Extracting prog: 26m30.123476697s
Minimizing prog: 21m9.733300998s
Simplifying prog options: 0s
Extracting C: 2m6.117171723s
Simplifying C: 11m0.120983457s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect$hid-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x34, &(0x7f0000000e80)={{0x12, 0x1, 0x110, 0xb1, 0xfb, 0x66, 0x10, 0x91e, 0x3, 0x35bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x8, 0x5, 0x40, 0x4, [{{0x9, 0x4, 0xce, 0x1, 0x1, 0x6f, 0xda, 0xd, 0x0, [@generic={0x7, 0x5, "f71f22810b"}], [{{0x9, 0x5, 0xc, 0x2, 0x200, 0x1, 0x3, 0x40}}]}}]}}]}}, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x9da, 0xa, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x40, 0xc, [{{0x9, 0x4, 0x0, 0xc, 0x2, 0x3, 0x1, 0x5, 0x0, {0x9, 0x21, 0xdbd2, 0xea, 0x1, {0x22, 0x1b6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x2, 0x1c, 0xc9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0x2}}]}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x2, 0x5, 0x7, 0x8}, 0x43, &(0x7f0000000080)={0x5, 0xf, 0x43, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x2, "a7e6fbc8117f6b2e725db709e446ea13"}, @ssp_cap={0xc, 0x10, 0xa, 0x7, 0x0, 0x2, 0xf000, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0xc0, 0xa4, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x65, "1ccc6309687ce41d00bf23db8df191d2"}]}, 0x6, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x860}}, {0x69, &(0x7f0000000140)=@string={0x69, 0x3, "42443fcbfc2b18dd28d5fea31c2217dbf4e9c267e08f65fcfe134c91cfc2b2696854a0999c7088d1eca2f1ea9908a128756cbc3311fa76a2df522e3fda73095cc6ea464eb99da05dedc18e6c6a1adabbc3569be1ce9866523b3e8cb25702b4a2469de30cba9428"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x813}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x429}}, {0x78, &(0x7f0000000240)=@string={0x78, 0x3, "ab78f972f2f0c1e3cc4ce7bf71798a6ec5b63dfdfa51b66d8df77d726e523fc73caa3d4935ceb4dce4d0c60346f04f62a18b9afa1206a1f18bd15e3d68a32746406ea70abd94a0ce739ccba6c2b4847c343599bc934fc21aa4d3fe7b6e54d673099a89d62df6e1ebb7679b8a3f16d9ecc57f4d455993"}}, {0x5, &(0x7f00000002c0)=@string={0x5, 0x3, "037333"}}]})
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x89, 0x61, 0x8, 0x8, 0x1eda, 0x2315, 0xa27f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0xc9, 0x0, 0x0, 0x7b, 0xfd, 0x5e}}]}}]}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io-syz_open_dev$hiddev-syz_open_dev$hiddev-syz_usb_connect$cdc_ecm-ioctl$HIDIOCGREPORT-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="58b4d8d295c64a199d902887fc70440be9e0728810377df23aa69db31c346b62d5ec84bfc536975142316f47cf71ec4217d2bd2a17ef67caca304da3852fe041efb30339157b4e56aea6eee0de63db1221dbd5cd78933cd065058ef4f4d599f0ea5eabe50858dd7c715cd5b928b9f4aeb2c68cb266ed041f0ad17841f8eaff3ac60c43261e4a9e8398532d70f8c79721911ba2961461957f1f46f487aaa9060c546b606e73dc0f2412962149abd6550641fce91ec799b0dbb6bcbe5c43fe2f7faa8b6d6e87379d1b0aa84ad44de90dae56b30210fff20bba1b"], 0x0) (async)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="58b4d8d295c64a199d902887fc70440be9e0728810377df23aa69db31c346b62d5ec84bfc536975142316f47cf71ec4217d2bd2a17ef67caca304da3852fe041efb30339157b4e56aea6eee0de63db1221dbd5cd78933cd065058ef4f4d599f0ea5eabe50858dd7c715cd5b928b9f4aeb2c68cb266ed041f0ad17841f8eaff3ac60c43261e4a9e8398532d70f8c79721911ba2961461957f1f46f487aaa9060c546b606e73dc0f2412962149abd6550641fce91ec799b0dbb6bcbe5c43fe2f7faa8b6d6e87379d1b0aa84ad44de90dae56b30210fff20bba1b"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) (async)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x0, 0x0, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f00000006c0)={0x2, 0x100, 0x5c1})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000974281408205050083e5010203b3ded1e32401090000003b00114ad556f97f9d05ba0000ef9680afd97aaa391afe81ce4efe7b8c2700b35cc508d49cf960f4ac8afe9dcd08aeb52e498e9438ecd58d92903cef343e92798125"], 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_disconnect-syz_usb_control_io$cdc_ncm-syz_usb_connect-syz_usb_control_io-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ecm-syz_usb_control_io-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect-syz_usb_connect$cdc_ecm-syz_usb_control_io$printer
detailed listing:
executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000001000)={0x14, &(0x7f0000000f80)={0x20, 0x6, 0x36, {0x36, 0x1e, "c54d2cd19bb9c72ad6a90f87f774e159743dc899634a7698a6068f79fea2b39cb24be4b23f8d81d05bc7804d54c497955d36285b"}}, &(0x7f0000000fc0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001300)={0x44, &(0x7f0000001040)={0x40, 0x16, 0xf6, "e4adba3297851b068616980d730ead7974bb9cc92ce9b6afca6f02c7a7ef39deba43c63c38461e02f4227024f10a2456f0c8e0c4db4bdee9e9c8b25dc6d491a5af450b47b9232851a205c21cb731347515fc99df810df7a9e1977c6b7823974053aa8a865b8c2c20f6d60371e43074d1e1ab2699778b39d63ecab214d1c12e61868459adcbf4fa00debec35c39470aae251da05123ca0bcf93ffa039a69cc11826a39835426dff220e70a386eeb1592077d1868da19992f47a937d52b33ffbc3719541d929cfb7ff75ef061f98915127be2b9d1c83cc89a1649c051bae7d5ce91f9050dcd51e66400f6586db07b19e2a438195af1a82"}, &(0x7f0000001140)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000001180)={0x0, 0x8, 0x1, 0xc1}, &(0x7f00000011c0)={0x20, 0x80, 0x1c, {0x8, 0x6, 0xfeb8, 0x80, 0x6a72, 0x9, 0x4, 0x9, 0x0, 0x1de, 0x9, 0x7ff}}, &(0x7f0000001200)={0x20, 0x85, 0x4, 0x773}, &(0x7f0000001240)={0x20, 0x83, 0x2}, &(0x7f0000001280)={0x20, 0x87, 0x2, 0x7}, &(0x7f00000012c0)={0x20, 0x89, 0x2, 0x1}})
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a70000000000090507", @ANYRES32=r0], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000a80)=ANY=[@ANYBLOB="0005010000ec730fe9004f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000001c0)={0x20, 0x16, 0x3, "4ee1f1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000440)={0x14, &(0x7f0000000300)={0x20, 0x6, 0xe8, {0xe8, 0x24, "25413145dd7ca0e9b8a981e80083c36099c063e02a4b54a6dedc0a6570847f733882bf946b402026ccbbd5a537fba97442e37e220a247e77b68233d03d0121b32f36432a6828063c922f65a645a71228bf37fd214ef8add47002493fe2d2d4b492caac7252e1f12dfc2daf880f1cf6379ca7b86f96249c82fa58abbd5cc03b2e8772b340c103ab69d54c21cd6d241fc60b6792e51cdba1661dffbd3cabd705dad3ef0a33266b60ff3d98826ba454037b111845bf247f36a7423755fb386f6135c851d8829e8583d1b75475fa54ca1b0aca325d8862c4a090c3cce9014bcfe12229ad8d97d0f1"}}, &(0x7f0000000400)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000700)={0x44, &(0x7f0000000480)={0x40, 0xd, 0x93, "520108aac638a1d17dda2acf8436f5e6611af918231b5fffb40418046795e05b8bc66107edd3ddcb826cdb8c114d197df97606af28124c4343501010a88dde5963180a380fed4da2dca1c17034703971f211dbe72ceeeb0a00516abf1770576916c03d1b8bd8b1bd2b5670244c2c10d380c79ce07f3d2c32599d719b24d7e304dd53a17e5220cfbdeea7008f6da5d3a9b1889c"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x43}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000005c0)={0x20, 0x80, 0x1c, {0x0, 0xead5, 0xffffff01, 0x8001, 0x8001, 0xa, 0x6, 0x3, 0x9, 0x5, 0x3, 0xcb}}, &(0x7f0000000600)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000640)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000680)={0x20, 0x87, 0x2, 0x7}, &(0x7f00000006c0)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io(r1, &(0x7f0000000a40)={0x2c, &(0x7f0000000840)=ANY=[@ANYBLOB="20075900000059110ab26c1dc800f31eb7daae5d6b541db49af20bb65e7d80a206f3a31234b2cb7304958cf6fa6c6a05653849d20453dd2058cc4c112d72c712acbe4998f3f05e3b1392f1040ba9d7388330b71bffbbeaf8bd"], &(0x7f00000008c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}, &(0x7f0000000900)={0x0, 0xf, 0x9b, {0x5, 0xf, 0x9b, 0x6, [@ptm_cap={0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x7, 0x2, 0x8, 0x11, 0x1}, @generic={0xfffffffffffffdd0, 0x10, 0xa, "c1e9b2809dc9f936494e8780fa7093dbddc01fd774e559fb76882087de7f51efd3b239520cc495330d0c53c1d031b05cc0186006ecf1baa4f379f8db98a8617ac3c246685d973c107f0c793e32dd759cc3dd000eb0b15e1e4f1204b4e7192f725e6238"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xe, 0x0, 0x8, 0xfffd}, @ssp_cap={0xc, 0x10, 0xa, 0x1, 0x0, 0x7bad286, 0xf000, 0x8}, @ptm_cap={0x3}]}}, &(0x7f00000009c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x60, 0x6, 0x9, "764fce2f", "41fc47bf"}}, &(0x7f0000000a00)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x8, 0x60, 0x4, 0x5, 0x0, 0x8, 0x4}}}, &(0x7f0000000ec0)={0x84, &(0x7f0000001380)={0x40, 0x19, 0x5e, "ff19c3ebb330188586beb4b33d3c79d19814bb74ff16e5d93a3a945b21318b5d4d12122dfe90dcc51be5e8681b5cca39671cefa4fda86941932899c9ebe20763f37af10051740207842a42ae4c24fb7709b9f948e4047d3d8cdf4ebfec8db3"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xa}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0xe6}, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x3, 0x2}}, &(0x7f0000000bc0)={0x20, 0x0, 0x4, {0x400, 0x4}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "d601"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000d00)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000d40)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, &(0x7f0000000d80)={0x40, 0x19, 0x2}, &(0x7f0000000dc0)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000000e00)={0x40, 0x1c, 0x1}, &(0x7f0000000e40)={0x40, 0x1e, 0x1}, &(0x7f0000000e80)={0x40, 0x21, 0x1, 0x3}})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x4, "7738e21f"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000e80)={0x2c, 0x0, &(0x7f0000000d00)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000d80)={0x20, 0x1, 0x10, "12292083d584a74b1617cfacd7aec84f"}, 0x0})
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad10102030109022400010000000009020200000000000000100000fa00090582024000000000"], 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x51, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3f, 0x1, 0x1, 0x6, 0xa0, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0x4, {{0x9, 0x24, 0x6, 0x0, 0x0, "3e288a93"}, {0x5, 0x24, 0x0, 0x32}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x25e3, 0x5, 0x3}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x70, 0xb, 0x8, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x1, 0x0, 0x2}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0xf7, 0x9, 0xd, 0x20, 0x2}, 0xf, &(0x7f0000000100)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x80, 0x8, 0x7}]}, 0x3, [{0xeb, &(0x7f0000000140)=@string={0xeb, 0x3, "8cdc88396ea80ed0df0fcdb4447567115bc99350f9fc940b6742cf351acfe96e25965573c784f85d73b4fff789beb341d974d5ef30e299d7574af41d62c9a461f221dd0f7c18f8ea02b7d139b5cb8fc8d2b21fb89219ad1daec67d3132a077916ca3702918855f502e0870792841711e66817fa8a1d2dff06301561594586da8385522464937547eceefac1c12e5b2ea1bf4f427646aa86fb2cfc621851b42b2d92e1bc7ec0685de51fa1bcbf420f4054e0c1ed56a6bf2e6ba3865488b53eea3e4c4b6babce274cf8687a7ac1533d968a7c8ccd1e8e5f924bdf68f6d6a1706a88ec4715c5526bf0070"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x410}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3001}}]})
syz_usb_control_io$printer(r3, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$printer-syz_usb_control_io$hid-syz_usb_connect-syz_usb_control_io$uac1-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ncm-syz_usb_ep_read-syz_usb_control_io$printer-syz_usb_control_io$hid-syz_usb_control_io$printer-syz_usb_connect$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x3, 0xd8, &(0x7f0000000440)={{0x12, 0x1, 0x201, 0x7c, 0xf2, 0x10, 0x40, 0x2b53, 0x31, 0x3886, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc6, 0x1, 0x7f, 0x59, 0xb0, 0x53, [{{0x9, 0x4, 0x24, 0x1, 0x1, 0x26, 0xd3, 0xba, 0x4, [@hid_hid={0x9, 0x21, 0x5000, 0x8, 0x1, {0x22, 0x71d}}], [{{0x9, 0x5, 0x8, 0xc, 0x20, 0x6, 0xd, 0x61, [@generic={0xa2, 0x2, "4d2558a4d5fa4136f90b4e8f067dded3cbe6800c8e3855a4e3c16ffa713d3ec3f9bbc016e188b8309b7bdcc5a83c7b7084e42a066cfeb4d12e4342426724a1cb0f68b4c2ad9388265be3ee4d8b760b33adf9ce3bb757de8ad15f9577646da24e82a094170a9986cf200e61e972ea95b7b92e9d440d01dd40873e1d2edb3ee09869ff6e09852e8434a0f73fd62886cc7a9bd62e36d2ab5c2ed9d9e8a7792aac9a"}]}}]}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000a80)={0xa, 0x6, 0x200, 0x8, 0x8, 0x66, 0x20, 0x2}, 0x1d, &(0x7f0000000200)={0x5, 0xf, 0x1d, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x0, 0x3, 0x9}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x8, 0x1, 0x1588}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0x5, 0x5, 0x180}]}, 0x6, [{0xd, &(0x7f0000000240)=@string={0xd, 0x3, "2ab02482b2bc3081e276b0"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xc1a}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x447}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x423}}, {0xd, &(0x7f0000000380)=@string={0xd, 0x3, "01f2fc6029df27b9930415"}}, {0x2f, &(0x7f0000000540)=@string={0x2f, 0x3, "d13b6cbecb8e10a24d57dde8ee31f84688b1b24e6f71715ac607d451b38a99ae16857c7c03131952a74f470ca2"}}]})
syz_usb_control_io$uac1(r1, &(0x7f0000000700)={0x14, &(0x7f0000000600)={0x20, 0xe, 0x9a, {0x9a, 0x2, "372986e79fe698773e5eb2312b5be2ac25aa9277ce94c6dd7da65448c1e767270f6f38a3155d3d8fa3adbb2d803e4f1787f9b8ace66fb03eada56f4d4ca3af151640d31beaf337b5766f4accc6c30e4e98ec608ec8b0b0b3a10bc5ab463aeb91ef520e71589f31b9e16ec9c350b4b52f03798ba805d411e450dc885a6153fa94a17ba6a5d6de8a490af5ee4b3652817869331346fbc4d204"}}, &(0x7f00000006c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x441}}}, &(0x7f0000000a00)={0x44, &(0x7f0000000740)={0x20, 0xa, 0xe2, "dda2e548c3a9ee1aca352eab4dab56fada99112db1e222cf38ec08aeb9e6a59766cffcdf9fdd5627e050803b8982e08c1ad7a4af48dacf41e14ec94c37199641775936dd9105adca56abbf46568177491b567456def1f867e56b1c483675a4f9ddaf1cc0b4698e0811b9ff7c0fdcab0101b4cceffab6be316198ddf5b050683b0c01f084ac34114c782a547a6b6be18e54977fad599db67dec4cdeae87673371eae922d2e5e8c19d02f4c4dbdf2ea01ce44b43b61f756ba7841432e528e41856ceef07160f01fe655caeffc6f25c0c48f467294933cc24b81bb3f721d2f03aa11599"}, &(0x7f0000000840)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000880)={0x0, 0x8, 0x1}, &(0x7f00000008c0)={0x20, 0x81, 0x3, "d0711b"}, &(0x7f0000000900)={0x20, 0x82, 0x3, "314281"}, &(0x7f0000000940)={0x20, 0x83, 0x1, '1'}, &(0x7f0000000980)={0x20, 0x84, 0x1, "9f"}, &(0x7f00000009c0)={0x20, 0x85, 0x3, "bf4175"}})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)={0x0, 0x1, 0x6, "cc17fc47a9ae"}, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0xb, 0x94, &(0x7f0000000080)=""/148)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000180)=ANY=[@ANYBLOB="201600000000d1787a9fc38cda357874082b091703a513ab3ef37b1b8ba7dfa5b244f5953ae1b32548f1ed18817b5776dddb08f2b33c42b8bf9d56b738067ec0643032996ba413704073482e23d276dd2366334b"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$uac1(0x0, 0xaa, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902980003010000000904000000010100000a2401000000020102132406040006030000000000000000000000000924030000010000ff0924050000f8431cfd0924030604030204000b24040402090401"], 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_open_dev$evdev-ioctl$EVIOCGKEY-ioctl$EVIOCGREP-syz_usb_control_io-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
ioctl$EVIOCGKEY(r1, 0x8040453f, 0x0)
ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f0000000180)=""/152)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000000)={0x20, 0x1, 0x1, "764508686497c934c8e2583aaf53d88b687aa238c65fb339bc753c15ef66b502275d0d3e9cf2b9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_open_dev$evdev-ioctl$EVIOCGKEY-ioctl$EVIOCGREP-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
ioctl$EVIOCGKEY(r1, 0x8040453f, 0x0)
ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f0000000180)=""/152)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_open_dev$evdev-ioctl$EVIOCGKEY-ioctl$EVIOCGREP
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
ioctl$EVIOCGKEY(r1, 0x8040453f, 0x0)
ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f0000000180)=""/152)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_open_dev$evdev-ioctl$EVIOCGKEY
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
ioctl$EVIOCGKEY(r1, 0x8040453f, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1-syz_open_dev$evdev
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000040)={0x20, 0x14, 0x4, "7168d64c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
reproducing took 1h0m46.094957055s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff888112254730 by task v4l_id/3238

CPU: 1 UID: 0 PID: 3238 Comm: v4l_id Not tainted 6.13.0-rc4-syzkaller-00080-gf1a2241778d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x83/0xc0 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x250/0x7e0 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x222/0x490 drivers/media/v4l2-core/v4l2-dev.c:429
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x6cb/0x1390 fs/open.c:945
 vfs_open+0x82/0x3f0 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x1e6a/0x2d60 fs/namei.c:3987
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb00cdcc9a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fff89686b50 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fff89686d68 RCX: 00007fb00cdcc9a4
RDX: 0000000000000000 RSI: 00007fff89688f25 RDI: 00000000ffffff9c
RBP: 00007fff89688f25 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff89686d80 R14: 000055615c964670 R15: 00007fb00d21ba80
 </TASK>

Allocated by task 2976:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 2976:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x37/0x50 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x130/0x470 mm/slub.c:4761
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2118 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x22a4/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888112254000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1840 bytes inside of
 freed 8192-byte region [ffff888112254000, ffff888112256000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112250
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 0200000000000003 ffffea0004489401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2976, tgid 2976 (kworker/0:5), ts 60202551222, free_ts 60011122486
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1558
 prep_new_page mm/page_alloc.c:1566 [inline]
 get_page_from_freelist+0xe76/0x2b90 mm/page_alloc.c:3476
 __alloc_pages_noprof+0x21c/0x22a0 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0xeb/0x400 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xd1d/0x16e0 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __kmalloc_cache_noprof+0x217/0x3e0 mm/slub.c:4324
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page last free pid 3216 tgid 3216 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0xe40 mm/page_alloc.c:2659
 __put_partials+0x14c/0x170 mm/slub.c:3157
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4119 [inline]
 slab_alloc_node mm/slub.c:4168 [inline]
 kmem_cache_alloc_noprof+0x154/0x3b0 mm/slub.c:4175
 vm_area_alloc+0x1f/0x1f0 kernel/fork.c:472
 __mmap_new_vma mm/vma.c:2340 [inline]
 __mmap_region+0xfcc/0x2620 mm/vma.c:2456
 mmap_region+0x127/0x320 mm/mmap.c:1348
 do_mmap+0xc00/0xfc0 mm/mmap.c:496
 vm_mmap_pgoff+0x1ba/0x350 mm/util.c:580
 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888112254600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888112254680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888112254700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff888112254780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888112254800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff888112254730 by task v4l_id/3238

CPU: 1 UID: 0 PID: 3238 Comm: v4l_id Not tainted 6.13.0-rc4-syzkaller-00080-gf1a2241778d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x83/0xc0 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x250/0x7e0 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x222/0x490 drivers/media/v4l2-core/v4l2-dev.c:429
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x6cb/0x1390 fs/open.c:945
 vfs_open+0x82/0x3f0 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x1e6a/0x2d60 fs/namei.c:3987
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb00cdcc9a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fff89686b50 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fff89686d68 RCX: 00007fb00cdcc9a4
RDX: 0000000000000000 RSI: 00007fff89688f25 RDI: 00000000ffffff9c
RBP: 00007fff89688f25 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff89686d80 R14: 000055615c964670 R15: 00007fb00d21ba80
 </TASK>

Allocated by task 2976:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 2976:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x37/0x50 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x130/0x470 mm/slub.c:4761
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2118 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x22a4/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888112254000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1840 bytes inside of
 freed 8192-byte region [ffff888112254000, ffff888112256000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112250
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 0200000000000003 ffffea0004489401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2976, tgid 2976 (kworker/0:5), ts 60202551222, free_ts 60011122486
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1558
 prep_new_page mm/page_alloc.c:1566 [inline]
 get_page_from_freelist+0xe76/0x2b90 mm/page_alloc.c:3476
 __alloc_pages_noprof+0x21c/0x22a0 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0xeb/0x400 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xd1d/0x16e0 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __kmalloc_cache_noprof+0x217/0x3e0 mm/slub.c:4324
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 em28xx_v4l2_init+0x114/0x4050 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x137/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x70 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page last free pid 3216 tgid 3216 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0xe40 mm/page_alloc.c:2659
 __put_partials+0x14c/0x170 mm/slub.c:3157
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4119 [inline]
 slab_alloc_node mm/slub.c:4168 [inline]
 kmem_cache_alloc_noprof+0x154/0x3b0 mm/slub.c:4175
 vm_area_alloc+0x1f/0x1f0 kernel/fork.c:472
 __mmap_new_vma mm/vma.c:2340 [inline]
 __mmap_region+0xfcc/0x2620 mm/vma.c:2456
 mmap_region+0x127/0x320 mm/mmap.c:1348
 do_mmap+0xc00/0xfc0 mm/mmap.c:496
 vm_mmap_pgoff+0x1ba/0x350 mm/util.c:580
 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888112254600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888112254680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888112254700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff888112254780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888112254800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================