Extracting prog: 4m1.278838323s
Minimizing prog: 54m3.895414976s
Simplifying prog options: 0s
Extracting C: 1m3.779851198s
Simplifying C: 11m49.67905088s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vga_arbiter-prlimit64-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-ioctl$DRM_IOCTL_GET_CLIENT-ptrace$pokeuser-syz_open_dev$MSR-read$msr-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_STAT_GET-ioctl$sock_SIOCGIFINDEX-getsockopt$sock_cred-syz_emit_ethernet-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-close-ioctl$TIOCGSOFTCAR-connect$inet-socket$nl_generic-sendmsg$nl_generic-sendmsg$nl_route_sched-sendmsg$nl_route_sched-sendmsg$nl_route-epoll_create1-epoll_wait-socket$netlink-sendmmsg-sched_setscheduler
detailed listing:
executing program 0:
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000000c0)={0x0, 0xf, {<r0=>0xffffffffffffffff}, {}, 0x1, 0xd})
ptrace$pokeuser(0x6, r0, 0x8, 0xfffffffffffff990)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="10005f29131700001114010028bd7000ffdbe225"], 0x10}, 0x1, 0x0, 0x0, 0x844}, 0x810)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0)
syz_emit_ethernet(0x56, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r4=>0x0], &(0x7f0000000180)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r4, r5], 0x2})
close(0x3)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f0000000140))
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, 0x0, 0xc000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x38, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bb", @ANYBLOB="0300000000000000280012800a00010076786c61"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r7 = epoll_create1(0x0)
epoll_wait(r7, &(0x7f0000000000)=[{}], 0x1, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SET_MM_MAP-sendmsg$NFT_BATCH-io_uring_setup-bpf$PROG_LOAD-io_uring_enter-syz_open_dev$sndmidi-writev
detailed listing:
executing program 0:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-mmap-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000000)={0x0, r4})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-mmap-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000001680))
r5 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000001c0)={0x0, r5})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000000)={0x0, r5})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
single: successfully extracted reproducer
found reproducer with 26 syscalls
minimizing guilty program
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000001680))
r5 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000001c0)={0x0, r5})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000000)={0x0, r5})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000000)={0x0, r4})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$VHOST_SET_VRING_ADDR-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000000)={0x0, r4})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_VSOCK_SET_RUNNING-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000000)={0x0, r4})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000000)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-eventfd2-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680))
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0))
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-ioctl$VHOST_SET_VRING_ADDR-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-openat$vhost_vsock-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r4 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-openat$cgroup_ro-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_control_io$printer-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-landlock_restrict_self-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
landlock_restrict_self(r2, 0x9)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$MSG_STAT_ANY-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000180)=""/14)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-landlock_create_ruleset-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x4000, 0x3, 0x2}, 0x18, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = msgget$private(0x0, 0x790)
msgsnd(r0, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x1, 0x5b, "a3a01a1461c5dc49332ea2ea960b0eae0972630dbda222b251b2b3305468d275052c8b091b6ecbe541cdd1fb5f84451ea8cfd7719d14617af21341c79ebc3afcfc1eaa4cb23e94882dffd64dd70bceff7f27ae85fd8fa51ac169ca"}, 0x0, 0x0, 0x0, 0x0})
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program did not crash
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0xa8, {0xa8, 0x1, "af85b30c9c51250484e0635faee000228eaed0a6870adde8ceb66a03c4290e914bd76d8511feea95037cd5ce6d8323dfed0a7fedc71d2fa1b4b711f14dfa3564ffb33a7e2a5d7452212bde7e71fa84ea61a0000a4eca581ce97920d917bf63e19133f00697a79e037c80e9e856fd1333787d8e1516141c0f37e541096290cff88a546c6e62981e9309292cc75e28da8d44472acd5074ddab263385f9faa0998c784c0ec945b1"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1009}}, &(0x7f0000000240)={0x0, 0xf, 0x193, {0x5, 0xf, 0x193, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0xb}, @generic={0x84, 0x10, 0x3, "adc2097d43626ee6b006a6b1a836a58ee82fece650c264ec14e90c04453e090d6015a5a6cead625c440e3d52234b2eb8402bf06d6eaaa059d694c330510a0c5c7259fcf68c3b68a5fdce073b176ff58826b0c41df98086b4e4e2ff1dbc249bd9d76bd86f6cf62f1a96b3dd21abe13fe9aaf0ae60662c771e2f45cedff5f4320706"}, @ptm_cap={0x3}, @generic={0xe1, 0x10, 0xa, "a112e65f1b7363c2d4050feab53add15d78897ca68b7529444974cac5fe72477c5cab5785a21911e69297827da90654fa378a94710e3ec890bd472bb605b3dc46603e0cac803c5eb494ad90a3ad1db3f99371dcc410f38eb56600f4ace8707498ae1d718f0228acee0469d05815c0cee9a41150bdea3a2862611b7a876f4f843c03ba2d9186ccc9e0f03b3a86122202e300426fb58d06d66a0e76a3b2304ec1f38d75d6227822e3a2d6509b03f964d4aa6e5f126c8afa22882ed81a1221ee7ecabd84d6042f29e7bbc8dc684c5bd126c30a059ab781fb5ee0eedf787c5ce"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "5fd0657808f96e7b2860f98f7933e07e"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4e, 0xd5, 0x6, 0x0, 0xb}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x70, 0x81, 0xd6, "3298b725", "bed93b77"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x53, 0x1, 0x9, 0x7, 0x3, 0x2, 0x9}}}, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000500)={0x40, 0xe, 0x94, "5271240f380d9d9b18986b22a84f3f583f2281b435ce8effcf94200626f8c255d0e477ed76c8274373c707c31968f9c982f29e4bc9a09a8e4fa91e8f761bc017f3806830bb4b776b1a7817055fe33c011bf0b4a7f9ffef356a75c3b91ed9d7fe39604ea2d45faf5b73d9b8eab678b10476abe3057734266a55b28a65b31cdaa8eb20a9f27b8940b7617d7a6a5c461cf67370bba2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000740)={0x40, 0xb, 0x2, "98cf"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0xfd0}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000800)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000840)={0x40, 0x19, 0x2, "bbef"}, &(0x7f0000000880)={0x40, 0x1a, 0x2}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0xa3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
extracting C reproducer
testing compiled C program (duration=48.506174881s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program crashed: KASAN: slab-use-after-free Read in v4l2_open
simplifying C reproducer
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program did not crash
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program did not crash
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program did not crash
testing compiled C program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
program crashed: KASAN: slab-use-after-free Read in v4l2_open
testing program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
validation run: crashed=true
testing program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
validation run: crashed=true
testing program (duration=48.506174881s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-msgget$private-msgsnd-msgctl$IPC_SET-syz_usb_control_io$rtl8150-syz_usb_control_io$hid-eventfd2-ioctl$VHOST_SET_VRING_ERR-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-connect$vsock_stream-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, 0x0, 0x401, 0x0)
msgctl$IPC_SET(r1, 0x1, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_open
validation run: crashed=true
reproducing took 1h16m14.716842202s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
Read of size 4 at addr ffff8880768b0860 by task v4l_id/6210

CPU: 1 UID: 0 PID: 6210 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x13d/0x4b0 mm/kasan/report.c:482
 kasan_report+0xdf/0x1d0 mm/kasan/report.c:595
 v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x6d8/0x1660 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb25a2a7407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd627c5cb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fb25a984880 RCX: 00007fb25a2a7407
RDX: 0000000000000000 RSI: 00007ffd627c6f1b RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd627c5f00 R14: 00007fb25aaeb000 R15: 00005579c997f4d8
 </TASK>

Allocated by task 9:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:2707
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 9:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6250 [inline]
 kfree+0x223/0x6c0 mm/slub.c:6565
 kref_put.isra.0+0x53/0x75 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:3078
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff8880768b0000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 2144 bytes inside of
 freed 8192-byte region [ffff8880768b0000, ffff8880768b2000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x768b0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88813fe35280 dead000000000100 dead000000000122
raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88813fe35280 dead000000000100 dead000000000122
head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5677, tgid 5677 (syz-executor), ts 84365375689, free_ts 84283669570
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x153/0x170 mm/page_alloc.c:1858
 prep_new_page mm/page_alloc.c:1866 [inline]
 get_page_from_freelist+0x11a6/0x33b0 mm/page_alloc.c:3946
 __alloc_frozen_pages_noprof+0x27c/0x2bc0 mm/page_alloc.c:5226
 alloc_slab_page mm/slub.c:3278 [inline]
 allocate_slab mm/slub.c:3467 [inline]
 new_slab+0xa6/0x6c0 mm/slub.c:3525
 refill_objects+0x277/0x420 mm/slub.c:7255
 refill_sheaf mm/slub.c:2816 [inline]
 __pcs_replace_empty_main+0x375/0x650 mm/slub.c:4651
 alloc_from_pcs mm/slub.c:4749 [inline]
 slab_alloc_node mm/slub.c:4883 [inline]
 __kmalloc_cache_noprof+0x493/0x6f0 mm/slub.c:5414
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 mr_table_alloc+0x61/0x3e0 net/ipv4/ipmr_base.c:55
 ip6mr_new_table net/ipv6/ip6mr.c:401 [inline]
 ip6mr_new_table net/ipv6/ip6mr.c:393 [inline]
 ip6mr_rules_init net/ipv6/ip6mr.c:249 [inline]
 ip6mr_net_init net/ipv6/ip6mr.c:1334 [inline]
 ip6mr_net_init+0x341/0x4d0 net/ipv6/ip6mr.c:1326
 ops_init+0x1e2/0x5f0 net/core/net_namespace.c:137
 setup_net+0x118/0x3a0 net/core/net_namespace.c:446
 copy_net_ns+0x46f/0x7c0 net/core/net_namespace.c:579
 create_new_namespaces+0x3ea/0xac0 kernel/nsproxy.c:132
 unshare_nsproxy_namespaces+0xf2/0x220 kernel/nsproxy.c:234
 ksys_unshare+0x438/0xab0 kernel/fork.c:3243
 __do_sys_unshare kernel/fork.c:3317 [inline]
 __se_sys_unshare kernel/fork.c:3315 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:3315
page last free pid 5662 tgid 5662 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1402 [inline]
 __free_frozen_pages+0x747/0x1040 mm/page_alloc.c:2943
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xf0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4569 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 kmem_cache_alloc_noprof+0x241/0x6e0 mm/slub.c:4905
 __kernfs_new_node+0xd2/0x9f0 fs/kernfs/dir.c:664
 kernfs_new_node+0x11b/0x1a0 fs/kernfs/dir.c:748
 __kernfs_create_file+0x53/0x350 fs/kernfs/file.c:1057
 sysfs_add_file_mode_ns+0x207/0x3c0 fs/sysfs/file.c:313
 create_files fs/sysfs/group.c:82 [inline]
 internal_create_group+0x593/0xf40 fs/sysfs/group.c:189
 internal_create_groups+0x9d/0x150 fs/sysfs/group.c:229
 device_add_groups drivers/base/core.c:2837 [inline]
 device_add_attrs drivers/base/core.c:2912 [inline]
 device_add+0xf5b/0x1950 drivers/base/core.c:3645
 netdev_register_kobject+0x1a9/0x3d0 net/core/net-sysfs.c:2343
 register_netdevice+0x151c/0x24b0 net/core/dev.c:11420
 register_netdev+0x34/0x50 net/core/dev.c:11536
 vti6_init_net+0x2c7/0x440 net/ipv6/ip6_vti.c:1158

Memory state around the buggy address:
 ffff8880768b0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880768b0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880768b0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                       ^
 ffff8880768b0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880768b0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
Read of size 4 at addr ffff8880768b0860 by task v4l_id/6210

CPU: 1 UID: 0 PID: 6210 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x13d/0x4b0 mm/kasan/report.c:482
 kasan_report+0xdf/0x1d0 mm/kasan/report.c:595
 v4l2_open+0x351/0x490 drivers/media/v4l2-core/v4l2-dev.c:444
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x6d8/0x1660 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb25a2a7407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd627c5cb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fb25a984880 RCX: 00007fb25a2a7407
RDX: 0000000000000000 RSI: 00007ffd627c6f1b RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd627c5f00 R14: 00007fb25aaeb000 R15: 00005579c997f4d8
 </TASK>

Allocated by task 9:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:2707
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 9:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6250 [inline]
 kfree+0x223/0x6c0 mm/slub.c:6565
 kref_put.isra.0+0x53/0x75 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3a40 drivers/media/usb/em28xx/em28xx-video.c:3078
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1248
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3660
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff8880768b0000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 2144 bytes inside of
 freed 8192-byte region [ffff8880768b0000, ffff8880768b2000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x768b0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88813fe35280 dead000000000100 dead000000000122
raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88813fe35280 dead000000000100 dead000000000122
head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5677, tgid 5677 (syz-executor), ts 84365375689, free_ts 84283669570
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x153/0x170 mm/page_alloc.c:1858
 prep_new_page mm/page_alloc.c:1866 [inline]
 get_page_from_freelist+0x11a6/0x33b0 mm/page_alloc.c:3946
 __alloc_frozen_pages_noprof+0x27c/0x2bc0 mm/page_alloc.c:5226
 alloc_slab_page mm/slub.c:3278 [inline]
 allocate_slab mm/slub.c:3467 [inline]
 new_slab+0xa6/0x6c0 mm/slub.c:3525
 refill_objects+0x277/0x420 mm/slub.c:7255
 refill_sheaf mm/slub.c:2816 [inline]
 __pcs_replace_empty_main+0x375/0x650 mm/slub.c:4651
 alloc_from_pcs mm/slub.c:4749 [inline]
 slab_alloc_node mm/slub.c:4883 [inline]
 __kmalloc_cache_noprof+0x493/0x6f0 mm/slub.c:5414
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 mr_table_alloc+0x61/0x3e0 net/ipv4/ipmr_base.c:55
 ip6mr_new_table net/ipv6/ip6mr.c:401 [inline]
 ip6mr_new_table net/ipv6/ip6mr.c:393 [inline]
 ip6mr_rules_init net/ipv6/ip6mr.c:249 [inline]
 ip6mr_net_init net/ipv6/ip6mr.c:1334 [inline]
 ip6mr_net_init+0x341/0x4d0 net/ipv6/ip6mr.c:1326
 ops_init+0x1e2/0x5f0 net/core/net_namespace.c:137
 setup_net+0x118/0x3a0 net/core/net_namespace.c:446
 copy_net_ns+0x46f/0x7c0 net/core/net_namespace.c:579
 create_new_namespaces+0x3ea/0xac0 kernel/nsproxy.c:132
 unshare_nsproxy_namespaces+0xf2/0x220 kernel/nsproxy.c:234
 ksys_unshare+0x438/0xab0 kernel/fork.c:3243
 __do_sys_unshare kernel/fork.c:3317 [inline]
 __se_sys_unshare kernel/fork.c:3315 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:3315
page last free pid 5662 tgid 5662 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1402 [inline]
 __free_frozen_pages+0x747/0x1040 mm/page_alloc.c:2943
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xf0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4569 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 kmem_cache_alloc_noprof+0x241/0x6e0 mm/slub.c:4905
 __kernfs_new_node+0xd2/0x9f0 fs/kernfs/dir.c:664
 kernfs_new_node+0x11b/0x1a0 fs/kernfs/dir.c:748
 __kernfs_create_file+0x53/0x350 fs/kernfs/file.c:1057
 sysfs_add_file_mode_ns+0x207/0x3c0 fs/sysfs/file.c:313
 create_files fs/sysfs/group.c:82 [inline]
 internal_create_group+0x593/0xf40 fs/sysfs/group.c:189
 internal_create_groups+0x9d/0x150 fs/sysfs/group.c:229
 device_add_groups drivers/base/core.c:2837 [inline]
 device_add_attrs drivers/base/core.c:2912 [inline]
 device_add+0xf5b/0x1950 drivers/base/core.c:3645
 netdev_register_kobject+0x1a9/0x3d0 net/core/net-sysfs.c:2343
 register_netdevice+0x151c/0x24b0 net/core/dev.c:11420
 register_netdev+0x34/0x50 net/core/dev.c:11536
 vti6_init_net+0x2c7/0x440 net/ipv6/ip6_vti.c:1158

Memory state around the buggy address:
 ffff8880768b0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880768b0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880768b0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                       ^
 ffff8880768b0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880768b0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================