program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xa8, 0x1, 0x8, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_CLOSEREQ={0x8, 0x5, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_CLOSING={0x8, 0x6, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x10c}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8863}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x4305}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0x4}]}, @CTA_TIMEOUT_DATA={0x44, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0xe}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x7fffffff}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x80000000}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7f}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4048855}, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r2, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x9}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xa14e}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x58}}, 0x40000) recvmmsg(r0, &(0x7f0000003e40)=[{{&(0x7f0000000300)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000380)=""/77, 0x4d}, {&(0x7f0000000400)=""/144, 0x90}, {&(0x7f00000004c0)=""/221, 0xdd}, {&(0x7f00000005c0)=""/34, 0x22}], 0x4, &(0x7f0000000640)=""/227, 0xe3}, 0x8}, {{&(0x7f0000000740)=@generic, 0x80, &(0x7f00000038c0)=[{&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/13, 0xd}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/62, 0x3e}, {&(0x7f0000002840)=""/107, 0x6b}, {&(0x7f00000028c0)=""/4096, 0x1000}], 0x6}, 0x3}, {{&(0x7f0000003940)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000003dc0)=[{&(0x7f00000039c0)=""/46, 0x2e}, {&(0x7f0000003a00)=""/236, 0xec}, {&(0x7f0000003b00)=""/96, 0x60}, {&(0x7f0000003b80)=""/125, 0x7d}, {&(0x7f0000003c00)=""/237, 0xed}, {&(0x7f0000003d00)=""/171, 0xab}], 0x6}, 0x5}], 0x3, 0x40000001, &(0x7f0000003f00)) r3 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) r4 = socket$rds(0x15, 0x5, 0x0) r5 = dup(r4) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000003f40), 0x8101, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0x40a85323, &(0x7f0000003f80)={{0x4, 0xf}, 'port1\x00', 0x18, 0x30000, 0x3, 0xa, 0x1, 0x3, 0x0, 0x0, 0x2, 0x6}) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x32) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000004100)={&(0x7f0000004040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000040c0)={&(0x7f0000004080)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x30}}, 0x20040084) ioctl$SNDCTL_SEQ_RESET(r6, 0x5100) r7 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000004140), 0x1, 0x0) r8 = syz_open_dev$vcsn(&(0x7f0000004180), 0x7f, 0x200000) ioctl$BTRFS_IOC_START_SYNC(r6, 0x80089418, &(0x7f00000041c0)=0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r7, 0x5000943f, &(0x7f00000042c0)={{r8}, r9, 0x2, @inherit={0x90, &(0x7f0000004200)={0x1, 0x9, 0x4, 0x14bc70a2, {0x28, 0xc6, 0x8, 0x10000, 0x8}, [0x6, 0xcedd, 0x401, 0x2, 0xca99, 0x4, 0xa, 0xfffffffffffffffb, 0xf1f7]}}, @name="2ae3ad0b15e5d34c79aace8f1c0e6bd228d33cf09afeb8c9d61c2d57ca918df7dc7b394d1dcebafecd5ab7c800eeae9ba7db98b2b3f8cb91fd4b0935cca5f8e19bbd0e1957473ca1d05a5823244887c61cdcab5f6e6205432f5b24b8f56d7de675969301039299c5d9407121cf4efacc84135e5463488450c058d94a1a274cc52bfc0ed0246e3a9539a2c7a6a9ee252ba28fa0e79c88b3bf64ac3dedde63327096ea5f6ed3c09a9b59eb9d95cc39d6296a4f590a5c8191c5d808329bffe035c768203b388ceb343f2c5d6dc7f48d01f2d1ecb6d8bdd21e41e017bc4af68831f9ac1baa8633b852dbd3305e91cb73da4b1ef5df0856d7dc886672dee2bba23e816a0e76d0c7f262c4467f54dfa2b38823c8cd50482d940097c42567950e6a61a1f58d2fcdca02842ac5142aae2c5921d616a3252227a30a40747a40fa72f22fb81b874fb038d279b66f58dc14489b08330838ca956b918f0468259628ea9807701b16b19aae6cba5b2876a3ab8344ecfdf624677b05c144fcad167947b44906c9d5e3f92894b1054c267c32cf23708080e4206e876d1a27eb8a0751f52acc70ceb587343f8ad2d98d131fcb6453f151daa27a5a61ba3b814a9b0adc02b97651c52fdb1c5b957edc0f02f522bf9c624902ffa6459c4627a3574594eab88163afd7bbdac1c7cb9b1cf7fa8c44dc5a8beff7c72dfa31c06580c1087b0f6f374a88516e6aa7323e8bd0865c1b3c433c30d758404193bce05e424349e94868e17e79be416aa16436a946c70e745140813e3fb037c8a1b7885c422eef2cdba1effe14161462b144599b0385e6e9ed88dbe8962dc31a598e19f22e6e36ee9df42b5f883316b644e07b3edd08af36b5b337566b304458074c996636907856ce6e3c103cc9793071844ac0bf125765de7a3662e5aea56d96ad206042029730b1ff741c521c3df239c5ceaabbf846e32a753db1928daa60e6a3a18f1509e838d8c1d2d1d7c770357b5df453005a8a0d2bac50b442d6d88d2f7fa419cf9c68db3f3de7e82775ff0e766a0a80bcddf90c3a93a7a68f51675bc25e507f5b81a3387923408dfb85e2269bcef25a00daaca510dba90d73f3a1c87503b3d050a88f8fb63b2372f73f787b791fa8149d6fa0b7b13df5e3714baaf7425e3754ea27dfcbbf48c8b238ebcce24fd56fdb38155e4ebda715ca4a330bf46a081c35236af7c5cba82b1a69003b3aea21817bb775ed8ace3fa7b383510067fe71747bd6a12e16cbc41e98f761bd7426d14e1d91fca5a204fac75ee7536c9e5299275400338c975f516c651b0135f41ece7f9a16b25b7444fa9a7d4f5b550888a5565daf231edd0c140e4422aea45cfb94105beb3e7f8ce35c06bececeebd8b1811f384fae710454e0f6577d18bad1b6c431a966f6199bab62ae67690b966d95e384326b47e44a026560177444d89b9a4d302a0c6fa16f9ccd1491689d003c88550974a49ce488a8c951fbd2a3cebd240a828fdf529db24e529d6d74f6e5be18bf464c6be2038a7032a0a4ba2c266bbf0efa544be5b323a71ad3b8aaff18c6130f3aef9c41906dbef5f19d1bb99eb226a993edbc8085340808d90272a942cff7ca7fc4be015e36f2b0be2172c4bba2cb351bbb42e5167f564d025d492f295f2baf2e914b80298144f4f8dc74fcb51ee3ac342bdae61c791f3b390292df1c8f8337c1ad094ca0f8686f5a23b065119ae803e434665e5ad390436b79756606aba894fb47ec63954efa1f6c428847fe5d5cfb41df4ba614507e8b43db062386517fd72473acfd26cb9a207e0084a6fed033648d3f2bb22b0fbf3f16f2a51fa5bf3f3bdd4533f4a779306f9eeb59d9d37c9a7ca80acf2fa91034f87e94d1ab31fd3dc824512c482eddf0353bc5e374055b282340032964ef3d1e17d82ff62287e9c90f8d56d5ef1d2d47e8a7cf3e8c26b49406693bca49e7a04867026590bd8113b6d979e4954c0f3b6f2c7ad042eb25bcee9fdf1c335fb80f73e893306d1cbbfe00038905e221b0d6c81fff3a48151179349a8a66a6a9cfe62859be43107ff01f2600e25895d2abe8224a55a303ce1906b004b27823f6d76f381023dd75b1cc100b5d7fbbd694742597aedc62da32da2c7cf7b18c4392069a48c27e5496f4e551f684504213d73e73a2eaf05edd3c17a41ffe723a2607726bc5359dcd5bdaaf877689c23c63498f3724cd8439a1497ba0545097c883b3808ad5362e6dba44b184feb9b5f8b84033fef02a4ffcac8b7de8c16e728a4745e3da3f9e9da4d17ae19a3fad56ac4b0eaff1a37e2f4d74cfbe2236f93999c5765fbafa5b7a106d3fc9ae099d7a0ed8aed18f6a9a62d5095e7aa61d3868593733fe5d8e0d99efc728a93d7c35eb4aff36e92942148d4e5c94887b0cfb57d5eb964558f09bd7aa3a61db25886f8a27a737178ddc1af7dafdae3217c9baed9fd91a06b4f1fb4dc74c469e10d12fc87179812dca1ff73195a1315398452719c2a0ec14cb739a0c2592049106dbaa88fc0d6c134b8e419ff2504b12c8fe2bb02b2930515daedced833ef9cb9adbe1ac7b86c700dada1f594e336c74988b5abd299bbd1c207a8f47f9a0a7f424354f97832c18017baa4279b6b4b8a10e804099009fcc91b2893306551f32dcfcbfe5e21f886e107dfabe9e224bd04a15ffcded815e761d6f31ba71d46d198efd5e133f6d8e6cf08f299947d3ea40bc632bb2a8493d81bf0687e92e33803b5cb76f418a94a16610ee93c9d37d63cc83d261bc3815afef7408401b448370e47d528a9a512dc509c38d40986b16366015702cf2ab54708fd860f4df7f87977fc1e8f0439f83ebe85676e06bcb8fb271028cb0b04cfbd03291a1b2b2279fb25d2f549bce2cfce450c2dcea72d4553ba47dc6a066112fa6dd533ca54c84af72416b39c8e08445fdd51973a8047ff15257007c9f8e59cf725e3638eafefcceffff7c80f60b1594bd0fe3b4cf57f2222c7bd4711ce6dcda1633b2493d28960faa9a0a9892d082acd8dd40339d7a92e49136d7fcfa31200826fad9d6b3978cfafcfa58c09fc20a50caeeae423db6f3121de9bae24df5dcc2200ff7c6c6570601179bc5ba1de1ab608a7180b031d7e5dabffd231d26e1ccd2da8440508c306ea5f74566c380b76884245ee017867069b8532e07b44cc43417a324c3bee8baa8d855ff0e1f0ea6008303421e42fa56b489e61225df21599cd6b6e946e5847a5a92b75caf7ec19cfb4c32ba5bd3b53f0184333bd83c50f2a418922aa9b378c21d0eb617ca06352b8eb966bd6a2f569c26825da45835f3b67f5d6004890a6ff5cbcb37f068d2ab6800d3519f28552f1c949eff5397c2a70fcdb680d2db564edb7c8427be81af1ca5e3ea47297e408adc1be75bbd6308c343fcabdd293bef0f8afdd0dd5dd1b2dea6aca7cf27d4b4f50ce6bf667193e31b5deba50ee70e28d184b094ba120df032e57909db228aa208400ebbbab9a946fab6e14a2d1b2309e4382d040d9cfae20308005440eb023a0f2b52b975415a66906d38c6fa42cd12d1f845d6d2e12c65c78b32c28494b4ed57308e931811633ad1b6f03d05c349a52c288a35c442ca9421abee3d3cc7d8d9af57f7be5f3b2f103afab1aa3ba6c39ceff9c37169b08d63d6a11f6a2156b7e94be3d8536fcc87f6f8e080ff483e1d5e0ed624be011f8d497892396b45b77a69753b857e3d3a7d1882f864d105e240da0857bb46fb2fa73391d40cb20643afc5c92331b829a58422162dd489c79b65238d0f8c8d28c7f62ce94789f980f69ce4f38e7c5028ded9704137761e050560bfb2f2dbe5bee3f189ee31f1a9b5f19bde80c3a7dc0f8e832ad60fbf8f3c8e6cc8cb9f50b855c4513c167d63ba286e4ec083761cbf3be499f4142311274e1ac1b6d29b254fb3cd02f9289abe02b5a8840bc8c50b63bf8dc47a5ba44d53d27b5a7a455e31a62edecc801b7c177aae85737a7d11034a33e760f075ed7dc8c27d18640a1dfcee03c6feafc7a37ed5091cbe4a0c58b216a07064d9270bb8c38fe514a0a4f4bc2e537deb959df8648342668118b5c35f0ad026feaea21469ef548c9cfee4d0ce3cdbedb93fb47e44968c60b6f61a09dbee82d36bf82635ec9edcaff62788e632e8cff3abb94da4e73b4731cbbcc0b491e93180fceae268a4e9fe0a000cd9bf5ab44091b085d8410ac7be2d5b8fdb4790db3956a59999bce7717b9048eabafc48cf9a903ea0d0baf907b9bbcef7a5e686ab75b9cc157f122940e3635d5e4b8147fa1c0c97779bc1cae04e23ceb6c3b85a8bc046b11d561340cdeac4d155907959c575cd7df65fd5ad29755d1e62bb5319eb5fd824c737fdc74496d28f57b3aa1510e72dca64f97641beb3c5b7278f5dd672305e2c8f1d00697917d72e8f42522e84f7ccd62c6459cd3c5743d36cd03287d540b6b7bd4c8d3669478b0cad413ff9234d9bba1f599052a6b72c664b56db8f2d780bfdf43a6628803d4ffda5efdd7b449f0f36429946a00df49499420b613aa1b457eaa49acea430796590da92e4729308bfc9747d1bd3eaa1787475475f3d97efbdaa337d3d1310a9ff0863e7968e8b0ae18a366da56eeeb52a56110debb571741fb354cda444c1a31fdf5c063174ae736ce5b55d080ca936804750edc8d170d9f67dd9af11e0d0e6aee281a99e9e196fb2d09f4e47bcf5be85a2511937566854f9f854051f65e9b7e125e9020b0c6eafb1153b459ab7efb3e49313cecf6950f58022de880a9d90d9747b89c2b4ad893f3258552adc021f229ce2f7554db5ee12bb4632d0b2aca0b8b2be18ca02d8b6b30c37d23a6308e5efba0689bf448a2d0bae8b300dd7591423cf91706852ca92f376bbc597b83c319cfb990afea2f31bb503e95e4d52092ff309343e37c88f8d1fa0ec879dfe52e696fb7d469ef2ef43b9076d6c89e60b28763e775846159b1985a8fd5eb1c2d39f7160f5226dc284105f75d9b06c5a444b9eac52def840d384641fd800f9b5e08bf36edb9f10981ba62f6f56c71e01f20ab4368c210f477c1201897b561abad89efe423ebdc9397ad76f144c695b36b9388607705c4e6106f1f99299c80eff261fa586d9cbd088b782287cc7944e6edb9a531043df9416ca865d8cf8bea053eaecb4a82b3e421d406dd0f04fae696aa9ece3f3f17270ae132abc8fb2a5077ddb22fdd715796ce3ed388ed8d46ed001a89eb87e12b933d455715bd51284a64f960dd9daf620ce3fc4faf11f06d9c501325408ca8bdb5c2d27eae78b304eb81b8f6172c6750571bf9dd044d65e3915d3689972a3a9be8597153dde7427c7fcdb8dc355dc8ace33d5421324839c37c5da4211ee6e06e5ffe807232096b872f60c6839df38ee5e4032e188db4fc473cf9ee55af184486e83832b2365f9e4d4e3f2ec948328acd3804ddf6cd0acbdf9932eca829e06a5255457c584b8f94bba0fca246e62dc197e4803d27b10ace7676c52c0c93e84e2dffc44362aef0d32249d5b18111b9a6130a76687a37ddb66a7cf8023d19b962ad5dde036af20a1909ef62560687286450aa9c7176724b4e3b7c46c67930423c1178479529deaa313190987f15b834b91e1899d254bf27eb49a8e44df6f825564b9d57bc9042d497530b5c82054f0eac2e029111b39a62ebd010064bb481431df3f074a7551dd7ca9999c1db95754782c680310c521eb69a4349e56f0b092e6"}) ioctl$VHOST_VDPA_GET_GROUP_NUM(r5, 0x8004af81, &(0x7f00000052c0)) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x1) connect$netlink(r1, &(0x7f0000005300)=@proc={0x10, 0x0, 0x25dfdbfd, 0x2000000}, 0xc) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000005340)) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000005380)={0xb3ef, 0xda, 0x6}) r10 = syz_usb_connect(0x5, 0x70e, &(0x7f00000053c0)={{0x12, 0x1, 0x110, 0xdc, 0x5e, 0x7, 0x8, 0x424, 0xcf18, 0x442, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6fc, 0x4, 0xf, 0xaa, 0x80, 0x2, [{{0x9, 0x4, 0x5a, 0xf7, 0x1, 0x3a, 0xe6, 0x63, 0x9d, [@uac_control={{0xa, 0x24, 0x1, 0x5, 0x2}, [@mixer_unit={0x8, 0x24, 0x4, 0x3, 0x1, "f85324"}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x33, "7cf8de9b"}, @mixer_unit={0x7, 0x24, 0x4, 0x1, 0x1, "dc87"}, @feature_unit={0xd, 0x24, 0x6, 0x3, 0x2, 0x3, [0x2, 0x1, 0xa], 0x80}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x1ff, 0x6, 0x5, 0x3, 0x0, 0xe2}]}], [{{0x9, 0x5, 0x1, 0x8, 0x60, 0x7, 0xa0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x2, 0x6}]}}]}}, {{0x9, 0x4, 0x79, 0x6e, 0x9, 0xc3, 0x8a, 0x20, 0x45, [@generic={0x6e, 0x7, "1224e9f4f47b3dbf57904835eaf3c5af2d2bbd27b9ffa84ad4db6fa010271ab6fa1ec0c388612b983e2cc8bde226e94478b5ca90fcbdebd6d666eb884dd5d6bda0f63ddfcdf6d28c80f6a15e3d920bd5114acc2a418370870cc50a3b851bee03fcc7288a8eec06faa6a4618c"}], [{{0x9, 0x5, 0xe, 0x10, 0x8, 0x9, 0x3, 0x8, [@generic={0x5a, 0xa, "cac26ed7557746ff6b798de64de7831b06595811dd9d76df00f722315b157c8181219e0aee310e6f4b67306044979b0ffe8638b839f945578d50ebb23060bb6c30e4f4d254de854323ee001b00ac2491b0b9c9a0ffd8cf09"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x40, 0x59, 0x2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3b, 0x7971}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x5}]}}, {{0x9, 0x5, 0xd, 0xd, 0x10, 0x0, 0x0, 0x8, [@generic={0x89, 0xf, "764671f19e61e3370b6d2358b7b2b79f1f089ec785bef38968ca72e06bc2f0ae1fe19f52d823d00c06e88d410e22e67b5fdbff86f7c1f7bc94b29719f28095e0a29ba85dcd8d59c0285c9f09c92325b0dcefcbd8349896bd9f8a4d1a17b45f3f2e6bfbbce3c6600675a2aca588e2658d99fd4a0a6d1c0384ce5ea982d1ab8ab64c243f19172869"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x200, 0xdc, 0x9, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x23, 0x5}]}}, {{0x9, 0x5, 0xe, 0x2, 0x20, 0xfe, 0x8, 0x4, [@generic={0x5a, 0x7, "46ddf3656e6d5c66da3e109b7f4b16e10e8b0c613360d8fec5864d3e0e8e556e22e0b25a17a5287f66a3ae539a9e6028ebbc22a7bf6d99bb97e37a758145f1e3403a88838525b549b6d2ad78fbf5b75df3cf60b0d9fcba19"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x1}]}}, {{0x9, 0x5, 0x4, 0xb, 0x3ff, 0x0, 0x5, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x2, 0x4}]}}, {{0x9, 0x5, 0x3, 0x10, 0x20, 0x4, 0xe, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x9, 0x7}, @generic={0x6a, 0xd, "639ab329f667f1e33ff3df6e16a02642a49adbdff0461fd33a0ee3f68c297b37e6cb94ca84a3ca6542cf8b8c92cbca2a74c247e261bcb159e7da8647c4da3167d65677a464a532606b20bf408382f1d51ac43325812b637f673d81ea8bee04abe48daa31607aaf9d"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x10, 0xfe, 0xe, 0xf6, [@generic={0xde, 0x1, "4b186bb01eca295fd578e79bcac99f34a133a9eb5dda430116d7af280e3dccc150716e1a4b670ea3bafab50ebcb12e8c3d12c125d5805941e81c4c3820198f0c05fbff6ccdeea8b5df38b8729d65cf96d50c2b2ec0139c74c9296c60a4c84e98c492a0fd02934759f7c7ae75064e7b191748985d40d05216f6f734b01944dfdc0c950923958f8400ef2d4960fc729b6f85eb276b866aa693441353250c6014472230067a8db7791fb3c21dee8f3a8c52ed838ac0b2ecdb13e0a2dd81df4262d79cbabcb54286485dee87a03e1a1038d6a0fec953bed824817d9009ec"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x101}]}}, {{0x9, 0x5, 0xd, 0x2, 0x40, 0x21, 0xf9, 0x28, [@generic={0xf, 0x5, "2ae6097b7c24b7d9cab20f8f0b"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x9}]}}]}}, {{0x9, 0x4, 0xf8, 0x0, 0x8, 0xff, 0x2, 0x1c, 0x7f, [@uac_as={[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x40, 0x5, 0x3, "59ab9dae272c"}]}], [{{0x9, 0x5, 0x9, 0x4, 0x400, 0x3, 0x9, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9, 0x52}]}}, {{0x9, 0x5, 0x1, 0x10, 0x40, 0x0, 0x24, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xe5, 0x1c}, @generic={0xc6, 0x21, "4e9ed6cd99b977e9cb367b4584147c25967f8baee4e91aaf8b1363b9124fd093e02b396d310b809a9c4defbc4babbc832b7e965a6a573cb263ce889f2babd1956a80cf9b6774e47009bbcb417947f342dbc90ce6bccb0913a8f1bed672d3e46172b26d290dab656bc962cfee27befa9e15c615827470338a9bf009da8f62d719545f290157e5882c2a4cfad9e27ce404c21bfc0f1c4177b87b2aff9efb8e811e47b6fe2cbbf630aa62a3c1eb5c8f1496c22b68499ad60d00f8a173f6ebdca61c42956b1c"}]}}, {{0x9, 0x5, 0x8, 0x4, 0x200, 0x13, 0xf8, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0x9}]}}, {{0x9, 0x5, 0x4, 0x3, 0x10, 0xc, 0xa7, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x3, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x3, 0x7}]}}, {{0x9, 0x5, 0x80, 0x0, 0x200, 0x81, 0xed, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xdd}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0xab5c}]}}, {{0x9, 0x5, 0xc, 0x4, 0x200, 0x6, 0x8, 0x18, [@generic={0xdc, 0x3, "2c34285d5a499e345a493a033b91d2a30f43644700d6369cc6feb527d62e2736a0c1b4c6cfc1984efcaa3802118362e5421bb12b939ab1a5f5c2c3c13c912f6987be242255aaef08efddd1639eb56117ffac7c9247ceb8ac113b1236d165fb2896741716492552efd8e1dd6e3720ac7f39b9a01d3478387e612aa1fc58ee75c043f2fe611094f87e0f971ddd6dde8102377c596fce011b0ccfa0d78da99120920b1fe9aec0b568850252f669ad33a8282ec4ce9839ba257e80333cd72fd5ba096c77be0e85dd3fceead8d96826aa9205f5b1d692d6570b6c1d72"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x200, 0x10, 0xbd, 0x6, [@generic={0x89, 0x22, "9fb71673a6021f5f3bac5b76aea89991e5e58f3d34d99ddb54e532cd119a49cf2d0182979fe1310cdbf04332afdef53e883cc24e9ba6c7842fca19e46ed7a75b3dfc5566e11f53d6d3535ad2d058fb2f55a3917be5c9ae0abaf7f6821c596c7eff92840d624a4b045c680fb531f36c27517db6a7158646a65c47ce5f0923316d009eeaeb2fe9ff"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x40, 0x8, 0x5, 0x96, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9d, 0x800}]}}]}}, {{0x9, 0x4, 0x7a, 0x1, 0x1, 0xff, 0xff, 0xff, 0x6, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xacc8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x9, 0x8000, 0x2}, {0x6, 0x24, 0x1a, 0x4, 0x20}, [@mbim={0xc, 0x24, 0x1b, 0x4, 0xffff, 0x5, 0x5, 0x3, 0x1}]}], [{{0x9, 0x5, 0x1, 0x10, 0x8, 0xc, 0xf9, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x10}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xf, 0x2}]}}]}}]}}]}}, &(0x7f0000005fc0)={0xa, &(0x7f0000005b00)={0xa, 0x6, 0x200, 0x4, 0x8e, 0x8, 0xff, 0xa0}, 0x1f3, &(0x7f0000005b40)={0x5, 0xf, 0x1f3, 0x4, [@ssp_cap={0x24, 0x10, 0xa, 0x5, 0x6, 0x4, 0xf00f, 0x81, [0xf, 0xfff0, 0xf, 0x7e00, 0x30, 0xff0000]}, @ptm_cap={0x3}, @generic={0xd9, 0x10, 0x2, "9d9217993e8cca7230d49595b4709c124af2cbc4d2af967e3d84ab7d9737d419ec90b49d421ea54d9c962b775188a0c5049f970c285ed93db3ad54d4c3441ecf01bb7393cb32371cac73295c787aeaeac445ebf772e4a94d25535b32e8a6f697c7aa2e3795bf98295dc731b453c45a250e2b18d4303387443833f864f496fb6a6fc5b7b05f364b6982ee1507a89dc7942225f8c1b891f3c8740c74cc02c6fae4959a80b09977e1a7e50a9b4a66d6d70c9789e9b2a7af65600e9c6039a515de5518e8e61dd6508ea0fd8707bb935549d28843286d67c8"}, @generic={0xee, 0x10, 0x4, "80e8147c359a282737fff7f13950887d920f5cb43c2d7fca8682773ed83f18d0cdd1876b80ae0aa5a03cc1dda09321f18d8b0532d0150c73cc0f37a35a5f67bbb269841c536d692f3c57b848e4e1e0c52a3bac121b8a31ea09d33d55cc4697020e036129a187792d4637c87427d0478eb98223cc60c6a317e48b7e054f6923d1bb703dca0a15afb2524320c9836d5c6f8e919a8f5a7785d7ef11e2cb382726cff3ec167aecded6ee970f4ea63c70c387b8c1a9fcdea4b193b369b159e82e9f48e84b5ba4fbeecb4da0d47da4d5bb88ec322f642495af63de456aa4c0c0844fa6b23614d16f4d0cea6401b9"}]}, 0x4, [{0x83, &(0x7f0000005d40)=@string={0x83, 0x3, "42705ee952dee004102e1a5e671f535d5e8a5b72545e2432e7d81d0559c6ffa4c948986c1b7d262c7bc5b478a9066d9d1e99dcb5ef6d934d5314806598e9c106d90087b1d5a8eb2dec802df72a4f80abab72aa4f682b47f8e18bb626b7dd812637b578e8eb151fa38447278970228422761fd9bc91152ec7ad00d1cde4900a4ad3"}}, {0x97, &(0x7f0000005e00)=@string={0x97, 0x3, "50389c9bb597a72b0bf9ed0357143a659f526e8a145f139b04d9c0e40663098fddc5453090c7cb471aa430887a214e2d9c952b248ba70d4289afc695f88cae86153daf2b4abca37bffb4e157ba7c1d8faad7e9af5fdcdab561a88932ad91469b6dd2759bc628d9d7bd627f83fad9935b2a6efb08a331d5741348a9ccc1612ca6a080942e9c34b1f654815588b1361699b2152c6d93"}}, {0xa5, &(0x7f0000005ec0)=@string={0xa5, 0x3, "bd1af280b054330cef18fa5ce592d25b8dfa895ee2191cb5f407d360cf4fc210dc44aab622c667971cf8ae61b1e09f3dfe9f5cf2e86ecfacf87acdea0735b2bea4c97d33b5d3bdcff4798139358cfecb6c020f4b32ad83143c56a27b3961d9f9a01731d2d316ea10e0b449253fa90dfd61d81b5a92f0cb41f6d8d85c93373a4dfc87780889e54f72121f7dc1b7b97302bf8c296922b676f90c029de9d9acad28e0ce6c"}}, {0x3, &(0x7f0000005f80)=@string={0x3, 0x3, '^'}}]}) syz_usb_disconnect(r10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000006300)={'syztnl0\x00', &(0x7f0000006280)={'ip6tnl0\x00', 0x0, 0x5e, 0x9, 0x1, 0x0, 0x4c, @private0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x20, 0x7, 0x8, 0x9}}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000006400)={{r7, 0xffffffffffffffff}, &(0x7f0000006380), &(0x7f00000063c0)=r6}, 0x20) r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000006440)={0x1b, 0x0, 0x0, 0x1ff, 0x0, r6, 0xc, '\x00', 0x0, r8, 0x2, 0x0, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000006580)={0xc, 0x1c, &(0x7f0000006040)=@raw=[@btf_id={0x18, 0x6, 0x3, 0x0, 0x1}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x79}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @generic={0xf7, 0x0, 0x7, 0x9, 0x1}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}], &(0x7f0000006140)='syzkaller\x00', 0xff, 0xff, &(0x7f0000006180)=""/255, 0x41000, 0x0, '\x00', r11, @fallback=0xf, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000006340)={0x5, 0xc, 0xa8, 0xfffff801}, 0x10, 0xffffffffffffffff, r5, 0x6, &(0x7f00000064c0)=[r12, r6, r6, r13], &(0x7f0000006500)=[{0x1, 0x5, 0x4, 0xa}, {0x0, 0x1, 0xe, 0x8}, {0x5, 0x5, 0x0, 0xf}, {0x5, 0x1, 0xb, 0x9}, {0x3, 0x1, 0x3, 0x4}, {0x1, 0x4, 0x9}], 0x10, 0x5}, 0x94) [ 85.876813][ T5340] Bluetooth: hci0: command tx timeout [ 86.207176][ T5361] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 86.356769][ T5361] usb 5-1: Using ep0 maxpacket: 8 [ 86.362805][ T5361] usb 5-1: config 15 has an invalid interface number: 90 but max is 3 [ 86.367635][ T5361] usb 5-1: config 15 has an invalid interface number: 121 but max is 3 [ 86.371437][ T5361] usb 5-1: config 15 contains an unexpected descriptor of type 0x1, skipping [ 86.375420][ T5361] usb 5-1: config 15 has an invalid interface number: 248 but max is 3 [ 86.380235][ T5361] usb 5-1: config 15 has an invalid interface number: 122 but max is 3 [ 86.384264][ T5361] usb 5-1: config 15 has 5 interfaces, different from the descriptor's value: 4 [ 86.391027][ T5361] usb 5-1: config 15 has no interface number 0 [ 86.394631][ T5361] usb 5-1: config 15 has no interface number 1 [ 86.398215][ T5361] usb 5-1: config 15 has no interface number 2 [ 86.400586][ T5361] usb 5-1: config 15 has no interface number 4 [ 86.403193][ T5361] usb 5-1: config 15 interface 90 altsetting 247 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 86.411762][ T5361] usb 5-1: too many endpoints for config 15 interface 3 altsetting 1: 248, using maximum allowed: 30 [ 86.416027][ T5361] usb 5-1: config 15 interface 3 altsetting 1 endpoint 0x1 has invalid maxpacket 96, setting to 64 [ 86.421245][ T5361] usb 5-1: config 15 interface 3 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 248 [ 86.429826][ T5361] usb 5-1: config 15 interface 121 altsetting 110 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 86.434542][ T5361] usb 5-1: config 15 interface 121 altsetting 110 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 86.441980][ T5361] usb 5-1: config 15 interface 121 altsetting 110 has a duplicate endpoint with address 0xE, skipping [ 86.448903][ T5361] usb 5-1: config 15 interface 121 altsetting 110 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 86.454583][ T5361] usb 5-1: config 15 interface 121 altsetting 110 has a duplicate endpoint with address 0xD, skipping [ 86.460632][ T5361] usb 5-1: config 15 interface 121 altsetting 110 has an endpoint descriptor with address 0x2A, changing to 0xA [ 86.469645][ T5361] usb 5-1: config 15 interface 121 altsetting 110 endpoint 0xA has invalid maxpacket 31497, setting to 1024 [ 86.474654][ T5361] usb 5-1: config 15 interface 121 altsetting 110 bulk endpoint 0xA has invalid maxpacket 1024 [ 86.479761][ T5361] usb 5-1: config 15 interface 121 altsetting 110 has 10 endpoint descriptors, different from the interface descriptor's value: 9 [ 86.487743][ T5361] usb 5-1: config 15 interface 248 altsetting 0 has a duplicate endpoint with address 0x9, skipping [ 86.492415][ T5361] usb 5-1: config 15 interface 248 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 86.497525][ T5361] usb 5-1: config 15 interface 248 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 86.502723][ T5361] usb 5-1: config 15 interface 248 altsetting 0 has a duplicate endpoint with address 0x4, skipping [ 86.510692][ T5361] usb 5-1: config 15 interface 248 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 86.515652][ T5361] usb 5-1: config 15 interface 248 altsetting 0 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 86.521900][ T5361] usb 5-1: config 15 interface 248 altsetting 0 has a duplicate endpoint with address 0xE, skipping [ 86.528525][ T5361] usb 5-1: config 15 interface 248 altsetting 0 has a duplicate endpoint with address 0x9, skipping [ 86.533152][ T5361] usb 5-1: config 15 interface 122 altsetting 1 has a duplicate endpoint with address 0x1, skipping [ 86.538311][ T5361] usb 5-1: config 15 interface 90 has no altsetting 0 [ 86.541576][ T5361] usb 5-1: config 15 interface 3 has no altsetting 0 [ 86.544226][ T5361] usb 5-1: config 15 interface 121 has no altsetting 0 [ 86.550004][ T5361] usb 5-1: config 15 interface 122 has no altsetting 0 [ 86.559767][ T5361] usb 5-1: New USB device found, idVendor=0424, idProduct=cf18, bcdDevice= 4.42 [ 86.563702][ T5361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.567837][ T5361] usb 5-1: Product: ᪽胲咰ళᣯ峺鋥寒揄庉᧢딜ߴ惓俏Ⴢ䓜뚪옢靧憮㶟鿾滨곏竸㔇뺲즤㍽펵쾽秴㦁谵쯾ɬ䬏괲ᒃ嘼箢愹慄ហ툱ᛓც든╉ꤿﴍ娛䇋峘㞓䴺蟼ࡸ牏ἒ셽릷ɳ貿椩똢略Ȍ곙⢭컠 [ 86.579467][ T5361] usb 5-1: Manufacturer: 㡐鮜鞵⮧喇ϭᑗ攺功詮弔鬓挆載엝ぅ자䟋ꐚ蠰ⅺⵎ閜␫Ꞌ䈍꾉闆賸蚮㴕⮯뱊箣듿埡粺輝힪꿩뗚ꡡ㊉醭魆퉭魵⣆ퟙ抽荿宓渪ࣻㆣ瓕䠓첩懁꘬肠⺔㒜腔衕㚱餖ᖲ洬 [ 86.735110][ T54] cfg80211: failed to load regulatory.db [ 86.909556][ T5361] usb 5-1: USB disconnect, device number 2 [ 86.942436][ T5361] ================================================================== [ 86.946620][ T5361] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x10d/0x1c0 [ 86.950262][ T5361] Read of size 8 at addr ffff88803372d8a0 by task kworker/0:5/5361 [ 86.953411][ T5361] [ 86.954427][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 86.954443][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.954453][ T5361] Workqueue: usb_hub_wq hub_event [ 86.954480][ T5361] Call Trace: [ 86.954489][ T5361] [ 86.954495][ T5361] dump_stack_lvl+0x189/0x250 [ 86.954512][ T5361] ? __kasan_check_byte+0x12/0x40 [ 86.954567][ T5361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.954580][ T5361] ? lock_release+0x4b/0x3e0 [ 86.954597][ T5361] ? __virt_addr_valid+0x4a5/0x5c0 [ 86.954612][ T5361] print_report+0xca/0x240 [ 86.954623][ T5361] ? hdm_disconnect+0x10d/0x1c0 [ 86.954634][ T5361] kasan_report+0x118/0x150 [ 86.954647][ T5361] ? hdm_disconnect+0x10d/0x1c0 [ 86.954659][ T5361] hdm_disconnect+0x10d/0x1c0 [ 86.954671][ T5361] usb_unbind_interface+0x26e/0x910 [ 86.954687][ T5361] ? __pfx_usb_unbind_interface+0x10/0x10 [ 86.954700][ T5361] device_release_driver_internal+0x4d9/0x800 [ 86.954716][ T5361] bus_remove_device+0x34d/0x410 [ 86.954732][ T5361] device_del+0x511/0x8e0 [ 86.954742][ T5361] ? __pm_runtime_barrier+0x212/0x460 [ 86.954754][ T5361] ? __pfx_device_del+0x10/0x10 [ 86.954764][ T5361] ? __pfx___mutex_lock+0x10/0x10 [ 86.954809][ T5361] usb_disable_device+0x3e9/0x8a0 [ 86.954823][ T5361] usb_disconnect+0x330/0x950 [ 86.954835][ T5361] hub_event+0x1cf5/0x4a20 [ 86.954853][ T5361] ? do_raw_spin_lock+0x121/0x290 [ 86.954866][ T5361] ? register_lock_class+0x51/0x320 [ 86.954885][ T5361] ? __pfx_hub_event+0x10/0x10 [ 86.954896][ T5361] ? process_scheduled_works+0x9ef/0x17b0 [ 86.954908][ T5361] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.954924][ T5361] ? process_scheduled_works+0x9ef/0x17b0 [ 86.954935][ T5361] ? process_scheduled_works+0x9ef/0x17b0 [ 86.954947][ T5361] process_scheduled_works+0xae1/0x17b0 [ 86.954965][ T5361] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.954980][ T5361] worker_thread+0x8a0/0xda0 [ 86.954992][ T5361] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.955010][ T5361] ? __kthread_parkme+0x7b/0x200 [ 86.955023][ T5361] kthread+0x70e/0x8a0 [ 86.955036][ T5361] ? __pfx_worker_thread+0x10/0x10 [ 86.955045][ T5361] ? __pfx_kthread+0x10/0x10 [ 86.955056][ T5361] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.955068][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.955077][ T5361] ? __pfx_kthread+0x10/0x10 [ 86.955088][ T5361] ret_from_fork+0x439/0x7d0 [ 86.955100][ T5361] ? __pfx_ret_from_fork+0x10/0x10 [ 86.955111][ T5361] ? __pfx_kthread+0x10/0x10 [ 86.955122][ T5361] ret_from_fork_asm+0x1a/0x30 [ 86.955139][ T5361] [ 86.955142][ T5361] [ 87.070019][ T5361] Allocated by task 5361: [ 87.071946][ T5361] kasan_save_track+0x3e/0x80 [ 87.073962][ T5361] __kasan_kmalloc+0x93/0xb0 [ 87.076047][ T5361] __kmalloc_cache_noprof+0x230/0x3d0 [ 87.078781][ T5361] hdm_probe+0x96/0x1400 [ 87.081107][ T5361] usb_probe_interface+0x665/0xc30 [ 87.083621][ T5361] really_probe+0x26d/0x9e0 [ 87.085606][ T5361] __driver_probe_device+0x18c/0x2f0 [ 87.087830][ T5361] driver_probe_device+0x4f/0x430 [ 87.090024][ T5361] __device_attach_driver+0x2ce/0x530 [ 87.092517][ T5361] bus_for_each_drv+0x24e/0x2e0 [ 87.094961][ T5361] __device_attach+0x2b8/0x400 [ 87.097416][ T5361] bus_probe_device+0x185/0x260 [ 87.099653][ T5361] device_add+0x7b6/0xb50 [ 87.101504][ T5361] usb_set_configuration+0x1a87/0x20e0 [ 87.103872][ T5361] usb_generic_driver_probe+0x8d/0x150 [ 87.106268][ T5361] usb_probe_device+0x1c1/0x390 [ 87.108480][ T5361] really_probe+0x26d/0x9e0 [ 87.110453][ T5361] __driver_probe_device+0x18c/0x2f0 [ 87.112708][ T5361] driver_probe_device+0x4f/0x430 [ 87.114919][ T5361] __device_attach_driver+0x2ce/0x530 [ 87.117264][ T5361] bus_for_each_drv+0x24e/0x2e0 [ 87.119426][ T5361] __device_attach+0x2b8/0x400 [ 87.121544][ T5361] bus_probe_device+0x185/0x260 [ 87.123683][ T5361] device_add+0x7b6/0xb50 [ 87.125637][ T5361] usb_new_device+0xa39/0x16f0 [ 87.127622][ T5361] hub_event+0x2958/0x4a20 [ 87.129432][ T5361] process_scheduled_works+0xae1/0x17b0 [ 87.131846][ T5361] worker_thread+0x8a0/0xda0 [ 87.133833][ T5361] kthread+0x70e/0x8a0 [ 87.135553][ T5361] ret_from_fork+0x439/0x7d0 [ 87.137754][ T5361] ret_from_fork_asm+0x1a/0x30 [ 87.140126][ T5361] [ 87.141367][ T5361] Freed by task 5361: [ 87.143142][ T5361] kasan_save_track+0x3e/0x80 [ 87.145120][ T5361] kasan_save_free_info+0x46/0x50 [ 87.147392][ T5361] __kasan_slab_free+0x5b/0x80 [ 87.149671][ T5361] kfree+0x18e/0x440 [ 87.151932][ T5361] device_release+0x99/0x1c0 [ 87.154484][ T5361] kobject_put+0x22b/0x480 [ 87.156413][ T5361] hdm_disconnect+0xf3/0x1c0 [ 87.158435][ T5361] usb_unbind_interface+0x26e/0x910 [ 87.160918][ T5361] device_release_driver_internal+0x4d9/0x800 [ 87.163565][ T5361] bus_remove_device+0x34d/0x410 [ 87.165705][ T5361] device_del+0x511/0x8e0 [ 87.167534][ T5361] usb_disable_device+0x3e9/0x8a0 [ 87.170008][ T5361] usb_disconnect+0x330/0x950 [ 87.172190][ T5361] hub_event+0x1cf5/0x4a20 [ 87.174218][ T5361] process_scheduled_works+0xae1/0x17b0 [ 87.176636][ T5361] worker_thread+0x8a0/0xda0 [ 87.178878][ T5361] kthread+0x70e/0x8a0 [ 87.181025][ T5361] ret_from_fork+0x439/0x7d0 [ 87.183027][ T5361] ret_from_fork_asm+0x1a/0x30 [ 87.185174][ T5361] [ 87.186318][ T5361] The buggy address belongs to the object at ffff88803372c000 [ 87.186318][ T5361] which belongs to the cache kmalloc-8k of size 8192 [ 87.192185][ T5361] The buggy address is located 6304 bytes inside of [ 87.192185][ T5361] freed 8192-byte region [ffff88803372c000, ffff88803372e000) [ 87.198214][ T5361] [ 87.199341][ T5361] The buggy address belongs to the physical page: [ 87.201966][ T5361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33728 [ 87.205811][ T5361] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 87.209439][ T5361] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 87.212736][ T5361] page_type: f5(slab) [ 87.214599][ T5361] raw: 04fff00000000040 ffff88801a842280 ffffea0000cec400 0000000000000006 [ 87.219076][ T5361] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 87.222986][ T5361] head: 04fff00000000040 ffff88801a842280 ffffea0000cec400 0000000000000006 [ 87.226523][ T5361] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 87.229881][ T5361] head: 04fff00000000003 ffffea0000cdca01 00000000ffffffff 00000000ffffffff [ 87.235536][ T5361] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 87.238907][ T5361] page dumped because: kasan: bad access detected [ 87.241620][ T5361] page_owner tracks the page as allocated [ 87.244236][ T5361] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5332, tgid 5332 (sh), ts 80394869241, free_ts 80392606840 [ 87.253425][ T5361] post_alloc_hook+0x240/0x2a0 [ 87.255456][ T5361] get_page_from_freelist+0x21e4/0x22c0 [ 87.257954][ T5361] __alloc_frozen_pages_noprof+0x181/0x370 [ 87.260691][ T5361] alloc_pages_mpol+0x232/0x4a0 [ 87.263082][ T5361] allocate_slab+0x8a/0x370 [ 87.265074][ T5361] ___slab_alloc+0xbeb/0x1420 [ 87.267112][ T5361] __kmalloc_cache_noprof+0x296/0x3d0 [ 87.269538][ T5361] tomoyo_init_log+0x111f/0x1f70 [ 87.272165][ T5361] tomoyo_supervisor+0x340/0x1480 [ 87.274658][ T5361] tomoyo_env_perm+0x149/0x1e0 [ 87.276754][ T5361] tomoyo_find_next_domain+0x15cf/0x1aa0 [ 87.279113][ T5361] tomoyo_bprm_check_security+0x11c/0x180 [ 87.281456][ T5361] security_bprm_check+0x89/0x270 [ 87.283710][ T5361] bprm_execve+0x8ee/0x1450 [ 87.286060][ T5361] do_execveat_common+0x510/0x6a0 [ 87.288754][ T5361] __x64_sys_execve+0x94/0xb0 [ 87.291024][ T5361] page last free pid 5332 tgid 5332 stack trace: [ 87.293797][ T5361] __free_frozen_pages+0xbc4/0xd30 [ 87.296124][ T5361] __slab_free+0x303/0x3c0 [ 87.298814][ T5361] qlist_free_all+0x97/0x140 [ 87.301389][ T5361] kasan_quarantine_reduce+0x148/0x160 [ 87.304038][ T5361] __kasan_slab_alloc+0x22/0x80 [ 87.306224][ T5361] __kmalloc_noprof+0x224/0x4f0 [ 87.308418][ T5361] tomoyo_supervisor+0xbd5/0x1480 [ 87.310640][ T5361] tomoyo_env_perm+0x149/0x1e0 [ 87.312987][ T5361] tomoyo_find_next_domain+0x15cf/0x1aa0 [ 87.316103][ T5361] tomoyo_bprm_check_security+0x11c/0x180 [ 87.318775][ T5361] security_bprm_check+0x89/0x270 [ 87.320891][ T5361] bprm_execve+0x8ee/0x1450 [ 87.322839][ T5361] do_execveat_common+0x510/0x6a0 [ 87.325194][ T5361] __x64_sys_execve+0x94/0xb0 [ 87.327728][ T5361] do_syscall_64+0xfa/0x3b0 [ 87.329983][ T5361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.332609][ T5361] [ 87.333742][ T5361] Memory state around the buggy address: [ 87.336482][ T5361] ffff88803372d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.340516][ T5361] ffff88803372d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.344072][ T5361] >ffff88803372d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.347751][ T5361] ^ [ 87.350299][ T5361] ffff88803372d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.354143][ T5361] ffff88803372d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.357473][ T5361] ================================================================== [ 87.522272][ T5361] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 87.525781][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 87.530438][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.535120][ T5361] Workqueue: usb_hub_wq hub_event [ 87.537571][ T5361] Call Trace: [ 87.539189][ T5361] [ 87.540626][ T5361] dump_stack_lvl+0x99/0x250 [ 87.542970][ T5361] ? __asan_memcpy+0x40/0x70 [ 87.545919][ T5361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.548306][ T5361] ? __pfx__printk+0x10/0x10 [ 87.550322][ T5361] vpanic+0x281/0x750 [ 87.552074][ T5361] ? preempt_schedule+0xae/0xc0 [ 87.554299][ T5361] ? __pfx_vpanic+0x10/0x10 [ 87.556433][ T5361] ? preempt_schedule_common+0x83/0xd0 [ 87.559443][ T5361] ? preempt_schedule+0xae/0xc0 [ 87.561826][ T5361] ? __pfx_preempt_schedule+0x10/0x10 [ 87.564179][ T5361] panic+0xb9/0xc0 [ 87.566064][ T5361] ? __pfx_panic+0x10/0x10 [ 87.568197][ T5361] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 87.571499][ T5361] ? hdm_disconnect+0x10d/0x1c0 [ 87.573964][ T5361] check_panic_on_warn+0x89/0xb0 [ 87.576145][ T5361] ? hdm_disconnect+0x10d/0x1c0 [ 87.578229][ T5361] end_report+0x78/0x160 [ 87.580185][ T5361] kasan_report+0x129/0x150 [ 87.582192][ T5361] ? hdm_disconnect+0x10d/0x1c0 [ 87.584694][ T5361] hdm_disconnect+0x10d/0x1c0 [ 87.587222][ T5361] usb_unbind_interface+0x26e/0x910 [ 87.589812][ T5361] ? __pfx_usb_unbind_interface+0x10/0x10 [ 87.592486][ T5361] device_release_driver_internal+0x4d9/0x800 [ 87.595343][ T5361] bus_remove_device+0x34d/0x410 [ 87.597744][ T5361] device_del+0x511/0x8e0 [ 87.599725][ T5361] ? __pm_runtime_barrier+0x212/0x460 [ 87.602141][ T5361] ? __pfx_device_del+0x10/0x10 [ 87.604489][ T5361] ? __pfx___mutex_lock+0x10/0x10 [ 87.607153][ T5361] usb_disable_device+0x3e9/0x8a0 [ 87.609472][ T5361] usb_disconnect+0x330/0x950 [ 87.611511][ T5361] hub_event+0x1cf5/0x4a20 [ 87.613397][ T5361] ? do_raw_spin_lock+0x121/0x290 [ 87.615937][ T5361] ? register_lock_class+0x51/0x320 [ 87.618771][ T5361] ? __pfx_hub_event+0x10/0x10 [ 87.621018][ T5361] ? process_scheduled_works+0x9ef/0x17b0 [ 87.623441][ T5361] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.625694][ T5361] ? process_scheduled_works+0x9ef/0x17b0 [ 87.628378][ T5361] ? process_scheduled_works+0x9ef/0x17b0 [ 87.631502][ T5361] process_scheduled_works+0xae1/0x17b0 [ 87.634259][ T5361] ? __pfx_process_scheduled_works+0x10/0x10 [ 87.637097][ T5361] worker_thread+0x8a0/0xda0 [ 87.639122][ T5361] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 87.641796][ T5361] ? __kthread_parkme+0x7b/0x200 [ 87.644240][ T5361] kthread+0x70e/0x8a0 [ 87.646729][ T5361] ? __pfx_worker_thread+0x10/0x10 [ 87.649404][ T5361] ? __pfx_kthread+0x10/0x10 [ 87.651529][ T5361] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.653799][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.656108][ T5361] ? __pfx_kthread+0x10/0x10 [ 87.658288][ T5361] ret_from_fork+0x439/0x7d0 [ 87.660609][ T5361] ? __pfx_ret_from_fork+0x10/0x10 [ 87.663173][ T5361] ? __pfx_kthread+0x10/0x10 [ 87.665268][ T5361] ret_from_fork_asm+0x1a/0x30 [ 87.667346][ T5361] [ 87.669022][ T5361] Kernel Offset: disabled [ 87.671108][ T5361] Rebooting in 86400 seconds..