program:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0)
r2 = syz_open_dev$radio(&(0x7f00000021c0), 0x0, 0x2)
ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000300), r0)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@FOU_ATTR_IPPROTO={0x5, 0x3, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040841)
syz_usb_connect(0x3, 0xf44, &(0x7f0000001200)=ANY=[@ANYBLOB="1201000238b34310240418cf30a8010203010902320f033a05400d09042a0810119d8c020b24060000246ac5b0cbed05240005000d240f0104000000050006000fc2241307cc32d0a6ac3b47a5c6e257e5e6341505e0d25b5ac87407878417c13249a5f2f9d3cece19139e6d0775329264284c89ede0d4faf727b3c4ece62f1b2a2a6b85c72d61fe59f44eaac5367feaa98c5e4de71e9e6f7968bde97aca14fc21487fa594f74dc6ceba49d4d58846d6b539fac8f417d9472e143c742e4d9e696d601d54a1deb5c04c9bdfb6557227670116d7083bba4535a503f019abf0fe2335c63d6e04a54f2fecc87f31be07eb0bef12bd79a782569b7d91a32c6e245fff54d62f07240a0605030f092103000201223a0909050c100004030a0d072501410700010725010204050009058010080009080009050004ff03050605072501810f00080725018307070009050910080007070f07250182ff000009050f1000048040ff0905070000040905d90725010209010009050400400005560109050308ff03360107072501805a0800090501001004f107cc0c0c556d89cf0f090a321d8a0905010110002c050309050301f7030300067b103d5703ae9d61ec7f23cd29c8ea554e79321f4220719bca0098dc004f9e46e90438f20e415d8c798b0b84d390e99785b1a7c884cc4b456e79aaf3db7f210b1978a217df5a723e53395e576d8b5fe78f739190e402ae8a05e6873de9089138c4a635affe8ffc6ad29a9a4fd1523c8134b26594994576645ee306390e0ea35b4dc3db135e2952a31c69186d7b306459023dac11077eb15af3204b2bb564a2329dda3911bd6f36f752b82b647fbeeb8e2dad1cb7090580000004ba08092e239e1145abe7187db0683cec4f3b8db1e5b7fc511fc6d09e753edd571164a9ba33eb3ca00ab87c20ba28c199f3f522dd5ffa5b28c2f06fa907784775359fb70f909ac82f8af8ef410415653790f2a7bbd40869bd3231da5e6a136e9e682a7f7b4f4b594ba7c56e1d2c74ea368e9a994b404b77bc3197ca924c86ba374839b5e844a3146a1fe173eca78f6a80be5e6d58c80c8a3e222a177b23fe8b98e2b6f7be5c6fa597d016a7d42e88878385a466cbbca124c048962f59d94592d3d727f5ebb678c1a0a948f2015c897cde9389e3506b7a187f4481a346a9a0bb5873c968b331f5e163ef50b13e0738d3935d2260987949d2d08f3fcd319e42fde83cf72fb0fcfd22d716de295559cb0423c1f5931063bab9d5906b8d5157a453e3714fa78c4f9f09050804ff0309010c0725018109050009050f01400003080207250181089077090501040800407ffa0725010207050009050f01f705bb03070222a85a3f46f597c4f4c62dc0ee493004f4c60daee4ee6820d4baab1555b728930afe3acee91e5ddbb04cec4f4f775a35420095f2e64edac348aa5d7f47f00e921b7c4cca36283530e19fce6948de9ce8cc59f3533d5e27622da37295a89404c54e44cf51e0fe2e8f97a79c1e405101f88c475a2d81727bf2fed38976fddc6a4b1b71fccaf41e4f515c8cbee688db84ee997922337f931ae41c18d8ac7518a8519754066f53abff6c6ca1ab11a8688ae992d1e5c9d75af9c289a17e67452cb2258402e3ca35a48c19fe7bacfe3bc805cec6e4f35cd97f9836f73e86213b9573fc919dea120fc4383a239e70755cfd51fc7c02d022a7fa1d2d6b746e81a0f22101ef0904b110108ce51402ea014ab3655515eda61887554513474265678e833d4ba2de0bcb9fe416db1fb9642d2b80d932c7c6af5a80d9748a9484640303d148b0a34088fce03c1be7673c68b4332b8ca97615319f2a83920b8fc5a42b8bae8cd74400c2711be6300a54875b9bca5e13d46164b3451cea990ec3d39752b6fac5a469baeac9f045da69ba5246e23f5ade8d31c1ed7f1535f14279f76d0aa9916ef43b7b2db1c5baa91e136b69799d512b877721db846607093ca7e894034d3b0ac1aaaee3719ff0b5dc46e6eda8627dc9ad41c3c838ca943c24fa6c062ffb2eed2d326cda3e01266773b89371fea722f1b6f559b2bb08240600006f587305240009000d240f019800000007009200d90424020a06241a0500050424020d09050a10000212ff67b3111ad56e0aa3654838033874d20c7df5d2feebd43784363794266d0f999bf1154b88387b75fe1ae1d2529318a4a79bdf9f522572ba8abffd03a5b8d8aeab120697dea22d80036835b2e77a852fa6bb1d794a18750cc520e03c930e042da373ac8fea594e9bda3ceb6c4a2856091685dedc7146957fcac1e0ae55d166e024351c0f4f8b7ba0882b9785b895d428f9faf1a90d202a16f3bd0b52a115c1de1be2ae06719192f3440656828ad03d95695c9a035709050713080005996d2f037251e98b99114060243a280d9116fc77fad74d4ada768aaa548364949222b83e91cc0ed37e2d0893771a9fe15609050b001000010980090505001000c00807072501820810060905801010000600030725018221ff0148049f8ef53dbcbcfc472db4cfcad9fa655dfb087e5ba8ccc4452cd01fd256bc7dd1eabfafcbaa9b9958c9f0840ebcf86bd92cff12fdc7ded1700ff79dc897a45d734f0b9f918a3c09050802000008f77f4e04fb11c5c6db14e58fc6d2e4ba2256e4bf735299d785abc6f5f3984eef72a0b010d76243624f437fdaf28dfa63bd038f70c1622afca2bc3ea661ba314f99c646b694e01a6de6eb53d55f8a875d09050a10000202090309050d08080004d9030725010105080009050301ff030a03bf072501030302009a219a733d50c23be22ce5e0c88a852e0e742b4b1606e248de1e5b93fd035eea81f942acb2d46919cd774bf086f17726df4b7076193e9dcc73b32bc434a5aea7293db7fc65f42cebb6e5e827bcbbec061aae537bec665337eb9e4bee2d004b4d499da1b122866525b04e55a3d9b5089de3a1bc413e349ed17a7e768e9d1b536c6c9136fc740dd2125a92c10d09e0433417f744d64d77a6de9e2e0905800410000c5b0907250182060000a423fa8b4f8cd10970576becddeaf2b581c858d2200a01b8eed2642084ce7fc2a8112f4307e5c946a8b5642f025ee9c22f9397b053057471a2e3373dbfd0691d979d11b95c54da7021229d8487cc5bc243f625106b3f44e69cb73bc9c8a316521815036e513a048d27169a228bcfefcfd07f3212a977f973c6298b12771eb621db7f940951a03bc2857ab2f92153113bae66a029f3cf7ebcbe33696a7bd2fe635c3013e50905090020000706106701595bf952e4e528cfa61ab0c6ea5e7921a41f1cbd5ee6f3a782bc248845bc4935019ac1327bb4813d4d09e87b12c3a4f18e60b1142f1ad7cc41b6a516458d76737371c57c0ab8eefa22bdf207d1142ac938a141a8a85cf5c9a8cfbe01444295de8536adaa5509050c0040048d0d0409050108000408810e4e0517a3e0f8ca9c01980056d358b0ebc3a5f7d9b94b890e58de519519cf574534cc20a24d0437282fc83c87c46c8371d1edd94fbc37c855fdcb41100f047cff9fc9ea53c5cf358b6f47a280b60c0905050010000c0707072501000204000725018001090009050508ff0309ab049201c5479a64d0a6ff2b508238fc982c8e7d87f18e573ca41788ff501eeb1b74fe76ae272ac2c97cc58e570f551b6069ae8b7db2ecaa16e7830f2931f04bdc42d5e78f8079f3a43c253f4bef32e40050b3e06a44f2a72aedc61f20576a3b24c1df7caea016ca7ce081fecd080ffb2986c4c893ed84acb6603448da11f60a59787576eea7d22cac20a5ee433fd18c0484f20b0725010301010009050d03000202069b090413fe0f45ed2d010a24010900110201020924060301010a00400924070201000876a609050c002000036300072501810905000725010008920b090509082000bb040409050c03200006000b0725018105030009050800ff0304001207250100040300e401644d30050cc756d22a3fbe0413990e1f08a97a67bd35ae7a3dd4ee97bee0ffb6e731a0704a6c5216c055d0d1a0c6e6504775d52f562cc32b6c513aa0bc2975132c19608db24ddf13d9d8866f76db08fc5606c40009655f502f0ada5c3f3c70678340b8b74760cb9d66c75346c66ddeeb0bcc14bc1cbd0f73c7f1e274d650f0005893f617a3b24327c3e5b770b0e9c9081bd9cd6e17913f9803f681f4c24221898ea430b43c0bc441c495b64e2ee8b7fe6d9582f703de6dc502f85207fd9909c7d5c3827bde85637a6dba6019672f55813d4490231d61f6aeac1223033e83058afcbc090500000002fb0c0b09050010ff0309fe040905800d40009c610609050a100002080029072501010a0a0009050810ff03020001ee051b0613aaf07fca69e9c5e2e051627bb26f0e9933333ee862b64e05cd1024f97aedfd6aef9ff8a4ccd0ee60491de15b324d4a43bcb1c7bbccca27114d633151b77a085313330b89ceff5b92e12dd451e4b62f75b2ea0f657c43da4ea4023d8316ea10616119042ef98785edcc3aedd15121433956ca0f379b3ba99ccc7e0f3589192a533046822fa319377ba5f9cd77fecf95027582f78bebcdb7ed7948dee0d2b80f739125a2fae954a55b27bdcae58ccec7425929d3ec73c56cc885b4854026c8f137b6211ae0167cb25e5e161eda98b765cf3dc43128adc8ed8af17c936e8ab9be13ff14c16d00fcaa0c29850b16e91db7e923ee18db4acd542c0318a19a50ec52e276e47e5e4260adbf58767b2d313781b04a907f4719b5c179dcec843e0053a47f745e799502066d513dee6b4732efbc708232870c0299cce236144bd78b952ae35c67a95059b3457abd29dca2d83c3e0b0b1fd4a6c38b9f139fe6731f7f915c80214714a6fa8f8a1483192836dd8709050301ff0307040309050915100000058007250100050600072501020f0f00090585100002010009eb0cd5a349b1e64c84a2c1299dad349afdff257dc41c8808490f6a03c74f2e69603ce57d463475036bafb8b98a05ce1e8362adef28a9381d0fa6d2ed7e3afeafba9bc958cd27bf28706ac6cb7484a4cef1b8c1dc887a5d732a64a5ae128aa02fa1d9ce4b8e671a5c6c422503edeb71362276fbaeacd21ab207e248ab86ef57389f757c887f72b920dba957993855064994279b36fc0d4b8250db6a83caea047cca49ad411ab064e9b6d139ec03df8cc50ae86d7e5375621dfb644ae9aa97d33eaa6866d3107c668af3b31e4686a49f22a12cc318cef1f83ae9359073ea7775e446f26fb5040b3d3455b13509050a2140000c25ea09050310000205016a09050210ff03000707780760ef9b45e5c4f42a15ad607d471c9290e8e38f4e9926c209954b94eef36f946d328aebe4efd79b31111a05ac62bc09ff84593e0dc6ba77eabaec109719d9cbc06209e2610ad14b47e4d6177abfc6ea733b5d2f0fc36b6bf7533d26f4dc440cd7854f51aafb0c65c794e1ae57e56b31be3ecece347ce9"], &(0x7f00000000c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x8, 0x1, 0x7, 0x8, 0x10}, 0xb9, &(0x7f0000000140)={0x5, 0xf, 0xb9, 0x6, [@wireless={0xb, 0x10, 0x1, 0x8, 0x50, 0x6, 0x9, 0x8ec2, 0x3c}, @ptm_cap={0x3}, @generic={0x5a, 0x10, 0xa, "bf575d1dbc732caa41fc10c39498b7bc2da800421aea7bea552673a931b102ddba88b2c4b53c09f46ff5233c669eaac24b0852f197ee275eefc1c2a9e07d335ebdca800e6cc0fa481f75cce05b370c00fb4da77d75628c"}, @ssp_cap={0x10, 0x10, 0xa, 0xb, 0x1, 0x608c, 0xff00, 0x81, [0xc030]}, @ssp_cap={0x24, 0x10, 0xa, 0xff, 0x6, 0x4, 0xf00, 0xd25, [0xff00f0, 0x0, 0x30, 0x30, 0x7f803f, 0x3f00]}, @ssp_cap={0x18, 0x10, 0xa, 0x1, 0x3, 0x3, 0xff0f, 0x0, [0xff3f00, 0x3f00, 0xffc030]}]}, 0x1, [{0x62, &(0x7f0000000480)=ANY=[@ANYBLOB="6203db776c80dbd485d7705c2602cf4bc91c03d7e6ce2db10cab4a5008bd9109df4158e3bab3364414f9a80382b6d776241e211cbe49e7e234d20d3e4112c0196455df381973f3eaf9dbc419c40905d63f3ecfd8306454948963f7cfc0e8bd1ef220f2e4eeebe0fc96df7fa4810eaf3b9108f42efeffe9731ca7e24af3516534f6a0fa75e5310d156f3cc745e185e40261c8258497cc89667da2c3f9778b01bbe78b09dd1f26013d42f3e7750d8b0d53e416254577c6e1a9f0e672"]}]})
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)={0x284, 0x3b, 0x8, 0x70bd2a, 0x25dfdbfb, "", [@nested={0x190, 0x91, 0x0, 0x1, [@generic="adde276503b320d0063ddcb91b5e0a3ea5ccfe29ed2eb42dcdeb316a5a7269faec2d07efae0c8e858e63ada9b0444ce2f8d3", @generic="e10e37aa6a4c50e5a01738f389ba4b484b87d79db1b04537916b3c79e9bf81883498bb2fb8fe2ca5babe065dd9780c0c2293851af24ab04cde3cdd796a9e2b7f1e647260065c3053f6b8c182378430083178ba69d470f0baf9a6096a54847edeb68d937e8dbcee3be546d1081c0f837c548b1901578e9436b51be3602457ed036615809cdf98eab251b4479f06c3d27467d00d7f5ecdeec619899ac4a0691216d5359e82412940", @generic="ddddff96350be3980041c0aa77910e0beadfc0fb7092074a53959600a6b160d33dcea92444178b0e00a190bb35d496ac025f7e0345bf6a85087e78f869f17e6603ca5af0f303ddc83376f4a03dd53a559ee6f7323bd5c59ff7ab95a5af2e938565b7beb016edadb332884c76007c3a16f80307bae71758d279bc8c9d9142ce70ebe1fbf86ebd193d8ce92eb8e8a0c162a050512bdd4003c38efbff2357c5bc1b03225bf0832de0e78af6f8d3e697d1997cbbfa"]}, @nested={0x4, 0x45}, @typed={0x6, 0x134, 0x0, 0x0, @str='*\x00'}, @generic="2e2a1577878a11c47a5b32134e13c9b307371d7d669ca7f3f6fa166cb0f660a9af38d2b0809bc571432796d8d51776bec433e7427f9cf636155f08cd1d16b2cebd4efe216224e9b448246672b0c3e41f2d2ee975b53a3357b2f47d22292afa6cf3084c22e6ad2201b12f193aab5831839a26d2533fd4682857b6975c94282795bc2bee248959fc4b51f15a2edc379719a6cf078a38342a462241c88721c917dbcdd2c2c11402bed23e4b6cc3d62b6cbd9b3728d8b69945b9ef4c0c16b7e024e59d71460a781b99135a09bc4ece5840d9e9ce8851f2"]}, 0x284}], 0x1}, 0x0)

[   70.973008][ T5301] Bluetooth: hci0: command tx timeout
[   71.079000][ T5317] vivid-000: =================  START STATUS  =================
[   71.092849][ T5317] vivid-000: Radio HW Seek Mode: Bounded
[   71.095143][ T5317] vivid-000: Radio Programmable HW Seek: false
[   71.115800][ T5317] vivid-000: RDS Rx I/O Mode: Block I/O
[   71.120536][ T5317] vivid-000: Generate RBDS Instead of RDS: false
[   71.122677][ T5317] vivid-000: RDS Reception: true
[   71.124371][ T5317] vivid-000: RDS Program Type: 0 inactive
[   71.126397][ T5317] vivid-000: RDS PS Name:  inactive
[   71.131320][ T5317] vivid-000: RDS Radio Text:  inactive
[   71.133470][ T5317] vivid-000: RDS Traffic Announcement: false inactive
[   71.135921][ T5317] vivid-000: RDS Traffic Program: false inactive
[   71.149514][ T5317] vivid-000: RDS Music: false inactive
[   71.151575][ T5317] vivid-000: ==================  END STATUS  ==================
[   71.387277][ T5314] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   71.537048][ T5314] usb 5-1: Using ep0 maxpacket: 16
[   71.542607][ T5314] usb 5-1: config 58 has an invalid interface number: 42 but max is 2
[   71.545477][ T5314] usb 5-1: config 58 has an invalid interface number: 146 but max is 2
[   71.549596][ T5314] usb 5-1: config 58 contains an unexpected descriptor of type 0x1, skipping
[   71.552752][ T5314] usb 5-1: config 58 contains an unexpected descriptor of type 0x1, skipping
[   71.555824][ T5314] usb 5-1: config 58 has 2 interfaces, different from the descriptor's value: 3
[   71.559800][ T5314] usb 5-1: config 58 has no interface number 0
[   71.562079][ T5314] usb 5-1: config 58 has no interface number 1
[   71.564501][ T5314] usb 5-1: config 58 interface 42 altsetting 8 endpoint 0xC has invalid maxpacket 1024, setting to 64
[   71.569841][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[   71.573129][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[   71.578407][ T5314] usb 5-1: config 58 interface 42 altsetting 8 endpoint 0xF has invalid maxpacket 1024, setting to 64
[   71.582114][ T5314] usb 5-1: config 58 interface 42 altsetting 8 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[   71.585604][ T5314] usb 5-1: config 58 interface 42 altsetting 8 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[   71.590762][ T5314] usb 5-1: config 58 interface 42 altsetting 8 endpoint 0x1 has invalid maxpacket 1040, setting to 64
[   71.595012][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[   71.599626][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has a duplicate endpoint with address 0x3, skipping
[   71.603399][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[   71.609001][ T5314] usb 5-1: config 58 interface 42 altsetting 8 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[   71.613022][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has a duplicate endpoint with address 0xF, skipping
[   71.617137][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[   71.620921][ T5314] usb 5-1: config 58 interface 42 altsetting 8 has a duplicate endpoint with address 0xF, skipping
[   71.624614][ T5314] usb 5-1: too many endpoints for config 58 interface 146 altsetting 1: 197, using maximum allowed: 30
[   71.631020][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[   71.634670][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0xC, skipping
[   71.638755][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0x8, skipping
[   71.642634][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[   71.645993][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[   71.650481][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[   71.654314][ T5314] usb 5-1: config 58 interface 146 altsetting 1 endpoint 0xA has invalid maxpacket 512, setting to 64
[   71.658829][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0x8, skipping
[   71.662509][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has an endpoint descriptor with address 0x1B, changing to 0xB
[   71.667799][ T5314] usb 5-1: config 58 interface 146 altsetting 1 endpoint 0xB has invalid maxpacket 43539, setting to 1024
[   71.671485][ T5314] usb 5-1: config 58 interface 146 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1024
[   71.674816][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0x3, skipping
[   71.680596][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[   71.685240][ T5314] usb 5-1: config 58 interface 146 altsetting 1 endpoint 0x85 has invalid maxpacket 512, setting to 64
[   71.691770][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0xA, skipping
[   71.696321][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has a duplicate endpoint with address 0x3, skipping
[   71.701542][ T5314] usb 5-1: config 58 interface 146 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[   71.705809][ T5314] usb 5-1: config 58 interface 146 altsetting 1 has 15 endpoint descriptors, different from the interface descriptor's value: 197
[   71.712318][ T5314] usb 5-1: config 58 interface 42 has no altsetting 0
[   71.714728][ T5314] usb 5-1: config 58 interface 146 has no altsetting 0
[   71.719973][ T5314] usb 5-1: New USB device found, idVendor=0424, idProduct=cf18, bcdDevice=a8.30
[   71.723158][ T5314] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.725899][ T5314] usb 5-1: Product: syz
[   71.728420][ T5314] usb 5-1: Manufacturer: syz
[   71.730161][ T5314] usb 5-1: SerialNumber: syz
[   71.984767][ T5314] usb 5-1: USB disconnect, device number 2
[   72.017903][ T5314] ==================================================================
[   72.021582][ T5314] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x10d/0x1c0
[   72.024566][ T5314] Read of size 8 at addr ffff8880442f9898 by task kworker/0:5/5314
[   72.027497][ T5314] 
[   72.028450][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: kworker/0:5 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[   72.032265][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.036140][ T5314] Workqueue: usb_hub_wq hub_event
[   72.038036][ T5314] Call Trace:
[   72.039211][ T5314]  <TASK>
[   72.040475][ T5314]  dump_stack_lvl+0x241/0x360
[   72.042279][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.044247][ T5314]  ? __pfx__printk+0x10/0x10
[   72.045905][ T5314]  ? _printk+0xd5/0x120
[   72.047406][ T5314]  ? __virt_addr_valid+0x183/0x530
[   72.049260][ T5314]  ? __virt_addr_valid+0x183/0x530
[   72.051047][ T5314]  print_report+0x169/0x550
[   72.052940][ T5314]  ? __virt_addr_valid+0x183/0x530
[   72.054825][ T5314]  ? __virt_addr_valid+0x183/0x530
[   72.056773][ T5314]  ? __virt_addr_valid+0x45f/0x530
[   72.058679][ T5314]  ? __phys_addr+0xba/0x170
[   72.060398][ T5314]  ? hdm_disconnect+0x10d/0x1c0
[   72.062273][ T5314]  kasan_report+0x143/0x180
[   72.064043][ T5314]  ? kobject_put+0x272/0x480
[   72.065802][ T5314]  ? hdm_disconnect+0x10d/0x1c0
[   72.067756][ T5314]  hdm_disconnect+0x10d/0x1c0
[   72.069601][ T5314]  usb_unbind_interface+0x25b/0x940
[   72.071351][ T5314]  ? kernfs_remove_by_name_ns+0x11b/0x160
[   72.073483][ T5314]  ? __pfx_usb_unbind_interface+0x10/0x10
[   72.075584][ T5314]  device_release_driver_internal+0x503/0x7c0
[   72.077912][ T5314]  bus_remove_device+0x34f/0x420
[   72.079819][ T5314]  device_del+0x57a/0x9b0
[   72.081500][ T5314]  ? kobject_put+0x272/0x480
[   72.083288][ T5314]  ? __pfx_device_del+0x10/0x10
[   72.085042][ T5314]  ? kobject_put+0x44d/0x480
[   72.086883][ T5314]  usb_disable_device+0x3bf/0x850
[   72.088745][ T5314]  usb_disconnect+0x340/0x950
[   72.090529][ T5314]  hub_event+0x1ebc/0x5150
[   72.092275][ T5314]  ? debug_object_deactivate+0x2d5/0x390
[   72.094416][ T5314]  ? do_raw_spin_unlock+0x58/0x8b0
[   72.096305][ T5314]  ? __pfx_hub_event+0x10/0x10
[   72.098115][ T5314]  ? __pfx_lock_acquire+0x10/0x10
[   72.099785][ T5314]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.101954][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.104369][ T5314]  ? process_scheduled_works+0x976/0x1840
[   72.106342][ T5314]  process_scheduled_works+0xa66/0x1840
[   72.108340][ T5314]  ? __pfx_process_scheduled_works+0x10/0x10
[   72.110362][ T5314]  ? assign_work+0x364/0x3d0
[   72.112031][ T5314]  worker_thread+0x870/0xd30
[   72.113735][ T5314]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   72.115846][ T5314]  ? __kthread_parkme+0x169/0x1d0
[   72.117669][ T5314]  ? __pfx_worker_thread+0x10/0x10
[   72.119632][ T5314]  kthread+0x2f0/0x390
[   72.121227][ T5314]  ? __pfx_worker_thread+0x10/0x10
[   72.123160][ T5314]  ? __pfx_kthread+0x10/0x10
[   72.124918][ T5314]  ret_from_fork+0x4b/0x80
[   72.126651][ T5314]  ? __pfx_kthread+0x10/0x10
[   72.128518][ T5314]  ret_from_fork_asm+0x1a/0x30
[   72.130384][ T5314]  </TASK>
[   72.131611][ T5314] 
[   72.132549][ T5314] Allocated by task 5314:
[   72.134248][ T5314]  kasan_save_track+0x3f/0x80
[   72.135950][ T5314]  __kasan_kmalloc+0x98/0xb0
[   72.137776][ T5314]  __kmalloc_cache_noprof+0x243/0x390
[   72.139856][ T5314]  hdm_probe+0x98/0x13e0
[   72.141535][ T5314]  usb_probe_interface+0x641/0xbb0
[   72.143342][ T5314]  really_probe+0x2b8/0xad0
[   72.145076][ T5314]  __driver_probe_device+0x1a2/0x390
[   72.146990][ T5314]  driver_probe_device+0x50/0x430
[   72.148765][ T5314]  __device_attach_driver+0x2d6/0x530
[   72.150865][ T5314]  bus_for_each_drv+0x24e/0x2e0
[   72.152818][ T5314]  __device_attach+0x333/0x520
[   72.154684][ T5314]  bus_probe_device+0x189/0x260
[   72.156638][ T5314]  device_add+0x856/0xbf0
[   72.158340][ T5314]  usb_set_configuration+0x1976/0x1fb0
[   72.160241][ T5314]  usb_generic_driver_probe+0x88/0x140
[   72.162160][ T5314]  usb_probe_device+0x1b8/0x380
[   72.163876][ T5314]  really_probe+0x2b8/0xad0
[   72.165578][ T5314]  __driver_probe_device+0x1a2/0x390
[   72.167657][ T5314]  driver_probe_device+0x50/0x430
[   72.169614][ T5314]  __device_attach_driver+0x2d6/0x530
[   72.171580][ T5314]  bus_for_each_drv+0x24e/0x2e0
[   72.173508][ T5314]  __device_attach+0x333/0x520
[   72.175278][ T5314]  bus_probe_device+0x189/0x260
[   72.177215][ T5314]  device_add+0x856/0xbf0
[   72.178874][ T5314]  usb_new_device+0x104a/0x19a0
[   72.180734][ T5314]  hub_event+0x2d6d/0x5150
[   72.182423][ T5314]  process_scheduled_works+0xa66/0x1840
[   72.184513][ T5314]  worker_thread+0x870/0xd30
[   72.186221][ T5314]  kthread+0x2f0/0x390
[   72.187744][ T5314]  ret_from_fork+0x4b/0x80
[   72.189269][ T5314]  ret_from_fork_asm+0x1a/0x30
[   72.190842][ T5314] 
[   72.191710][ T5314] Freed by task 5314:
[   72.193018][ T5314]  kasan_save_track+0x3f/0x80
[   72.194688][ T5314]  kasan_save_free_info+0x40/0x50
[   72.196617][ T5314]  __kasan_slab_free+0x59/0x70
[   72.198538][ T5314]  kfree+0x196/0x430
[   72.199835][ T5314]  device_release+0x99/0x1c0
[   72.201474][ T5314]  kobject_put+0x22f/0x480
[   72.203076][ T5314]  hdm_disconnect+0xf3/0x1c0
[   72.204867][ T5314]  usb_unbind_interface+0x25b/0x940
[   72.206845][ T5314]  device_release_driver_internal+0x503/0x7c0
[   72.209307][ T5314]  bus_remove_device+0x34f/0x420
[   72.211275][ T5314]  device_del+0x57a/0x9b0
[   72.212948][ T5314]  usb_disable_device+0x3bf/0x850
[   72.214746][ T5314]  usb_disconnect+0x340/0x950
[   72.216397][ T5314]  hub_event+0x1ebc/0x5150
[   72.218187][ T5314]  process_scheduled_works+0xa66/0x1840
[   72.220242][ T5314]  worker_thread+0x870/0xd30
[   72.222037][ T5314]  kthread+0x2f0/0x390
[   72.223640][ T5314]  ret_from_fork+0x4b/0x80
[   72.225418][ T5314]  ret_from_fork_asm+0x1a/0x30
[   72.227288][ T5314] 
[   72.228245][ T5314] The buggy address belongs to the object at ffff8880442f8000
[   72.228245][ T5314]  which belongs to the cache kmalloc-8k of size 8192
[   72.233525][ T5314] The buggy address is located 6296 bytes inside of
[   72.233525][ T5314]  freed 8192-byte region [ffff8880442f8000, ffff8880442fa000)
[   72.238606][ T5314] 
[   72.239551][ T5314] The buggy address belongs to the physical page:
[   72.241952][ T5314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x442f8
[   72.245083][ T5314] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   72.248065][ T5314] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   72.250788][ T5314] page_type: f5(slab)
[   72.252197][ T5314] raw: 04fff00000000040 ffff88801ac42280 ffffea0000cc1600 0000000000000002
[   72.255371][ T5314] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   72.258367][ T5314] head: 04fff00000000040 ffff88801ac42280 ffffea0000cc1600 0000000000000002
[   72.261839][ T5314] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   72.265132][ T5314] head: 04fff00000000003 ffffea000110be01 ffffffffffffffff 0000000000000000
[   72.268032][ T5314] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   72.271187][ T5314] page dumped because: kasan: bad access detected
[   72.273635][ T5314] page_owner tracks the page as allocated
[   72.275671][ T5314] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5289, tgid 5289 (nohup), ts 55491583480, free_ts 55491165708
[   72.282924][ T5314]  post_alloc_hook+0x1f3/0x230
[   72.284681][ T5314]  get_page_from_freelist+0x365c/0x37a0
[   72.286691][ T5314]  __alloc_pages_noprof+0x292/0x710
[   72.288481][ T5314]  alloc_pages_mpol_noprof+0x3e8/0x680
[   72.290144][ T5314]  alloc_slab_page+0x6a/0x110
[   72.291792][ T5314]  allocate_slab+0x5a/0x2b0
[   72.293360][ T5314]  ___slab_alloc+0xc27/0x14a0
[   72.294974][ T5314]  __slab_alloc+0x58/0xa0
[   72.296445][ T5314]  __kmalloc_cache_noprof+0x27b/0x390
[   72.298394][ T5314]  tomoyo_init_log+0x11cd/0x2050
[   72.300237][ T5314]  tomoyo_supervisor+0x38a/0x11f0
[   72.302010][ T5314]  tomoyo_env_perm+0x178/0x210
[   72.303734][ T5314]  tomoyo_find_next_domain+0x146e/0x1d40
[   72.305771][ T5314]  tomoyo_bprm_check_security+0x117/0x180
[   72.307800][ T5314]  security_bprm_check+0x86/0x250
[   72.309687][ T5314]  bprm_execve+0xa53/0x17a0
[   72.311374][ T5314] page last free pid 5289 tgid 5289 stack trace:
[   72.313637][ T5314]  free_unref_page+0xd3f/0x1010
[   72.315342][ T5314]  __put_partials+0x160/0x1c0
[   72.317027][ T5314]  put_cpu_partial+0x17c/0x250
[   72.318647][ T5314]  __slab_free+0x290/0x380
[   72.320404][ T5314]  qlist_free_all+0x9a/0x140
[   72.322127][ T5314]  kasan_quarantine_reduce+0x14f/0x170
[   72.324624][ T5314]  __kasan_slab_alloc+0x23/0x80
[   72.326589][ T5314]  __kmalloc_noprof+0x236/0x4c0
[   72.328662][ T5314]  tomoyo_supervisor+0xe0d/0x11f0
[   72.330704][ T5314]  tomoyo_env_perm+0x178/0x210
[   72.332624][ T5314]  tomoyo_find_next_domain+0x146e/0x1d40
[   72.334753][ T5314]  tomoyo_bprm_check_security+0x117/0x180
[   72.336898][ T5314]  security_bprm_check+0x86/0x250
[   72.338845][ T5314]  bprm_execve+0xa53/0x17a0
[   72.340598][ T5314]  do_execveat_common+0x55f/0x6f0
[   72.342517][ T5314]  __x64_sys_execve+0x92/0xb0
[   72.344344][ T5314] 
[   72.345245][ T5314] Memory state around the buggy address:
[   72.347313][ T5314]  ffff8880442f9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.350254][ T5314]  ffff8880442f9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.353086][ T5314] >ffff8880442f9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.355867][ T5314]                             ^
[   72.357519][ T5314]  ffff8880442f9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.360439][ T5314]  ffff8880442f9980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.363336][ T5314] ==================================================================
[   72.400913][ T5314] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.403520][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: kworker/0:5 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[   72.407524][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.411390][ T5314] Workqueue: usb_hub_wq hub_event
[   72.413293][ T5314] Call Trace:
[   72.414498][ T5314]  <TASK>
[   72.415546][ T5314]  dump_stack_lvl+0x241/0x360
[   72.417406][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.419403][ T5314]  ? __pfx__printk+0x10/0x10
[   72.421245][ T5314]  ? preempt_schedule+0xe1/0xf0
[   72.423153][ T5314]  ? vscnprintf+0x5d/0x90
[   72.424888][ T5314]  panic+0x349/0x880
[   72.426500][ T5314]  ? check_panic_on_warn+0x21/0xb0
[   72.428581][ T5314]  ? __pfx_panic+0x10/0x10
[   72.430355][ T5314]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   72.432700][ T5314]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.435208][ T5314]  ? print_report+0x502/0x550
[   72.437080][ T5314]  check_panic_on_warn+0x86/0xb0
[   72.438955][ T5314]  ? hdm_disconnect+0x10d/0x1c0
[   72.441059][ T5314]  end_report+0x77/0x160
[   72.442723][ T5314]  kasan_report+0x154/0x180
[   72.444596][ T5314]  ? kobject_put+0x272/0x480
[   72.446413][ T5314]  ? hdm_disconnect+0x10d/0x1c0
[   72.448402][ T5314]  hdm_disconnect+0x10d/0x1c0
[   72.450273][ T5314]  usb_unbind_interface+0x25b/0x940
[   72.452305][ T5314]  ? kernfs_remove_by_name_ns+0x11b/0x160
[   72.454476][ T5314]  ? __pfx_usb_unbind_interface+0x10/0x10
[   72.456663][ T5314]  device_release_driver_internal+0x503/0x7c0
[   72.458882][ T5314]  bus_remove_device+0x34f/0x420
[   72.460744][ T5314]  device_del+0x57a/0x9b0
[   72.462429][ T5314]  ? kobject_put+0x272/0x480
[   72.464209][ T5314]  ? __pfx_device_del+0x10/0x10
[   72.465995][ T5314]  ? kobject_put+0x44d/0x480
[   72.467826][ T5314]  usb_disable_device+0x3bf/0x850
[   72.469740][ T5314]  usb_disconnect+0x340/0x950
[   72.471555][ T5314]  hub_event+0x1ebc/0x5150
[   72.473169][ T5314]  ? debug_object_deactivate+0x2d5/0x390
[   72.475162][ T5314]  ? do_raw_spin_unlock+0x58/0x8b0
[   72.476722][ T5314]  ? __pfx_hub_event+0x10/0x10
[   72.478402][ T5314]  ? __pfx_lock_acquire+0x10/0x10
[   72.480441][ T5314]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.482389][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.484914][ T5314]  ? process_scheduled_works+0x976/0x1840
[   72.487111][ T5314]  process_scheduled_works+0xa66/0x1840
[   72.489190][ T5314]  ? __pfx_process_scheduled_works+0x10/0x10
[   72.491223][ T5314]  ? assign_work+0x364/0x3d0
[   72.493023][ T5314]  worker_thread+0x870/0xd30
[   72.494862][ T5314]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   72.497152][ T5314]  ? __kthread_parkme+0x169/0x1d0
[   72.499027][ T5314]  ? __pfx_worker_thread+0x10/0x10
[   72.500995][ T5314]  kthread+0x2f0/0x390
[   72.502595][ T5314]  ? __pfx_worker_thread+0x10/0x10
[   72.504747][ T5314]  ? __pfx_kthread+0x10/0x10
[   72.506508][ T5314]  ret_from_fork+0x4b/0x80
[   72.508202][ T5314]  ? __pfx_kthread+0x10/0x10
[   72.509957][ T5314]  ret_from_fork_asm+0x1a/0x30
[   72.512005][ T5314]  </TASK>
[   72.513513][ T5314] Kernel Offset: disabled
[   72.515198][ T5314] Rebooting in 86400 seconds..