Extracting prog: 15m25.078541867s
Minimizing prog: 19m27.338647118s
Simplifying prog options: 0s
Extracting C: 1m8.474622506s
Simplifying C: 11m40.051641087s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_control_io$printer-ioctl$EVIOCGVERSION-syz_usb_connect-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010002b3e0d040d31306320269010203010902120001200000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
ioctl$EVIOCGVERSION(0xffffffffffffffff, 0x80044501, &(0x7f0000000000)=""/136)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000140)={0x14, 0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000180)={0x20, 0x0, 0xdc, "15f8c1d9cfa8e1d7586364f5c4f9fa6dd807abcc9c434da35fa3a5f6c30f995de3dd3bc294c5d9aaa64cd19825f505b007965fec223cd322d6afaa3541bb860dee891578878c45f749fd3df4b9b4bfdeaa97f3b9e026b1661afe29f88cac56f5bae549ce0a92a2e82644bf4c7eb0536656cba1208f974ba5a44bdbff5611e3569e9619bb42fcaf6cb769d7ce2e8faf4af5a8bdb7e847fdd5f4a52e7bb668e184af3d7d0cdb390af2fa5749c7b7d8217bf994268cc16cdd1d08fe49c39500445f228b9caa33d105b0e26dd02c4ec858d064559ffde2e5ef1ce22739f5"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x80}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$printer-syz_usb_control_io$printer-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000b5b30a40450ca86035b501e402010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201100123890720d1122f69f7b30102030109021b0001000980030b04d48401ff0604500905c70240000000099d79c933365f675045838833abb32bb0d039c4abc1c0113f9cb8ab107af0a63e224aa62c663b7d7eb20edc944761d7ee5f6900b43ebd736e56a4a0cd742ac206970d4e53576f9930ab0c2cf3463583f491541b9f663b681f0c789816c15bc5812cb73069f2e26be36afded743e776c9618ab9554957e174e8fdf3b2a90de96584ab954b49b58be90cf5d9155cbf7c8a62670dddebc90476b1a282bf0cdbd54c4964a9239a319191e8c6ac8727494979472b673eeb5"], 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$hid-syz_usb_ep_write$ath9k_ep1-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_connect-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f20000000006fce0102030109021b00010000100009043300011870fd00090582020002000400"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="7332004ef3aff5ecf8e39d7148b15a1f94ffffffffe0b3d41b1b05"])
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x264, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000040)={0x2c, &(0x7f0000000140)={0x0, 0x0, 0x45, {0x45, 0x0, "a7ea3163fd3b651763d80333dd08e13e0962e15c69cc465ec4c94d51a60f84a4bfa30c43ce1055c03ade799b8692277d8ad7129a6ccb2acddd085986660b01db3d77b3"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xe2, 0x15, 0xba, 0x40, 0x12d1, 0x6748, 0x490b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x2, 0x46}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYRES32=r1], 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$cdc_ncm-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0xfe, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xd}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x40, 0x0, 0x8, {0x8, 0x0, "a7ea3163fd3b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$printer-syz_usb_connect$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})
r1 = syz_usb_connect$cdc_ecm(0x6, 0xb4, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa2, 0x1, 0x1, 0x40, 0x40, 0x4a, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x8, 0x24, 0x6, 0x0, 0x0, 'z?W'}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3, 0xfffe, 0xd}, [@mdlm_detail={0x18, 0x24, 0x13, 0x10, "8268260da4af46cc86a804e2fdcf214d34f819ad"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xd}, @mdlm={0x15, 0x24, 0x12, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xfffb}, @country_functional={0xc, 0x24, 0x7, 0x2, 0x9, [0x9, 0x1352, 0xa20]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xc}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x3b, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x73, 0xff}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0x7, 0x4f, 0x20, 0x40, 0x3}, 0x57, &(0x7f0000000580)={0x5, 0xf, 0x57, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "94afc6049f8d9ac8e7ceda3a07f838cc"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "6b3d1d883065092bc1906b4ad118c022"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0xe, 0x1, 0x4, 0xf0f, 0xfffa, [0xff003f]}, @generic={0x17, 0x10, 0xa, "f57109e47cf581974d600a51452101e2d610c779"}]}, 0x8, [{0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x140a}}, {0x71, &(0x7f0000000640)=@string={0x71, 0x3, "ccea26178bf508150e7422f7e44bc6d26ed84fc324e9186c382e03d78c5e3f5a76f6132f4d68072a434ab9d678dd7b40ba44f36ba7f96ac33bb24d2b831a02f3d753756c90d2b32b66d8099e10e4311f4ce601840103fcad1f5176843f973f77a5e98d777f6a4da4cdc5c7f75854fa"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000740)=@lang_id={0x4}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x6670}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x418}}, {0xe6, &(0x7f0000000800)=@string={0xe6, 0x3, "c8e44047d56cd7c34cb5be2c0e22a55453f5cec3b83cdf82afae547402796a837e69e1e0cf653a157f0a71d71f1c241b97f3a372f53fbe85608227ae2dca4bbad46da695840f8eb78c5cba94cc25676545bbe1a255b2cf017972b9ea3d0cec57d240df6281d4ad470f878657940051c1396eccd4281c974b79cc248c2ed67f3e9c703ceeca1cdd984e383c02ce7b49ef1f6f1e07cc3025f8a4ca0618ca2b4fdb5e84ace4bae9449d4ff8e871c52bacbf332b9feeed9ee6d4065bc9a3d79024afdc1ffe13977831ed960c8cdd654fd4e854bf6049efcbcfd83ab3d601d6f8efbf0eced0d1"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x306a}}]})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000ac0)={0x14, &(0x7f00000009c0)={0x20, 0x2, 0xab, {0xab, 0x6, "c3810c5525b040dd2faa2ccd866cea3fdc10aabd8a60540d194983086f7a974d08f0ba126a10ebb8ee4dac99c1608baafba3e8b38cb7598cdc261e3ebf56a6b6eb85ee79aa846ef52263abe71d5f317cd34a6626673a6b64a7d03ffbf7b7192a686450e95f43a6d24d43ea88dd4a6b73f1d3de8e9b7dfd2fac8db773bec534414d1ec555b7e366848a4d7f45f6e171a213ee16d3ea94bfade628bf8ffe2adceb26735fc0621a82811d"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c80)={0x1c, &(0x7f0000000b00)={0x20, 0x16, 0x8, "9e99d2d3034ada6a"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0xf7}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 30, 4, 10, 30, 12, 13, 6, 20, 2, 1, 3, 30, 4, 17, 4, 12, 7, 2, 14, 14, 1, 30, 24, 12, 4, 8, 8, 4, 9]
detailed listing:
executing program 3:
r0 = syz_usb_connect(0x0, 0x5d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009b6cec20ca08602058c60102030109024b0001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000f18b3d106d04b2085980010203010902120001000020060904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xce, 0xf8, 0xbd, 0x8, 0xe41, 0x4142, 0xbc76, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x6a, 0x2f, 0xf6, 0x0, [], [{{0x9, 0x5, 0x1, 0x8, 0x200, 0xb, 0x8, 0x64}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x50, 0xda, 0x14, 0x20, 0x461, 0xa00, 0xa43, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xd7, 0x0, 0x0, 0x8f, 0x63, 0xed}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000001e40)={0x44, &(0x7f0000000bc0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000100)=ANY=[], 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x80000)
ioctl$EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f0000000140)=0xffffffff)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000001000)={0x1c, &(0x7f0000000f40)={0x40, 0x9, 0x5, "b9fa0471f5"}, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000840)={0x2c, &(0x7f0000000b40)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r4 = syz_usb_connect$hid(0xc, 0x36, &(0x7f0000000300)=ANY=[], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000040)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00017c"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000001400)={0x1c, &(0x7f0000001280)={0x20, 0x10, 0x2, "f558"}, 0x0, 0x0})
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000004c0)={0x0, 0x0, 0x2, "b07b"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x2, "b54d"}, 0x0, 0x0})
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000440)={0x24, &(0x7f0000000300)={0x20, 0x24, 0x85, {0x85, 0x22, "05fdcdcb4f25a37afab9d482a2b70fec7e5a0e3207c8619a475e4adddd50d24d9065dafed1073a006f4c9383479e8391d5daa0bd89c05c0dd4c502848d19e9f9eeda344eaed7b02e320e8c722959c6a980a7dbfa22032774b6d3468db5ea6872a8f736893363bcbe1dbb54b3de09694e6bd4628ffcc045e7a9b35e2277998f8f7d2675"}}, &(0x7f0000000200)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2c40}}, &(0x7f0000000240)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x1ba99dfcdba8f83c, "1d0f0350"}]}}, &(0x7f00000003c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x40, 0x0, 0x1, {0x22, 0x5f}}}}, &(0x7f0000000680)={0x2c, &(0x7f0000000480)={0x40, 0x16, 0x10, "413d8043e08151f684229e94e378fa0e"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0xf9}, &(0x7f0000000540)={0x20, 0x1, 0xd2, "49b81121264f290ea51dff1fb6283f23186d08e8eafa19678f48c571c51572f1a287a77752a776c407227b5229d034bdf6d59d64ab434e24e3cd846957ae8115537ddbb062706a32d1fbc05435a15fb8ea5710742ca7385e0a40848b78edc5011a6edaa13a6dc9e841c80d8058d0b99f9def84901658b945e34d884a826846ea485e1ae62b50b2121e0c2a2a6d9e37f81d2aafa8ef993912f8e47c2d9c22d67f3c7e89561cff04450ac054e5d1b810cbe88ff3410d191b4a78e27724988223733158b16ddee8d212bd346c026bbffef1cc5d"}, &(0x7f0000000640)={0x20, 0x3, 0x1, 0x1}})
syz_usb_connect$uac1(0x2, 0x71, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001000000206b1d010140000102030109025f0003010940020904000000010100000a2401041b000902010209040100000102000009040101010102000009050109200004060907250101010001090402000001020000090402010801020000090582090004"], 0x0)
executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3ff, 0x8a182)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/60)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x5, 0x200000)
r2 = syz_usb_connect$printer(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xc, 0x90, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x2, 0x8f, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x0, 0x1, 0xb}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x9, 0x81, 0x40}}]}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0x6, 0x0, 0x3, 0x10, 0x5}, 0x16, &(0x7f0000000140)={0x5, 0xf, 0x16, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x6, 0x0, 0xe, 0xb0}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0xa1, 0xa5, 0x50}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x100c}}, {0x14, &(0x7f00000001c0)=@string={0x14, 0x3, "046838f1511364d4ded6b725c8b64a1812b9"}}, {0xf1, &(0x7f0000000200)=@string={0xf1, 0x3, "ebf59e354cc5ce2b9b4c0740acfc9d64dbd40769d8b09e00c9499c5ab86ba363f7dcf68c6a51de4b3ed81fc3dc73acafad67362967a0afa8a910815f4c15e8179ef32eeb8b2e840859e635198074e0400998ac4243ab45bfcd0e78d899d4af4b4d7be1fdeb205ef2ff8377d53bdb38a5441b5f3544a46d88dfd82c0a72f7cf166d504e66924d40b3f66f96a775c3e7f80fc7d6dfd30ff16ecdd0986e3085439699fe813218f0c0902a214f9853e61a46d68ecdd9675c8e957f3e3a637f1cb9d504b297475ea4eef2a6f73872d26b5dae29cea15436b75cfd4f7c61758078fcee96e3ebcab2a117d0c0e138e8d0c1c4"}}]})
syz_usb_control_io$printer(r2, &(0x7f0000000500)={0x14, &(0x7f0000000340)={0x40, 0xa, 0x8c, {0x8c, 0x31, "c91a9dbe2759c71a6613c4f3662a0c10eb115c5bd1107d38f36477e27d8e00b9fb151c25c1df14309549837053532375a199e15c17475f6857b2c630fb195d61dd20144e88ff55984e8099f6dc8282539f997cfff5152f45cfd60c707a50812c5cde1f6869171f7a61ab66a2c305849852b4efbf59c513b3fd074ea1ba021218e7c6afa81b9291f4b075"}}, &(0x7f0000000400)={0x0, 0x3, 0xe0, @string={0xe0, 0x3, "b90a008f05d0e1ad7cab6a6b75051b4a6a68010f00bc283dc2d8d381d247d6903afa46ddd8d35e26992bb61262da21efd1dc974e61cd5cc3bf33b82b462ab447b9d175f0e33a4e4acafa8910cddde89dc1ba932765892ec7441233999101969ecbd63060c6e5b4f7cfa5340c6f8e9b217aef52a020057391e3bb48a580fe09bf7d34a3ccc803e08a2e8bd4a0e88f62f295cc01b6941340985400f758ad2aa1ccfc85322948f26a65707cbcc184538e7d4ae4be7ac790882f416cc0eab8810e7e3240b4d83a173e4a6daa0726d0fcbc6d77f1d5e541ce20b07c4d1083080e"}}}, &(0x7f0000000780)={0x34, &(0x7f0000000540)={0x20, 0x14, 0x22, "63d24527fc608fde1e419da504ecd2c1e4c14e6ab0794e112d5057c33ca1750fc1a2"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000600)={0x20, 0x0, 0xd4, {0xd2, "eae0554625e317ab45ba467cf54c3ab06d568293230c1cf831fd36c55daa1100f1ed9b7f660b3012dcf2ce553b9ceb3d2b22164021980837083e23ee45b961a2fed4b5d6f764979a663756f8fb98dc80641fd4982f9c4d0848518675de181e3e87f289d571b047c9b9fdae9bf3d01d1ec7c239d40d71147b0270b7f6878266fea70c453d8bc13620386df0119015b57677d1a91937b0e74fe5ca5fc32a47a8658d8249246cd96a8e91d72936e1c4efa71f3d5e4dc9474ddd72ff94de59b0816ffb8cfb08cc59894e31b7524b59a4e0c5f201"}}, &(0x7f0000000700)={0x20, 0x1, 0x1}, &(0x7f0000000740)={0x20, 0x0, 0x1, 0x6}})
r3 = syz_open_dev$hiddev(&(0x7f00000007c0), 0x6, 0x309800)
ioctl$HIDIOCGFIELDINFO(r3, 0xc038480a, &(0x7f0000000800)={0x3, 0x200, 0x1, 0xb, 0x7, 0x1, 0x2, 0x5, 0xa557, 0x40, 0x5, 0x6, 0x5, 0x95af})
syz_usb_control_io(r2, &(0x7f0000000b40)={0x2c, &(0x7f0000000840)={0x40, 0x22, 0xe6, {0xe6, 0x8, "2ae01cafad0f09ce30a1621479a64e48962b8759725a26894965f276818ddee7055f3dbe01c0820c76cb84f4e3fe46545d86c29cb855a3484f08796748e40ee04816cb7e5692cf7bb5d41c1e6a9f5c2c0baf964bbb1a9c0d94281e471ecafdea19a675e01f0ce48522578aeeee9d985a3fe244f8eb9f5a9b38721da2640b1e5a9398dde2158b173374208045a3b3815d7438cbbeb83e7a1c885273ed5ade0c41739d77f49a1a069148df025a92ebe075c4a6c3a183356c1beec743445d2ca64779071b19b3cf0f145b7399595866bb54df4d5531c7364b1b9521ef16a028e75fff3113ba"}}, &(0x7f0000000940)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2801}}, &(0x7f0000000980)={0x0, 0xf, 0x127, {0x5, 0xf, 0x127, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x48, 0xa1, 0x2, 0x1, 0x81}, @ssp_cap={0x10, 0x10, 0xa, 0x9, 0x1, 0x6, 0xf, 0x3b2a, [0xc0]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "0b4a805bec4796e1bb95ddba98513224"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "29999c415c6eb10d03a85df1901be726"}, @generic={0xdf, 0x10, 0x3, "d55762f25490df79ec895d6c68a273e32c2e9dc87aafd4b992add355890055d113091c36da14f26e405ef7a00d5d347cc1f769a5b27d1e0fee4c61029f7d2d223bc6b0c0b6a12be9b47231564d4a9c768dd5da0a26eb742ea67cf90efb2715310eef5e52dc8596f633f1b636b42a82aa41129902f6f6602c8e15d6523f24d4e50d74fc9be22ec34abfb581c0164b24ce01713eac37238d4617a52780cf65cedcea74de43bd97a58e215b344897add897d80c10dc6c8f31fada9feb625a67097fab6c0eeb7ac855b71d1c0e5a268121beab62f0e32cc4b32d53c76353"}]}}, &(0x7f0000000ac0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x60, 0x6, 0x0, "6342e4c2", 'EHJP'}}, &(0x7f0000000b00)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x4, 0x91, 0x10, 0x8, 0x7}}}, &(0x7f0000000fc0)={0x84, &(0x7f0000000b80)={0x20, 0xf, 0x4c, "49a4d98c71641be8f53a840bdc4d33dcd9e951de16d3440fa929bf84971d1c3c8bc24b5a0dcf8bb38b44902952506332d0becd17c3c9a8bf46b411ea74e4ad56c34ea42b91c25dfadf2a8e11"}, &(0x7f0000000c00)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0xc}, &(0x7f0000000c80)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000000cc0)={0x20, 0x0, 0x8, {0x120, 0x8, [0xf00]}}, &(0x7f0000000d00)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000d40)={0x40, 0x9, 0x1, 0x71}, &(0x7f0000000d80)={0x40, 0xb, 0x2, "1f95"}, &(0x7f0000000dc0)={0x40, 0xf, 0x2, 0x1}, &(0x7f0000000e00)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}}, &(0x7f0000000e40)={0x40, 0x17, 0x6, @random="98a5839ea09b"}, &(0x7f0000000e80)={0x40, 0x19, 0x2, '\'U'}, &(0x7f0000000ec0)={0x40, 0x1a, 0x2, 0x2}, &(0x7f0000000f00)={0x40, 0x1c, 0x1}, &(0x7f0000000f40)={0x40, 0x1e, 0x1, 0xc}, &(0x7f0000000f80)={0x40, 0x21, 0x1, 0x6}})
r4 = syz_open_dev$evdev(&(0x7f0000001080), 0x4, 0x100)
ioctl$EVIOCGMASK(r4, 0x80104592, &(0x7f0000001100)={0x17, 0x27, &(0x7f00000010c0)="55a27170fdffec47375b6f4188064c4af8e0d2c9c9ee9bfa66fe154a67285a554c1a4e0eb9352f"})
r5 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001140)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x38, &(0x7f00000011c0)={[{0x32, 0x4e00, "1db6d6a954f66019ad4c62606a2d78ceed96baf2d615fced6be03e787c79d961e440fee50227d658c0626bd75068208885b2"}]})
ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f0000001200)=""/185)
ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f00000012c0)=0x80)
r6 = syz_open_dev$hiddev(&(0x7f0000001300), 0x1, 0x4000)
ioctl$HIDIOCGUSAGE(r6, 0xc018480b, &(0x7f0000001340)={0x3, 0x200, 0x8, 0xc6, 0xc, 0x6})
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000001440)={0x14, &(0x7f0000001380)={0x40, 0x7, 0x6c, {0x6c, 0x21, "fd7da99a4822869195627aec18e70a837bb6d5a716f72b02caa55429060ce6ccbf7b707181bcabf01b690dd7c100b1275ea414a771790190752bdf7e262bb2439d2f8badeb41fa3d4ac970b0a85c779b1f9dbb8e844e9a6dc85075f982cb10a9f8641c6b9da0fac69941"}}, &(0x7f0000001400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x21c}}}, &(0x7f0000001700)={0x44, &(0x7f0000001480)={0x0, 0xd, 0xb1, "a2164dc2a5a0c1c4ad10eba6ff7cafb92daa6fec2a2ea70062ca247d54cc8bed2c65d3e5be02e099fd0507ac1a62fe46c7b9e378af977f27d630b7cccc84ea674dfb69f129363661830552b6b303c1582a43ca9799951a12ba3dc6de8fa131e823e51936f471921cc59ee02bd2b378b8ccfaac12c918cac21175f4b1524c0d941fb486cc0bf9ee638133e828fc317140d8c4535085a34335c41ab65c7cc72919b72abdc0bdb85f0d3c0abd6c2eeff713ef"}, &(0x7f0000001540)={0x0, 0xa, 0x1, 0x68}, &(0x7f0000001580)={0x0, 0x8, 0x1, 0xa}, &(0x7f00000015c0)={0x20, 0x81, 0x1, "04"}, &(0x7f0000001600)={0x20, 0x82, 0x1, 'Y'}, &(0x7f0000001640)={0x20, 0x83, 0x1, "11"}, &(0x7f0000001680)={0x20, 0x84, 0x1, 'H'}, &(0x7f00000016c0)={0x20, 0x85, 0x3, "d9f323"}})
syz_open_dev$char_usb(0xc, 0xb4, 0x360)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001880)={0x24, &(0x7f0000001780)={0x0, 0x24, 0x1d, {0x1d, 0xe, "468cce140588c5b1214e90e2df407760f7626711b45af6f4b920b4"}}, &(0x7f00000017c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x861}}, &(0x7f0000001800)={0x0, 0x22, 0x20, {[@global=@item_4={0x3, 0x1, 0x1, "53eb5f0e"}, @main=@item_4={0x3, 0x0, 0x8, "acf6d850"}, @local=@item_012={0x2, 0x2, 0x5, "99d4"}, @global=@item_4={0x3, 0x1, 0x4, "b65cc73f"}, @global=@item_4={0x3, 0x1, 0x6, '\"<jA'}, @global=@item_012={0x1, 0x1, 0xa, 'P'}, @global=@item_4={0x3, 0x1, 0x9, "6eb9d0a5"}, @global=@item_012={0x1, 0x1, 0x5, "b5"}]}}, &(0x7f0000001840)={0x0, 0x21, 0x9, {0x9, 0x21, 0x3, 0xc, 0x1, {0x22, 0x51c}}}}, &(0x7f0000001b80)={0x2c, &(0x7f00000018c0)={0x20, 0x11, 0xdb, "d93a662b53d05b0fbca5b1b1651c0f82621d31725cfc77b2d05d2fef5098c2d00f107a7f6aff860d755d81eabbec30880f086e52f16beb30814b54e03ca81f203287102633fc0cf20ad80640f0ff932170679f790e2eb8ff2c61d45d4a8592ff2680c37cb806cfa57ab4a430487a43257d6f020ee2a4624eff2366a4617d2b9fc1d83264c1dae73744762fb0839e7e734c507b7a16408a8f4321c0cf36334981d9eec551c0ca4ca4bd1f8166ef28ef87ff9fcea2a65bfd8803e034b80a4347e2e60accac576bde41c0ce3cf79afd6abae5ed2041bb85460ed78e87"}, &(0x7f00000019c0)={0x0, 0xa, 0x1, 0xa}, &(0x7f0000001a00)={0x0, 0x8, 0x1, 0xfe}, &(0x7f0000001a40)={0x20, 0x1, 0xc5, "1e5a714291beb1179ed4247a01e7363f47d9a9f69b9a82f058a0bb3605ec2dfe243f1994bffd207f614841ee2b824492dc38cf883b2e17de8525154275e1d223a0a2e5cf642fc4014b76f87571f6916a12b71da1c9e7cdc2a2770e2f6645660b3cb86f4839eab2cee6f0b56bff47e3c3ac1fef8a355fb3c384366d0290e44d90496eae980fb5fca78110fdc60ed48bf8427d8bcdea34184b7382904a27f24727b9fe34fcda40f43846b11a1be95b60225dd84f6aa153dded8724508255c9aa46b00efb2430"}, &(0x7f0000001b40)={0x20, 0x3, 0x1, 0x6}})
ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000001bc0)=0x7)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000001c00)={{0x12, 0x1, 0x341, 0x0, 0x0, 0x0, 0xff, 0x56a, 0x33b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x10, 0x80, 0xb3, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x0, 0x9, {0x9, 0x21, 0x2, 0xf7, 0x1, {0x22, 0xe55}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x81, 0xd}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0xf, 0x1, 0x72}}]}}}]}}]}}, &(0x7f0000001d40)={0xa, &(0x7f0000001c40)={0xa, 0x6, 0x201, 0xf0, 0x1, 0x2, 0x8, 0x2}, 0x3a, &(0x7f0000001c80)={0x5, 0xf, 0x3a, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x6, 0x7, 0x1}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x0, 0x26, 0x3}, @ssp_cap={0x24, 0x10, 0xa, 0x8, 0x6, 0x50efb0f, 0xf000, 0xffff, [0xffc000, 0x30, 0xff0000, 0x1800f, 0x0, 0x3f00]}]}, 0x2, [{0x4, &(0x7f0000001cc0)=@lang_id={0x4, 0x3, 0xc01}}, {0x4, &(0x7f0000001d00)=@lang_id={0x4, 0x3, 0x1004}}]})
syz_usb_ep_write(r2, 0x86, 0x3d, &(0x7f0000001d80)="1282696b087ddb69dd530dc98a48c371ef1737d28554bf515eec91e5855c2f7d3322f5e4d0a4d5060d1dc86e6f8e6d099d5d60f8d388b228da3282751c")
r7 = syz_open_dev$hiddev(&(0x7f0000001dc0), 0x7ff, 0x480)
read$hiddev(r7, &(0x7f0000001e00)=""/40, 0x28)
ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000001e40)=0xfffffff5)
syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000001e80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x291, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x2, 0x10, 0x52, [{{0x9, 0x4, 0x0, 0x7f, 0x1, 0x3, 0x1, 0x0, 0x9, {0x9, 0x21, 0x4, 0x1, 0x1, {0x22, 0x85d}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x6, 0x6, 0xcb}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x74, 0x2, 0x4}}]}}}]}}]}}, &(0x7f00000024c0)={0xa, &(0x7f0000001ec0)={0xa, 0x6, 0x300, 0xb8, 0x7, 0x8, 0x8, 0x8}, 0xaa, &(0x7f0000001f00)={0x5, 0xf, 0xaa, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x14, 0x57, 0x2, 0x51f2}, @generic={0x94, 0x10, 0xa, "f43508265c27112f2e41129c2e1d7ebc2c2239c8170a35bc580c686833903aa302fca90ff13546b59e9de0596aa7e48f58a8499840586e2d277ef4d7ca9d4937243a038d78827c198ae106d4b2a1a7a3436fb113756697d845ddac01806e7e5394f56c0e6461b5c9de790ff3fb23edf06d0a19f88ff6bd2b7802e9ec05adb8e3120aaecb89a4f7663d578f185dcf546520"}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x3, 0x8}]}, 0x6, [{0xcc, &(0x7f0000001fc0)=@string={0xcc, 0x3, "b51bc7da19de5ceb550c71de3942c3023faf774da9d446de2f186c19724f77f9ba5e72f032222c6d7825bd20bbbf6f9e36c6cdc39462e553e3ae846158c8009e644ac99c8a9134863a466939dd201dd10006e24454abccf989104d2e43cbe3725fd543fc58c318a319e1c402bd80ac2e9e270e755e6d4f94ba6cb6f4fe8bb706487bea9cfc4321dd668663feffd0fe610ecf70a17a6ae417faa785d13ef38957fc28f9bf8219dbf94010aa41f1eca8f8eba43113997b2bf6988b45f8dcb3d1e9c7529a96be00a64f77a7"}}, {0x78, &(0x7f00000020c0)=@string={0x78, 0x3, "238c190a3f008bbffec3598db7599c2cefa6de5d33f9569267a7e21ad04716dd8b37c0445125973aa24449f1e2e3da47cc9b8b6ae7d659a811f2594525f2338ce5e033aa309014af59ed69dbf382546c44c7cdc9cf4a30e3821e5070bd502b9c90e47801dfc8e66b9d7ef453dda6c01192277a7b2ef5"}}, {0x4a, &(0x7f0000002140)=@string={0x4a, 0x3, "cc5b02f476fef41ad4e9b191743b5d422724f229011937b834e3076202c6001e98357d07329ebf5c17cad7a44a43a2675bb6863f764e7f7d914a66e50ef0f777d0540744ff87845b"}}, {0xec, &(0x7f00000021c0)=@string={0xec, 0x3, "70c1ff6215a3fa64ff35d73e7f72a25c47bcce5f2eaa7d72066f7e569384774fe4209c38bc71202dba951ac1afcfc69d65beaf967bb535bf3951fae3d539c1fd4f5f68dcb32d367c247cf6c1efce5834089704b1fce4811b20c6717ba66b1e9095f4206497ead2f8e45fea61ecf56906ebb5b9b088ba29b7f4cd1cfae83a6a4e141f56bbfaeed1ad9bd8dc569821fd1ec9527c5f991efb575631cd7a82b25d3b914ea8f567238d832ba841485545e97a70b1e018e9ce3d855e9dee1df063c53250eb064474670a362b19bbf4eec80d7cc947ce216066b52c41c9af06deb84e4131de6c370b84f500edfc"}}, {0xe0, &(0x7f00000022c0)=@string={0xe0, 0x3, "12c26860881675f6ddad144d4026ad4c39f29f7cd9281d07e364d24df7826d7cbf7db72a393f36c0cc6506171b932b3e9be65809fca3f98defd2dcb27baf579d1b68c6e49ff53c1d4fcbe2a48f201d1f5b58d275a494066c3b08b53b97df185b9e63d5c267dc832b988af4ed983b59b36f2fb01cd5f0f06ed91849bf31fec04717d1a69f61568392cbe38991fdfb67215f9e77fbb18d3c8b127e4768b2b9e9e1bac5bc8ccd53d932f439b5e31c5723e0fce122df34b9354beafd348e0174d945c5e37369783c7e0018bbeced936eed7f8bbebaa2c3fcc3160921ea08d6f4"}}, {0xe5, &(0x7f00000023c0)=@string={0xe5, 0x3, "302b37a7f3ef165ec3ec84027767693323c1a4b5d3faf40f927f500f9bd15f824f2988372185e465fe12153159a191b6bc3d2fd6868805278f7c3574809507b16bd8db1c9306d77ea637a813e1b71cc0de4f2b6937da031d3bfb23f62e049b05f03f7aaa2c2caf2ef47d5253a1e0bdd0219a2635b26ccf4874eef6062c0f53cfa2c9abd906f4bf63ac17df175ccc606338d80ad7e82acd62336d0addb6fa2cfd104a806d627448979f53b5750f2b376edf5bd276b14d60fd4b40cdc205861e4e0d7766c2fbc563792a3dec7ae630192e9940fb8a5557713076d2ebb058e993e6d4dc19"}}]})
syz_usb_connect(0x2, 0x45d, &(0x7f0000002540)={{0x12, 0x1, 0x201, 0x9f, 0xea, 0xb9, 0x40, 0x3f0, 0x9d1d, 0xdbb2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44b, 0x1, 0x7, 0x6, 0x80, 0xfc, [{{0x9, 0x4, 0x1, 0x6, 0x10, 0xeb, 0x67, 0x99, 0x3, [@cdc_ncm={{0x9, 0x24, 0x6, 0x0, 0x1, "0c292bc1"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x401, 0x8, 0xd3}, {0x6, 0x24, 0x1a, 0x1}, [@acm={0x4}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xe, 0x24, 0x7, 0x40, 0x2, [0x5, 0x0, 0x8000, 0x6]}, @acm={0x4, 0x24, 0x2, 0xc}, @acm={0x4}, @mbim={0xc, 0x24, 0x1b, 0x5a7d, 0x9f6, 0xfe, 0xb, 0x7, 0x3}]}], [{{0x9, 0x5, 0xc, 0x1, 0x200, 0xe, 0x0, 0x6, [@generic={0x8f, 0x24, "5d5893f2a17ed3fd047a9f100a5647194a06dc9675c32623e04b5ec8b22c9e1f8899afbbc4cc87156ab470a0aef6b3aa3b8259652e83f4da596e09a24941a93793e13d2af7660938f9523ff09fdaf2185ddc8349b8034cfd8e44ab0f0d7fed7e0263991a4df22b890a5ebac3feee77732ea08980b4354d2e75391bb91c41d68a6a84f535cb6822757ed02eca39"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x4}]}}, {{0x9, 0x5, 0x0, 0x0, 0x10, 0xdc, 0x64, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0xfe, 0x100}]}}, {{0x9, 0x5, 0x6, 0x1, 0x400, 0x3, 0x6, 0x7, [@generic={0xca, 0x4, "718afb712dfb5d9e7b85c7bd6827b6ef22b21479ad3eb4a14cac51f1427eccd28fe2984c86aafa3c322efc5d0154c4562406dfe2a961b538a534423b57b94a6f0c473055e1efb591b962cf9c727c7ddc19c122328c75c3444359a36ebfbb7efabdd8d612e83875348843973a790eef2f9158522d327889e2c3ac33a61b86f541f43541cce2ef20b3f1e32d4cbcb51fdb97610bc946dfdb5235dcc49e5cd43e8c7ab8b8d7df71de8d2501b2064b124a6422747a629f58ea7fdbee3222b62e7b4b901b8e4b69e9ab66"}, @generic={0x6, 0x23, "44bad111"}]}}, {{0x9, 0x5, 0x5, 0xc, 0x8, 0x7, 0x4, 0xf7, [@generic={0x3, 0x23, 'P'}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x7}]}}, {{0x9, 0x5, 0x9, 0x0, 0x400, 0x1, 0x1, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0xfc}]}}, {{0x9, 0x5, 0x6, 0x8, 0x0, 0xcb, 0x8, 0x3}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x3, 0x8, 0x80}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x1, 0x7}}, {{0x9, 0x5, 0x7, 0x10, 0x3ff, 0x8, 0x10, 0xf5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3}]}}, {{0x9, 0x5, 0xa, 0x16, 0x400, 0x0, 0x1, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xf, 0x4}, @generic={0x36, 0x23, "c798a25fed26f9de12960a129666eeb662022c691e232ff7f6bbaf849bc793d17945bcdc04c7e5b5ea4098850177153367973257"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x20, 0x4, 0x6, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xe, 0x81}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7}]}}, {{0x9, 0x5, 0x0, 0x10, 0x200, 0x2, 0xf8, 0xb9, [@generic={0xc4, 0x23, "b080f234b23ef364e868026152a5f8b5b6a70218b19cbc6d57c846e3df295ee2e0022cfa34ce5374afa96014192896cb8b4b59c9f127225db62a614fcf816352fc5038062e010e370069b42f2d1ec8dabf40fc7ec2c70297f54c3fbed5c5eaf8e5f535fe54816ab372cca39a6dbc0cc95bf1f7734a75f6539b3c036f32dbc43ae889a617b5354e6c5a6f69317c3a5d4262b3c552c22d48db01dea84b8bc445a9bb3f92c82ebea311d0b1021c8731262e3e2e3db3fe76060d1cab6878fa2abed40654"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x3}]}}, {{0x9, 0x5, 0xf, 0x1, 0x0, 0x7, 0x2, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0xc0, 0x6, 0x3}, @generic={0x14, 0x23, "613dc36b9d6abc87f276e8e810cfd5354354"}]}}, {{0x9, 0x5, 0x2, 0x4, 0x10, 0xff, 0x2, 0xc0, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0xfff7}, @generic={0x90, 0xe, "87b327b81701d9255583fefed9333ff4078f51a19d8999105934a3a857a62f86410c10d97ffc222cca825b008ca9e352b55e44736b170a5eea4e37dd36938dda2f927250fdd29f6dcb4054c4c903fa4ad01282b64f5961d01d9038c98f15b39143bd952de5a0b52ae025314ba35e33aaaf599b99263d8a9bf59c3279d2ddae237fba6ba04da919d5e0a2f628b0f1"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x7, 0x1, 0x4d}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x9, 0xb9, 0x5}}]}}]}}]}}, &(0x7f0000002b00)={0xa, &(0x7f00000029c0)={0xa, 0x6, 0x300, 0x5, 0x6, 0x1e, 0x10, 0x6}, 0x5, &(0x7f0000002a00)={0x5, 0xf, 0x5}, 0x3, [{0xb, &(0x7f0000002a40)=@string={0xb, 0x3, "980c94fb839a0b164c"}}, {0x4, &(0x7f0000002a80)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f0000002ac0)=@lang_id={0x4, 0x3, 0x44f}}]})
r8 = syz_open_dev$hidraw(&(0x7f0000002b40), 0x81, 0x2)
read$hidraw(r8, &(0x7f0000002b80)=""/125, 0x7d)
syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x10, &(0x7f0000002c80)=@ready={0x0, 0x0, 0x8, "ebb8eb0c", {0x1, 0x0, 0xa77, 0x3, 0x7}})
executing program 2:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x45, 0x34, 0x73, 0x10, 0xfde, 0xca05, 0xb5f3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x6c, 0x83}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x0, 0x0, 0x1, '\"'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000040)={0x34, &(0x7f00000002c0)={0x0, 0x0, 0x3, "00f2ff"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ecm(0x5, 0x90, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7e, 0x1, 0x1, 0xe, 0x10, 0x8, [{{0x9, 0x4, 0x0, 0x40, 0x2, 0x2, 0x6, 0x0, 0x81, {{0x5}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x1ff, 0x7fff, 0xe}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0xfe}, @mbim={0xc, 0x24, 0x1b, 0x4, 0x3ff, 0xb, 0x7, 0x1, 0x40}, @dmm={0x7, 0x24, 0x14, 0x7, 0x9}, @obex={0x5, 0x24, 0x15, 0x8}, @mdlm={0x15, 0x24, 0x12, 0x7ff}, @mbim_extended={0x8, 0x24, 0x1c, 0x4cf, 0x6, 0x65a}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x50, 0x40, 0x8, 0x30}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x19, 0x65, 0xa6}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xb1, 0x5, 0x5}}}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x5, 0x4, 0x8, 0x10, 0x1e}, 0x103, &(0x7f0000000100)={0x5, 0xf, 0x103, 0x6, [@wireless={0xb, 0x10, 0x1, 0x0, 0x8, 0x9, 0x9, 0xa52e, 0x3}, @ssp_cap={0x18, 0x10, 0xa, 0x7f, 0x3, 0x400, 0xf00, 0x81, [0x17, 0xff0030, 0x0]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x34, 0x7, 0x7, 0xa, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x23, 0xf3, 0x1ff}, @wireless={0xb, 0x10, 0x1, 0xc, 0x40, 0xfb, 0x8, 0x0, 0xc}, @generic={0xbb, 0x10, 0x0, "83ebcb025e2cd9d4cd2103c7c84d76dcf00d5fdb4e18bff5d28c4a8f570092d4ec91d2c3a4ea2de17563d0decb6f9aab1b52991077bfe56735c63985987b03f4a685e77b0dcfe2c24f916a949b277c92d433397745d095a61c2d00df555ad7d0af17f0d42548050f76248cea6a4a900988bb078164c66a99ceb563c3953a6fc66b8174302e457e37ad386b94a87dc9c6df2aa60bd06f0cc9db7c0babb280a956649a7fc37d3f4a98fee2eb31dcf92d428ae122d63446f0ed"}]}, 0x1, [{0xbb, &(0x7f0000000240)=@string={0xbb, 0x3, "88d340ebeef493c01b7b68d51e8d5c0caaf0d2f33c3bf211c2b1dafef49f1ed9061550a0a734ed30a5215f33dcc0b3fdc7ce85195350dd76a9aa1366db00185cdbd62ff9e19c7345c630e2ecf488d882cbbdad3126d77647da8bd0a02b917cb491cda50cd487832b1247a59d35a9f348380973b04a7d672dee395621848e21853d718daf70adf2eef3b4720163dc54408948e85b23cbca9b1f0e283d7e7da41b1ad4955d27f215c70c607716e37fbdd2241301841eb2496223"}}]})
executing program 3:
syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x18, 0x4e, 0x91, 0x20, 0x7cf, 0x1001, 0x8dfa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0xb6, 0x8, 0x0, 0x62, 0x56, 0x1, 0x0, [@uac_control]}}]}}]}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)={0x0, 0x0, 0x4, "c9103683"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x862b01)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
executing program 4:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb7, 0x53, 0xb5, 0x8, 0x46d, 0x896, 0x3a11, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xc0, 0xda, 0xfa}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000840), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0x77, 0xc, 0x40, 0x9c0, 0x203, 0xd332, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfa, 0x10, 0xc9}}]}}]}}, 0x0) (async)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000600)={0xfffffffffffffff1, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r3 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
syz_usb_ep_write(r3, 0x81, 0x8, &(0x7f0000000080)='\x00\x00\x00\x00\x00\x00\x00\x00')
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000280)={0x0, 0x16, 0x6, "09d4dcf847ab"}, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000300)={0x0, 0x0, 0x1, ')'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0) (async)
syz_usb_control_io$hid(r4, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r4, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)={0x0, 0x1, 0x6, "cc17fc47a9ae"}, 0x0, 0x0}) (async, rerun: 64)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) (async, rerun: 64)
syz_usb_control_io$printer(r4, 0x0, 0x0) (async, rerun: 64)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) (rerun: 64)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) (rerun: 32)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r4, 0x0, 0x0) (async)
syz_usb_control_io(r4, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$printer(r4, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$hid(r4, 0x0, 0x0)
executing program 0:
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x1d, 0x6, 0xe1, 0x10, 0x18d1, 0x1eaf, 0xa243, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x30, 0xaa}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000003e40)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c000201000000090400000102060000052406000105240000000d240f0100000000000000000006241a000000090581030000000000090401"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000280)={0x0, 0xd, 0x1, "94"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 3:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x9, "0100"}, @main=@item_4={0x3, 0x0, 0x0, "603e0400"}, @local=@item_012={0x2, 0x2, 0x2, "90a0"}, @global=@item_4={0x3, 0x1, 0x2}, @main=@item_4={0x3, 0x0, 0xb, "813e2503"}, @main=@item_4={0x3, 0x0, 0x8, "de4e06d8"}, @local=@item_4={0x3, 0x2, 0x3, "5d8c3dda"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f00000000c0), 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x88, 0xe, 0xb6, 0x10, 0xb05, 0x173f, 0x9d6b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd0, 0x92, 0x34}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000740)={0x44, &(0x7f00000004c0)={0x40, 0x12, 0x4, "b00b07eb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1f, 0xb7, 0x32, 0x8, 0x4b4, 0x931c, 0xcfa3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x2, [{{0x9, 0x4, 0x2f, 0x0, 0x0, 0xe, 0x65, 0xf2, 0x0, [@uac_control={{0xa, 0x24, 0x1, 0x8000, 0x7}}]}}]}}]}}, 0x0)
executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xcc, 0x71, 0xba, 0x8, 0x2955, 0x1003, 0x4d15, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0xe0, 0x0, [{{0x9, 0x4, 0xfd, 0x0, 0x1, 0xea, 0xe7, 0x78, 0x0, [], [{{0x9, 0x5, 0x3, 0x427fa8ab8e11bcaa, 0x0, 0x2, 0x28, 0x3}}]}}]}}]}}, 0x0)
syz_usb_disconnect(r0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_connect(0x0, 0x25e, &(0x7f0000000080)={{0x12, 0x1, 0x300, 0x48, 0x69, 0xd4, 0xff, 0x2770, 0x905c, 0xcf6, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24c, 0x2, 0x7f, 0x15, 0x30, 0x9, [{{0x9, 0x4, 0x74, 0x3, 0x1, 0xbc, 0x55, 0x76, 0xf7, [@generic={0xd0, 0xb, "a4588a311ab8c220029fa9df240c1075d61f4a58311eb6d862b357b1d97e284fbfe8371e7a1f01bbfff2c768ee06fb2ddfc2405eb0366781f959082f328128f145b6c8b0f9f467d4d82a922175d6a05ab2839addc8d20aeea3843ea4e9fdc98445e094238fec5d8f7474510d3eb1aff0d8cb12b13ee4caddc689d5f2a2f028e916a3cb1d1920c79471c82befff06eb4a99ae3d30d745065b6940a3364fab25eeec03ea863b29b802426a1804304029483c872bca175e67b13994a83d7c2320e74fd67713b1f70b9381d96cccea0f"}], [{{0x9, 0x5, 0x8, 0x3, 0x40, 0x3, 0x48}}]}}, {{0x9, 0x4, 0xf9, 0x80, 0x7, 0x37, 0xcb, 0x34, 0x1, [@uac_control={{0xa, 0x24, 0x1, 0x1000, 0x7}, [@output_terminal={0x9, 0x24, 0x3, 0x5, 0x306, 0x4, 0x6, 0x5}, @feature_unit={0x11, 0x24, 0x6, 0x3, 0x3, 0x5, [0x2, 0x4, 0x6, 0xc, 0x7], 0x8f}, @feature_unit={0x13, 0x24, 0x6, 0x6, 0x3, 0x6, [0x8, 0x1, 0x3, 0x9, 0x0, 0x3], 0x4}, @extension_unit={0xb, 0x24, 0x8, 0x2, 0x5, 0x8, "429a79fc"}, @mixer_unit={0xa, 0x24, 0x4, 0x2, 0x8, "b77c14d08b"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x202, 0x6, 0x4, 0x9, 0xff, 0x8}]}], [{{0x9, 0x5, 0x4, 0x0, 0x10, 0x7, 0x8, 0x6b, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0xc}]}}, {{0x9, 0x5, 0x4, 0x0, 0x20, 0x52, 0xb4, 0x2}}, {{0x9, 0x5, 0x1, 0x0, 0x20, 0x5, 0x5, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0xfa}]}}, {{0x9, 0x5, 0xf, 0x0, 0x3ff, 0xb0, 0x1, 0xcf, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7f, 0x7fff}]}}, {{0x9, 0x5, 0x3, 0x8, 0x400, 0x5, 0x7f, 0x7}}, {{0x9, 0x5, 0x8a, 0xc, 0x3ff, 0x4, 0xfc, 0xe}}, {{0x9, 0x5, 0x80, 0x0, 0x40, 0x1, 0xb, 0x4, [@generic={0x98, 0x24, "1a23340a81d3fdb05b6727fa0341370f0e468c6a7640ad8c49e02d19aeb85a236713909e66f44492f699be8decf9ddd6587e0e487608c14c44652d1a0ba3cb91af28cd6f4ac7152f1c6f62c7b86c161a938ad5af2f91cb75671893129c8dc5cb271f48837f3aedc2cc618857004733532e53c667736f689b0f2d44bc0efabdb895d1ee96c9e6fac3a5ff40847a7572f3e27be37d4cdd"}]}}]}}]}}]}}, &(0x7f0000000840)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0xe, 0x0, 0x8, 0x8, 0x2}, 0x29, &(0x7f0000000300)={0x5, 0xf, 0x29, 0x1, [@ssp_cap={0x24, 0x10, 0xa, 0x1, 0x6, 0x80, 0xf, 0xffff, [0xff00ff, 0x3f00, 0xc030, 0x18, 0xc000, 0xf]}]}, 0x9, [{0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x1409}}, {0x3f, &(0x7f0000000380)=@string={0x3f, 0x3, "872ec739fa9bc287c5845c9812bee469fa7524a32b47a3bcf7b98572c6641812a339fb178fdc573d5918c1d6cfe4bec3b06689c72c51e6469e3b955261"}}, {0xe7, &(0x7f00000003c0)=@string={0xe7, 0x3, "36a976da9fe785f2b694d7fbe2e821e09979b24001454f3809c1690a348317d905696b41a3bd02802a7cb8ba0d89ffa81cb2387e02bf08a21b93f3c98e51a42b2f438ce5594aff8dbbc56fccca7b19b6d6e7318c2866762f3e3665ad12b9ae233ca13464eff4b2fadf237dc924da9e85bc2c4e8f34773160ef9ab209bdc6affde97544c6ebd340c4ed631525c0cd349c58856fdc8eabfc044fa6b5d833807bb0689f8d4787519b60f0fb15b1e523193a5e322814b21a983429fd20167418058580cccd85c4753f2d083ada892f2c4de0268058bdb6cd746188eba56b17c6048173afc6add6"}}, {0x94, &(0x7f00000004c0)=@string={0x94, 0x3, "c3af55faf8d112b0bfa9008c47dbecbe872b4ce5bdb4a7c1d63b9773b0147c43dfab8ef4fee74090ccdeee2f85ebe6fb27cd95a1750dda764f0abf0f8dc640ca0eae70629d227dd0fa1b69702c4c483facd5296f50b71532cdcb08d86e3733e7095ae2216340b9f40fb404a1cd7fc8a9873c2e52d219fd0a3b60dfeecdea9ea6d174da5775bd1df95aca35dd8a7ce0dae722"}}, {0x3c, &(0x7f0000000580)=@string={0x3c, 0x3, "2e20300b18f47d3efbe21cdd791b2671df37a77a8f0b0bf9e7e2c1f47a7bd50dad34031dd34d11845fd7dd1cf5229c1f7b5701ba1e375be59acc"}}, {0xd0, &(0x7f00000005c0)=@string={0xd0, 0x3, "bb9654ba451ddb6e26cfbd35b59300f846adcc6acc9ef8b89cf8452efb478e72fad8402826c6f748e4aaf54d3c2fc89edee1172e2125bebb1558a708ed4d05a9fbe7ae9581149ab687c3b3d5f6b70aec44eef544c313abf34839c6806c1522c5203b2c8f66b4b4e183f9ba0c368f169ab105bef3c7b6c91238072e27c0139c99390cad5258c389ed2318246a98dad5da7e4283b311a614048a9595d03f1ba999e930cfae9b899384149fa46a2450336b93af4b3ca52e27d6ab08b106f8f1307a26883bfd87385db5f89994f4abc8"}}, {0x52, &(0x7f00000006c0)=@string={0x52, 0x3, "23ef13bb101132c5706d82a54a69fec490f17a1cc6d068b4ad3d0e3051bd3f395c6a94028b47ea0ce997cb185e3e54e046f56d19177f6264f1bdaa82369c09258832777ecb08d9d87afb6590e96e8a74"}}, {0xbd, &(0x7f0000000740)=@string={0xbd, 0x3, "1bb11d06fb30e3e7f86ab4ced323cb47ee998329cdb8e0303e6c289e80bc86afb62b098d2b068864dc23fc61af1949c4b4a8da28eefc3d8ab91174baba0341b42d23c3f6adbaf6494679f8e25dda153dcd2964d1d33b118a4977b39491e60aab0efbb68421b9e4ae4af9b5addea09e75abab437150558f7d9b547d1b26c2bb9148694024c53d02ea29b60ebdde20747a7f3c6c390c9a5d0de2e2ba0a4c33f468a1b9b721699514ad4b20a4a56eb485a6f5a46ebe64fc8024ae97fd"}}, {0x4, &(0x7f0000000800)=@lang_id={0x4, 0x3, 0x404}}]})
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x38, 0x8e, 0x19, 0x20, 0xabf, 0x3370, 0xc14b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6, 0x61, 0x3c, 0x0, [@uac_as]}}]}}]}}, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f0000000400)='a<')
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56e, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x2}}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000080)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00E'], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1223, 0x3f07, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0xc, 0x3}}}}}]}}]}}, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000340)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="400a45000000452274639c545d2ce997a7aea8853b0e0810beefa824c337939610aab1b0d2363bdd25b77c5bdfd51207b2908fceb485a8995d975a912501"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r4, &(0x7f0000000900)={0x14, 0xfffffffffffffffd, &(0x7f0000000840)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r4, 0x82, 0xc38, &(0x7f0000000080)=ANY=[])
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f07090000002a942183ec00f57083000000000b09007a"], 0x0}, 0x0)
executing program 2:
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc623, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xc0, 0x67, [{{0x9, 0x4, 0x0, 0xa, 0x1, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x3, 0x9, 0x1, {0x22, 0x7a0}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x2, 0x12, 0x1}}}}}]}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x5, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x42f}}, {0x0, 0x0}, {0x30, &(0x7f00000001c0)=@string={0x30, 0x3, "ad73f8dc33adab02b093bf9dbd81b58aaaf3ed63c3c3531b9f3a1e23d7dc0c5bf55a95ed3ddffa35b026f4b0c67e"}}, {0x0, 0x0}, {0x0, 0x0}]})
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f0000000000)={0x20, 0xd, 0x5a, {0x5a, 0x11, "991b147584d00b4f5df73410a5e95e4e38128d3ab8ac82a6e7518308266868b97565367931e2f08b508f86c1c716d0f65be9828d703ba9f713d702904412b4fa43af226806c60ae4d1941aea06efeed68c422bdd777b3e75"}}, &(0x7f0000000200)={0x0, 0x3, 0x3b, @string={0x3b, 0x3, "4d70eb6bed50f4832c6afc9f4bff676ea9c3f14ac32e0ce698421e25b59fc04786c6acb7d9a7386ae49f22eef68ff4bbc5806366417062619e"}}, &(0x7f00000000c0)={0x0, 0x22, 0x25, {[@local=@item_012={0x2, 0x2, 0x4, "e500"}, @local=@item_4={0x3, 0x2, 0x5, "0efefc7b"}, @local=@item_012={0x2, 0x2, 0x3, "1034"}, @local=@item_012={0x1, 0x2, 0x7, "d0"}, @local=@item_012={0x0, 0x2, 0x1}, @main=@item_4={0x3, 0x0, 0xb, "a653a11d"}, @main=@item_4={0x3, 0x0, 0xa, "f1a26d75"}, @local=@item_012={0x2, 0x2, 0xa, "ba2c"}, @main=@item_4={0x3, 0x0, 0x8, '3(oQ'}, @global=@item_4={0x3, 0x1, 0x0, "466300fc"}]}}, &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0x0, 0x7f, 0x1, {0x22, 0xbf1}}}}, &(0x7f00000005c0)={0x2c, &(0x7f00000002c0)={0x20, 0x18, 0xe4, "4eec711d0a397b103e2b63a0f250a5c6f1c16c5f9a4f34558e1c8890c599e9f4d7ed2698ff6d5eab33630c62182c022bb94ed86b10cc0f1b7746a39fad84b4236e4c09b2ceccea71ff554d65264d23a3317c036b87b7f7fbb62980b51d0d207a16d0161306f72c69f54029b392de7e6822bb187bd1a1b44ac21a8b21305d43c8f39d049bf0d9047a65de82b399f12153315d9ac4a91502de795959836a7da53e00dbd44eb4b15282e4bdef61e6d2aeaf4f6cec324ac2d255ab32616e22b0bef5b095cd93c2700ed450b4e3defc35bf68350dc8e73fce59e7dad703d04677465b290c6caf"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0xf5}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000500)={0x20, 0x1, 0xb4, "abd681373fb9c71f0c3bd1f098f5e7e3dff49ccfd9f97441e83240bdcb279359b23603dcd06c055a91b0ae11afe0b450110970232ae0ad5f79a8f976f6f6a26e501cc15b9b2aba3de465d17f5262501741e0af5c1412bb2d54503c94035d53ab39162643c010cfb1146d26fb7e5eb9873fc9dd7af9cd2f8981dcdbfae49b111670e42fff3fd40a5bdf9efa8deaf0598cb3108a778d1dad384c1f07013b3cd96be80fa174fe5d202e3ac99fb9ea5eb4c225ff2006"}, &(0x7f0000000440)={0x20, 0x3, 0x1, 0x6}})
executing program 1:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
executing program 2:
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x57e, 0x200e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x33a}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "70908015"}]}}, 0x0}, 0x0)
executing program 3:
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000140)=ANY=[@ANYRES32=0x0], 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000280)={0x0, 0x0, 0x1, "12"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000240)={0x0, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x40, 0x1c, 0x1, 0x7}, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000000c0)={0x2c, &(0x7f0000001400)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
executing program 4:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0x77, 0xc, 0x40, 0x9c0, 0x203, 0xd332, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfa, 0x10, 0xc9}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0x7fff, 0xef, 0x1, {0x22, 0xeac}}}}, &(0x7f0000000680)={0x2c, &(0x7f00000003c0)={0x0, 0x5, 0x2, 'VA'}, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x3, 0x1}})
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000003180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x92, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0x11, 0x24, 0x6, 0x0, 0x0, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @extension_unit={0x9, 0x24, 0x8, 0x0, 0x0, 0x0, "8eb5"}, @mixer_unit={0xb, 0x24, 0x4, 0x0, 0x0, "c4b8f2687011"}, @mixer_unit={0x5, 0x24, 0x4, 0x4}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x0, 0x0, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 0:
r0 = syz_open_dev$hiddev(&(0x7f0000000000), 0x4, 0x325f00)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000780)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x0, 0xfffffffffffffc53, &(0x7f00000002c0)="b9425b446512d23236973599b76c470539")
r1 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
r2 = syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCGRDESC(r2, 0x40086602, &(0x7f0000000300)={0xa0, "667f40bd32eb094bd8c9871638606d393b1508374a664d0e50edce2b854e1aa2eaa352c2dc13503b7a33bfcf29ff7f00005bceb207052b537147d90f6b20615f67a62d63237444c3a3b469e39a8b11de4cf69d010622c5c9e8527eae23a5bc52f92b4124b313b7bf86111e49225e7e12dc9f50eb9cd03f104b8c8d8b6275a571779bf4f9a22570a9400aed2ba169190a1029172dad56ec3f024d695e65d6b403"})
syz_open_dev$hidraw(0x0, 0x0, 0x0)
ioctl$HIDIOCGRDESC(r1, 0x40305829, &(0x7f00000002c0))
read$hidraw(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f00000000c0)=""/186)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
ioctl$HIDIOCGNAME(r0, 0x80404806, &(0x7f0000000040))
syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120100004b41460860163209ea67030000090000000005100f0000da1e0d000000000010"], 0x0)
executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x16, {0x16, 0x0, "17e13f220e08f066000000000000008000001e00"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x1ae7, 0x9001, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x20, 0x1, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x1, 0x1, {0x9, 0x21, 0x480, 0x7, 0x1, {0x22, 0xad2}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x50, 0x2, 0x8}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x40, 0x8, 0x6d}}]}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x1, 0x2, 0x7, 0x10, 0x6}, 0x1a, &(0x7f0000000140)={0x5, 0xf, 0x1a, 0x2, [@wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x40, 0x0, 0x4b, 0xb3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0xf8, 0x81, 0xc}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x419}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0xf8ff}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x500a}}]})
executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xcc, 0xc7, 0xe1, 0x8, 0x7392, 0xd611, 0xe7bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x9, 0x12}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100007c1922409904e2510f090102030109021b0001000000000904000001ff53c200090506"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000dc0)={0x44, &(0x7f0000000bc0)={0x0, 0x12, 0x4, "496ea185"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xcc, 0xc7, 0xe1, 0x8, 0x7392, 0xd611, 0xe7bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x9, 0x12}}]}}]}}]}}, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100007c1922409904e2510f090102030109021b0001000000000904000001ff53c200090506"], 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000dc0)={0x44, &(0x7f0000000bc0)={0x0, 0x12, 0x4, "496ea185"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) (async)
executing program 2:
syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000121ab40da0b21c83a390102030109022400010804100109044c1002ffffff080905ac0240000400000905823208"], 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0022000000000129"], 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000940)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="0014170000005e6424818327b2369deca65eb21f68f937148585387804fd1286fd47f8495c3566da9c9fe81b7e"], 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000800000002004000f00f0000192928d0b25411f54ccab8497241e369"], &(0x7f00000005c0)={0x40, 0x7, 0x2, 0xfff2}, &(0x7f0000000600)={0x40, 0x9, 0x1}, &(0x7f0000000640)={0x40, 0xb, 0x2, "3487"}, 0x0, &(0x7f00000006c0)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0x21, 0x1, 0x5}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2001190000002b"], 0x0})
executing program 1:
syz_usb_connect(0x0, 0x4f, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x3d, 0xa3, 0x77, 0x20, 0x572, 0xcafe, 0x5501, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x96, 0xdb, 0xa8, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "e37e1b82e6"}]}}, {{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0x1}}, {{0x9, 0x5, 0x2, 0x0, 0x10}}]}}]}}]}}, 0x0)
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0xdfc, 0x10a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x2, 0x1, {0x9, 0x21, 0x0, 0x64, 0x1, {0x22, 0xae2}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x4, 0x9, 0x3}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x1}}]}}}]}}]}}, 0x0)
executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f0000000500)=0xffffffff)
ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000400)=""/4096)
r1 = syz_usb_connect(0x3, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101ea0000000904000003fe03010009cd8d1f0002000000090595a61a95fcffff09058b1e"], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0x60, 0x8, 0xc, {0xc, 0x7, "4f63e01248666888e00e"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x4001}}}, &(0x7f00000003c0)={0x34, &(0x7f00000000c0)={0x40, 0x16, 0xe1, "960d6cff2cb4dd38876c1e21f44906cec350d1b3fdd12b70ee38595fc74d5d094f178ce42d39319be145e4a23910b56cae133a7a8f754a764bdc6c96a2dacc332443195b55b6bd83139345a3216ea3736b3b8c7e3afa10c361cb43957f1104e24ec90c030f67656e1068eeed0495ae7d9a2b2114035ea1a338af21e79527e6869b241b2a21b67026606e6ca0575d1d6fbe9aee5a47800412a92d98c2ce8178ae0047cd6a018a7d765ae74fb2ca9e4295e9cddbf18e3cc1bbe633a4be80184d7cb45d4b86778ae6207f03c1c5beaf0acc14644ec0c1408b7a01b1255ad0dad08221"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000280)={0x20, 0x0, 0x8f, {0x8d, "eb576956347e483235c339da8d4c5cea9f0c7f3db506c6665c4525efefc314dc4d3df8f0d41b14641ee8dad1a09ca5879cfe683b7eefea727d429cfdebbde6e29cb054e0f1f4c988e640f15992ed0101454fbf12509a3e6a1607c5c7e1e4fc65aeba4607fb7fbb3ca5b806b9ae4809347bb288b5440ae6f88088ebe4f43886b4b42625bb8faa054efac9c23459"}}, &(0x7f0000000340)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000380)={0x20, 0x0, 0x1, 0x2}})
syz_open_dev$char_usb(0xc, 0xb4, 0x400000000)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) (async)
syz_usb_disconnect(r0) (async)
ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f0000000500)=0xffffffff) (async)
ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000400)=""/4096) (async)
syz_usb_connect(0x3, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101ea0000000904000003fe03010009cd8d1f0002000000090595a61a95fcffff09058b1e"], 0x0) (async)
syz_usb_control_io$printer(r1, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0x60, 0x8, 0xc, {0xc, 0x7, "4f63e01248666888e00e"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x4001}}}, &(0x7f00000003c0)={0x34, &(0x7f00000000c0)={0x40, 0x16, 0xe1, "960d6cff2cb4dd38876c1e21f44906cec350d1b3fdd12b70ee38595fc74d5d094f178ce42d39319be145e4a23910b56cae133a7a8f754a764bdc6c96a2dacc332443195b55b6bd83139345a3216ea3736b3b8c7e3afa10c361cb43957f1104e24ec90c030f67656e1068eeed0495ae7d9a2b2114035ea1a338af21e79527e6869b241b2a21b67026606e6ca0575d1d6fbe9aee5a47800412a92d98c2ce8178ae0047cd6a018a7d765ae74fb2ca9e4295e9cddbf18e3cc1bbe633a4be80184d7cb45d4b86778ae6207f03c1c5beaf0acc14644ec0c1408b7a01b1255ad0dad08221"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000280)={0x20, 0x0, 0x8f, {0x8d, "eb576956347e483235c339da8d4c5cea9f0c7f3db506c6665c4525efefc314dc4d3df8f0d41b14641ee8dad1a09ca5879cfe683b7eefea727d429cfdebbde6e29cb054e0f1f4c988e640f15992ed0101454fbf12509a3e6a1607c5c7e1e4fc65aeba4607fb7fbb3ca5b806b9ae4809347bb288b5440ae6f88088ebe4f43886b4b42625bb8faa054efac9c23459"}}, &(0x7f0000000340)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000380)={0x20, 0x0, 0x1, 0x2}}) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x400000000) (async)
executing program 0:
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x0, 0xae, 0x8c, 0xd8, 0x10, 0xbda, 0x2005, 0xa678, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2d, 0x83, 0x57, 0x20, 0xbda, 0x5088, 0xd380, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xa, 0x3, 0x40, 0x8, [{{0x9, 0x4, 0xc1, 0x1, 0x0, 0x77, 0x92, 0xe2, 0xc}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f00000029c0)={0x34, &(0x7f00000027c0)={0x40, 0x30, 0x4, "7eb6474b"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000006480)={0x44, &(0x7f0000006240)={0x0, 0x15, 0x3, "b8a772"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f0000000e00)={0x1c, &(0x7f00000003c0)={0x20, 0xd, 0x13, "ff078a2edfa101cdf735cbd61f79b47305c8e8"}, 0x0, 0x0})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000019954b08090463007bff010203010902120001000000400904"], 0x0)
ioctl$EVIOCGMASK(r0, 0x541b, 0x0)
executing program 2:
syz_usb_connect(0x2, 0x1b, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0xdc, 0x69, 0xcf, 0xff, 0x1bc7, 0x701a, 0x4e6b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x0, 0xfd, 0xe0, 0x4}}]}}, 0x0)
executing program 3:
r0 = syz_usb_connect$uac1(0x3433c7163bb823da, 0xac, &(0x7f0000000180)=ANY=[], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000700000004030400cd4833ecbd60e3d213e48404954a2038ba6950fa514f88ce268f7fa63228d08b36a08e4e6419e9b43d97c86a20dc5d1ae93416c958f67d7bef476ffc7b509e9f204a2d126983884a533784b95517d558eb85eb5605e3428b69ddd8a12bc4d4eeee14ca6d4d5296819fd7f4b32c220e4e4fe038b93968215937b0908c8d5c6b66281f86e35b8d4af7d3e55c9e809d74641d330a1e7600e3e32e516600b4e47ae8fdac68acc67e10b09a82371268fb3f517e4a5b920f24f076c0f758112f9744df26b733e1aec8a5e7323d1af5864b4ed56b298b52baf7393de4b32ab4bf3b0628e13102b71ebc3de10f"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
r1 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000001c0)=ANY=[@ANYRES8=r0, @ANYBLOB="950b2cc313f797e8c7f8d4d495c0264cd393287e22b61e2f8c0e45aad3b7c4ac1bb433e19fc5410c9418af6ad87ff2a992a8048db25b3250b172fbf468da25a3ee8c069cff9868d684342d5c61f785b9e121c9ac6da6ea3cd531f20aa8031905713a0f291e333209e9dd3570efb20fbe3b0c689cb02c44473174b7dfc6a582d1b9d74f0cdcb0bf446299af2ad97fe30da6b36b472e"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, &(0x7f0000000380)={0x0, 0x0, 0x9, {0x9, 0x0, "2a53fb8991f8e0"}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0)
syz_usb_control_io(r2, &(0x7f0000002000)={0x2c, 0x0, &(0x7f0000001f00)={0x0, 0x3, 0x4, @lang_id={0xffffffffffffff22}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, 0xfffffffffffffffd, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a001000010000090588"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000040)={0x0, 0xc, 0x1, "06"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000540)={0x44, &(0x7f00000001c0)={0x20, 0x14, 0xd43ae79cac6a4a1a}, 0x0, 0x0, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0xf2ab, 0xf000, 0x1000, 0x4, 0x9, 0x3, 0x5, 0x4, 0x9, 0x9, 0xfff3, 0x80}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000001c40)={0x24, 0x0, 0x0, &(0x7f0000001bc0)=ANY=[@ANYBLOB="00368df836a422"], 0x0}, 0x0)
r4 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[@ANYBLOB="12011001000000202505a8a4720b1c25030109021f000101ff8008090400fd01070101010905010220"], 0x0)
syz_usb_control_io$printer(r4, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x62, @lang_id={0x0, 0x3, 0x804}}}, 0x0)
syz_usb_control_io(r4, &(0x7f00000015c0)={0x2c, 0x0, &(0x7f0000001480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40b}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000003d00)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000003a00)={0x20, 0x0, 0x4, {0x2, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
write$char_usb(r5, &(0x7f0000006800)="10", 0x1)
write$char_usb(r5, 0x0, 0x0)
syz_usb_ep_read(r4, 0x1, 0x6d, &(0x7f00000001c0)=""/109)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000180)=ANY=[@ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x82, 0x2, "c9a7"}, 0x0, 0x0, 0x0})
r6 = syz_open_dev$hidraw(&(0x7f0000000440), 0x243c2917, 0x14a042)
write$hidraw(r6, &(0x7f0000000040)='F', 0xfffffe41)
read$hidraw(r6, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000f00)={0x51, &(0x7f0000000b00)=ANY=[@ANYBLOB="200603"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000010c0)=ANY=[@ANYBLOB="12010000190000404f045db600000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000a00)={0x14, &(0x7f0000000980)={0x40, 0xa, 0x31, {0x31, 0x21, "b7735a56d1dfcdb0aa10ca53c4e07322955f84f1811a3553bfe2f8f82589eb81308355683b857c04aca53dee5150ef"}}, &(0x7f00000009c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000b40)={0x1c, &(0x7f0000000a40)={0x0, 0xe, 0x48, "42b59167401e73f75e71bf6fd2603c35279c00b9751e4a9dd28aadfdc3e3da886b4a9726aa0acb7bcda371c15e424bab6e8277794b2a2669d2d347a4e697d3387a48e0193c7c91f2"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000b00)={0x0, 0x8, 0x1, 0xfc}})
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000002c0)={0x2c, &(0x7f00000000c0)={0x40, 0xc, 0xae, {0xae, 0x5, "1bcd44708269d71c958f997f68f0770fb55965022e7d1fdc55453416580e1549283705513221852632e27736558d329ac8ed613eaecf261b4e478afd0570f4982a9b49b1eb8d705b3a70e968ed98b062f95a0802b8621ce7c3b32c1606acf03d5d7e7d6db2f7096dbfce3a790c5fcf17e6cc51c562a37de0801165b7004427cbefc85c6e7a03ce957a9ae0f218e14701376502e2bb70258102fc58badb5646752dfef0441d15101da9f967ee"}}, &(0x7f0000000180)={0x0, 0x3, 0x90, @string={0x90, 0x3, "0a324ea94d97b669e9fd4263e545220ee31bae124fc2079ba25082e57560488d244f4161daad6d641cb80f32ad68147db7c4f73b7acf21d488187d275513f693a81aa770d5f0aec3ff28a50f27e952b637343b57f394241f9cd6b6b384f7387aae96affec2ae7279ca29f507f842710662251f7eb08a7a2756dd96a1c26f09bacc755b9900d574b4e45a9e94ebee"}}, &(0x7f0000000000)={0x0, 0xf, 0x25, {0x5, 0xf, 0x25, 0x3, [@wireless={0xb, 0x10, 0x1, 0x2, 0x0, 0x0, 0x4, 0x8, 0x1}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0x9, 0xb4, 0x7, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x4, 0x0, 0x100}]}}, &(0x7f0000000040)={0x20, 0x29, 0xf, {0xf, 0x29, 0x40, 0x18, 0x1, 0x1, "babc4fad", "57a87243"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x8, 0x7, 0x2, 0x8, 0x91, 0x9}}}, &(0x7f00000008c0)={0x84, &(0x7f00000003c0)={0x20, 0xe, 0x8c, "6f9199e25c998c3e413003c88e7300c8e1214b845ac27e5c667cbb0d768a2452fc9fac5e0c513711d0a9361eed4931ae9ddf08f3f858b46a446340e3ebd2a1cfcea30a7c687ed507b47238dc6d2d79ea19c96001cbc8a4c8628b4b86649cd81365f7604b1b5279c26bef45644badc06ff786d34252f5db12607f9d38f5b84e844431e3f7cc71218567e749bd"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x71}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x0, 0x3d9656619b9ce04}}, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x3, 0x10}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000580)={0x40, 0xb, 0x2, 'HH'}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000600)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000640)={0x40, 0x17, 0x6, @local}, &(0x7f0000000780)={0x40, 0x19, 0x2, "46b7"}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0x5862}, &(0x7f0000000800)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0x2}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x7, {[@main=@item_012={0x0, 0x0, 0x9}, @local=@item_4={0x3, 0x2, 0x7, "bf52748b"}, @main]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000240)={0x20, 0x7}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x40, 0x7, 0x2, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000010c0)=ANY=[@ANYBLOB="12010000190000404f045db600000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0) (async)
syz_usb_control_io(r1, 0x0, 0x0) (async)
syz_usb_control_io$printer(r1, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000a00)={0x14, &(0x7f0000000980)={0x40, 0xa, 0x31, {0x31, 0x21, "b7735a56d1dfcdb0aa10ca53c4e07322955f84f1811a3553bfe2f8f82589eb81308355683b857c04aca53dee5150ef"}}, &(0x7f00000009c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000b40)={0x1c, &(0x7f0000000a40)={0x0, 0xe, 0x48, "42b59167401e73f75e71bf6fd2603c35279c00b9751e4a9dd28aadfdc3e3da886b4a9726aa0acb7bcda371c15e424bab6e8277794b2a2669d2d347a4e697d3387a48e0193c7c91f2"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000b00)={0x0, 0x8, 0x1, 0xfc}}) (async)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$printer(r1, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) (async)
syz_usb_control_io(r1, &(0x7f00000002c0)={0x2c, &(0x7f00000000c0)={0x40, 0xc, 0xae, {0xae, 0x5, "1bcd44708269d71c958f997f68f0770fb55965022e7d1fdc55453416580e1549283705513221852632e27736558d329ac8ed613eaecf261b4e478afd0570f4982a9b49b1eb8d705b3a70e968ed98b062f95a0802b8621ce7c3b32c1606acf03d5d7e7d6db2f7096dbfce3a790c5fcf17e6cc51c562a37de0801165b7004427cbefc85c6e7a03ce957a9ae0f218e14701376502e2bb70258102fc58badb5646752dfef0441d15101da9f967ee"}}, &(0x7f0000000180)={0x0, 0x3, 0x90, @string={0x90, 0x3, "0a324ea94d97b669e9fd4263e545220ee31bae124fc2079ba25082e57560488d244f4161daad6d641cb80f32ad68147db7c4f73b7acf21d488187d275513f693a81aa770d5f0aec3ff28a50f27e952b637343b57f394241f9cd6b6b384f7387aae96affec2ae7279ca29f507f842710662251f7eb08a7a2756dd96a1c26f09bacc755b9900d574b4e45a9e94ebee"}}, &(0x7f0000000000)={0x0, 0xf, 0x25, {0x5, 0xf, 0x25, 0x3, [@wireless={0xb, 0x10, 0x1, 0x2, 0x0, 0x0, 0x4, 0x8, 0x1}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0x9, 0xb4, 0x7, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x4, 0x0, 0x100}]}}, &(0x7f0000000040)={0x20, 0x29, 0xf, {0xf, 0x29, 0x40, 0x18, 0x1, 0x1, "babc4fad", "57a87243"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x8, 0x7, 0x2, 0x8, 0x91, 0x9}}}, &(0x7f00000008c0)={0x84, &(0x7f00000003c0)={0x20, 0xe, 0x8c, "6f9199e25c998c3e413003c88e7300c8e1214b845ac27e5c667cbb0d768a2452fc9fac5e0c513711d0a9361eed4931ae9ddf08f3f858b46a446340e3ebd2a1cfcea30a7c687ed507b47238dc6d2d79ea19c96001cbc8a4c8628b4b86649cd81365f7604b1b5279c26bef45644badc06ff786d34252f5db12607f9d38f5b84e844431e3f7cc71218567e749bd"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x71}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x0, 0x3d9656619b9ce04}}, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x3, 0x10}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000580)={0x40, 0xb, 0x2, 'HH'}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000600)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000640)={0x40, 0x17, 0x6, @local}, &(0x7f0000000780)={0x40, 0x19, 0x2, "46b7"}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0x5862}, &(0x7f0000000800)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0x2}}) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x7, {[@main=@item_012={0x0, 0x0, 0x9}, @local=@item_4={0x3, 0x2, 0x7, "bf52748b"}, @main]}}, 0x0}, 0x0) (async)
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000240)={0x20, 0x7}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x40, 0x7, 0x2, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})
r1 = syz_usb_connect$cdc_ecm(0x6, 0xb4, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa2, 0x1, 0x1, 0x40, 0x40, 0x4a, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x8, 0x24, 0x6, 0x0, 0x0, 'z?W'}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3, 0xfffe, 0xd}, [@mdlm_detail={0x18, 0x24, 0x13, 0x10, "8268260da4af46cc86a804e2fdcf214d34f819ad"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xd}, @mdlm={0x15, 0x24, 0x12, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xfffb}, @country_functional={0xc, 0x24, 0x7, 0x2, 0x9, [0x9, 0x1352, 0xa20]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xc}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x3b, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x73, 0xff}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0x7, 0x4f, 0x20, 0x40, 0x3}, 0x57, &(0x7f0000000580)={0x5, 0xf, 0x57, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "94afc6049f8d9ac8e7ceda3a07f838cc"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "6b3d1d883065092bc1906b4ad118c022"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0xe, 0x1, 0x4, 0xf0f, 0xfffa, [0xff003f]}, @generic={0x17, 0x10, 0xa, "f57109e47cf581974d600a51452101e2d610c779"}]}, 0x8, [{0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x140a}}, {0x71, &(0x7f0000000640)=@string={0x71, 0x3, "ccea26178bf508150e7422f7e44bc6d26ed84fc324e9186c382e03d78c5e3f5a76f6132f4d68072a434ab9d678dd7b40ba44f36ba7f96ac33bb24d2b831a02f3d753756c90d2b32b66d8099e10e4311f4ce601840103fcad1f5176843f973f77a5e98d777f6a4da4cdc5c7f75854fa"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000740)=@lang_id={0x4}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x6670}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x418}}, {0xe6, &(0x7f0000000800)=@string={0xe6, 0x3, "c8e44047d56cd7c34cb5be2c0e22a55453f5cec3b83cdf82afae547402796a837e69e1e0cf653a157f0a71d71f1c241b97f3a372f53fbe85608227ae2dca4bbad46da695840f8eb78c5cba94cc25676545bbe1a255b2cf017972b9ea3d0cec57d240df6281d4ad470f878657940051c1396eccd4281c974b79cc248c2ed67f3e9c703ceeca1cdd984e383c02ce7b49ef1f6f1e07cc3025f8a4ca0618ca2b4fdb5e84ace4bae9449d4ff8e871c52bacbf332b9feeed9ee6d4065bc9a3d79024afdc1ffe13977831ed960c8cdd654fd4e854bf6049efcbcfd83ab3d601d6f8efbf0eced0d1"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x306a}}]})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000ac0)={0x14, &(0x7f00000009c0)={0x20, 0x2, 0xab, {0xab, 0x6, "c3810c5525b040dd2faa2ccd866cea3fdc10aabd8a60540d194983086f7a974d08f0ba126a10ebb8ee4dac99c1608baafba3e8b38cb7598cdc261e3ebf56a6b6eb85ee79aa846ef52263abe71d5f317cd34a6626673a6b64a7d03ffbf7b7192a686450e95f43a6d24d43ea88dd4a6b73f1d3de8e9b7dfd2fac8db773bec534414d1ec555b7e366848a4d7f45f6e171a213ee16d3ea94bfade628bf8ffe2adceb26735fc0621a82811d"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c80)={0x1c, &(0x7f0000000b00)={0x20, 0x16, 0x8, "9e99d2d3034ada6a"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0xf7}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 0:
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0xfe, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xd}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x40, 0x0, 0x8, {0x8, 0x0, "a7ea3163fd3b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000010c0)=ANY=[@ANYBLOB="12010000190000404f045db600000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) (async)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0x40015b0b, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x36}) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$EVIOCGLED(0xffffffffffffffff, 0x80404519, &(0x7f0000000100)=""/65)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x7, {[@main=@item_012={0x0, 0x0, 0x9}, @local=@item_4={0x3, 0x2, 0x7, "bf52748b"}, @main]}}, 0x0}, 0x0)
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f20000000006fce0102030109021b00010000100009043300011870fd00090582020002000400"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="7332004ef3aff5ecf8e39d7148b15a1f94ffffffffe0b3d41b1b05"])
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x264, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000040)={0x2c, &(0x7f0000000140)={0x0, 0x0, 0x45, {0x45, 0x0, "a7ea3163fd3b651763d80333dd08e13e0962e15c69cc465ec4c94d51a60f84a4bfa30c43ce1055c03ade799b8692277d8ad7129a6ccb2acddd085986660b01db3d77b3"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xe2, 0x15, 0xba, 0x40, 0x12d1, 0x6748, 0x490b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x2, 0x46}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYRES32=r1], 0x0)
executing program 3:
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000b5b30a40450ca86035b501e402010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201100123890720d1122f69f7b30102030109021b0001000980030b04d48401ff0604500905c70240000000099d79c933365f675045838833abb32bb0d039c4abc1c0113f9cb8ab107af0a63e224aa62c663b7d7eb20edc944761d7ee5f6900b43ebd736e56a4a0cd742ac206970d4e53576f9930ab0c2cf3463583f491541b9f663b681f0c789816c15bc5812cb73069f2e26be36afded743e776c9618ab9554957e174e8fdf3b2a90de96584ab954b49b58be90cf5d9155cbf7c8a62670dddebc90476b1a282bf0cdbd54c4964a9239a319191e8c6ac8727494979472b673eeb5"], 0x0)
executing program 1:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010002b3e0d040d31306320269010203010902120001200000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
ioctl$EVIOCGVERSION(0xffffffffffffffff, 0x80044501, &(0x7f0000000000)=""/136)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000140)={0x14, 0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000180)={0x20, 0x0, 0xdc, "15f8c1d9cfa8e1d7586364f5c4f9fa6dd807abcc9c434da35fa3a5f6c30f995de3dd3bc294c5d9aaa64cd19825f505b007965fec223cd322d6afaa3541bb860dee891578878c45f749fd3df4b9b4bfdeaa97f3b9e026b1661afe29f88cac56f5bae549ce0a92a2e82644bf4c7eb0536656cba1208f974ba5a44bdbff5611e3569e9619bb42fcaf6cb769d7ce2e8faf4af5a8bdb7e847fdd5f4a52e7bb668e184af3d7d0cdb390af2fa5749c7b7d8217bf994268cc16cdd1d08fe49c39500445f228b9caa33d105b0e26dd02c4ec858d064559ffde2e5ef1ce22739f5"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x80}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}})

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$printer-syz_usb_control_io-syz_usb_control_io$printer-ioctl$EVIOCGVERSION-syz_usb_connect-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010002b3e0d040d31306320269010203010902120001200000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
ioctl$EVIOCGVERSION(0xffffffffffffffff, 0x80044501, &(0x7f0000000000)=""/136)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000140)={0x14, 0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000180)={0x20, 0x0, 0xdc, "15f8c1d9cfa8e1d7586364f5c4f9fa6dd807abcc9c434da35fa3a5f6c30f995de3dd3bc294c5d9aaa64cd19825f505b007965fec223cd322d6afaa3541bb860dee891578878c45f749fd3df4b9b4bfdeaa97f3b9e026b1661afe29f88cac56f5bae549ce0a92a2e82644bf4c7eb0536656cba1208f974ba5a44bdbff5611e3569e9619bb42fcaf6cb769d7ce2e8faf4af5a8bdb7e847fdd5f4a52e7bb668e184af3d7d0cdb390af2fa5749c7b7d8217bf994268cc16cdd1d08fe49c39500445f228b9caa33d105b0e26dd02c4ec858d064559ffde2e5ef1ce22739f5"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x80}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$printer-syz_usb_control_io$printer-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000b5b30a40450ca86035b501e402010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201100123890720d1122f69f7b30102030109021b0001000980030b04d48401ff0604500905c70240000000099d79c933365f675045838833abb32bb0d039c4abc1c0113f9cb8ab107af0a63e224aa62c663b7d7eb20edc944761d7ee5f6900b43ebd736e56a4a0cd742ac206970d4e53576f9930ab0c2cf3463583f491541b9f663b681f0c789816c15bc5812cb73069f2e26be36afded743e776c9618ab9554957e174e8fdf3b2a90de96584ab954b49b58be90cf5d9155cbf7c8a62670dddebc90476b1a282bf0cdbd54c4964a9239a319191e8c6ac8727494979472b673eeb5"], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$hid-syz_usb_ep_write$ath9k_ep1-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_connect-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f20000000006fce0102030109021b00010000100009043300011870fd00090582020002000400"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="7332004ef3aff5ecf8e39d7148b15a1f94ffffffffe0b3d41b1b05"])
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x264, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000040)={0x2c, &(0x7f0000000140)={0x0, 0x0, 0x45, {0x45, 0x0, "a7ea3163fd3b651763d80333dd08e13e0962e15c69cc465ec4c94d51a60f84a4bfa30c43ce1055c03ade799b8692277d8ad7129a6ccb2acddd085986660b01db3d77b3"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xe2, 0x15, 0xba, 0x40, 0x12d1, 0x6748, 0x490b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x2, 0x46}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYRES32=r1], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$cdc_ncm-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0xfe, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xd}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x40, 0x0, 0x8, {0x8, 0x0, "a7ea3163fd3b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$printer-syz_usb_connect$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})
r1 = syz_usb_connect$cdc_ecm(0x6, 0xb4, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa2, 0x1, 0x1, 0x40, 0x40, 0x4a, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x8, 0x24, 0x6, 0x0, 0x0, 'z?W'}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3, 0xfffe, 0xd}, [@mdlm_detail={0x18, 0x24, 0x13, 0x10, "8268260da4af46cc86a804e2fdcf214d34f819ad"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xd}, @mdlm={0x15, 0x24, 0x12, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xfffb}, @country_functional={0xc, 0x24, 0x7, 0x2, 0x9, [0x9, 0x1352, 0xa20]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xc}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x3b, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x73, 0xff}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0x7, 0x4f, 0x20, 0x40, 0x3}, 0x57, &(0x7f0000000580)={0x5, 0xf, 0x57, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "94afc6049f8d9ac8e7ceda3a07f838cc"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "6b3d1d883065092bc1906b4ad118c022"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0xe, 0x1, 0x4, 0xf0f, 0xfffa, [0xff003f]}, @generic={0x17, 0x10, 0xa, "f57109e47cf581974d600a51452101e2d610c779"}]}, 0x8, [{0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x140a}}, {0x71, &(0x7f0000000640)=@string={0x71, 0x3, "ccea26178bf508150e7422f7e44bc6d26ed84fc324e9186c382e03d78c5e3f5a76f6132f4d68072a434ab9d678dd7b40ba44f36ba7f96ac33bb24d2b831a02f3d753756c90d2b32b66d8099e10e4311f4ce601840103fcad1f5176843f973f77a5e98d777f6a4da4cdc5c7f75854fa"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000740)=@lang_id={0x4}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x6670}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x418}}, {0xe6, &(0x7f0000000800)=@string={0xe6, 0x3, "c8e44047d56cd7c34cb5be2c0e22a55453f5cec3b83cdf82afae547402796a837e69e1e0cf653a157f0a71d71f1c241b97f3a372f53fbe85608227ae2dca4bbad46da695840f8eb78c5cba94cc25676545bbe1a255b2cf017972b9ea3d0cec57d240df6281d4ad470f878657940051c1396eccd4281c974b79cc248c2ed67f3e9c703ceeca1cdd984e383c02ce7b49ef1f6f1e07cc3025f8a4ca0618ca2b4fdb5e84ace4bae9449d4ff8e871c52bacbf332b9feeed9ee6d4065bc9a3d79024afdc1ffe13977831ed960c8cdd654fd4e854bf6049efcbcfd83ab3d601d6f8efbf0eced0d1"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x306a}}]})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000ac0)={0x14, &(0x7f00000009c0)={0x20, 0x2, 0xab, {0xab, 0x6, "c3810c5525b040dd2faa2ccd866cea3fdc10aabd8a60540d194983086f7a974d08f0ba126a10ebb8ee4dac99c1608baafba3e8b38cb7598cdc261e3ebf56a6b6eb85ee79aa846ef52263abe71d5f317cd34a6626673a6b64a7d03ffbf7b7192a686450e95f43a6d24d43ea88dd4a6b73f1d3de8e9b7dfd2fac8db773bec534414d1ec555b7e366848a4d7f45f6e171a213ee16d3ea94bfade628bf8ffe2adceb26735fc0621a82811d"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c80)={0x1c, &(0x7f0000000b00)={0x20, 0x16, 0x8, "9e99d2d3034ada6a"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0xf7}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
single: successfully extracted reproducer
found reproducer with 12 syscalls
minimizing guilty program
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$printer-syz_usb_connect$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})
r1 = syz_usb_connect$cdc_ecm(0x6, 0xb4, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa2, 0x1, 0x1, 0x40, 0x40, 0x4a, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x8, 0x24, 0x6, 0x0, 0x0, 'z?W'}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3, 0xfffe, 0xd}, [@mdlm_detail={0x18, 0x24, 0x13, 0x10, "8268260da4af46cc86a804e2fdcf214d34f819ad"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xd}, @mdlm={0x15, 0x24, 0x12, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xfffb}, @country_functional={0xc, 0x24, 0x7, 0x2, 0x9, [0x9, 0x1352, 0xa20]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xc}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x3b, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x73, 0xff}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0x7, 0x4f, 0x20, 0x40, 0x3}, 0x57, &(0x7f0000000580)={0x5, 0xf, 0x57, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "94afc6049f8d9ac8e7ceda3a07f838cc"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "6b3d1d883065092bc1906b4ad118c022"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0xe, 0x1, 0x4, 0xf0f, 0xfffa, [0xff003f]}, @generic={0x17, 0x10, 0xa, "f57109e47cf581974d600a51452101e2d610c779"}]}, 0x8, [{0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x140a}}, {0x71, &(0x7f0000000640)=@string={0x71, 0x3, "ccea26178bf508150e7422f7e44bc6d26ed84fc324e9186c382e03d78c5e3f5a76f6132f4d68072a434ab9d678dd7b40ba44f36ba7f96ac33bb24d2b831a02f3d753756c90d2b32b66d8099e10e4311f4ce601840103fcad1f5176843f973f77a5e98d777f6a4da4cdc5c7f75854fa"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000740)=@lang_id={0x4}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x6670}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x418}}, {0xe6, &(0x7f0000000800)=@string={0xe6, 0x3, "c8e44047d56cd7c34cb5be2c0e22a55453f5cec3b83cdf82afae547402796a837e69e1e0cf653a157f0a71d71f1c241b97f3a372f53fbe85608227ae2dca4bbad46da695840f8eb78c5cba94cc25676545bbe1a255b2cf017972b9ea3d0cec57d240df6281d4ad470f878657940051c1396eccd4281c974b79cc248c2ed67f3e9c703ceeca1cdd984e383c02ce7b49ef1f6f1e07cc3025f8a4ca0618ca2b4fdb5e84ace4bae9449d4ff8e871c52bacbf332b9feeed9ee6d4065bc9a3d79024afdc1ffe13977831ed960c8cdd654fd4e854bf6049efcbcfd83ab3d601d6f8efbf0eced0d1"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x306a}}]})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000ac0)={0x14, &(0x7f00000009c0)={0x20, 0x2, 0xab, {0xab, 0x6, "c3810c5525b040dd2faa2ccd866cea3fdc10aabd8a60540d194983086f7a974d08f0ba126a10ebb8ee4dac99c1608baafba3e8b38cb7598cdc261e3ebf56a6b6eb85ee79aa846ef52263abe71d5f317cd34a6626673a6b64a7d03ffbf7b7192a686450e95f43a6d24d43ea88dd4a6b73f1d3de8e9b7dfd2fac8db773bec534414d1ec555b7e366848a4d7f45f6e171a213ee16d3ea94bfade628bf8ffe2adceb26735fc0621a82811d"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c80)={0x1c, &(0x7f0000000b00)={0x20, 0x16, 0x8, "9e99d2d3034ada6a"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0xf7}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x8, 0x3, 'vE\b'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$printer-syz_usb_connect$cdc_ecm-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})
r1 = syz_usb_connect$cdc_ecm(0x6, 0xb4, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa2, 0x1, 0x1, 0x40, 0x40, 0x4a, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x8, 0x24, 0x6, 0x0, 0x0, 'z?W'}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3, 0xfffe, 0xd}, [@mdlm_detail={0x18, 0x24, 0x13, 0x10, "8268260da4af46cc86a804e2fdcf214d34f819ad"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xd}, @mdlm={0x15, 0x24, 0x12, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xfffb}, @country_functional={0xc, 0x24, 0x7, 0x2, 0x9, [0x9, 0x1352, 0xa20]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xc}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x3b, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x73, 0xff}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0x7, 0x4f, 0x20, 0x40, 0x3}, 0x57, &(0x7f0000000580)={0x5, 0xf, 0x57, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "94afc6049f8d9ac8e7ceda3a07f838cc"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "6b3d1d883065092bc1906b4ad118c022"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0xe, 0x1, 0x4, 0xf0f, 0xfffa, [0xff003f]}, @generic={0x17, 0x10, 0xa, "f57109e47cf581974d600a51452101e2d610c779"}]}, 0x8, [{0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x140a}}, {0x71, &(0x7f0000000640)=@string={0x71, 0x3, "ccea26178bf508150e7422f7e44bc6d26ed84fc324e9186c382e03d78c5e3f5a76f6132f4d68072a434ab9d678dd7b40ba44f36ba7f96ac33bb24d2b831a02f3d753756c90d2b32b66d8099e10e4311f4ce601840103fcad1f5176843f973f77a5e98d777f6a4da4cdc5c7f75854fa"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000740)=@lang_id={0x4}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x6670}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x418}}, {0xe6, &(0x7f0000000800)=@string={0xe6, 0x3, "c8e44047d56cd7c34cb5be2c0e22a55453f5cec3b83cdf82afae547402796a837e69e1e0cf653a157f0a71d71f1c241b97f3a372f53fbe85608227ae2dca4bbad46da695840f8eb78c5cba94cc25676545bbe1a255b2cf017972b9ea3d0cec57d240df6281d4ad470f878657940051c1396eccd4281c974b79cc248c2ed67f3e9c703ceeca1cdd984e383c02ce7b49ef1f6f1e07cc3025f8a4ca0618ca2b4fdb5e84ace4bae9449d4ff8e871c52bacbf332b9feeed9ee6d4065bc9a3d79024afdc1ffe13977831ed960c8cdd654fd4e854bf6049efcbcfd83ab3d601d6f8efbf0eced0d1"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x306a}}]})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000ac0)={0x14, &(0x7f00000009c0)={0x20, 0x2, 0xab, {0xab, 0x6, "c3810c5525b040dd2faa2ccd866cea3fdc10aabd8a60540d194983086f7a974d08f0ba126a10ebb8ee4dac99c1608baafba3e8b38cb7598cdc261e3ebf56a6b6eb85ee79aa846ef52263abe71d5f317cd34a6626673a6b64a7d03ffbf7b7192a686450e95f43a6d24d43ea88dd4a6b73f1d3de8e9b7dfd2fac8db773bec534414d1ec555b7e366848a4d7f45f6e171a213ee16d3ea94bfade628bf8ffe2adceb26735fc0621a82811d"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c80)={0x1c, &(0x7f0000000b00)={0x20, 0x16, 0x8, "9e99d2d3034ada6a"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0xf7}})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$printer-syz_usb_connect$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})
syz_usb_connect$cdc_ecm(0x6, 0xb4, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa2, 0x1, 0x1, 0x40, 0x40, 0x4a, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x8, 0x24, 0x6, 0x0, 0x0, 'z?W'}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3, 0xfffe, 0xd}, [@mdlm_detail={0x18, 0x24, 0x13, 0x10, "8268260da4af46cc86a804e2fdcf214d34f819ad"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x7, 0xd}, @mdlm={0x15, 0x24, 0x12, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xfffb}, @country_functional={0xc, 0x24, 0x7, 0x2, 0x9, [0x9, 0x1352, 0xa20]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xc}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x1, 0x3b, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x73, 0xff}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0x7, 0x4f, 0x20, 0x40, 0x3}, 0x57, &(0x7f0000000580)={0x5, 0xf, 0x57, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "94afc6049f8d9ac8e7ceda3a07f838cc"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "6b3d1d883065092bc1906b4ad118c022"}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0xe, 0x1, 0x4, 0xf0f, 0xfffa, [0xff003f]}, @generic={0x17, 0x10, 0xa, "f57109e47cf581974d600a51452101e2d610c779"}]}, 0x8, [{0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x140a}}, {0x71, &(0x7f0000000640)=@string={0x71, 0x3, "ccea26178bf508150e7422f7e44bc6d26ed84fc324e9186c382e03d78c5e3f5a76f6132f4d68072a434ab9d678dd7b40ba44f36ba7f96ac33bb24d2b831a02f3d753756c90d2b32b66d8099e10e4311f4ce601840103fcad1f5176843f973f77a5e98d777f6a4da4cdc5c7f75854fa"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000740)=@lang_id={0x4}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x6670}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x418}}, {0xe6, &(0x7f0000000800)=@string={0xe6, 0x3, "c8e44047d56cd7c34cb5be2c0e22a55453f5cec3b83cdf82afae547402796a837e69e1e0cf653a157f0a71d71f1c241b97f3a372f53fbe85608227ae2dca4bbad46da695840f8eb78c5cba94cc25676545bbe1a255b2cf017972b9ea3d0cec57d240df6281d4ad470f878657940051c1396eccd4281c974b79cc248c2ed67f3e9c703ceeca1cdd984e383c02ce7b49ef1f6f1e07cc3025f8a4ca0618ca2b4fdb5e84ace4bae9449d4ff8e871c52bacbf332b9feeed9ee6d4065bc9a3d79024afdc1ffe13977831ed960c8cdd654fd4e854bf6049efcbcfd83ab3d601d6f8efbf0eced0d1"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x306a}}]})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io-syz_usb_connect$printer
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0xf0, 0x8, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x7, 0x1, 0x1, 0xb6, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x61, 0x1, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xa1, 0x3}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x9, 0x7, 0xf, 0xff, 0x7}, 0x116, &(0x7f0000000180)={0x5, 0xf, 0x116, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "f69b21a220e1445bf8644f5701c9925d"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x1, 0xff, 0x1, 0xe}, @generic={0xdc, 0x10, 0x3, "1d4bfa667c6d35fe35dce89159f5bca5233047188a35cab8010565becdcf66ea9f1d5064dcb88c1f40a45b3cf97a754a79c57905866bc4ad33717bf9e9528e225c6af4ec6d404ef7a3cadd66905379d43726cf0f897fe1e85b496e3237175811498f9c28152017939f365e331285e8e37c40f3a559f9c5b9572456a24f1cf0f5994aa5fe05a7cf98c2bbfaa6ffca3833b9d7000a55bdea157b7aa91920effdf6390d480e77077830d5f6810339f78b6f699792719821f012908a33067ea824bf0ad1d41c1b4778ba4088d5a4549ce74ca601dae814652a6402"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0xb, 0x6, 0x9, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x1, 0x4, 0x3, 0x4}]}, 0x3, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c09}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "454b537ece1c4054f521626eb7df787c2a78b6258d0768df835459c097be8da2ed7810da7895bca963a008564335f29379bf4f9c45d15e37def4197a7c1385a39f242f00bb6295dbc8480645e783a0d2ce50029e819c56514cdad88179fd5ebe07ed57c8a21e747baa4266b29a841f7dd3b5a89f946ed4a28c842a752335d6f98dc6403b6a5839544307f2341fb41e3a2541356f8da217c0daa4cd9193abf4b3e4921ecdd3ba9a45bb96c3a1babecae6209b0a3da1807d427d3c1d658720f8f768a60bf1b0b99653f83f64ac00d44ead170d34d6e6d53e81de7ebe"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1001}}]})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000cc0)=ANY=[@ANYBLOB="013b3a78e546ad4d4d455898213a7ff013b852b3e44e9c2661dc9648c3b8010641e121f2884f52ba4fda9d3e89813cbbb5da939c0c8e79787b8a7c51f98bc073550da2f7a284228093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m26.372602299s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
simplifying C reproducer
testing compiled C program (duration=2m26.372602299s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=2m26.372602299s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=2m26.372602299s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=2m26.372602299s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=2m26.372602299s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=2m26.372602299s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
reproducing took 47m40.943469518s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff88811c8d0730 by task v4l_id/4671

CPU: 1 UID: 0 PID: 4671 Comm: v4l_id Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x83/0xc0 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x250/0x7e0 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x222/0x490 drivers/media/v4l2-core/v4l2-dev.c:429
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x6cb/0x1390 fs/open.c:945
 vfs_open+0x82/0x3f0 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x1e6a/0x2d60 fs/namei.c:3987
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2f8de2e9a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffc8df70030 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffc8df70248 RCX: 00007f2f8de2e9a4
RDX: 0000000000000000 RSI: 00007ffc8df71f25 RDI: 00000000ffffff9c
RBP: 00007ffc8df71f25 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8df70260 R14: 0000559d00a0f670 R15: 00007f2f8e27da80
 </TASK>

Allocated by task 2974:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 2974:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x37/0x50 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2338 [inline]
 slab_free mm/slub.c:4598 [inline]
 kfree+0x130/0x470 mm/slub.c:4746
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2118 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x22a4/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88811c8d0000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1840 bytes inside of
 freed 8192-byte region [ffff88811c8d0000, ffff88811c8d2000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c8d0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 ffffea0004646200 0000000000000003
raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 ffffea0004646200 0000000000000003
head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
head: 0200000000000003 ffffea0004723401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2958, tgid 2958 (kworker/0:3), ts 42954210200, free_ts 42868287189
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556
 prep_new_page mm/page_alloc.c:1564 [inline]
 get_page_from_freelist+0xe76/0x2b90 mm/page_alloc.c:3474
 __alloc_pages_noprof+0x21c/0x22a0 mm/page_alloc.c:4751
 alloc_pages_mpol_noprof+0xeb/0x400 mm/mempolicy.c:2265
 alloc_slab_page mm/slub.c:2408 [inline]
 allocate_slab mm/slub.c:2574 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2627
 ___slab_alloc+0xd45/0x1750 mm/slub.c:3815
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3905
 __slab_alloc_node mm/slub.c:3980 [inline]
 slab_alloc_node mm/slub.c:4141 [inline]
 __kmalloc_cache_noprof+0x217/0x3e0 mm/slub.c:4309
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page last free pid 9 tgid 9 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0xe40 mm/page_alloc.c:2657
 __put_partials+0x14c/0x170 mm/slub.c:3142
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4104 [inline]
 slab_alloc_node mm/slub.c:4153 [inline]
 __kmalloc_cache_noprof+0x153/0x3e0 mm/slub.c:4309
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 kobject_uevent_env+0x265/0x1860 lib/kobject_uevent.c:540
 device_add+0x10e0/0x1a70 drivers/base/core.c:3646
 cdev_device_add+0x12b/0x270 fs/char_dev.c:556
 media_devnode_register+0x290/0x430 drivers/media/mc/mc-devnode.c:248
 __media_device_register+0x15b/0x2f0 drivers/media/mc/mc-device.c:733
 em28xx_usb_probe+0x1fd0/0x3720 drivers/media/usb/em28xx/em28xx-cards.c:4153
 usb_probe_interface+0x300/0x9c0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830

Memory state around the buggy address:
 ffff88811c8d0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88811c8d0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88811c8d0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff88811c8d0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88811c8d0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff88811c8d0730 by task v4l_id/4671

CPU: 1 UID: 0 PID: 4671 Comm: v4l_id Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x83/0xc0 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x250/0x7e0 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x222/0x490 drivers/media/v4l2-core/v4l2-dev.c:429
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x6cb/0x1390 fs/open.c:945
 vfs_open+0x82/0x3f0 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x1e6a/0x2d60 fs/namei.c:3987
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2f8de2e9a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffc8df70030 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffc8df70248 RCX: 00007f2f8de2e9a4
RDX: 0000000000000000 RSI: 00007ffc8df71f25 RDI: 00000000ffffff9c
RBP: 00007ffc8df71f25 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8df70260 R14: 0000559d00a0f670 R15: 00007f2f8e27da80
 </TASK>

Allocated by task 2974:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 2974:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x37/0x50 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2338 [inline]
 slab_free mm/slub.c:4598 [inline]
 kfree+0x130/0x470 mm/slub.c:4746
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2118 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x22a4/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88811c8d0000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1840 bytes inside of
 freed 8192-byte region [ffff88811c8d0000, ffff88811c8d2000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c8d0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 ffffea0004646200 0000000000000003
raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 ffffea0004646200 0000000000000003
head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
head: 0200000000000003 ffffea0004723401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2958, tgid 2958 (kworker/0:3), ts 42954210200, free_ts 42868287189
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556
 prep_new_page mm/page_alloc.c:1564 [inline]
 get_page_from_freelist+0xe76/0x2b90 mm/page_alloc.c:3474
 __alloc_pages_noprof+0x21c/0x22a0 mm/page_alloc.c:4751
 alloc_pages_mpol_noprof+0xeb/0x400 mm/mempolicy.c:2265
 alloc_slab_page mm/slub.c:2408 [inline]
 allocate_slab mm/slub.c:2574 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2627
 ___slab_alloc+0xd45/0x1750 mm/slub.c:3815
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3905
 __slab_alloc_node mm/slub.c:3980 [inline]
 slab_alloc_node mm/slub.c:4141 [inline]
 __kmalloc_cache_noprof+0x217/0x3e0 mm/slub.c:4309
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page last free pid 9 tgid 9 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0xe40 mm/page_alloc.c:2657
 __put_partials+0x14c/0x170 mm/slub.c:3142
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4104 [inline]
 slab_alloc_node mm/slub.c:4153 [inline]
 __kmalloc_cache_noprof+0x153/0x3e0 mm/slub.c:4309
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 kobject_uevent_env+0x265/0x1860 lib/kobject_uevent.c:540
 device_add+0x10e0/0x1a70 drivers/base/core.c:3646
 cdev_device_add+0x12b/0x270 fs/char_dev.c:556
 media_devnode_register+0x290/0x430 drivers/media/mc/mc-devnode.c:248
 __media_device_register+0x15b/0x2f0 drivers/media/mc/mc-device.c:733
 em28xx_usb_probe+0x1fd0/0x3720 drivers/media/usb/em28xx/em28xx-cards.c:4153
 usb_probe_interface+0x300/0x9c0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830

Memory state around the buggy address:
 ffff88811c8d0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88811c8d0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88811c8d0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff88811c8d0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88811c8d0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================