf491c2442806bc4a437ac87af40c31adcb7e186f2a8b4092dfc40c501058050ef1b2eb45f029bc4b1a1f8988f9376f8bc1011d90511ab5d0871876b8dc0e9e14effd50faccf1e505f6c785623e301a968e288435"}}, {0xcd, &(0x7f0000000340)=@string={0xcd, 0x3, "c24550e5c62a198a90cd32e25ce58560a2f0afc7e7aa06cbb22c4e928335c7af20061ca934bf4033e602ada162bc5c019acdec470ac5f27cf79d8a883192f714dd72093188d7c8fe18d6e3d00babc8c4ddfb4e0690d9313644f2bcf6e67932fefbdedb84ba9c84d676918d4e956ff2b5af063f1fa9a5165cc07b229ee65bea45bcbb39df673b3c5103313eea2dd9f39e8372e61392ec4a33d8f4f7399b35377d54dfa8149b647dd3bdd15bc3fbe53ded45be58c47a9a50f8b6ee744c6f85ab1d69ce8242430eb5c203e7d1"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x100c}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x242c}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x40b}}]})
syz_usb_control_io$hid(r0, &(0x7f0000000740)={0x24, &(0x7f0000000580)={0x20, 0x7, 0x12, {0x12, 0x10, "ab0d965b6e7137476243842efbae8612"}}, &(0x7f00000005c0)={0x0, 0x3, 0xcd, @string={0xcd, 0x3, "729d05211739681f8c9d024a9a55521550177fb5bb7f546f8b7c306bd47eab21898cb0e39c372f85ed8166db2fd503a30e0a0fd4d5328f2214f9681a9638e6104c03ad3cadd990b2c20c2c69161ed3a315bdc1e3c77feb47681c6ccb6c4629022d075dbaaa1065cdf40eeadc5f2bf7a05e5b4ddf4caef7164e6e4b77554c91706325589f5fbbc0e259d3ec6d61c870fe9a969d5b504c0e81ff89287d862dcd6f5e38abff1fa1e17fa98cebdd0b49a1da3ecd9c3b29ddbb5e4ae466897e72c5a6782df80a33ad33e09697b2"}}, &(0x7f00000006c0)={0x0, 0x22, 0x23, {[@local=@item_4={0x3, 0x2, 0x7, '?a4l'}, @local=@item_4={0x3, 0x2, 0xa, "1106317e"}, @global=@item_4={0x3, 0x1, 0x9, '2\vbg'}, @local=@item_012={0x2, 0x2, 0x7, '7!'}, @main=@item_4={0x3, 0x0, 0xb, "0a9f39fe"}, @main=@item_4={0x3, 0x0, 0xb, "1170d7aa"}, @global=@item_4={0x3, 0x1, 0x0, "30f56e97"}, @global=@item_012={0x1, 0x1, 0x0, "91"}]}}, &(0x7f0000000700)={0x0, 0x21, 0x9, {0x9, 0x21, 0x2, 0x9, 0x1, {0x22, 0x96}}}}, &(0x7f0000000880)={0x2c, &(0x7f0000000780)={0xe0, 0xe, 0x11, "196dce028503c8d54a02b5d65849ebac75"}, &(0x7f00000007c0)={0x0, 0xa, 0x1, 0x21}, &(0x7f0000000800)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000900)={0x20, 0x1, 0xb4, "5a354020a7a6ef94f2199ec6a8634842a3fc957478e00be89358751bb5cb1b9dc0250e3feb1fc846f8dc6a080d7bf2a48c20fb89d51b9119f7b04e15a473ab4cb944fba0df1dc59a7e146f8caa3895a6af708b2ee9136c10bd35f23eb384aff0fdceb62618d581cccfcf4bda8c0ae82106ec9cd9e4aac6f7d42e834f2a9e05f911f721e727246f4b05a5a488615a4d3e7a6ee138f70157ec1f3b3cd903e448672ead98854e98eb5f85797fafedd5798a3978c588"}, &(0x7f0000000840)={0x20, 0x3, 0x1, 0x4}}) (async)
syz_usb_connect(0x0, 0x24, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0x80, 0x2d, 0xf4, 0x40, 0x403, 0x6010, 0xa5ed, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0xb1, 0xb3}}]}}]}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_connect-syz_usb_connect$hid-syz_usb_disconnect-syz_usb_connect$hid-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_open_dev$hidraw-syz_usb_connect-syz_usb_control_io-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105704da0700000000000109022400010000ba0009040000090300000009210000000122220009058103"], 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000056544820e1050804112101020301090224000100001a00090400000201", @ANYRESDEC=0x0], 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000b10b5103a092226"], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20d6, 0xcb17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000040)={0x2c, &(0x7f0000000480)={0x0, 0x0, 0x7, {0x7, 0x0, "392cdaab4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_ep_write(r1, 0x81, 0x2, &(0x7f0000000240)="0080")
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002222000000930000a220b31ce93ee9870c0000002a0008b3"], 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f00000000c0), 0x0, 0x60801)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xffa2, &(0x7f0000000000))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_connect-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect-ioctl$EVIOCRMFF-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_connect(0x5, 0x46, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x5a, 0x29, 0x2e, 0x8, 0xc10, 0x0, 0x95a7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x34, 0x1, 0xa2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc5, 0x4, 0x3, 0xf1, 0x78, 0xa9, 0x5b, [], [{{0x9, 0x5, 0x86, 0x10, 0x400, 0xf4, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2f, 0x8}]}}, {{0x9, 0x5, 0x3, 0x4, 0x40, 0x81, 0x3, 0xff}}, {{0x9, 0x5, 0x9, 0x1b, 0x8, 0xc, 0x28, 0x80}}]}}]}}]}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r1, 0x40085507, &(0x7f0000000100)=0xb)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0003020000000203"], 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000140)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000205"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002222000000962313927b7c870c0000f3610b5d8d3dda00000000000000"], 0x0}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-ioctl$EVIOCGREP-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid-ioctl$EVIOCGID-ioctl$EVIOCRMFF-ioctl$EVIOCGREP-ioctl$EVIOCGRAB-syz_usb_connect$cdc_ecm-syz_usb_connect$hid-syz_usb_connect-syz_usb_connect-syz_usb_connect$uac1
detailed listing:
executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x47, 0x2180)
ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f0000000040)=""/4096)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x3138, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x1}]}}, 0x0}, 0x0)
ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000001040)=""/158)
ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000001100)=0x4)
ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f0000001140)=""/62)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000028c0)=0xa)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000082505a5a4400000000101090244000101000000090400000302060000052406000005242000000d240f0100000000000000000009058103200000000009058202080080000009050302"], 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc713, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7b, 0x90, 0x93, [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0x2, 0x2, 0x1, {0x22, 0xcf8}}, {{{0x9, 0x5, 0x81, 0x3, 0x50, 0x1, 0x1, 0x38}}}}}]}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x411}}, {0xa, &(0x7f0000000140)=@string={0xa, 0x3, "6bea9804fcdb17dc"}}]})
syz_usb_connect(0x0, 0x5a, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b01020301090248000100f2ff0009046900000e010000084101a058c2785f2a6ece24df2802b616223c5507007750"], 0x0)
syz_usb_connect(0x5, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001d4f86540d804830047da010203010902380001020840b3090400b20102020194052406"], 0x0)
syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x94, 0x3, 0x1, 0x17, 0x60, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x2}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x206, 0x2, 0xd, 0x67b, 0x8, 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x0, 0x1, 0x9, 0x3, '%'}, @as_header={0x7, 0x24, 0x1, 0x1, 0x9, 0x1}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0xff4a, 0x401, 0x3, "b5287827"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x3, 0x0, 0xf8, "2e968b"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xa1, 0x0, 0x4d, {0x7, 0x25, 0x1, 0x81, 0x1, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x5, 0x0, 0x2, {0x7, 0x25, 0x1, 0x83, 0xf2, 0x44e}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x310, 0x8, 0xfc, 0xc, 0x8, 0x5}, 0x4f, &(0x7f0000000180)={0x5, 0xf, 0x4f, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x0, 0x7, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xc, 0x9, 0xb, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x3, 0x6, 0x8, 0xf00, 0x1, [0x3f0f, 0x3f0f, 0xff0000, 0xffffc0, 0xff00c0, 0x3f3f]}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x0, 0x1, 0x18e}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x2, 0xb3, 0x2, 0xb420, 0x1}]}, 0x5, [{0x9, &(0x7f0000000200)=@string={0x9, 0x3, "4d669605264f82"}}, {0xed, &(0x7f0000000380)=@string={0xed, 0x3, "0da979ff3322f29f1c9efc1ec9ce7b350db49731b98f80f61d76bda65c6aff985de022bff743ef4943a67af4756be139add6d9808928396f434f4ba49b8b08ebd7405a761ba35b98820f0b5009c63fab61f72cc4a6c8e49924df0949d0a11d9471ef375bb168677331a0c9d05fb406668ab0956393d9b50b4d25b636568a881ef374ced443cb8e3d95aac46f001e5f096bc744c70e3ee0543b664ee55e377dadecd15e19c60306ee2db2522dfdd5f4a0ee38af7dc14feadf1e30e2475edb85df6b73b98c1cebcfe7b751ab808babb5debcbd5c867df7924cc9db9efe3e08a12f8ec1e7b56829ff8d1c46bb"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x411}}, {0xea, &(0x7f0000000480)=@string={0xea, 0x3, "63506afccbef53148daade529e8189f0393e8beff2283a4d43fdba266cf3c5e819d11d2eb5d2246724d243d262e0921c89723219f99196838846d7624638ae5aab6f2d18d3cedadb47848749ab3170bd60ebdfe6bd210883b69a54b39d71a515d4a1723bc8ec755390320b4a58ac99a7ce4728b7e6344a0c87233fd2e7df2987aa54ff63c2774850701858f30d6d179d39c69683dc44082905007a86fff244168b76c630aabb0c4418871c30f79d3e3664a3953c3dad6c27071e8e907968e512733df78fbabebfd3efdaeb4431eac2c6e0e9fafb0dc6731c7293efb6be64f664fe1aa7c964df2b07"}}, {0xb7, &(0x7f0000000580)=@string={0xb7, 0x3, "a1742276e091c3c5b09a27da0fc7d886fb3c01485bfb6bd4c84d8e92384fbfc70259df73e17c89e27f9ddaf9b7e93d706d0b6bea799aa5e4767404db6acd78dfa54f5b3816fc899f07e98f90ccff65c7833867d2f23ffeceb4a05762f6eeb29168bfd99d0a10495f811ad83d402d3137f89707c2863b6243b5aaeffbc343cdb2d09497b5f13f6f5a91baf0899ee6a27b123c199decbde65d439e49a4e4046292df2319d0eefa795837e2298a1eef32739696510d7d"}}]})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000001c0)={0x72, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000100)={0x1c, &(0x7f00000004c0)={0x0, 0x1, 0xeb, "04d3d0dba214dd0b4f703619d02057f914bfb7937c8168d87fbd017cf73b2499c3cd158c5ebaf7d478b1061e85f99eb00e331aef751116fa4e8b84de3a79f4a2c9ccbc778366c8a62a10b65a14b01fa4078160ab142c2883f78d765b25b4f1b7b9cc07629bb93e93425cecc51609d3011340b018380abe177a1b18a83ab496d4dfe2c7dff6a87b793dc56789ba37204fa2b74d2adc973865b9a2983c41b40ee0b1656a6c016e8b4e7f014725f7c0a273a4832efae1a307645134cb39af9b966f5a7a8088a56716af67597d0940987c21bb52e6afaa8100ed765f4ceb9bf03a82a3354b7f670d585b7fb350"}, 0x0, 0x0})
syz_usb_connect(0x3, 0x46, &(0x7f0000000040)=ANY=[], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
single: successfully extracted reproducer
found reproducer with 23 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000001c0)={0x72, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000100)={0x1c, &(0x7f00000004c0)={0x0, 0x1, 0xeb, "04d3d0dba214dd0b4f703619d02057f914bfb7937c8168d87fbd017cf73b2499c3cd158c5ebaf7d478b1061e85f99eb00e331aef751116fa4e8b84de3a79f4a2c9ccbc778366c8a62a10b65a14b01fa4078160ab142c2883f78d765b25b4f1b7b9cc07629bb93e93425cecc51609d3011340b018380abe177a1b18a83ab496d4dfe2c7dff6a87b793dc56789ba37204fa2b74d2adc973865b9a2983c41b40ee0b1656a6c016e8b4e7f014725f7c0a273a4832efae1a307645134cb39af9b966f5a7a8088a56716af67597d0940987c21bb52e6afaa8100ed765f4ceb9bf03a82a3354b7f670d585b7fb350"}, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$uac1-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000001c0)={0x72, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000001c0)={0x72, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000001c0)={0x72, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000001c0)={0x72, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$printer
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
syz_usb_control_io$printer(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer-syz_usb_connect_ath9k
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$printer
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r2 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev-syz_usb_control_io
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="40090800000000b9102e780000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_connect(0x5, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer-syz_usb_control_io
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer-syz_usb_control_io$printer
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$printer
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x9, 0x96, 0x8, 0x10, 0x4752, 0x11, 0x324f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x32, 0x0, [], [{{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_disconnect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$cdc_ecm
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
validation run: crashed=true
reproducing took 1h30m34.294364959s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff888119a84738 by task v4l_id/5794

CPU: 0 UID: 0 PID: 5794 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x64/0xa0 drivers/media/v4l2-core/v4l2-fh.c:64
 em28xx_v4l2_open+0x11e/0x570 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x1d2/0x490 drivers/media/v4l2-core/v4l2-dev.c:433
 chrdev_open+0x234/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x71a/0x1400 fs/open.c:962
 vfs_open+0x82/0x3f0 fs/open.c:1094
 do_open fs/namei.c:4628 [inline]
 path_openat+0x21dc/0x3120 fs/namei.c:4787
 do_filp_open+0x1f7/0x420 fs/namei.c:4814
 do_sys_openat2+0x12e/0x220 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1447
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x570 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f45c8bf2407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffe4d5a9150 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f45c8b04880 RCX: 00007f45c8bf2407
RDX: 0000000000000000 RSI: 00007ffe4d5a9f25 RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffe4d5a93a0 R14: 00007f45c9388000 R15: 00005641f3c494d8
 </TASK>

Allocated by task 5774:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:397 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:414
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 em28xx_v4l2_init.cold+0x94/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x6c3/0xa20 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Freed by task 5774:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:252 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:284
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6670 [inline]
 kfree+0x1ad/0x630 mm/slub.c:6878
 kref_put.isra.0+0x56/0x90 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x6c3/0xa20 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

The buggy address belongs to the object at ffff888119a84000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1848 bytes inside of
 freed 8192-byte region [ffff888119a84000, ffff888119a86000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119a80
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
head: 0200000000000003 ffffea000466a001 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2918, tgid 2918 (ssh-keygen), ts 25191400311, free_ts 25061365466
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1846
 prep_new_page mm/page_alloc.c:1854 [inline]
 get_page_from_freelist+0xd57/0x3b20 mm/page_alloc.c:3915
 __alloc_frozen_pages_noprof+0x269/0x2230 mm/page_alloc.c:5210
 alloc_pages_mpol+0xe8/0x410 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab mm/slub.c:3248 [inline]
 new_slab+0x2c4/0x440 mm/slub.c:3302
 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656
 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 __kmalloc_cache_noprof+0x4ee/0x7e0 mm/slub.c:5771
 kmalloc_noprof include/linux/slab.h:957 [inline]
 audit_log_d_path+0xed/0x210 kernel/audit.c:2193
 audit_log_lsm_data+0xff3/0x1fa0 security/lsm_audit.c:212
 dump_common_audit_data security/lsm_audit.c:421 [inline]
 common_lsm_audit+0x229/0x2b0 security/lsm_audit.c:451
 slow_avc_audit+0x186/0x210 security/selinux/avc.c:779
 avc_audit security/selinux/include/avc.h:131 [inline]
 avc_has_perm+0x1a6/0x1e0 security/selinux/avc.c:1198
 inode_has_perm+0x166/0x1d0 security/selinux/hooks.c:1687
 file_has_perm+0x2e2/0x350 security/selinux/hooks.c:1783
 match_file+0xd7/0x150 security/selinux/hooks.c:2435
page last free pid 2913 tgid 2913 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 __free_frozen_pages+0x7d1/0x1010 mm/page_alloc.c:2943
 discard_slab mm/slub.c:3346 [inline]
 __put_partials+0x127/0x160 mm/slub.c:3886
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:349
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x266/0x760 mm/slub.c:5270
 getname_flags.part.0+0x4c/0x540 fs/namei.c:146
 getname_flags+0x93/0xf0 include/linux/audit.h:345
 getname include/linux/fs.h:2498 [inline]
 getname_maybe_null include/linux/fs.h:2505 [inline]
 getname_maybe_null include/linux/fs.h:2502 [inline]
 vfs_fstatat+0xe1/0xf0 fs/stat.c:370
 __do_sys_newfstatat+0x9d/0x120 fs/stat.c:542
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x570 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888119a84600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888119a84680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888119a84700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff888119a84780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888119a84800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff888119a84738 by task v4l_id/5794

CPU: 0 UID: 0 PID: 5794 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x64/0xa0 drivers/media/v4l2-core/v4l2-fh.c:64
 em28xx_v4l2_open+0x11e/0x570 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x1d2/0x490 drivers/media/v4l2-core/v4l2-dev.c:433
 chrdev_open+0x234/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x71a/0x1400 fs/open.c:962
 vfs_open+0x82/0x3f0 fs/open.c:1094
 do_open fs/namei.c:4628 [inline]
 path_openat+0x21dc/0x3120 fs/namei.c:4787
 do_filp_open+0x1f7/0x420 fs/namei.c:4814
 do_sys_openat2+0x12e/0x220 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1447
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x570 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f45c8bf2407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffe4d5a9150 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f45c8b04880 RCX: 00007f45c8bf2407
RDX: 0000000000000000 RSI: 00007ffe4d5a9f25 RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffe4d5a93a0 R14: 00007f45c9388000 R15: 00005641f3c494d8
 </TASK>

Allocated by task 5774:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:397 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:414
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 em28xx_v4l2_init.cold+0x94/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x6c3/0xa20 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Freed by task 5774:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:252 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:284
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6670 [inline]
 kfree+0x1ad/0x630 mm/slub.c:6878
 kref_put.isra.0+0x56/0x90 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x6c3/0xa20 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

The buggy address belongs to the object at ffff888119a84000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1848 bytes inside of
 freed 8192-byte region [ffff888119a84000, ffff888119a86000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119a80
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
head: 0200000000000003 ffffea000466a001 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2918, tgid 2918 (ssh-keygen), ts 25191400311, free_ts 25061365466
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1846
 prep_new_page mm/page_alloc.c:1854 [inline]
 get_page_from_freelist+0xd57/0x3b20 mm/page_alloc.c:3915
 __alloc_frozen_pages_noprof+0x269/0x2230 mm/page_alloc.c:5210
 alloc_pages_mpol+0xe8/0x410 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab mm/slub.c:3248 [inline]
 new_slab+0x2c4/0x440 mm/slub.c:3302
 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656
 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 __kmalloc_cache_noprof+0x4ee/0x7e0 mm/slub.c:5771
 kmalloc_noprof include/linux/slab.h:957 [inline]
 audit_log_d_path+0xed/0x210 kernel/audit.c:2193
 audit_log_lsm_data+0xff3/0x1fa0 security/lsm_audit.c:212
 dump_common_audit_data security/lsm_audit.c:421 [inline]
 common_lsm_audit+0x229/0x2b0 security/lsm_audit.c:451
 slow_avc_audit+0x186/0x210 security/selinux/avc.c:779
 avc_audit security/selinux/include/avc.h:131 [inline]
 avc_has_perm+0x1a6/0x1e0 security/selinux/avc.c:1198
 inode_has_perm+0x166/0x1d0 security/selinux/hooks.c:1687
 file_has_perm+0x2e2/0x350 security/selinux/hooks.c:1783
 match_file+0xd7/0x150 security/selinux/hooks.c:2435
page last free pid 2913 tgid 2913 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 __free_frozen_pages+0x7d1/0x1010 mm/page_alloc.c:2943
 discard_slab mm/slub.c:3346 [inline]
 __put_partials+0x127/0x160 mm/slub.c:3886
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:349
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x266/0x760 mm/slub.c:5270
 getname_flags.part.0+0x4c/0x540 fs/namei.c:146
 getname_flags+0x93/0xf0 include/linux/audit.h:345
 getname include/linux/fs.h:2498 [inline]
 getname_maybe_null include/linux/fs.h:2505 [inline]
 getname_maybe_null include/linux/fs.h:2502 [inline]
 vfs_fstatat+0xe1/0xf0 fs/stat.c:370
 __do_sys_newfstatat+0x9d/0x120 fs/stat.c:542
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x570 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888119a84600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888119a84680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888119a84700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff888119a84780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888119a84800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================