Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[   38.028741][   T29] audit: type=1400 audit(1731286639.475:80): avc:  denied  { execmem } for  pid=2961 comm="syz-executor201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   38.063801][   T29] audit: type=1400 audit(1731286639.485:81): avc:  denied  { read write } for  pid=2963 comm="syz-executor201" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   38.087802][   T29] audit: type=1400 audit(1731286639.485:82): avc:  denied  { open } for  pid=2963 comm="syz-executor201" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   38.111559][   T29] audit: type=1400 audit(1731286639.485:83): avc:  denied  { ioctl } for  pid=2963 comm="syz-executor201" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   38.280629][   T36] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   38.300484][ T1176] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   38.310882][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   38.319561][ T2824] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   38.370498][    T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   38.432350][   T36] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   38.443173][   T36] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   38.454123][   T36] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   38.468800][ T1176] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   38.479592][ T1176] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   38.482859][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   38.490509][ T1176] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   38.491831][   T36] usb 1-1: New USB device found, idVendor=2304, idProduct=021a, bcdDevice=18.29
[   38.501344][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   38.514304][   T36] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   38.523303][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   38.523419][ T2824] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   38.534239][   T36] usb 1-1: Product: syz
[   38.534260][   T36] usb 1-1: Manufacturer: syz
[   38.534279][   T36] usb 1-1: SerialNumber: syz
[   38.542274][ T2824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   38.560530][ T1176] usb 2-1: New USB device found, idVendor=2304, idProduct=021a, bcdDevice=18.29
[   38.565906][ T2824] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   38.570055][ T1176] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   38.577634][    T9] usb 5-1: New USB device found, idVendor=2304, idProduct=021a, bcdDevice=18.29
[   38.579223][ T1176] usb 2-1: Product: syz
[   38.590148][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   38.599187][ T1176] usb 2-1: Manufacturer: syz
[   38.599209][ T1176] usb 2-1: SerialNumber: syz
[   38.601011][   T36] usb 1-1: config 0 descriptor??
[   38.612101][    T9] usb 5-1: Product: syz
[   38.612122][    T9] usb 5-1: Manufacturer: syz
[   38.612140][    T9] usb 5-1: SerialNumber: syz
[   38.627115][   T36] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2304:021a, interface 0, class 0)
[   38.630765][ T2824] usb 3-1: New USB device found, idVendor=2304, idProduct=021a, bcdDevice=18.29
[   38.633514][   T36] em28xx 1-1:0.0: Video interface 0 found: isoc
[   38.641418][ T2824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   38.655701][ T1176] usb 2-1: config 0 descriptor??
[   38.659790][ T2824] usb 3-1: Product: syz
[   38.659812][ T2824] usb 3-1: Manufacturer: syz
[   38.679990][ T1176] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2304:021a, interface 0, class 0)
[   38.687569][ T2824] usb 3-1: SerialNumber: syz
[   38.693872][ T1176] em28xx 2-1:0.0: Video interface 0 found: isoc
[   38.701903][    T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   38.746680][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   38.757599][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   38.772982][    T9] usb 5-1: config 0 descriptor??
[   38.779311][ T2824] usb 3-1: config 0 descriptor??
[   38.787017][    T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2304:021a, interface 0, class 0)
[   38.796315][    T9] em28xx 5-1:0.0: Video interface 0 found: isoc
[   38.805147][ T2824] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2304:021a, interface 0, class 0)
[   38.814464][ T2824] em28xx 3-1:0.0: Video interface 0 found: isoc
[   38.822947][    T8] usb 4-1: New USB device found, idVendor=2304, idProduct=021a, bcdDevice=18.29
executing program
executing program
[   38.832103][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   38.840169][    T8] usb 4-1: Product: syz
[   38.844489][    T8] usb 4-1: Manufacturer: syz
[   38.849201][    T8] usb 4-1: SerialNumber: syz
[   38.857812][    T8] usb 4-1: config 0 descriptor??
[   38.868599][    T8] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2304:021a, interface 0, class 0)
[   38.878000][    T8] em28xx 4-1:0.0: Video interface 0 found: isoc
[   38.910827][   T36] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[   38.931207][ T1176] em28xx 2-1:0.0: unknown em28xx chip ID (0)
executing program
executing program
[   38.973526][   T36] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   38.981816][   T36] em28xx 1-1:0.0: board has no eeprom
[   38.993560][ T1176] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   39.001739][ T1176] em28xx 2-1:0.0: board has no eeprom
[   39.050796][   T36] em28xx 1-1:0.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9)
[   39.051160][ T2824] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[   39.066826][   T36] em28xx 1-1:0.0: analog set to isoc mode.
[   39.067382][ T2975] em28xx 1-1:0.0: Registering V4L2 extension
[   39.074346][    T9] em28xx 5-1:0.0: unknown em28xx chip ID (0)
executing program
[   39.083449][ T1176] em28xx 2-1:0.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9)
[   39.106981][ T1176] em28xx 2-1:0.0: analog set to isoc mode.
[   39.114106][ T2975] em28xx 1-1:0.0: reading from i2c device at 0x4a failed (error=-5)
[   39.123555][ T2975] em28xx 1-1:0.0: reading from i2c device at 0x48 failed (error=-5)
[   39.134949][   T36] usb 1-1: USB disconnect, device number 2
[   39.141920][   T36] em28xx 1-1:0.0: Disconnecting em28xx
[   39.147580][ T2975] em28xx 1-1:0.0: Config register raw data: 0xffffffed
[   39.152590][    T8] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[   39.154607][ T2975] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[   39.162653][    T9] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   39.167486][ T2975] em28xx 1-1:0.0: No AC97 audio processor
[   39.181460][    T9] em28xx 5-1:0.0: board has no eeprom
[   39.182378][ T1176] usb 2-1: USB disconnect, device number 2
[   39.187286][ T2824] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   39.197387][ T2975] usb 1-1: Decoder not found
[   39.201106][ T2824] em28xx 3-1:0.0: board has no eeprom
[   39.205588][ T2975] em28xx 1-1:0.0: failed to create media graph
[   39.218048][ T2975] em28xx 1-1:0.0: V4L2 device video0 deregistered
[   39.225458][ T1176] em28xx 2-1:0.0: Disconnecting em28xx
[   39.233042][ T2975] em28xx 1-1:0.0: Remote control support is not available for this card.
[   39.242103][ T2987] em28xx 2-1:0.0: Registering V4L2 extension
[   39.263389][ T2987] em28xx 2-1:0.0: Config register raw data: 0xffffffed
[   39.270273][ T2987] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[   39.277312][ T2987] em28xx 2-1:0.0: No AC97 audio processor
[   39.280539][    T9] em28xx 5-1:0.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9)
[   39.285355][ T2987] usb 2-1: Decoder not found
[   39.299154][    T9] em28xx 5-1:0.0: analog set to isoc mode.
[   39.309852][ T2987] em28xx 2-1:0.0: failed to create media graph
[   39.312081][    T8] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   39.317176][ T2987] em28xx 2-1:0.0: V4L2 device video0 deregistered
[   39.324027][    T8] em28xx 4-1:0.0: board has no eeprom
[   39.331806][ T2987] em28xx 2-1:0.0: Remote control support is not available for this card.
[   39.337594][ T2824] em28xx 3-1:0.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9)
[   39.344418][   T36] em28xx 1-1:0.0: Closing input extension
[   39.360281][ T2824] em28xx 3-1:0.0: analog set to isoc mode.
[   39.372912][ T2978] em28xx 5-1:0.0: Registering V4L2 extension
[   39.391755][   T36] em28xx 1-1:0.0: Freeing device
[   39.395296][    T9] usb 5-1: USB disconnect, device number 2
[   39.405275][ T2824] usb 3-1: USB disconnect, device number 2
[   39.413622][    T9] em28xx 5-1:0.0: Disconnecting em28xx
[   39.420470][    T8] em28xx 4-1:0.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9)
[   39.436514][    T8] em28xx 4-1:0.0: analog set to isoc mode.
[   39.443986][ T2824] em28xx 3-1:0.0: Disconnecting em28xx
[   39.453360][ T2978] em28xx 5-1:0.0: Config register raw data: 0xffffffed
[   39.460283][ T2978] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[   39.467517][ T2978] em28xx 5-1:0.0: No AC97 audio processor
[   39.478801][    T8] usb 4-1: USB disconnect, device number 2
[   39.487191][    T8] em28xx 4-1:0.0: Disconnecting em28xx
[   39.494550][ T2978] usb 5-1: Decoder not found
[   39.499221][ T2978] em28xx 5-1:0.0: failed to create media graph
[   39.505971][ T2978] em28xx 5-1:0.0: V4L2 device video0 deregistered
[   39.513984][ T2978] em28xx 5-1:0.0: Remote control support is not available for this card.
[   39.514158][ T2993] ==================================================================
[   39.522587][ T2973] em28xx 3-1:0.0: Registering V4L2 extension
[   39.530461][ T2993] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[   39.543950][ T2993] Read of size 8 at addr ffff88812298c730 by task v4l_id/2993
[   39.551437][ T2993] 
[   39.553802][ T2993] CPU: 1 UID: 0 PID: 2993 Comm: v4l_id Not tainted 6.12.0-rc6-syzkaller-00106-gde9df030ccb5 #0
[   39.561092][ T2973] em28xx 3-1:0.0: Config register raw data: 0xffffffed
[   39.564135][ T2993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   39.571042][ T2973] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[   39.581023][ T2993] Call Trace:
[   39.581036][ T2993]  <TASK>
[   39.581046][ T2993]  dump_stack_lvl+0x116/0x1f0
[   39.587971][ T2973] em28xx 3-1:0.0: No AC97 audio processor
[   39.591235][ T2993]  print_report+0xc3/0x620
[   39.591269][ T2993]  ? __virt_addr_valid+0x5e/0x590
[   39.597521][ T2973] usb 3-1: Decoder not found
[   39.598844][ T2993]  ? __phys_addr+0xc6/0x150
[   39.604611][ T2973] em28xx 3-1:0.0: failed to create media graph
[   39.608949][ T2993]  kasan_report+0xd9/0x110
[   39.614656][ T2973] em28xx 3-1:0.0: V4L2 device video1 deregistered
[   39.618522][ T2993]  ? v4l2_fh_init+0x27d/0x2c0
[   39.624490][ T2973] em28xx 3-1:0.0: Remote control support is not available for this card.
[   39.629143][ T2993]  ? v4l2_fh_init+0x27d/0x2c0
[   39.634245][ T2824] em28xx 3-1:0.0: Closing input extension
[   39.639974][ T2993]  v4l2_fh_init+0x27d/0x2c0
[   39.646831][ T2824] em28xx 3-1:0.0: Freeing device
[   39.653029][ T2993]  v4l2_fh_open+0x83/0xc0
[   39.653068][ T2993]  em28xx_v4l2_open+0x250/0x7e0
[   39.653100][ T2993]  v4l2_open+0x222/0x490
[   39.686510][ T2993]  ? __pfx_v4l2_open+0x10/0x10
[   39.691319][ T2993]  chrdev_open+0x237/0x6a0
[   39.695778][ T2993]  ? __pfx_chrdev_open+0x10/0x10
[   39.700751][ T2993]  ? lockref_get+0x15/0x50
[   39.705206][ T2993]  do_dentry_open+0x6cb/0x1390
[   39.710011][ T2993]  ? __pfx_chrdev_open+0x10/0x10
[   39.714984][ T2993]  ? inode_permission+0xdd/0x5f0
[   39.719962][ T2993]  vfs_open+0x82/0x3f0
[   39.724051][ T2993]  ? may_open+0x1f2/0x400
[   39.728374][ T2993]  path_openat+0x1e6a/0x2d60
[   39.732963][ T2993]  ? __pfx_path_openat+0x10/0x10
[   39.737901][ T2993]  ? __pfx___lock_acquire+0x10/0x10
[   39.743094][ T2993]  do_filp_open+0x1dc/0x430
[   39.747596][ T2993]  ? __pfx_do_filp_open+0x10/0x10
[   39.752615][ T2993]  ? find_held_lock+0x2d/0x110
[   39.757379][ T2993]  ? _raw_spin_unlock+0x28/0x50
[   39.762228][ T2993]  ? alloc_fd+0x2d7/0x6c0
[   39.766556][ T2993]  do_sys_openat2+0x17a/0x1e0
[   39.771225][ T2993]  ? __pfx_do_sys_openat2+0x10/0x10
[   39.776415][ T2993]  ? do_user_addr_fault+0xd97/0x12c0
[   39.781695][ T2993]  ? __pfx_lock_release+0x10/0x10
[   39.786714][ T2993]  ? trace_lock_acquire+0x14a/0x1d0
[   39.791907][ T2993]  __x64_sys_openat+0x175/0x210
[   39.796755][ T2993]  ? __pfx___x64_sys_openat+0x10/0x10
[   39.802122][ T2993]  ? do_user_addr_fault+0x839/0x12c0
[   39.807404][ T2993]  do_syscall_64+0xcd/0x250
[   39.811912][ T2993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   39.817817][ T2993] RIP: 0033:0x7fa05d16d9a4
[   39.822232][ T2993] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[   39.841921][ T2993] RSP: 002b:00007ffe6e2042f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   39.850321][ T2993] RAX: ffffffffffffffda RBX: 00007ffe6e204508 RCX: 00007fa05d16d9a4
[   39.858288][ T2993] RDX: 0000000000000000 RSI: 00007ffe6e205f27 RDI: 00000000ffffff9c
[   39.866259][ T2993] RBP: 00007ffe6e205f27 R08: 0000000000000000 R09: 0000000000000000
[   39.874245][ T2993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   39.882223][ T2993] R13: 00007ffe6e204520 R14: 00005585ee211670 R15: 00007fa05d5bca80
[   39.890205][ T2993]  </TASK>
[   39.893214][ T2993] 
[   39.895546][ T2993] Allocated by task 2978:
[   39.899857][ T2993]  kasan_save_stack+0x33/0x60
[   39.904532][ T2993]  kasan_save_track+0x14/0x30
[   39.909200][ T2993]  __kasan_kmalloc+0x8f/0xa0
[   39.913781][ T2993]  em28xx_v4l2_init+0x114/0x4050
[   39.918716][ T2993]  em28xx_init_extension+0x137/0x200
[   39.923988][ T2993]  request_module_async+0x61/0x70
[   39.929002][ T2993]  process_one_work+0x9c5/0x1ba0
[   39.933950][ T2993]  worker_thread+0x6c8/0xf00
[   39.938533][ T2993]  kthread+0x2c1/0x3a0
[   39.942591][ T2993]  ret_from_fork+0x45/0x80
[   39.947002][ T2993]  ret_from_fork_asm+0x1a/0x30
[   39.951758][ T2993] 
[   39.954068][ T2993] Freed by task 2978:
[   39.958032][ T2993]  kasan_save_stack+0x33/0x60
[   39.962709][ T2993]  kasan_save_track+0x14/0x30
[   39.967379][ T2993]  kasan_save_free_info+0x3b/0x60
[   39.972395][ T2993]  __kasan_slab_free+0x37/0x50
[   39.977152][ T2993]  kfree+0x130/0x480
[   39.981037][ T2993]  em28xx_v4l2_init+0x22a4/0x4050
[   39.986080][ T2993]  em28xx_init_extension+0x137/0x200
[   39.991356][ T2993]  request_module_async+0x61/0x70
[   39.996372][ T2993]  process_one_work+0x9c5/0x1ba0
[   40.001336][ T2993]  worker_thread+0x6c8/0xf00
[   40.005939][ T2993]  kthread+0x2c1/0x3a0
[   40.009997][ T2993]  ret_from_fork+0x45/0x80
[   40.014408][ T2993]  ret_from_fork_asm+0x1a/0x30
[   40.019167][ T2993] 
[   40.021476][ T2993] The buggy address belongs to the object at ffff88812298c000
[   40.021476][ T2993]  which belongs to the cache kmalloc-8k of size 8192
[   40.035518][ T2993] The buggy address is located 1840 bytes inside of
[   40.035518][ T2993]  freed 8192-byte region [ffff88812298c000, ffff88812298e000)
[   40.049479][ T2993] 
[   40.051792][ T2993] The buggy address belongs to the physical page:
[   40.058195][ T2993] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122988
[   40.060823][ T2824] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   40.067025][ T2993] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.067045][ T2993] flags: 0x200000000000040(head|node=0|zone=2)
[   40.067063][ T2993] page_type: f5(slab)
[   40.067091][ T2993] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   40.101693][ T2993] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   40.110267][ T2993] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   40.118926][ T2993] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   40.127585][ T2993] head: 0200000000000003 ffffea00048a6201 ffffffffffffffff 0000000000000000
[   40.136241][ T2993] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   40.144896][ T2993] page dumped because: kasan: bad access detected
[   40.151310][ T2993] page_owner tracks the page as allocated
[   40.157009][ T2993] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2959, tgid 2959 (sshd), ts 37752276659, free_ts 29797439050
[   40.177497][ T2993]  post_alloc_hook+0x2d1/0x350
[   40.182255][ T2993]  get_page_from_freelist+0xd6b/0x2660
[   40.187704][ T2993]  __alloc_pages_noprof+0x221/0x2270
[   40.192978][ T2993]  alloc_pages_mpol_noprof+0xeb/0x400
[   40.198338][ T2993]  new_slab+0x2c9/0x410
[   40.202506][ T2993]  ___slab_alloc+0xd45/0x1760
[   40.207169][ T2993]  __slab_alloc.constprop.0+0x56/0xb0
[   40.212530][ T2993]  __kmalloc_node_track_caller_noprof+0x14e/0x3e0
[   40.218935][ T2993]  kmalloc_reserve+0xef/0x2c0
[   40.223604][ T2993]  __alloc_skb+0x164/0x380
[   40.228012][ T2993]  netlink_dump+0x2c1/0xcd0
[   40.232511][ T2993]  netlink_recvmsg+0xa0d/0xf30
[   40.237268][ T2993]  sock_recvmsg+0x1f6/0x250
[   40.241762][ T2993]  ____sys_recvmsg+0x219/0x6b0
[   40.246516][ T2993]  ___sys_recvmsg+0x115/0x1a0
[   40.251180][ T2993]  __sys_recvmsg+0x114/0x1e0
[   40.255758][ T2993] page last free pid 2948 tgid 2948 stack trace:
[   40.262069][ T2993]  free_unref_page+0x58a/0xb50
[   40.266839][ T2993]  __folio_put+0x1cd/0x250
[   40.271253][ T2993]  anon_pipe_buf_release+0x36c/0x430
[   40.276530][ T2993]  pipe_read+0x701/0x1020
[   40.280845][ T2993]  vfs_read+0xa4c/0xbe0
[   40.284996][ T2993]  ksys_read+0x1fa/0x260
[   40.289233][ T2993]  do_syscall_64+0xcd/0x250
[   40.293724][ T2993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.299630][ T2993] 
[   40.301940][ T2993] Memory state around the buggy address:
[   40.307555][ T2993]  ffff88812298c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.311991][ T2824] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   40.315598][ T2993]  ffff88812298c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.326309][ T2824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   40.334302][ T2993] >ffff88812298c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.334315][ T2993]                                      ^
[   40.334327][ T2993]  ffff88812298c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.334341][ T2993]  ffff88812298c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.334353][ T2993] ==================================================================
[   40.334699][ T2993] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   40.334711][ T2993] CPU: 1 UID: 0 PID: 2993 Comm: v4l_id Not tainted 6.12.0-rc6-syzkaller-00106-gde9df030ccb5 #0
[   40.334740][ T2993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   40.334753][ T2993] Call Trace:
[   40.334760][ T2993]  <TASK>
[   40.334769][ T2993]  dump_stack_lvl+0x3d/0x1f0
[   40.334803][ T2993]  panic+0x71d/0x800
[   40.334833][ T2993]  ? __pfx_panic+0x10/0x10
[   40.334867][ T2993]  ? check_panic_on_warn+0x1f/0xb0
[   40.334899][ T2993]  check_panic_on_warn+0xab/0xb0
[   40.334930][ T2993]  end_report+0x117/0x180
[   40.334962][ T2993]  kasan_report+0xe9/0x110
[   40.334992][ T2993]  ? v4l2_fh_init+0x27d/0x2c0
[   40.335026][ T2993]  ? v4l2_fh_init+0x27d/0x2c0
[   40.335062][ T2993]  v4l2_fh_init+0x27d/0x2c0
[   40.335094][ T2993]  v4l2_fh_open+0x83/0xc0
[   40.335126][ T2993]  em28xx_v4l2_open+0x250/0x7e0
[   40.335159][ T2993]  v4l2_open+0x222/0x490
[   40.335189][ T2993]  ? __pfx_v4l2_open+0x10/0x10
[   40.335218][ T2993]  chrdev_open+0x237/0x6a0
[   40.335242][ T2993]  ? __pfx_chrdev_open+0x10/0x10
[   40.335265][ T2993]  ? lockref_get+0x15/0x50
[   40.335294][ T2993]  do_dentry_open+0x6cb/0x1390
[   40.335328][ T2993]  ? __pfx_chrdev_open+0x10/0x10
[   40.335351][ T2993]  ? inode_permission+0xdd/0x5f0
[   40.335379][ T2993]  vfs_open+0x82/0x3f0
[   40.335403][ T2993]  ? may_open+0x1f2/0x400
[   40.335431][ T2993]  path_openat+0x1e6a/0x2d60
[   40.335469][ T2993]  ? __pfx_path_openat+0x10/0x10
[   40.335503][ T2993]  ? __pfx___lock_acquire+0x10/0x10
[   40.335535][ T2993]  do_filp_open+0x1dc/0x430
[   40.335569][ T2993]  ? __pfx_do_filp_open+0x10/0x10
[   40.335601][ T2993]  ? find_held_lock+0x2d/0x110
[   40.335642][ T2993]  ? _raw_spin_unlock+0x28/0x50
[   40.335669][ T2993]  ? alloc_fd+0x2d7/0x6c0
[   40.335702][ T2993]  do_sys_openat2+0x17a/0x1e0
[   40.335729][ T2993]  ? __pfx_do_sys_openat2+0x10/0x10
[   40.335757][ T2993]  ? do_user_addr_fault+0xd97/0x12c0
[   40.335788][ T2993]  ? __pfx_lock_release+0x10/0x10
[   40.335817][ T2993]  ? trace_lock_acquire+0x14a/0x1d0
[   40.335843][ T2993]  __x64_sys_openat+0x175/0x210
[   40.335871][ T2993]  ? __pfx___x64_sys_openat+0x10/0x10
[   40.335900][ T2993]  ? do_user_addr_fault+0x839/0x12c0
[   40.335932][ T2993]  do_syscall_64+0xcd/0x250
[   40.335956][ T2993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.335992][ T2993] RIP: 0033:0x7fa05d16d9a4
[   40.336012][ T2993] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[   40.336034][ T2993] RSP: 002b:00007ffe6e2042f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   40.336058][ T2993] RAX: ffffffffffffffda RBX: 00007ffe6e204508 RCX: 00007fa05d16d9a4
[   40.336074][ T2993] RDX: 0000000000000000 RSI: 00007ffe6e205f27 RDI: 00000000ffffff9c
[   40.336090][ T2993] RBP: 00007ffe6e205f27 R08: 0000000000000000 R09: 0000000000000000
[   40.336105][ T2993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   40.336120][ T2993] R13: 00007ffe6e204520 R14: 00005585ee211670 R15: 00007fa05d5bca80
[   40.336143][ T2993]  </TASK>
[   40.345427][ T2993] Kernel Offset: disabled