Extracting prog: 6m4.316327745s
Minimizing prog: 32m4.234131049s
Simplifying prog options: 0s
Extracting C: 59.904535205s
Simplifying C: 19m48.897361883s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-prlimit64-sched_setscheduler-getpid-sched_setaffinity-clock_adjtime-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-mkdir-openat$fuse-mount$fuse-read$FUSE-write$FUSE_INIT-syz_fuse_handle_req-openat-getdents64-syz_fuse_handle_req
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
clock_adjtime(0xa, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x100})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r3, &(0x7f00000077c0)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x207645a}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000380)=""/186, 0xba)
syz_fuse_handle_req(r3, &(0x7f0000002140)="3631f6d86aade8310e71e0e236c470ade3e9b07a8faa2aeef1e4e19a5329657abcd5ef2d09756199ae635e0fca96f996be7076cd2a3995103d5a9eb88fbf21b823c854f068ec813b9136bbaf3575ecfc2507aa63b15161b1fe564fcb63f35beb25a1ac1b885decd8d97b9749fa95190fa18501d6897a912e53c669b305312615ad93b2e424dc155c164fd766c139554b6a7a7876180f869963f1de26a8e93f3557624d19228177c32368186313d76d30218a5222c2be11017b8dbb230cc3a9355d930a45d925c91a69eb4a7e313983f778b2029ee1c64fec7f5e280907a443a39e93db6193822e3ebcdba1143d236d6ed0ef8589bd238ef4a7c5c1327a8f1d29be16f5b4b3ec54653619930c4747953a9ffb95de257fbcb44573edc6bf6d65004697a96ebd618d4ef26b312b58663ae91d964ae942769430ce5687e800d1982f6d9add3584562041d45eddefb96d996adda9143ac5cf2b6a5c86cbaa00dff5820e2ddf2f96014c3654b8e0834d0523d3ee5443e949910d78ebfe4ff4e8ebb5563ee9f2011cf3a1793578479cefc227ee3ae320b387a7249de223aa8cffc4800ea707a9810bf5a72c28e30824afd27663ec49be0a28ce420f175dff67a59b017f39c328f1fa6bb91f3596ae0bffb8237acc6083c1a3bef656c50673b0845f7c70d8ed515ebf0f41f1a23e8a2166624be59a7b7cc358a6a1db3838cf130b86b19c24845c36da41d05189dd9499e97966f33d83e4fec8c5b3d47e497c4283dc81e601ecc616271d54d6714d9edbde9416249924aa6499ada5576469ab462b2e34f3f3bf1db3c12774b37f2976018e2cd2be3b6e473745a78dca47cbdd44f604a1cf9bd4827ee7ad003adb3c68026e718cd86cbea86fdac1f03e1b355234adb37fe0a8de824c5faa2bbcdb4a0d198be28273c7b4b61c3bb203ded3d431d75b107a4ab78fd4889f08e3b5d39dd2e002ecc1a616516a5bd26ca7a68377ae6b170bbd9c059864476714a61b8aaea6fafcbfaaa2053a9ab26c8b9a0de59f4ab43d26ced00d7f44a79db81a0da59d6d35e9d9abe7eb51636a6e46a9a5e28164330aa598a247e8959f45d069c443509ce2eb79b6d22676a71ef4eb434cdf4501a15c93aec48747c9be2392df1cbfc8c8ad7b07d3f999038aa7dc770ad3359956a57f2138b5b774863ee6c797c713b97ee86a989c05e37949dad64f1b1c78415cf190ac5591d43022fa23990dc3e3dad7258b8b3f40cb31cba8fda36246aec8022770d471d270152d65d16710e3a94c61aa9be79c9d76f3c7c4c3f3dbfa1263320deb2312ef0ea4ea3b725bf4d83db0c3ea44f57b58f4cbc99958cb723f3b9f47d3bff76ecfd3f581015d1fa3fc5e63fbfc703bdeabf04882add9758d9219d9a38fe5b116e98cf83bb6a50d04cf862c3b3a76641409b42d32cc4fc156fd30502a6dfa6ae852ef95d26f601572d188eaa51405810984ec06f2bd6d87df812242b7417decf8ef964f68a28aae0b79e38e50005a7f0d7b240a096c7c1ae8a52333784c0df877abe6eb6249b71d68ac11c0bbbd08cb06d2303338dfe488a3249a0318896e1b35c18a40af231ca7a1a5fa0dda466af7a09215b82febbfd66d8b0c601c5a010c72402c9147dac5517ad3934ca4e0bc86f80bf71a79c61276bf744d54938cd8cfdb905d93a788eb38a75b238964c139bde24d5e55db2fe3ff253ba31bf5b9efe6c4172c764ab04659054e7ba3a1b6444bd0db8e7b655cc34e5dbe31b098a8aff01b878a7295e158043168dc27f32e726725dd9e43147669a9ecd8a4b703974af1aecb9888b6d1d53276299a02302c59bb10fea459f1a5db08bbf5493755bd20c31d0e1d504e5ad214a36a30c93cb301288ffe2a3001d42d25bbf0182d428e2628501afa69b1a62496278e4390686226b8e063fd4a55d08f60c24b2d76f4c662a06e4ebac5d37eaf4e4de67436e5040224ed5c38315fa30f5ff381eafbaf36d918bb27dade76527d9ff32d53d40d9862d5060b44b6392351d025af6de9f22402f43baf807e58608efed8f279cb3cfd2575d5bf09a66e7dd80754209c807bf56d8f4eb67e8150ffc8f0c209157a4080452f279048df1e4753a99fb3177ecb118ab61e40f0bce136c3d331060b935b33904b8e927b513759d534fe44cb0f35de5285573382887e87d15d822a8967a2488cc549a29761210f9d4871b2c8e2d5ef24c88be4f4265b4ec47f0419594434c6f8ff6f0e569ffe27cf5fa6bc44d359226517111cf665e7a6e232f4411d5367b9f23b3204482c3501687a9458de6dfd63cc0f0bcff8cfb9b5e602324b35d38bf9486c245a55ad8341068fcf6f292c7863f1fb1484aca0d3ea511ad9d70f3bfb09b6e793df31e44af36d66451660cc211b90da81ecf6a700f041ba7c376f28a6faef08c66ce3b95e3de9322372f59255aa185b375fffb8c98a247aac4f2d77c6e5ed0d22646fad6c10d6367ccf6a32d5428db770542190bae499cd7c3200bb5f879883c1165b6a83f4ac82477e5a9e2034036bdceb2522da22917c8f22ce30d06e9b34d2b5895eb76187f79825457e21922f51dd7619e1116868a296ed556a991a3bf4a31a5f59821e9c213d36caf2ede3b71487f981ec81572c01c883e33702cb8a8af5af5f0bdc5150cf0b99f921eab2aaa107ca8dfffe0b33dfa42e5b0e9a561fdc0eb029e97495bea1f87b838b90abbc657b42aaa3075655a9f9003866e07a8c80fa3eb4ad75010f0d0bf10552c9223206028e48e38b6f8a95f488a7c92e48d3713d7e374b788f510405aaad63ef099a5e578131b7370d8b361998a9db9658cf06b870905f5bd8ea18fb974addaea0fea834fd42e600eaafc963cfa478ca371793c2b40b5bb30cb4be7de91cf2e0617cd4334294b3cb12f38575c14a979b46a9d82ae59194a0b32ae69c2ca349263efeeaeb5037d95d80524a01aea085ff66c156e12556382965110756ad6b217b24d0593494d7418f46f1cd2848ca25267d2f45a6024ab845568b2a46949218165450e1be7738de92aeaed2f994009b6a7778f4439e2baf0e9b53a5916d1130febe1fabc002d684383914c2bb51c0b75289ab2c74d2e1a9cbd6b6fc653ed4918945919e9df0a49c545734044e29456c0bbb5d640b4bba7ee4f3ea1eedd3f6a42cfa57df40364ef0015e9183503b7e395d3776bfb8ac2eb4f83e9d5ba543c4213f8754e48a6411644aadf3c3f00bd246e66487928866e18cd96d51f5e0c49cc5935b119880b85c0b4cf5c631f5ed12c3eccf6a434016fbf2f0b44416f86b539f41b3a2e1372a9d5b1ec52dd735caa4692f134c204e5afea4e933b7ce196ce075c78d1d31ab03b5101cc2338e3a5769caa813a792708ffe5a353cc9384c83e6ea5929e90b31cc2525dbd6d21b4d14c46387b288239747d5ef4019a647f73e12222e9ac8556a5d803d18773eea92e7d7ab4b39b2c2c5205b59a2d55b52f98544ae9b0a9d3225f5be6200f7d87e7f4975d65d13d0874efcfb80eda4263f9d484b301fb65c642e994ab98917d38e4c48e290fb4cd6658f6920c386bf0089ffd3c70ee51a9df1016350350b4de7975bdea9a49bcc084e223f12866659bafeb5f55d9b68186a8920d1496cfb6302467d878dca0e67cc4f16b704d59a9df9ccdca35102cd872dc1c471ce33007cea5daea146eaf811ba5a52c88af93309de296e80a752092dbb811d9141fe8e99fd1b9ebde4aaacde20e0e6b65e691cd181b1775749492c25e7dad40443c96c28c23ef9971a8230030214f1c360c5d805bd6f48f05eeaa2869c7374cf2133709264a7f597c31188eff1a97bc095a9a3297e9498fe0853cf1b93e7569c61eb9f93a2839bc3ab6a2bcb50443470ae03b88c221e1212628b2badf58efe86db8e2e9c761fd49ee4b5a798aaa0035a485954ddbc65fc5e79e04e1af7976866ee59fc9b82bbdbbf8b1a98904612c3e20c1c0cc14a4dd5306f32ea2d6aa63fc6dc66de9b5d0927fb626857c57d76d5db4f2d60e681f019742cbac566460c8565a805342c204a075addae3a4446e66ef326c6719ed790a073c286724cf544bf632dd4a726ccce3440c68eb691c043e7fe1d1b6ce08fdedf3a837705be77a19843c1aa5fe302779e8a1b3619966828f1d0f7347db13fbaa94d375c36d2e53a3f8e1e7f8b05dcf239ec5a8dfdefa6ebce72730b6728607d13d50d8b9ea6219cac30d1b26cd6b7b9eb01c8b16776ae037755f7972868ccef0682ad049315d781105a9589da8ba86f33d775ea3db3d18dd5d4761ba8d4e36e5de7c0124f70ed14fe839860d093c74f4cd409c41a01dcbcb7c3bf902e57ed7b411f6d272436c26c0881450d13e53fc9974b06cd45bab4b8a23a47c90b04dbfb52722c811fb42aac0f1f95d9453375ce38fb0428069cccd676a6282fc534b6201ecf69c2c9d8354849bf2932145835336e4a175e527b9b1884d2ea932d622582c391dc2ea7211be114316b197e6f260d666c0492ded20d8e599d185c4859afdf1bef8ce8be47582c9abf03f8b1680fed5bf0382f6ef02d3702c9885288692e4b72e13e64bbb970c47d107002a46543ff3bf880ba6abf8608520b9aee83ee872f10354bf5d64e508208bb1e64bfeaa7c6862104de089529c84471206d8f97faf16092c11870da27455cf708e7ad0c7cd90621f84902401a69d5942d3b8a4f27604d5527d8e0aee9335919af5f24d0db883eec8a99f3747af7dcb685fe9a360452dcf9d7317b3b48b33f7ec875668124af9a3628d419c9552d065879e9b70298712db1dc5342fe33343d64ff25ca47f092dfaae901520feaf92b56db36f35ea50b64de7d028bbc21dadf6038c82f8b6b4c7e25fa33f42497f0bc645ecbff005f40819327caf825de93f302a34c8968a3b739f89ec72c042dc720c086749689f8b0611e77aa7c6335ed9b309e2f785538638b396ff5f57bfd58c29a2bdde233432239bf6f8578e1611e4b14b5f9d1866626ba2b6c658b3e76415200f09c15fea45014be7e3ab0edd0685763f0ab736c8934ddba20bf0717c6f6b7cf026f0f0e8990af13ac97ef24ddc69aa7469a114208136216078e4f8eb2618850b0d7c7f1c0e20becf11daecbf68b5171405f8942a6382952e415e54cc81e88b69970494af082965b48774407de53b19eb94a7d7f51e5453776f7551fbbebf8fcf52d7cb8c332b24dd10d38147cf27a7064ef1b33283d566babc3bc4075c415262a43cd0a87bdbfaaa719e81fd0a710513ea4fe74cf983c86bb2e66c5fc55391c3168814088c186a2ba679f624d768649f39acdccbd67fa797cc925177bbabf85c4cc919ed8fbf467681616115d11892eb4aa4c0940aa8f3e524e57866fbabc6471fd528165811547142aace46b100156f8a10524ecff414cedec2bde24d232dfb57915a2b7fc151c1edb7878db430628d1a7d5520dc5882fcd1657752c2fd23495ca8999721849ad0bdedd9f10ba1ca7b470c16eb747030fcaf9b3d8933bfd71dfd0f6843306caeb6a55ef0d912415919d477dc623f7a38fa44ab85e70b3e8dfd94499a4df9e3b6d1056a53e531404a85b19fe5841021f3ce6c582b30c58a9006efe251f8504372d9d26fe04f3b542de9b91c5f1b921f4e77ec1e23d4dd7ff8a3bf5a697e6fd4a18d9fd2c99f939ba3941fcb072d2686b6fa40d77895b78cd617fe6f973d72146787b078647f25b1af74ef358fdeb5621ef9b5c3bae021976e8f9b4abac49c23db6084a74361962bc5fb1fb66f5389f7ab30e412fd9ab8cd187cb8f2afed54d1eb8f66a5061cbbf02d00f2ecf4d0542358511145775d09ede3105b3db18744685f7b546f8b8947844872e6750efbf2c44b512971d54e163bb0c44ca6e65bfcb05824a7be78341eb9eed1d523c80b811c1eaaa716cb60348f31701ad550756d20b5027936f95250a5b2e7aeb86a1b841b443fc5fe4579fdb65b57f230abf3a4cee105a9590793e5dc9e95ff841cb57af561b438372c6237c6bdb4fe5dbb673507c3c5fc3c9c191ff76b9d4b874f77d2c34c0102f1de884f236af66beb473a484b53d7ddc22f37cd6e831509b1a22b02e8cf13b3747fc0c0781453b1bfddfbbaa00c908837c0b55126bb48cf8287a448548f8e56e0f708c537feec8323befb7be42351aada37c5032d6c521985ce765d0c69a811c81cc1b8a45c79da1cca749faaa9d9b2725b4875acc92db52bc1cc30485d7460dcc677350ddb68580e9b671d57458dfbe7b8865e2b9b4ae49ef5b650118f36f76590c5674cb536732f5f47cce2de0c623ea48fa0a71c5bed6ff63ccde01d9677e089bc5f73ff1f80385f9ba02efc021dafef412bc831a254092c2063e5cb90a0d6d24b43bcfa8b9567c75d1219ac171329004eb380d0922ccacfead17df21871821397579de50fd6d5d5496b99a4416b66d70fc899a92c96416f576c3c09c0300902e4b25d6572f76ba9f26e75c29183a3c3bb14ee61dd6000db701af927f8aebc1c9e3559ca7aa33900f788f9e22f6120809aa478cc0ea78a40d58232ee6429237fff41d9355ab1b0b3308ab4841a108647427368293baf59eb7fe6be945fad7d527cefe43c54686ff06de00ba8d22ba44e6ca30af8eb1ec762255eb8882990e982715376a8443d847c4a883b90f5dbfd725cc5944da81367ffa37b2533ef41e99bae6d83c777899ef74aa52d6b71f5f379d140a7f6d5949f34526ffb701573e2fe058cdc9c7e593a6528e0cc0a635f291af0f5229ecfbf6d63586930c4533dde9944ddf500eb678d302d1b96707b4f6ae4644d0a8583c840f16954bfc96a3fa0d0d4c623e19b5d423504264d41a329379ce8c150e364f7041124f7d039fac8b015fb81d2a3503b1b780077eecf24253ac53c8590e71601f2b0d3bac4fae5114fa8cfce0f6f37e9eec49920e60abc36485b3d6dd4fe4f1c53dbc62959d8378e904707ca97cbdaeb7d45a62ff34f2c977e22b3a3ab3cfbd6f01448b27f9a0fc322bd039491e77c1eddc2de09820a3303d8be959ebfc8c1d9fc0ad946f1d3b2bdf8cf3b01120e27c4edec9f4e150ef661ad32115b26b18c935b5b2782f291dc4ecc6abeef1c005ee4200641a9a5797c0d3c794c311817711d4ee0c53a6002f1c8ffee823daa6911ff0ea5303b473d2691d25e39fbea40ee5b6dba0e1d292cf86bd92733e84c1a05cc27dca18850b1d71a2ef20c9cf7d645a48962a8e9e1edf28a0b72d0a5bbdc88ccce61333ea3f74d23d8fec97c6264d01afb06498e79f740b648d21cda7aa0cdebe73c1c7d5f16664bf84f7169672c0579594620d52ab63ab5392d1d8ac347e5aab6564a4bebfb5beb425b5be62c652bebb6ed60af57ebfde8a40c680d7e25d034d7e79d32949efb2043bd518c60a08f065fa34500f7e6336683c7f07ed41a8a729d3c959dcb0bf439053b32932a5dad71a05dc34de274bc63c42a11f5878b29fc83b94b233bd4cd709d291db9d8072f164645650a31df1a659fadccc2d96c550589997900cb55deff4b4cb4268b528c79feb210657f367f102d80cbcdb351ca8d42a85f2b88ab22ebd5aa77ebdf21bea4f07a3c9d086635ca08248ee929762f8019a24374f4453d1ba4fc7803448b9be62016ca640307252bcd2dccbe7d5dcc6d5b1811e00ee546ab9abd2f275ffe690eed5090dc36c946172ccd05955b028947be5d7c7e16dddf725221ee6e7e383ef9cbdb5e2a75e6c40bf14ded2e997c904753c7555f6e7c1138ade08208f48437c2e5bb92623d79b03ac9137b50eb989a7ddaf8c43b1ba42c7bb1b125c56d1326de5e5365ef66029a94700cf5da5f05492ac7567db69d0f1c2a9677cdcd3283621a00dc6bbabd3b97e03d90cdbf915415fcd9245ee71474e2e314253c7c9b9b36510062d06ad48e13d7ce764dc624a3176a668df0356475981c424edbf28f3ff525e86a2b51cd54f9ef56848993fc2e05deab4223d2167473623354559700aa837e70dedca377e61e2d0a373a227c568a9a9b6052119139990789f719a6ff6ba93a1759354b0cf7411fd2de957b4165ca80db8ed8e19e1dd36519296a0d7b90b702aa67475e6c0967eaf532d7aa4af6f50d5aff19f211c31a9d0abaca4f9379978b5dad45df46af325a1acabafca9b2701f0ef228f17893b5a88a3a7ce27cf111e3c3fbcdfee1566965a8cf4bf90d42cded34989f51dac1edecffdbf3223f8ae0f01827f5c5928ae7c0270e754be302b84a01ae0f0049b85bdb9d8f1d3e50106a65a02e3546dd47db66bb14a40097161dc39d95f0ab76d8b7191301096823d214c7c829dbe2ba20d95c465444637da92c78ef239d67268ac58718743e619b1b444c24004c65b120da131000173f0355a01d07e9dfa80956e55979be5db574f8d0795cbbc5c1480049c68845c4cd08c9f8ebd27684bde62fe326ca5aca749cf00abb0b182bd157c3d7db9998029383ab10c0a4fddc3ba399250cd76d361c35d6dd251425532d0946fed7bad77947ad6fd6e2a36f8d54b48d5acd0749f20afb12c16d6f9fde6fbacebad2759fdfd7f4f638d0413079d4dcc0c8bb97872dba314c4c89b882b31538aeddef3aecfa8c9ecfd244c77d776441b3c395a0b90769d01ad59df5a4103c79f9f324ef18e008c6ea9e356e745940faf9c39d27e0da0123bdf46c26f38556be117d271618db686d6d0cdc1e45d068e1c65b7fc4142176e6efc33d555ade5a92be6b0317d623dfc5a1182d7072e760ea9413fe484c7ca2ca39b6a07fd854b4261d2ea3dfb78482588c5337075ce13a36e02c8c15643843fcfdffd1560dc84202d01f49bb53eeb69292ceb5fd2efa3255db360b2fef3f033e071981af81a15421b1c62f34018fb272b07168956636e456a24e78ced48e78a34699fe4bd8ba9a4bf5ad3dab9cb53370c5a3acfc48816c7d8e23c40befad4b78ac08d347889ed5ee34abcdee6f3178a12659a788d284d4e8433bd8a9f53c9e06365b2ff21d4cce03740dde605bb5b12c5039d4902e9588d03fa27d5f6c0b5cf9e8ce52312c633a97646f6c6c63e9e753f19b3904c64560189c0e7cf3193b0af35e6d1504141b72f3d986827e49501489af29c4db545b2812fe8a0882350473f03016b85ba5c9b4b8b5fadf02ec5d13c8e80d44466083db9cdd3631a4d92fa8647d542b60d33fab6b104c72e059c7b5ed2976def4e364eedcd85727bdf9c579c1e6eef2b64994ab633fee460b371e3268de14117b8f39aaab171b3fed91c704ab4329ce145b378ef49068c6ce939187329c326c64d08690ca3f1c7788660142237b70aeb51819d9304559cd5c1e7320e6997cbdd113b4327f1331833b247b674f8e5b6dccdbff8e1be71af6a0133cd9fddd290e9f8f61f15b6e4115185266b0c3edbd99746e8e50478b12181d2f43f05332c90f92ab013ffb601ff6f38a1e1b33908b53cbb7eb8e0ef68b3959fda5d9dac59324828b785d26b77f373b85b3303f5f3d2f78eb90c52206137921624ddb5e8e65752ca4e6b4be7c5312bfeced80d1bd442437dbc731fd1a044c4a70419d0561596261414c2161b690108701d0be95a056cc29d34e079d47db7efdd1c98b1ada045f75adba7f4f872e369287e9e87c1f8e93f9d0335fc7c9baeaf762141f910e8a311b05956e6f211c8e2b06d79e75226d887a2d129970d978c7cb671ca3e4f2317dddaf5a7fa4664089bc9b21a127f02b1c3f7277e5f435427594cad6fe17c0f6e0d403c056205a6fe9cb2e8bd01087cb74e74a19bdf6f89beca1dd85e776778aa9d1f5dafbde7b4f2df7ba6abcac6c1600982180ff64a73e0e5624f2cf418d380436409cc3d14acf252e868bac0035f59541cf498bd13495df92f136ef806933dd4e0e746104c48372e53ccf47b42ce096919fef8e191de8bf86a9c431826cf658ea8d3befddfb870755758b34fb62765d867cb4300af8390e59e7165a5dbf75222074fb510627405db40245b9cb31925ff53f6263353a563112ff9bb2d08953d5047dabd03cfdfb6fc4270a789ce529eb045aa0f08eab940cd7f2bcc4b7fc01627bdf1bff61d7f136b180d0ee8ac3e4e7c7625abdaf92bc4bc0cacd9a8f4c1196ab792d12fd1f7520075bcf8231419f1b4c0b82b4e699112e8d5cb5ce7c52f420456dead3fd13701442b32fb962f7164fc1fbcf0b313838ab3c7adb51461919e7244c53f002a62a6932d18c424d9cfb04d035dea8bafc317f385b50897939348514b3c094ea1249be3209b20acd4e02a84bdc5ebbfc16ec9092293d227a7d3c7341a2cfeafe3904dc49a4b507c20dc0b210c60b4ad65924e104fb5f55fa9e9708d8fec9eae77a2f74941d1745b99aeeee1db14a2d6729a071c001dda44820a6bf04ebf420ef885d161df0706d7014bd9ba0dbaf98ea414a45e015c41fe9e6578b2c507c12a71ebc2b0eb8b152650eb82b45b9e6b9373d56ff088b1bfbc89f235a9581e19a34cdc94ed3bab349aa1de00b76eec8e4dcb80a7c822b7b6080bb72aa10e179f1e603174c3554fb2af0e9db6e5d68075bad65eb3b7b6f6704ab9474e3ff1c6b737181b1e5365e2bf351613559599c325835452bbf3419cf9413448dcf08a08c0ef31ae5fc9dc43b710144ae1bcf2e61b79d760efb8bb7e1387257f7e4ae16d83d374b34d44b0ce5d98e808dc4a4c29234822c476af14c63f6950a0206f2ad99dc85a57e536790a75f8be023d8d8227aab2f8d59c265dafca7befd682cfc82224ee1ea9c85ae8f5991d128c7484ef46a1d4ec847e3bfe231f2da667d9818eccb7d947158afbb6b4abf826033de07e080771ae02d160225130f11ea30e8a0311afce0879b0af15e34d72d5aff289a07e516d48afedc3e7f6d83d30de2e48912bf05d2d817cea39c940845baa686f4c1d1f89d8a0fff4ef219a326f24c574d79576933ae9caccc5c4df1d8908c4c5649ca1b062ddd72b003e8ab4f6307e0c276af2f67ba75230b03ac00d5a25fd9ca9b6562a8143963595382b7c40564e389aa026edb0d9a51bebb71443f9897c9d06d2219657fe6714f265e2bf2a877a21108c2a4eabc958a3c7d8eb193801ee23cd14644c8b714b6bec81a1098b075388c98b764cd793b8bcc27e5c9f5b195b4095b4e2e65ce8b3ebeebb1d41f0dac18eb1edf68565394818864ea0400ab188e6e142791d6c9526dab1ac1454e19691cccd1db77e13a54c123296acc99f0d84e99ea5e721681096b1cdf027d07d409f4048e28d4af31911cdcbedcdda8809993c038bba9471d1e07e467ac8dee9d45d2d770e4891759a50eb7f0448ea1ef1d921124229ea68a9da527e85806910bfb11ce47e40ee8df7ca12d735d92c92f7e7ecf9b6b7bd76236f75e76642cbc484c60bb348d4b75bf606eb8448e7391af63c24b8105bfd4b64915b125b01cd8b48c86d64be0a39b27552cdf6b29bf9d37f1d13e435107fa066bc9a40c0191f6115f2792b8d0395faeb3b27aea492b5536dc3456fe5054dacc64b743ad505811fd9643dad1888569aaa2d63b94b530649cc240db8d536194adbe95cdec6b8f1e12a21b2c07f0ad47451cc9fe426a4d3561f2413f477cfaf54afcba9c1fd129ba022dc4d0cc39406cb316a7ea6660d3a5cf1", 0x2000, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x148, 0x0, 0x6, [{{0x6, 0x400000003, 0x7, 0xf7c, 0xc, 0x400, {0x7, 0x2, 0x18001, 0x400000000000369b, 0x23, 0x7, 0x3, 0x1, 0x6, 0x2000, 0x8, r5, r6, 0x40824c39, 0x4}}, {0x3, 0x0, 0x9f, 0x4, 'rkotmo\xb8\xa4ade\x00\xe1\x00\x00\x00\x00\x00\x00\x00\x00\xea;\xff\xc7\xfeXA^\x90\xde\xea|G\xe7\xa0\xca\x1c\xd8dE\xd4\x12\x13\x87\x02\f\xf4p\xfe\x9d\x06\x83f;\x7f\xeb\xc9\xc6\xff\xd2\xb4\x1f\x91V3\xb9\xeb\x13-\xf5\x9e\xd6Zdm\xad\xdd\v\xaf\x1aZZ\x8c\x92\xaa\xd9=t.\x9a0\xac\xae\x92\xc4\x9bx\x83\x1b3\xeeE\x10o\x94\x10\xa2%w>\xe0\x17\x1a\xdc\xe6T\xd3\xbf\xc7\x87J\\A\xa9\x18\x04\xb5\xfa\xf6\x1d\x903\x9e\xb9f\x12\xf7\xca\xea\x82\xeb\xe9v\xc9\xb2\x9c\x9b\xe3\tV\xbeS\xb6\xc62\xd1+\x0f'}}]}, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): geteuid-syz_init_net_socket$bt_hci-bind$bt_hci-prlimit64-sched_setscheduler-getpid-sched_setaffinity-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-ptrace$getregset
detailed listing:
executing program 0:
geteuid()
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000740)={0x0})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}]}, 0x1c}}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-getpid-syz_pidfd_open-sched_setscheduler-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_open_procfs-syz_init_net_socket$bt_rfcomm-sendfile-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$MAP_LOOKUP_ELEM-socket$packet-creat-close-sendmsg$nl_route-socket$xdp-setsockopt$XDP_UMEM_REG-setsockopt$XDP_UMEM_COMPLETION_RING
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000000)=0x5d93)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
sendfile(r4, r3, 0x0, 0x80008)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x2, 0x40, r8, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{r9}, &(0x7f0000000980), &(0x7f00000009c0)=r8}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r9, &(0x7f0000000240), 0x0}, 0x20)
socket$packet(0x11, 0x3, 0x300)
r10 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r10)
sendmsg$nl_route(r10, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x4c080}, 0x4000)
r11 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r11, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r11, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close-getpid-sched_setscheduler-tgkill-sched_setaffinity-ioctl$UFFDIO_CONTINUE-read$FUSE
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
tgkill(r4, r4, 0x22)
sched_setaffinity(r4, 0x8, &(0x7f0000000080)=0x6293)
ioctl$UFFDIO_CONTINUE(r2, 0xc028aa05, &(0x7f00000000c0)={{&(0x7f0000cfe000/0x1000)=nil, 0x1000}, 0x7fffffffe000})
read$FUSE(r1, &(0x7f0000003f00)={0x2020}, 0x2083)

program crashed: KASAN: use-after-free Read in hdm_disconnect
single: successfully extracted reproducer
found reproducer with 19 syscalls
minimizing guilty program
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close-getpid-sched_setscheduler-tgkill-sched_setaffinity-ioctl$UFFDIO_CONTINUE
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
tgkill(r4, r4, 0x22)
sched_setaffinity(r4, 0x8, &(0x7f0000000080)=0x6293)
ioctl$UFFDIO_CONTINUE(r2, 0xc028aa05, &(0x7f00000000c0)={{&(0x7f0000cfe000/0x1000)=nil, 0x1000}, 0x7fffffffe000})

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close-getpid-sched_setscheduler-tgkill-sched_setaffinity
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
tgkill(r4, r4, 0x22)
sched_setaffinity(r4, 0x8, &(0x7f0000000080)=0x6293)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close-getpid-sched_setscheduler-tgkill
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
tgkill(r4, r4, 0x22)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close-getpid-sched_setscheduler
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close-getpid
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)
getpid()

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-close
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)
close(r3)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API-openat$rfkill
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd-ioctl$UFFDIO_API
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink-userfaultfd
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)
userfaultfd(0x801)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ-syz_genetlink_get_family_id$devlink
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r1)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs-syz_usb_connect
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_open_procfs
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00')

program did not crash
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-execveat-syz_usb_connect
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
execveat(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-memfd_create-syz_usb_connect
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
memfd_create(&(0x7f0000000280)='\xa3\x9fn\xb4dR\x04w5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x0e\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xe7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xee\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e*\xb3\x01\x85\a\xe4qv&\x98\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xf3/qa\xa9A\xc3\x99f\x9eb(\\\xe9\x11`\xc4Yf\xeb\x7f\xcb\x01\xfc\xe2\xf5\xa8\xac\xd9\x9b\x84\x8c\x89%\x9c\xb4\v\x10\xef\xb1\xcfl}O_x\xa7~}\x95\xcd\xe3\x0e\x9b\x81\x99\xbf\x965\xd7J86\x11\xd8\xcd \xd5D\xcf\xb8x\xc1E\xec\x01$n\x0f\xfc]\xfc\xccB\xef\x99\xb4\x11J\xbe\x9d\x12:\xbb\xf8\x1eJ\x15>X\nW\xcd\x9a{V\xa6\a\x11\xa0M%\x89\xb6\xfc\xad\xdd\xcfl\xe6\xf8\xbc\xf0rM\xcd\xbb{\xb1NqK\xa2_\xb7`', 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-prctl$PR_SET_NO_NEW_PRIVS-syz_usb_connect
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_NO_NEW_PRIVS-syz_usb_connect
detailed listing:
executing program 0:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB="12010000e6951540240430cf4a00000000010902120001000040000904"], 0x0)

program crashed: KASAN: use-after-free Read in hdm_disconnect
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x2, 0x24, 0x0, 0x0)

program did not crash
testing program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x2, 0x24, &(0x7f0000001900)=ANY=[@ANYBLOB], 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=58.642659454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
simplifying C reproducer
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=58.642659454s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: use-after-free Read in hdm_disconnect
reproducing took 58m57.352374882s
repro crashed as (corrupted=false):
usb 1-1: USB disconnect, device number 2
==================================================================
BUG: KASAN: use-after-free in hdm_disconnect+0x109/0x1c0 drivers/most/most_usb.c:1125
Read of size 8 at addr ffff888030e2d898 by task kworker/0:1/14

CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:316 [inline]
 print_report+0x15f/0x4f0 mm/kasan/report.c:427
 kasan_report+0x136/0x160 mm/kasan/report.c:531
 hdm_disconnect+0x109/0x1c0 drivers/most/most_usb.c:1125
 usb_unbind_interface+0x1cd/0x840 drivers/usb/core/driver.c:458
 device_remove drivers/base/dd.c:550 [inline]
 __device_release_driver drivers/base/dd.c:1260 [inline]
 device_release_driver_internal+0x59e/0x880 drivers/base/dd.c:1286
 bus_remove_device+0x2e5/0x400 drivers/base/bus.c:531
 device_del+0x6e2/0xbd0 drivers/base/core.c:3884
 usb_disable_device+0x3b8/0x840 drivers/usb/core/message.c:1414
 usb_disconnect+0x33c/0x8c0 drivers/usb/core/hub.c:2275
 hub_port_connect drivers/usb/core/hub.c:5323 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5619 [inline]
 port_event drivers/usb/core/hub.c:5775 [inline]
 hub_event+0x1f78/0x5730 drivers/usb/core/hub.c:5857
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Allocated by task 953:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:383
 kmalloc include/linux/slab.h:563 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 hdm_probe+0x91/0x13d0 drivers/most/most_usb.c:959
 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_new_device+0xbdd/0x1900 drivers/usb/core/hub.c:2620
 hub_port_connect drivers/usb/core/hub.c:5479 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5619 [inline]
 port_event drivers/usb/core/hub.c:5775 [inline]
 hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5857
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Freed by task 14:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:516
 ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1724 [inline]
 slab_free_freelist_hook mm/slub.c:1750 [inline]
 slab_free mm/slub.c:3661 [inline]
 __kmem_cache_free+0x25c/0x3c0 mm/slub.c:3674
 device_release+0x91/0x1c0
 kobject_cleanup lib/kobject.c:681 [inline]
 kobject_release lib/kobject.c:712 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x224/0x460 lib/kobject.c:729
 hdm_disconnect+0xef/0x1c0 drivers/most/most_usb.c:1123
 usb_unbind_interface+0x1cd/0x840 drivers/usb/core/driver.c:458
 device_remove drivers/base/dd.c:550 [inline]
 __device_release_driver drivers/base/dd.c:1260 [inline]
 device_release_driver_internal+0x59e/0x880 drivers/base/dd.c:1286
 bus_remove_device+0x2e5/0x400 drivers/base/bus.c:531
 device_del+0x6e2/0xbd0 drivers/base/core.c:3884
 usb_disable_device+0x3b8/0x840 drivers/usb/core/message.c:1414
 usb_disconnect+0x33c/0x8c0 drivers/usb/core/hub.c:2275
 hub_port_connect drivers/usb/core/hub.c:5323 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5619 [inline]
 port_event drivers/usb/core/hub.c:5775 [inline]
 hub_event+0x1f78/0x5730 drivers/usb/core/hub.c:5857
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

The buggy address belongs to the object at ffff888030e2c000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 6296 bytes inside of
 8192-byte region [ffff888030e2c000, ffff888030e2e000)

The buggy address belongs to the physical page:
page:ffffea0000c38a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30e28
head:ffffea0000c38a00 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017c42280
raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 22, tgid 22 (kworker/1:0), ts 71875604607, free_ts 71863915419
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x18d/0x1b0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x3731/0x38d0 mm/page_alloc.c:4328
 __alloc_pages+0x28d/0x770 mm/page_alloc.c:5605
 alloc_slab_page+0x6a/0x150 mm/slub.c:1794
 allocate_slab mm/slub.c:1939 [inline]
 new_slab+0x84/0x2d0 mm/slub.c:1992
 ___slab_alloc+0xc20/0x1270 mm/slub.c:3180
 __slab_alloc mm/slub.c:3279 [inline]
 slab_alloc_node mm/slub.c:3364 [inline]
 __kmem_cache_alloc_node+0x19f/0x260 mm/slub.c:3437
 __do_kmalloc_node mm/slab_common.c:935 [inline]
 __kmalloc+0xa1/0x230 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 __sta_info_alloc+0x93/0x1f20 net/mac80211/sta_info.c:535
 ieee80211_ibss_rx_no_sta+0x414/0x740 net/mac80211/ibss.c:1233
 ieee80211_accept_frame net/mac80211/rx.c:4325 [inline]
 ieee80211_prepare_and_rx_handle+0x20b9/0x5f10 net/mac80211/rx.c:4873
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5160 [inline]
 ieee80211_rx_list+0x29a2/0x3380 net/mac80211/rx.c:5286
 ieee80211_rx_napi+0x186/0x3b0 net/mac80211/rx.c:5309
 ieee80211_rx include/net/mac80211.h:4831 [inline]
 ieee80211_handle_queued_frames+0x103/0x1b0 net/mac80211/main.c:317
 tasklet_action_common+0x3cb/0x4a0
 handle_softirqs+0x2ee/0xa40 kernel/softirq.c:578
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x12a6/0x15b0 mm/page_alloc.c:3384
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3479
 free_slab mm/slub.c:2031 [inline]
 discard_slab mm/slub.c:2037 [inline]
 __unfreeze_partials+0x1b7/0x210 mm/slub.c:2586
 put_cpu_partial+0x17b/0x250 mm/slub.c:2662
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x156/0x170 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x1f/0x70 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x52/0x3a0 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 __kmem_cache_alloc_node+0x137/0x260 mm/slub.c:3437
 kmalloc_trace+0x26/0xe0 mm/slab_common.c:1026
 kmalloc include/linux/slab.h:563 [inline]
 tomoyo_print_header security/tomoyo/audit.c:156 [inline]
 tomoyo_init_log+0x1bd/0x2040 security/tomoyo/audit.c:255
 tomoyo_supervisor+0x396/0x12d0 security/tomoyo/common.c:2088
 tomoyo_audit_path_number_log security/tomoyo/file.c:235 [inline]
 tomoyo_path_number_perm+0x58d/0x7f0 security/tomoyo/file.c:734
 tomoyo_path_mkdir+0xe3/0x120 security/tomoyo/tomoyo.c:166
 security_path_mkdir+0xdc/0x130 security/security.c:1174
 do_mkdirat+0x185/0x360 fs/namei.c:4126

Memory state around the buggy address:
 ffff888030e2d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888030e2d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888030e2d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       

final repro crashed as (corrupted=false):
usb 1-1: USB disconnect, device number 2
==================================================================
BUG: KASAN: use-after-free in hdm_disconnect+0x109/0x1c0 drivers/most/most_usb.c:1125
Read of size 8 at addr ffff888030e2d898 by task kworker/0:1/14

CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:316 [inline]
 print_report+0x15f/0x4f0 mm/kasan/report.c:427
 kasan_report+0x136/0x160 mm/kasan/report.c:531
 hdm_disconnect+0x109/0x1c0 drivers/most/most_usb.c:1125
 usb_unbind_interface+0x1cd/0x840 drivers/usb/core/driver.c:458
 device_remove drivers/base/dd.c:550 [inline]
 __device_release_driver drivers/base/dd.c:1260 [inline]
 device_release_driver_internal+0x59e/0x880 drivers/base/dd.c:1286
 bus_remove_device+0x2e5/0x400 drivers/base/bus.c:531
 device_del+0x6e2/0xbd0 drivers/base/core.c:3884
 usb_disable_device+0x3b8/0x840 drivers/usb/core/message.c:1414
 usb_disconnect+0x33c/0x8c0 drivers/usb/core/hub.c:2275
 hub_port_connect drivers/usb/core/hub.c:5323 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5619 [inline]
 port_event drivers/usb/core/hub.c:5775 [inline]
 hub_event+0x1f78/0x5730 drivers/usb/core/hub.c:5857
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Allocated by task 953:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:383
 kmalloc include/linux/slab.h:563 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 hdm_probe+0x91/0x13d0 drivers/most/most_usb.c:959
 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_new_device+0xbdd/0x1900 drivers/usb/core/hub.c:2620
 hub_port_connect drivers/usb/core/hub.c:5479 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5619 [inline]
 port_event drivers/usb/core/hub.c:5775 [inline]
 hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5857
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Freed by task 14:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:516
 ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1724 [inline]
 slab_free_freelist_hook mm/slub.c:1750 [inline]
 slab_free mm/slub.c:3661 [inline]
 __kmem_cache_free+0x25c/0x3c0 mm/slub.c:3674
 device_release+0x91/0x1c0
 kobject_cleanup lib/kobject.c:681 [inline]
 kobject_release lib/kobject.c:712 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x224/0x460 lib/kobject.c:729
 hdm_disconnect+0xef/0x1c0 drivers/most/most_usb.c:1123
 usb_unbind_interface+0x1cd/0x840 drivers/usb/core/driver.c:458
 device_remove drivers/base/dd.c:550 [inline]
 __device_release_driver drivers/base/dd.c:1260 [inline]
 device_release_driver_internal+0x59e/0x880 drivers/base/dd.c:1286
 bus_remove_device+0x2e5/0x400 drivers/base/bus.c:531
 device_del+0x6e2/0xbd0 drivers/base/core.c:3884
 usb_disable_device+0x3b8/0x840 drivers/usb/core/message.c:1414
 usb_disconnect+0x33c/0x8c0 drivers/usb/core/hub.c:2275
 hub_port_connect drivers/usb/core/hub.c:5323 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5619 [inline]
 port_event drivers/usb/core/hub.c:5775 [inline]
 hub_event+0x1f78/0x5730 drivers/usb/core/hub.c:5857
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

The buggy address belongs to the object at ffff888030e2c000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 6296 bytes inside of
 8192-byte region [ffff888030e2c000, ffff888030e2e000)

The buggy address belongs to the physical page:
page:ffffea0000c38a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30e28
head:ffffea0000c38a00 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017c42280
raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 22, tgid 22 (kworker/1:0), ts 71875604607, free_ts 71863915419
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x18d/0x1b0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x3731/0x38d0 mm/page_alloc.c:4328
 __alloc_pages+0x28d/0x770 mm/page_alloc.c:5605
 alloc_slab_page+0x6a/0x150 mm/slub.c:1794
 allocate_slab mm/slub.c:1939 [inline]
 new_slab+0x84/0x2d0 mm/slub.c:1992
 ___slab_alloc+0xc20/0x1270 mm/slub.c:3180
 __slab_alloc mm/slub.c:3279 [inline]
 slab_alloc_node mm/slub.c:3364 [inline]
 __kmem_cache_alloc_node+0x19f/0x260 mm/slub.c:3437
 __do_kmalloc_node mm/slab_common.c:935 [inline]
 __kmalloc+0xa1/0x230 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 __sta_info_alloc+0x93/0x1f20 net/mac80211/sta_info.c:535
 ieee80211_ibss_rx_no_sta+0x414/0x740 net/mac80211/ibss.c:1233
 ieee80211_accept_frame net/mac80211/rx.c:4325 [inline]
 ieee80211_prepare_and_rx_handle+0x20b9/0x5f10 net/mac80211/rx.c:4873
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5160 [inline]
 ieee80211_rx_list+0x29a2/0x3380 net/mac80211/rx.c:5286
 ieee80211_rx_napi+0x186/0x3b0 net/mac80211/rx.c:5309
 ieee80211_rx include/net/mac80211.h:4831 [inline]
 ieee80211_handle_queued_frames+0x103/0x1b0 net/mac80211/main.c:317
 tasklet_action_common+0x3cb/0x4a0
 handle_softirqs+0x2ee/0xa40 kernel/softirq.c:578
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x12a6/0x15b0 mm/page_alloc.c:3384
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3479
 free_slab mm/slub.c:2031 [inline]
 discard_slab mm/slub.c:2037 [inline]
 __unfreeze_partials+0x1b7/0x210 mm/slub.c:2586
 put_cpu_partial+0x17b/0x250 mm/slub.c:2662
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x156/0x170 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x1f/0x70 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x52/0x3a0 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 __kmem_cache_alloc_node+0x137/0x260 mm/slub.c:3437
 kmalloc_trace+0x26/0xe0 mm/slab_common.c:1026
 kmalloc include/linux/slab.h:563 [inline]
 tomoyo_print_header security/tomoyo/audit.c:156 [inline]
 tomoyo_init_log+0x1bd/0x2040 security/tomoyo/audit.c:255
 tomoyo_supervisor+0x396/0x12d0 security/tomoyo/common.c:2088
 tomoyo_audit_path_number_log security/tomoyo/file.c:235 [inline]
 tomoyo_path_number_perm+0x58d/0x7f0 security/tomoyo/file.c:734
 tomoyo_path_mkdir+0xe3/0x120 security/tomoyo/tomoyo.c:166
 security_path_mkdir+0xdc/0x130 security/security.c:1174
 do_mkdirat+0x185/0x360 fs/namei.c:4126

Memory state around the buggy address:
 ffff888030e2d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888030e2d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888030e2d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb