Warning: Permanently added '10.128.1.209' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 41.793171][ T29] audit: type=1400 audit(1729402926.995:80): avc: denied { execmem } for pid=2649 comm="syz-executor383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.834100][ T29] audit: type=1400 audit(1729402926.995:81): avc: denied { read write } for pid=2651 comm="syz-executor383" name="raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.858152][ T29] audit: type=1400 audit(1729402926.995:82): avc: denied { open } for pid=2651 comm="syz-executor383" path="/dev/raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.882031][ T29] audit: type=1400 audit(1729402926.995:83): avc: denied { ioctl } for pid=2651 comm="syz-executor383" path="/dev/raw-gadget" dev="devtmpfs" ino=140 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 42.064721][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 42.064721][ T36] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 42.065866][ T804] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 42.084611][ T2657] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 42.095165][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 42.214609][ T36] usb 1-1: Using ep0 maxpacket: 8
[ 42.221685][ T36] usb 1-1: config 0 has an invalid interface number: 191 but max is 0
[ 42.230162][ T36] usb 1-1: config 0 has no interface number 0
[ 42.234582][ T9] usb 4-1: Using ep0 maxpacket: 8
[ 42.236876][ T36] usb 1-1: config 0 interface 191 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 42.242077][ T804] usb 3-1: Using ep0 maxpacket: 8
[ 42.255315][ T36] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=b6.36
[ 42.259270][ T9] usb 4-1: config 0 has an invalid interface number: 191 but max is 0
[ 42.266722][ T36] usb 1-1: New USB device strings: Mfr=1, Product=226, SerialNumber=2
[ 42.266760][ T36] usb 1-1: Product: syz
[ 42.275018][ T9] usb 4-1: config 0 has no interface number 0
[ 42.283124][ T36] usb 1-1: Manufacturer: syz
[ 42.283154][ T36] usb 1-1: SerialNumber: syz
[ 42.283251][ T2657] usb 5-1: Using ep0 maxpacket: 8
[ 42.287875][ T9] usb 4-1: config 0 interface 191 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 42.293478][ T24] usb 2-1: Using ep0 maxpacket: 8
[ 42.299881][ T36] usb 1-1: config 0 descriptor??
[ 42.303892][ T804] usb 3-1: config 0 has an invalid interface number: 191 but max is 0
[ 42.323362][ T36] em28xx 1-1:0.191: New device syz syz @ 480 Mbps (0413:6023, interface 191, class 191)
[ 42.324136][ T804] usb 3-1: config 0 has no interface number 0
[ 42.325293][ T804] usb 3-1: config 0 interface 191 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 42.329356][ T36] em28xx 1-1:0.191: Video interface 191 found: isoc
[ 42.340046][ T9] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=b6.36
[ 42.349026][ T24] usb 2-1: config 0 has an invalid interface number: 191 but max is 0
[ 42.353275][ T9] usb 4-1: New USB device strings: Mfr=1, Product=226, SerialNumber=2
[ 42.364356][ T24] usb 2-1: config 0 has no interface number 0
[ 42.365025][ T24] usb 2-1: config 0 interface 191 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 42.371002][ T9] usb 4-1: Product: syz
[ 42.383944][ T24] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=b6.36
[ 42.388307][ T9] usb 4-1: Manufacturer: syz
[ 42.388337][ T9] usb 4-1: SerialNumber: syz
[ 42.396613][ T24] usb 2-1: New USB device strings: Mfr=1, Product=226, SerialNumber=2
[ 42.402809][ T804] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=b6.36
[ 42.413818][ T24] usb 2-1: Product: syz
[ 42.417999][ T804] usb 3-1: New USB device strings: Mfr=1, Product=226, SerialNumber=2
[ 42.418037][ T804] usb 3-1: Product: syz
[ 42.427111][ T24] usb 2-1: Manufacturer: syz
[ 42.431683][ T804] usb 3-1: Manufacturer: syz
[ 42.431710][ T804] usb 3-1: SerialNumber: syz
[ 42.438514][ T804] usb 3-1: config 0 descriptor??
[ 42.444925][ T24] usb 2-1: SerialNumber: syz
[ 42.455275][ T9] usb 4-1: config 0 descriptor??
[ 42.459121][ T2657] usb 5-1: config 0 has an invalid interface number: 191 but max is 0
[ 42.470603][ T804] em28xx 3-1:0.191: New device syz syz @ 480 Mbps (0413:6023, interface 191, class 191)
[ 42.475175][ T2657] usb 5-1: config 0 has no interface number 0
[ 42.479786][ T804] em28xx 3-1:0.191: Video interface 191 found: isoc
[ 42.486980][ T2657] usb 5-1: config 0 interface 191 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 42.494802][ T9] em28xx 4-1:0.191: New device syz syz @ 480 Mbps (0413:6023, interface 191, class 191)
[ 42.516712][ T2657] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=b6.36
[ 42.517198][ T9] em28xx 4-1:0.191: Video interface 191 found: isoc
[ 42.523274][ T2657] usb 5-1: New USB device strings: Mfr=1, Product=226, SerialNumber=2
[ 42.575668][ T2657] usb 5-1: Product: syz
[ 42.579873][ T2657] usb 5-1: Manufacturer: syz
[ 42.584609][ T2657] usb 5-1: SerialNumber: syz
[ 42.591700][ T24] usb 2-1: config 0 descriptor??
[ 42.603679][ T24] em28xx 2-1:0.191: New device syz syz @ 480 Mbps (0413:6023, interface 191, class 191)
executing program
[ 42.613573][ T24] em28xx 2-1:0.191: Video interface 191 found: isoc
[ 42.624080][ T2657] usb 5-1: config 0 descriptor??
[ 42.634328][ T2657] em28xx 5-1:0.191: New device syz syz @ 480 Mbps (0413:6023, interface 191, class 191)
[ 42.644281][ T2657] em28xx 5-1:0.191: Video interface 191 found: isoc
[ 42.651584][ T36] em28xx 1-1:0.191: unknown em28xx chip ID (0)
executing program
executing program
[ 42.718920][ T36] em28xx 1-1:0.191: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.728107][ T36] em28xx 1-1:0.191: board has no eeprom
[ 42.749817][ T804] em28xx 3-1:0.191: unknown em28xx chip ID (0)
executing program
[ 42.785403][ T9] em28xx 4-1:0.191: unknown em28xx chip ID (0)
[ 42.794573][ T36] em28xx 1-1:0.191: Identified as Leadtek Winfast USB II (card=7)
[ 42.802641][ T36] em28xx 1-1:0.191: analog set to isoc mode.
[ 42.809399][ T2665] em28xx 1-1:0.191: Registering V4L2 extension
[ 42.819533][ T804] em28xx 3-1:0.191: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.828484][ T804] em28xx 3-1:0.191: board has no eeprom
executing program
[ 42.835964][ T36] usb 1-1: USB disconnect, device number 2
[ 42.843761][ T36] em28xx 1-1:0.191: Disconnecting em28xx
[ 42.850628][ T9] em28xx 4-1:0.191: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.859854][ T9] em28xx 4-1:0.191: board has no eeprom
[ 42.878937][ T24] em28xx 2-1:0.191: unknown em28xx chip ID (0)
[ 42.905428][ T2657] em28xx 5-1:0.191: unknown em28xx chip ID (0)
[ 42.934573][ T804] em28xx 3-1:0.191: Identified as Leadtek Winfast USB II (card=7)
[ 42.942485][ T804] em28xx 3-1:0.191: analog set to isoc mode.
[ 42.954767][ T2665] em28xx 1-1:0.191: Config register raw data: 0xffffffed
[ 42.954777][ T9] em28xx 4-1:0.191: Identified as Leadtek Winfast USB II (card=7)
[ 42.954827][ T2665] em28xx 1-1:0.191: AC97 chip type couldn't be determined
[ 42.961860][ T9] em28xx 4-1:0.191: analog set to isoc mode.
[ 42.979006][ T804] usb 3-1: USB disconnect, device number 2
[ 42.983264][ T2665] em28xx 1-1:0.191: No AC97 audio processor
[ 42.989516][ T9] usb 4-1: USB disconnect, device number 2
[ 43.002078][ T9] em28xx 4-1:0.191: Disconnecting em28xx
[ 43.007358][ T24] em28xx 2-1:0.191: failed to trigger read from i2c address 0xa0 (error=-5)
[ 43.013060][ T804] em28xx 3-1:0.191: Disconnecting em28xx
[ 43.016490][ T24] em28xx 2-1:0.191: board has no eeprom
[ 43.025139][ T2657] em28xx 5-1:0.191: failed to trigger read from i2c address 0xa0 (error=-5)
[ 43.037647][ T2657] em28xx 5-1:0.191: board has no eeprom
[ 43.055361][ T2665] usb 1-1: Decoder not found
[ 43.060024][ T2665] em28xx 1-1:0.191: failed to create media graph
[ 43.066813][ T2665] em28xx 1-1:0.191: V4L2 device video0 deregistered
[ 43.075498][ T2665] em28xx 1-1:0.191: Remote control support is not available for this card.
[ 43.084298][ T2668] em28xx 3-1:0.191: Registering V4L2 extension
[ 43.104532][ T24] em28xx 2-1:0.191: Identified as Leadtek Winfast USB II (card=7)
[ 43.112432][ T24] em28xx 2-1:0.191: analog set to isoc mode.
[ 43.118986][ T2657] em28xx 5-1:0.191: Identified as Leadtek Winfast USB II (card=7)
[ 43.127224][ T2657] em28xx 5-1:0.191: analog set to isoc mode.
[ 43.138164][ T24] usb 2-1: USB disconnect, device number 2
[ 43.153530][ T2657] usb 5-1: USB disconnect, device number 2
[ 43.165476][ T24] em28xx 2-1:0.191: Disconnecting em28xx
[ 43.177887][ T2657] em28xx 5-1:0.191: Disconnecting em28xx
[ 43.210031][ T2668] em28xx 3-1:0.191: Config register raw data: 0xffffffed
[ 43.217441][ T2668] em28xx 3-1:0.191: AC97 chip type couldn't be determined
[ 43.224794][ T2668] em28xx 3-1:0.191: No AC97 audio processor
[ 43.232571][ T2668] usb 3-1: Decoder not found
[ 43.238063][ T2668] em28xx 3-1:0.191: failed to create media graph
[ 43.244426][ T2668] em28xx 3-1:0.191: V4L2 device video0 deregistered
[ 43.252173][ T2668] em28xx 3-1:0.191: Remote control support is not available for this card.
[ 43.261079][ T8] em28xx 4-1:0.191: Registering V4L2 extension
[ 43.327986][ T2689] modprobe (2689) used greatest stack depth: 22768 bytes left
[ 43.335717][ T8] em28xx 4-1:0.191: Config register raw data: 0xffffffed
[ 43.342784][ T8] em28xx 4-1:0.191: AC97 chip type couldn't be determined
[ 43.350017][ T8] em28xx 4-1:0.191: No AC97 audio processor
[ 43.357823][ T8] usb 4-1: Decoder not found
[ 43.362464][ T8] em28xx 4-1:0.191: failed to create media graph
[ 43.368937][ T8] em28xx 4-1:0.191: V4L2 device video0 deregistered
[ 43.377917][ T8] em28xx 4-1:0.191: Remote control support is not available for this card.
[ 43.386959][ T36] em28xx 1-1:0.191: Closing input extension
[ 43.393272][ T2665] em28xx 2-1:0.191: Registering V4L2 extension
[ 43.404748][ T36] em28xx 1-1:0.191: Freeing device
[ 43.482789][ T2665] em28xx 2-1:0.191: Config register raw data: 0xffffffed
[ 43.490251][ T2665] em28xx 2-1:0.191: AC97 chip type couldn't be determined
[ 43.497741][ T2665] em28xx 2-1:0.191: No AC97 audio processor
[ 43.505848][ T2665] usb 2-1: Decoder not found
[ 43.510510][ T2665] em28xx 2-1:0.191: failed to create media graph
[ 43.517818][ T2665] em28xx 2-1:0.191: V4L2 device video0 deregistered
[ 43.525772][ T2665] em28xx 2-1:0.191: Remote control support is not available for this card.
[ 43.526012][ T2691] ==================================================================
[ 43.534775][ T2662] em28xx 5-1:0.191: Registering V4L2 extension
[ 43.542444][ T2691] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 43.556096][ T2691] Read of size 8 at addr ffff888113ab8730 by task v4l_id/2691
[ 43.563573][ T2691]
[ 43.565914][ T2691] CPU: 0 UID: 0 PID: 2691 Comm: v4l_id Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
[ 43.576259][ T2691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 43.586432][ T2691] Call Trace:
[ 43.589721][ T2691]
[ 43.592661][ T2691] dump_stack_lvl+0x116/0x1f0
[ 43.597362][ T2691] print_report+0xc3/0x620
[ 43.601824][ T2691] ? __virt_addr_valid+0x5e/0x590
[ 43.606863][ T2691] ? __phys_addr+0xc6/0x150
[ 43.611393][ T2691] kasan_report+0xd9/0x110
[ 43.615844][ T2691] ? v4l2_fh_init+0x27d/0x2c0
[ 43.620581][ T2691] ? v4l2_fh_init+0x27d/0x2c0
[ 43.625296][ T2691] v4l2_fh_init+0x27d/0x2c0
[ 43.629824][ T2691] v4l2_fh_open+0x83/0xc0
[ 43.634184][ T2691] em28xx_v4l2_open+0x250/0x7e0
[ 43.639096][ T2691] v4l2_open+0x222/0x490
[ 43.643402][ T2691] ? __pfx_v4l2_open+0x10/0x10
[ 43.648241][ T2691] chrdev_open+0x237/0x6a0
[ 43.652734][ T2691] ? __pfx_chrdev_open+0x10/0x10
[ 43.657741][ T2691] ? lockref_get+0x15/0x50
[ 43.662222][ T2691] do_dentry_open+0x6cb/0x1390
[ 43.667073][ T2691] ? __pfx_chrdev_open+0x10/0x10
[ 43.672060][ T2691] ? inode_permission+0xdd/0x5f0
[ 43.677057][ T2691] vfs_open+0x82/0x3f0
[ 43.681193][ T2691] ? may_open+0x1f2/0x400
[ 43.685587][ T2691] path_openat+0x1e6a/0x2d60
[ 43.690271][ T2691] ? __pfx_path_openat+0x10/0x10
[ 43.695296][ T2691] ? __pfx___lock_acquire+0x10/0x10
[ 43.700566][ T2691] do_filp_open+0x1dc/0x430
[ 43.705172][ T2691] ? __pfx_do_filp_open+0x10/0x10
[ 43.710290][ T2691] ? find_held_lock+0x2d/0x110
[ 43.715115][ T2691] ? _raw_spin_unlock+0x28/0x50
[ 43.720016][ T2691] ? alloc_fd+0x2d7/0x6c0
[ 43.724409][ T2691] do_sys_openat2+0x17a/0x1e0
[ 43.725425][ T2662] em28xx 5-1:0.191: Config register raw data: 0xffffffed
[ 43.729128][ T2691] ? __pfx_do_sys_openat2+0x10/0x10
[ 43.729175][ T2691] ? do_user_addr_fault+0xd97/0x12c0
[ 43.736345][ T2662] em28xx 5-1:0.191: AC97 chip type couldn't be determined
[ 43.741445][ T2691] ? __pfx_lock_release+0x10/0x10
[ 43.746796][ T2662] em28xx 5-1:0.191: No AC97 audio processor
[ 43.753825][ T2691] ? trace_lock_acquire+0x14a/0x1d0
[ 43.762027][ T2662] usb 5-1: Decoder not found
[ 43.764768][ T2691] __x64_sys_openat+0x175/0x210
[ 43.764815][ T2691] ? __pfx___x64_sys_openat+0x10/0x10
[ 43.770076][ T2662] em28xx 5-1:0.191: failed to create media graph
[ 43.774583][ T2691] ? do_user_addr_fault+0x839/0x12c0
[ 43.779744][ T2662] em28xx 5-1:0.191: V4L2 device video1 deregistered
[ 43.784897][ T2691] do_syscall_64+0xcd/0x250
[ 43.784953][ T2691] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 43.793796][ T2662] em28xx 5-1:0.191: Remote control support is not available for this card.
[ 43.796746][ T2691] RIP: 0033:0x7f43980829a4
[ 43.796789][ T2691] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 43.804115][ T2657] em28xx 5-1:0.191: Closing input extension
[ 43.807875][ T2691] RSP: 002b:00007fff562df9c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 43.807911][ T2691] RAX: ffffffffffffffda RBX: 00007fff562dfbd8 RCX: 00007f43980829a4
[ 43.817480][ T2657] em28xx 5-1:0.191: Freeing device
[ 43.822373][ T2691] RDX: 0000000000000000 RSI: 00007fff562dff26 RDI: 00000000ffffff9c
[ 43.857385][ T36] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 43.860809][ T2691] RBP: 00007fff562dff26 R08: 0000000000000000 R09: 0000000000000000
[ 43.860834][ T2691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 43.860856][ T2691] R13: 00007fff562dfbf0 R14: 000055937c3bc670 R15: 00007f43984d1a80
[ 43.860889][ T2691]
[ 43.916620][ T2691]
[ 43.918971][ T2691] Allocated by task 2665:
[ 43.923338][ T2691] kasan_save_stack+0x33/0x60
[ 43.928077][ T2691] kasan_save_track+0x14/0x30
[ 43.932833][ T2691] __kasan_kmalloc+0x8f/0xa0
[ 43.937485][ T2691] em28xx_v4l2_init+0x114/0x4050
[ 43.942485][ T2691] em28xx_init_extension+0x137/0x200
[ 43.947826][ T2691] request_module_async+0x61/0x70
[ 43.952899][ T2691] process_one_work+0x9c5/0x1ba0
[ 43.957899][ T2691] worker_thread+0x6c8/0xf00
[ 43.962550][ T2691] kthread+0x2c1/0x3a0
[ 43.966672][ T2691] ret_from_fork+0x45/0x80
[ 43.971159][ T2691] ret_from_fork_asm+0x1a/0x30
[ 43.975988][ T2691]
[ 43.978342][ T2691] Freed by task 2665:
[ 43.982344][ T2691] kasan_save_stack+0x33/0x60
[ 43.987047][ T2691] kasan_save_track+0x14/0x30
[ 43.991753][ T2691] kasan_save_free_info+0x3b/0x60
[ 43.996800][ T2691] __kasan_slab_free+0x37/0x50
[ 44.001589][ T2691] kfree+0x130/0x480
[ 44.005562][ T2691] em28xx_v4l2_init+0x22a4/0x4050
[ 44.010624][ T2691] em28xx_init_extension+0x137/0x200
[ 44.015958][ T2691] request_module_async+0x61/0x70
[ 44.020996][ T2691] process_one_work+0x9c5/0x1ba0
[ 44.025958][ T2691] worker_thread+0x6c8/0xf00
[ 44.030570][ T2691] kthread+0x2c1/0x3a0
[ 44.034659][ T2691] ret_from_fork+0x45/0x80
[ 44.039130][ T2691] ret_from_fork_asm+0x1a/0x30
[ 44.043918][ T2691]
[ 44.046243][ T2691] The buggy address belongs to the object at ffff888113ab8000
[ 44.046243][ T2691] which belongs to the cache kmalloc-8k of size 8192
[ 44.060309][ T2691] The buggy address is located 1840 bytes inside of
[ 44.060309][ T2691] freed 8192-byte region [ffff888113ab8000, ffff888113aba000)
[ 44.074306][ T2691]
[ 44.076642][ T2691] The buggy address belongs to the physical page:
[ 44.083066][ T2691] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113ab8
[ 44.084584][ T36] usb 1-1: Using ep0 maxpacket: 8
[ 44.091919][ T2691] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 44.098871][ T36] usb 1-1: config 0 has an invalid interface number: 191 but max is 0
[ 44.105458][ T2691] flags: 0x200000000000040(head|node=0|zone=2)
[ 44.105486][ T2691] page_type: f5(slab)
[ 44.105514][ T2691] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 44.105543][ T2691] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 44.113754][ T36] usb 1-1: config 0 has no interface number 0
[ 44.119842][ T2691] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 44.119874][ T2691] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 44.129682][ T36] usb 1-1: config 0 interface 191 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 44.132430][ T2691] head: 0200000000000003 ffffea00044eae01 ffffffffffffffff 0000000000000000
[ 44.143864][ T36] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=b6.36
[ 44.147067][ T2691] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 44.147088][ T2691] page dumped because: kasan: bad access detected
[ 44.147102][ T2691] page_owner tracks the page as allocated
[ 44.147112][ T2691] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2665, tgid 2665 (kworker/1:4), ts 43399591807, free_ts 35191330740
[ 44.160305][ T36] usb 1-1: New USB device strings: Mfr=1, Product=226, SerialNumber=2
[ 44.168842][ T2691] post_alloc_hook+0x2d1/0x350
[ 44.168880][ T2691] get_page_from_freelist+0xd5c/0x2630
[ 44.179941][ T36] usb 1-1: Product: syz
[ 44.188560][ T2691] __alloc_pages_noprof+0x221/0x2270
[ 44.188600][ T2691] alloc_pages_mpol_noprof+0xeb/0x400
[ 44.188633][ T2691] new_slab+0x2ba/0x3f0
[ 44.197667][ T36] usb 1-1: Manufacturer: syz
[ 44.206300][ T2691] ___slab_alloc+0xd45/0x1760
[ 44.206338][ T2691] __slab_alloc.constprop.0+0x56/0xb0
[ 44.206370][ T2691] __kmalloc_cache_noprof+0x27a/0x2c0
[ 44.212781][ T36] usb 1-1: SerialNumber: syz
[ 44.218483][ T2691] em28xx_v4l2_init+0x114/0x4050
[ 44.218529][ T2691] em28xx_init_extension+0x137/0x200
[ 44.218557][ T2691] request_module_async+0x61/0x70
[ 44.244617][ T2657] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 44.247970][ T2691] process_one_work+0x9c5/0x1ba0
[ 44.254000][ T36] usb 1-1: config 0 descriptor??
[ 44.258193][ T2691] worker_thread+0x6c8/0xf00
[ 44.258242][ T2691] kthread+0x2c1/0x3a0
[ 44.268790][ T36] em28xx 1-1:0.191: New device syz syz @ 480 Mbps (0413:6023, interface 191, class 191)
[ 44.273080][ T2691] ret_from_fork+0x45/0x80
[ 44.277366][ T36] em28xx 1-1:0.191: Video interface 191 found: isoc
[ 44.281818][ T2691] ret_from_fork_asm+0x1a/0x30
[ 44.368891][ T2691] page last free pid 2639 tgid 2639 stack trace:
[ 44.375250][ T2691] free_unref_page+0x58a/0xb50
[ 44.380039][ T2691] __put_partials+0x14c/0x170
[ 44.384754][ T2691] qlist_free_all+0x4e/0x120
[ 44.389386][ T2691] kasan_quarantine_reduce+0x192/0x1e0
[ 44.394899][ T2691] __kasan_slab_alloc+0x4e/0x70
[ 44.399804][ T2691] kmem_cache_alloc_node_noprof+0x13e/0x2e0
[ 44.405736][ T2691] __alloc_skb+0x2b1/0x380
[ 44.410214][ T2691] tcp_stream_alloc_skb+0x34/0x570
[ 44.415396][ T2691] tcp_sendmsg_locked+0xeb5/0x36b0
[ 44.420655][ T2691] tcp_sendmsg+0x2e/0x50
[ 44.424947][ T2691] inet_sendmsg+0xb9/0x140
[ 44.429436][ T2691] sock_write_iter+0x4ac/0x5b0
[ 44.434335][ T2691] vfs_write+0x6b5/0x1140
[ 44.438721][ T2691] ksys_write+0x1fa/0x260
[ 44.443199][ T2691] do_syscall_64+0xcd/0x250
[ 44.447752][ T2691] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 44.453727][ T2691]
[ 44.456078][ T2691] Memory state around the buggy address:
[ 44.461828][ T2691] ffff888113ab8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.469927][ T2691] ffff888113ab8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.478015][ T2691] >ffff888113ab8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.486087][ T2691] ^
[ 44.491729][ T2691] ffff888113ab8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.494575][ T2657] usb 5-1: Using ep0 maxpacket: 8
[ 44.499793][ T2691] ffff888113ab8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.506696][ T2657] usb 5-1: config 0 has an invalid interface number: 191 but max is 0
[ 44.512874][ T2691] ==================================================================
[ 44.513358][ T2691] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 44.513379][ T2691] CPU: 0 UID: 0 PID: 2691 Comm: v4l_id Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
[ 44.513419][ T2691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 44.513438][ T2691] Call Trace:
[ 44.513449][ T2691]
[ 44.513460][ T2691] dump_stack_lvl+0x3d/0x1f0
[ 44.513506][ T2691] panic+0x71d/0x800
[ 44.513550][ T2691] ? __pfx_panic+0x10/0x10
[ 44.513601][ T2691] ? check_panic_on_warn+0x1f/0xb0
[ 44.513649][ T2691] check_panic_on_warn+0xab/0xb0
[ 44.513695][ T2691] end_report+0x117/0x180
[ 44.513743][ T2691] kasan_report+0xe9/0x110
[ 44.513791][ T2691] ? v4l2_fh_init+0x27d/0x2c0
[ 44.513844][ T2691] ? v4l2_fh_init+0x27d/0x2c0
[ 44.513895][ T2691] v4l2_fh_init+0x27d/0x2c0
[ 44.513942][ T2691] v4l2_fh_open+0x83/0xc0
[ 44.513988][ T2691] em28xx_v4l2_open+0x250/0x7e0
[ 44.514035][ T2691] v4l2_open+0x222/0x490
[ 44.514076][ T2691] ? __pfx_v4l2_open+0x10/0x10
[ 44.514118][ T2691] chrdev_open+0x237/0x6a0
[ 44.514152][ T2691] ? __pfx_chrdev_open+0x10/0x10
[ 44.514212][ T2691] ? lockref_get+0x15/0x50
[ 44.514273][ T2691] do_dentry_open+0x6cb/0x1390
[ 44.514326][ T2691] ? __pfx_chrdev_open+0x10/0x10
[ 44.514361][ T2691] ? inode_permission+0xdd/0x5f0
[ 44.514406][ T2691] vfs_open+0x82/0x3f0
[ 44.514443][ T2691] ? may_open+0x1f2/0x400
[ 44.514491][ T2691] path_openat+0x1e6a/0x2d60
[ 44.514550][ T2691] ? __pfx_path_openat+0x10/0x10
[ 44.514611][ T2691] ? __pfx___lock_acquire+0x10/0x10
[ 44.514662][ T2691] do_filp_open+0x1dc/0x430
[ 44.514714][ T2691] ? __pfx_do_filp_open+0x10/0x10
[ 44.514766][ T2691] ? find_held_lock+0x2d/0x110
[ 44.514815][ T2691] ? _raw_spin_unlock+0x28/0x50
[ 44.514853][ T2691] ? alloc_fd+0x2d7/0x6c0
[ 44.514904][ T2691] do_sys_openat2+0x17a/0x1e0
[ 44.514945][ T2691] ? __pfx_do_sys_openat2+0x10/0x10
[ 44.514988][ T2691] ? do_user_addr_fault+0xd97/0x12c0
[ 44.515035][ T2691] ? __pfx_lock_release+0x10/0x10
[ 44.515081][ T2691] ? trace_lock_acquire+0x14a/0x1d0
[ 44.515120][ T2691] __x64_sys_openat+0x175/0x210
[ 44.515168][ T2691] ? __pfx___x64_sys_openat+0x10/0x10
[ 44.515213][ T2691] ? do_user_addr_fault+0x839/0x12c0
[ 44.515263][ T2691] do_syscall_64+0xcd/0x250
[ 44.515324][ T2691] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 44.515375][ T2691] RIP: 0033:0x7f43980829a4
[ 44.515412][ T2691] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 44.515444][ T2691] RSP: 002b:00007fff562df9c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 44.515477][ T2691] RAX: ffffffffffffffda RBX: 00007fff562dfbd8 RCX: 00007f43980829a4
[ 44.515501][ T2691] RDX: 0000000000000000 RSI: 00007fff562dff26 RDI: 00000000ffffff9c
[ 44.515524][ T2691] RBP: 00007fff562dff26 R08: 0000000000000000 R09: 0000000000000000
[ 44.515546][ T2691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 44.515568][ T2691] R13: 00007fff562dfbf0 R14: 000055937c3bc670 R15: 00007f43984d1a80
[ 44.515600][ T2691]
[ 44.521288][ T2691] Kernel Offset: disabled