Extracting prog: 15m11.558879478s
Minimizing prog: 42m13.584010567s
Simplifying prog options: 0s
Extracting C: 1m23.709483605s
Simplifying C: 12m47.097703935s


extracting reproducer from 35 programs
testing a last program of every proc
single: executing 10 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$cdc_ncm-syz_usb_connect-syz_usb_disconnect-syz_open_dev$evdev-syz_usb_connect$cdc_ecm-syz_usb_disconnect-syz_usb_disconnect-syz_usb_connect$cdc_ncm-syz_open_dev$char_usb-syz_usb_disconnect-syz_usb_disconnect-syz_usb_connect-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep2-syz_usb_ep_write$ath9k_ep1-syz_usb_control_io$hid
detailed listing:
executing program 0:
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x3e, 0x684401)
r2 = syz_usb_connect$cdc_ecm(0x0, 0x5e, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100102000040"], 0x0)
syz_usb_disconnect(r2)
syz_usb_disconnect(r1)
r3 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r3)
syz_usb_disconnect(r2)
r4 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
r5 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000480)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffddb}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x108, &(0x7f00000005c0)=ANY=[@ANYBLOB="08020100664fba7a06bb211ced1e0c8471c672e82af1adb8d737bd00040000d5c5808eea069d2226de06021cd1156da0b80161d0a61d7875d844df625d5e3699f0cfa5b5238bf9cda646e23c75ffb41fa8ce7323e175a013ecec4fb60ee56664741c859031a40cf6e3193902be8c8928f1ed1b5598af5d43011926bebe7b91bd57c8dc045b015601fd9785b25efb9a2ac04d8ef06dceb34493e3d7c4c13e53f51cbe8c8df9aac794392eb1b8b669ce32074a126672a32773f5c9de7bd28d8ad026f7db464fd2e041d65cb18e72a40980c7c5e1c78a45416e504ff831dc203b21fbbb641e9eb18b8966387a23fe9d02d876e4a11ad9edd19abccca37a1900000000000020ad000000"])
syz_usb_ep_write$ath9k_ep1(r4, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"])
syz_usb_control_io$hid(r4, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_usb_connect-syz_usb_connect$hid-syz_usb_connect$uac3-syz_usb_connect-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0xff, 0x81, 0xa3, 0x8, 0xa47, 0x9601, 0x195, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xff, 0xfa, 0x80, 0x6, "", [{{0x9, 0x4, 0x1a, 0x8, 0x0, 0x66, 0x8a, 0x83, 0xdc}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x46, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x18, 0x8, 0x26, 0x10, 0xa5c, 0x396e, 0x21b9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x34, 0x1, 0x1, 0x24, 0x60, 0x8, "", [{{0x9, 0x4, 0xe4, 0xef, 0x3, 0xff, 0x1, 0x1, 0x5, [], [{{0x9, 0x5, 0xd, 0x2, 0x400, 0x6, 0x4}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x3, 0x98, [@generic={0x7, 0x5, "0416ce2b60"}]}}, {{0x9, 0x5, 0xf, 0xb, 0x40, 0x8, 0x6, 0xe}}]}}]}}]}}, 0x0) (async)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x95, 0xdc, 0x7b, 0x10, 0xa168, 0x618, 0x7adb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x3, 0x3, 0x90, 0xba, "", [{{0x9, 0x4, 0xbe, 0x82, 0x0, 0xf9, 0xac, 0x8c, 0x40}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0xd1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0}}]}}, 0x0)
syz_usb_connect$uac3(0x4, 0xc3, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x582, 0x44, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x3, 0x1, 0x0, 0x10, 0x40, {0x8, 0xb, 0x1, 0x2, 0x1, 0x20}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x21, 0x10001}, [@cluster_info_segment={0x6, 0x20, 0xff, 0xad, 0x10}, @processing_unit={0x11, 0x24, 0x9, 0x1, 0x1, [0x2, 0x0, 0x0]}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0xe37, 0x7, 0x6, "2895060181dc"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x0, 0x9, 0x4, {0xa, 0x25, 0x25, 0x2, 0x6, 0x60}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x5, 0x3, 0x5, 0x5, '_]'}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x2, 0x1, 0xfc, 0x9, 'Du', "c57583"}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x2, 0x4}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x5, 0x46, 0x8, {0xa, 0x25, 0x25, 0x1, 0x70, 0x10}}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x201, 0x4, 0x6, 0x8, 0x8, 0x2}, 0x26, &(0x7f00000003c0)={0x5, 0xf, 0x26, 0x4, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1, 0x8, 0xe, 0x7}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "a3001e2e4612065c6d876e217fa354d6"}]}}) (async)
syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000014da2108ab120000eb1e000000010902240001b30000040904410017ff5d81000905f7ffff"], 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x0, 0x31, 0x22, {0x22, 0x23, "fa1ed7084ad30356af447d37cb21ebf9fa88af89281f7c9748f6c3480310c599"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000240)={0x1c, &(0x7f0000000100)={0x40, 0x15, 0x46, "3419d3931204445d392d324c1c683ffaf5f83a9b34204ab5d7f79c7caaa388af12ca0295e53c243d9b9f5270fce4eec2e10a259a519de05bef1ee133464fdfef12478d1591df"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0xc6}})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid-syz_usb_connect$uac1-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
r3 = syz_usb_connect$uac1(0x1, 0x132, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x582, 0x14, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x3, 0x1, 0x0, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf, 0x45}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x4, 0x4, [0x9, 0x2, 0x5, 0x0], 0x6}, @processing_unit={0xb, 0x24, 0x7, 0x4, 0x3, 0x2a, "4ce23d27"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x101, 0x3, 0x6, 0x8e}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x1}, @mixer_unit={0x6, 0x24, 0x4, 0x2, 0x3, "17"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x35f4, 0x54, "b6dc3148"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x7, 0x2}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x2, 0xff, 0x1, "1038cb14e9cb5e9c"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x9, 0x1, 0x2, 0xf5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x81, 0x2, 0x4, 0x7, "ef196af6dccc"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x3, 0x9, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x5, 0x8, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x4, 0x53, {0x7, 0x25, 0x1, 0x4, 0x81, 0x58fa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0xc, 0x6, 0xff}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x3, 0x24, 0x8, '&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x1, 0x4, "", "ee"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xd, 0x9, 0x6, "8173c750b02c3894"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x3f48, 0x3, 0x5}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x40, 0x3, 0xa4, 0x10, "60b8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x50, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x42, 0x1}}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x2, 0x2353e69cf973037, 0x7f}, 0x6b, &(0x7f0000000380)={0x5, 0xf, 0x6b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3c, "c4e8c2a4823bc849717ca02970f7dfdd"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xd, 0xe, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0x0, 0x3}, @generic={0x3a, 0x10, 0x4, "b1c8e10dacaa32f04c935aa7d14243f2ccb9f45e3822697e9c450722f95f0ea1bc233ad88ead9a2f8e7a3ce4f8af6643a2bcadfe2b94c2"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0x2, 0xb92}]}, 0x9, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3822}}, {0x5a, &(0x7f0000000440)=@string={0x5a, 0x3, "8f03c7e1e3621825909a8d8879c898cebdac3d8ce20771e45fc05d39c3d0859e88bc5123505607f2eb27b6203ba7c469c999380e592eb2263a913f5ef059aa95803589a1e25cd0bd4e8e96984cacfdb763dc727df5c379a1"}}, {0x101, &(0x7f00000004c0)=@string={0x101, 0x3, "2def65527f49ac01113daea0705795b5284f1b0f23b241dbf4deafc53a6ce1b4ff33d63e4403cde6c4316aaefb400a3930f3932fd046e799e33531a580ceb94343a569728648128075b255fee962dbf3786be4d58aa2c342e5e9e5b0fdacd128e5081cc493035abf43e38fe76d74c1e31e1f702893e8a5e727654ad3348aba3eeba1756884719c262da5637ba96d688b9ad0fbc7df3c95de26b9fc35ae446e9c9da0f11685b756880225dbe71b4aa9ceaf04204662402f0075f063a1f81d2e4d850af86fe1cb18045eefa05d0a054a5c88729d75f1bab5e73af05a7bb83baf5c5c222a7af10265569cac8f6b1579d295cbd11611a7ece539b1e63e385c96f4"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x458}}, {0x2f, &(0x7f00000006c0)=@string={0x2f, 0x3, "097adbaa0ed5cbf697ab61cfd0109fba1037d28ad057687209322be95b2f96bee48c74f83d05ac71705791c312"}}]})
syz_usb_control_io$uac1(r3, &(0x7f00000008c0)={0x14, &(0x7f00000007c0)={0x40, 0xc, 0xf8, {0xf8, 0x8, "a6ad0fb1fc918ca34b8d72750ed810a253dbae4d664c7fb0413bf8814f26f259b2058bea192022f174f552915a5597668f328b812f93412278d0d448972400c1b18f61eba971b8ea1a14238bc1e88aafeb28674b03e393d332b5821dc530fb079f73d789d30b09395f81d121c47c2b47105cf556b9cb36d76c2acf459feaa7f11c62b08c1f263217e1e1fed3f2b052726accfa0759ff5de9eb2985e737fcda0d4a1b55424ae3a5146ecdc89cc90bced3e91e6d75bb9a9948b46b67b54bd4b69bc018ceb09eb8d8431902e85ea8d9961bea3944229f14d86e0404f0d913f50aa2de1901917d1f508cf113ec8ffca6aabd2d56303972b0"}}, 0x0}, &(0x7f0000000b80)={0x44, &(0x7f0000000900)={0x20, 0x17, 0x9f, "8226d28057b8671ae6bf12185bd55ecd0bb53fe427815125d4127d8308dae224a591837e28ff29ecfd213263ec357f7e49f169d80ed988c3ffd56520d27531eba11a8a34f946879e950e629ca408cdd07ffc5bae5cf90d7071e63780130e6f68c877972df2f866adad9e70c98392f6fafb9ef2df46a8376c97b1b6014f4896cb214fa874925775a91b94145aa7fc8188e6066eacbf08b7d0285f96e006699a"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1}, &(0x7f0000000a40)={0x20, 0x81, 0x1, "cb"}, &(0x7f0000000a80)={0x20, 0x82, 0x3, "e5446e"}, &(0x7f0000000ac0)={0x20, 0x83, 0x2, "03eb"}, &(0x7f0000000b00)={0x20, 0x84, 0x1, 'n'}, &(0x7f0000000b40)={0x20, 0x85, 0x3, "b9c957"}})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
syz_usb_connect(0x1, 0x34, &(0x7f0000000140)=ANY=[@ANYRESOCT=r2, @ANYRES64=r1, @ANYRES32=0x0, @ANYRESDEC=r1, @ANYRES16=r2], 0x0)
syz_open_dev$evdev(&(0x7f0000005bc0), 0x4, 0x100)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
single: successfully extracted reproducer
found reproducer with 15 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid-syz_usb_connect$uac1-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_connect
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
r3 = syz_usb_connect$uac1(0x1, 0x132, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x582, 0x14, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x3, 0x1, 0x0, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf, 0x45}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x4, 0x4, [0x9, 0x2, 0x5, 0x0], 0x6}, @processing_unit={0xb, 0x24, 0x7, 0x4, 0x3, 0x2a, "4ce23d27"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x101, 0x3, 0x6, 0x8e}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x1}, @mixer_unit={0x6, 0x24, 0x4, 0x2, 0x3, "17"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x35f4, 0x54, "b6dc3148"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x7, 0x2}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x2, 0xff, 0x1, "1038cb14e9cb5e9c"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x9, 0x1, 0x2, 0xf5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x81, 0x2, 0x4, 0x7, "ef196af6dccc"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x3, 0x9, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x5, 0x8, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x4, 0x53, {0x7, 0x25, 0x1, 0x4, 0x81, 0x58fa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0xc, 0x6, 0xff}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x3, 0x24, 0x8, '&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x1, 0x4, "", "ee"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xd, 0x9, 0x6, "8173c750b02c3894"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x3f48, 0x3, 0x5}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x40, 0x3, 0xa4, 0x10, "60b8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x50, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x42, 0x1}}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x2, 0x2353e69cf973037, 0x7f}, 0x6b, &(0x7f0000000380)={0x5, 0xf, 0x6b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3c, "c4e8c2a4823bc849717ca02970f7dfdd"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xd, 0xe, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0x0, 0x3}, @generic={0x3a, 0x10, 0x4, "b1c8e10dacaa32f04c935aa7d14243f2ccb9f45e3822697e9c450722f95f0ea1bc233ad88ead9a2f8e7a3ce4f8af6643a2bcadfe2b94c2"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0x2, 0xb92}]}, 0x9, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3822}}, {0x5a, &(0x7f0000000440)=@string={0x5a, 0x3, "8f03c7e1e3621825909a8d8879c898cebdac3d8ce20771e45fc05d39c3d0859e88bc5123505607f2eb27b6203ba7c469c999380e592eb2263a913f5ef059aa95803589a1e25cd0bd4e8e96984cacfdb763dc727df5c379a1"}}, {0x101, &(0x7f00000004c0)=@string={0x101, 0x3, "2def65527f49ac01113daea0705795b5284f1b0f23b241dbf4deafc53a6ce1b4ff33d63e4403cde6c4316aaefb400a3930f3932fd046e799e33531a580ceb94343a569728648128075b255fee962dbf3786be4d58aa2c342e5e9e5b0fdacd128e5081cc493035abf43e38fe76d74c1e31e1f702893e8a5e727654ad3348aba3eeba1756884719c262da5637ba96d688b9ad0fbc7df3c95de26b9fc35ae446e9c9da0f11685b756880225dbe71b4aa9ceaf04204662402f0075f063a1f81d2e4d850af86fe1cb18045eefa05d0a054a5c88729d75f1bab5e73af05a7bb83baf5c5c222a7af10265569cac8f6b1579d295cbd11611a7ece539b1e63e385c96f4"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x458}}, {0x2f, &(0x7f00000006c0)=@string={0x2f, 0x3, "097adbaa0ed5cbf697ab61cfd0109fba1037d28ad057687209322be95b2f96bee48c74f83d05ac71705791c312"}}]})
syz_usb_control_io$uac1(r3, &(0x7f00000008c0)={0x14, &(0x7f00000007c0)={0x40, 0xc, 0xf8, {0xf8, 0x8, "a6ad0fb1fc918ca34b8d72750ed810a253dbae4d664c7fb0413bf8814f26f259b2058bea192022f174f552915a5597668f328b812f93412278d0d448972400c1b18f61eba971b8ea1a14238bc1e88aafeb28674b03e393d332b5821dc530fb079f73d789d30b09395f81d121c47c2b47105cf556b9cb36d76c2acf459feaa7f11c62b08c1f263217e1e1fed3f2b052726accfa0759ff5de9eb2985e737fcda0d4a1b55424ae3a5146ecdc89cc90bced3e91e6d75bb9a9948b46b67b54bd4b69bc018ceb09eb8d8431902e85ea8d9961bea3944229f14d86e0404f0d913f50aa2de1901917d1f508cf113ec8ffca6aabd2d56303972b0"}}, 0x0}, &(0x7f0000000b80)={0x44, &(0x7f0000000900)={0x20, 0x17, 0x9f, "8226d28057b8671ae6bf12185bd55ecd0bb53fe427815125d4127d8308dae224a591837e28ff29ecfd213263ec357f7e49f169d80ed988c3ffd56520d27531eba11a8a34f946879e950e629ca408cdd07ffc5bae5cf90d7071e63780130e6f68c877972df2f866adad9e70c98392f6fafb9ef2df46a8376c97b1b6014f4896cb214fa874925775a91b94145aa7fc8188e6066eacbf08b7d0285f96e006699a"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1}, &(0x7f0000000a40)={0x20, 0x81, 0x1, "cb"}, &(0x7f0000000a80)={0x20, 0x82, 0x3, "e5446e"}, &(0x7f0000000ac0)={0x20, 0x83, 0x2, "03eb"}, &(0x7f0000000b00)={0x20, 0x84, 0x1, 'n'}, &(0x7f0000000b40)={0x20, 0x85, 0x3, "b9c957"}})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
syz_usb_connect(0x1, 0x34, &(0x7f0000000140)=ANY=[@ANYRESOCT=r2, @ANYRES64=r1, @ANYRES32=0x0, @ANYRESDEC=r1, @ANYRES16=r2], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid-syz_usb_connect$uac1-syz_usb_control_io$uac1-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
r3 = syz_usb_connect$uac1(0x1, 0x132, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x582, 0x14, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x3, 0x1, 0x0, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf, 0x45}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x4, 0x4, [0x9, 0x2, 0x5, 0x0], 0x6}, @processing_unit={0xb, 0x24, 0x7, 0x4, 0x3, 0x2a, "4ce23d27"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x101, 0x3, 0x6, 0x8e}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x1}, @mixer_unit={0x6, 0x24, 0x4, 0x2, 0x3, "17"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x35f4, 0x54, "b6dc3148"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x7, 0x2}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x2, 0xff, 0x1, "1038cb14e9cb5e9c"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x9, 0x1, 0x2, 0xf5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x81, 0x2, 0x4, 0x7, "ef196af6dccc"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x3, 0x9, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x5, 0x8, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x4, 0x53, {0x7, 0x25, 0x1, 0x4, 0x81, 0x58fa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0xc, 0x6, 0xff}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x3, 0x24, 0x8, '&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x1, 0x4, "", "ee"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xd, 0x9, 0x6, "8173c750b02c3894"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x3f48, 0x3, 0x5}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x40, 0x3, 0xa4, 0x10, "60b8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x50, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x42, 0x1}}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x2, 0x2353e69cf973037, 0x7f}, 0x6b, &(0x7f0000000380)={0x5, 0xf, 0x6b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3c, "c4e8c2a4823bc849717ca02970f7dfdd"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xd, 0xe, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0x0, 0x3}, @generic={0x3a, 0x10, 0x4, "b1c8e10dacaa32f04c935aa7d14243f2ccb9f45e3822697e9c450722f95f0ea1bc233ad88ead9a2f8e7a3ce4f8af6643a2bcadfe2b94c2"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0x2, 0xb92}]}, 0x9, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3822}}, {0x5a, &(0x7f0000000440)=@string={0x5a, 0x3, "8f03c7e1e3621825909a8d8879c898cebdac3d8ce20771e45fc05d39c3d0859e88bc5123505607f2eb27b6203ba7c469c999380e592eb2263a913f5ef059aa95803589a1e25cd0bd4e8e96984cacfdb763dc727df5c379a1"}}, {0x101, &(0x7f00000004c0)=@string={0x101, 0x3, "2def65527f49ac01113daea0705795b5284f1b0f23b241dbf4deafc53a6ce1b4ff33d63e4403cde6c4316aaefb400a3930f3932fd046e799e33531a580ceb94343a569728648128075b255fee962dbf3786be4d58aa2c342e5e9e5b0fdacd128e5081cc493035abf43e38fe76d74c1e31e1f702893e8a5e727654ad3348aba3eeba1756884719c262da5637ba96d688b9ad0fbc7df3c95de26b9fc35ae446e9c9da0f11685b756880225dbe71b4aa9ceaf04204662402f0075f063a1f81d2e4d850af86fe1cb18045eefa05d0a054a5c88729d75f1bab5e73af05a7bb83baf5c5c222a7af10265569cac8f6b1579d295cbd11611a7ece539b1e63e385c96f4"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x458}}, {0x2f, &(0x7f00000006c0)=@string={0x2f, 0x3, "097adbaa0ed5cbf697ab61cfd0109fba1037d28ad057687209322be95b2f96bee48c74f83d05ac71705791c312"}}]})
syz_usb_control_io$uac1(r3, &(0x7f00000008c0)={0x14, &(0x7f00000007c0)={0x40, 0xc, 0xf8, {0xf8, 0x8, "a6ad0fb1fc918ca34b8d72750ed810a253dbae4d664c7fb0413bf8814f26f259b2058bea192022f174f552915a5597668f328b812f93412278d0d448972400c1b18f61eba971b8ea1a14238bc1e88aafeb28674b03e393d332b5821dc530fb079f73d789d30b09395f81d121c47c2b47105cf556b9cb36d76c2acf459feaa7f11c62b08c1f263217e1e1fed3f2b052726accfa0759ff5de9eb2985e737fcda0d4a1b55424ae3a5146ecdc89cc90bced3e91e6d75bb9a9948b46b67b54bd4b69bc018ceb09eb8d8431902e85ea8d9961bea3944229f14d86e0404f0d913f50aa2de1901917d1f508cf113ec8ffca6aabd2d56303972b0"}}, 0x0}, &(0x7f0000000b80)={0x44, &(0x7f0000000900)={0x20, 0x17, 0x9f, "8226d28057b8671ae6bf12185bd55ecd0bb53fe427815125d4127d8308dae224a591837e28ff29ecfd213263ec357f7e49f169d80ed988c3ffd56520d27531eba11a8a34f946879e950e629ca408cdd07ffc5bae5cf90d7071e63780130e6f68c877972df2f866adad9e70c98392f6fafb9ef2df46a8376c97b1b6014f4896cb214fa874925775a91b94145aa7fc8188e6066eacbf08b7d0285f96e006699a"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1}, &(0x7f0000000a40)={0x20, 0x81, 0x1, "cb"}, &(0x7f0000000a80)={0x20, 0x82, 0x3, "e5446e"}, &(0x7f0000000ac0)={0x20, 0x83, 0x2, "03eb"}, &(0x7f0000000b00)={0x20, 0x84, 0x1, 'n'}, &(0x7f0000000b40)={0x20, 0x85, 0x3, "b9c957"}})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid-syz_usb_connect$uac1-syz_usb_control_io$uac1-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
r3 = syz_usb_connect$uac1(0x1, 0x132, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x582, 0x14, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x3, 0x1, 0x0, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf, 0x45}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x4, 0x4, [0x9, 0x2, 0x5, 0x0], 0x6}, @processing_unit={0xb, 0x24, 0x7, 0x4, 0x3, 0x2a, "4ce23d27"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x101, 0x3, 0x6, 0x8e}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x1}, @mixer_unit={0x6, 0x24, 0x4, 0x2, 0x3, "17"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x35f4, 0x54, "b6dc3148"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x7, 0x2}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x2, 0xff, 0x1, "1038cb14e9cb5e9c"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x9, 0x1, 0x2, 0xf5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x81, 0x2, 0x4, 0x7, "ef196af6dccc"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x3, 0x9, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x5, 0x8, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x4, 0x53, {0x7, 0x25, 0x1, 0x4, 0x81, 0x58fa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0xc, 0x6, 0xff}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x3, 0x24, 0x8, '&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x1, 0x4, "", "ee"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xd, 0x9, 0x6, "8173c750b02c3894"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x3f48, 0x3, 0x5}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x40, 0x3, 0xa4, 0x10, "60b8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x50, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x42, 0x1}}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x2, 0x2353e69cf973037, 0x7f}, 0x6b, &(0x7f0000000380)={0x5, 0xf, 0x6b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3c, "c4e8c2a4823bc849717ca02970f7dfdd"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xd, 0xe, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0x0, 0x3}, @generic={0x3a, 0x10, 0x4, "b1c8e10dacaa32f04c935aa7d14243f2ccb9f45e3822697e9c450722f95f0ea1bc233ad88ead9a2f8e7a3ce4f8af6643a2bcadfe2b94c2"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0x2, 0xb92}]}, 0x9, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3822}}, {0x5a, &(0x7f0000000440)=@string={0x5a, 0x3, "8f03c7e1e3621825909a8d8879c898cebdac3d8ce20771e45fc05d39c3d0859e88bc5123505607f2eb27b6203ba7c469c999380e592eb2263a913f5ef059aa95803589a1e25cd0bd4e8e96984cacfdb763dc727df5c379a1"}}, {0x101, &(0x7f00000004c0)=@string={0x101, 0x3, "2def65527f49ac01113daea0705795b5284f1b0f23b241dbf4deafc53a6ce1b4ff33d63e4403cde6c4316aaefb400a3930f3932fd046e799e33531a580ceb94343a569728648128075b255fee962dbf3786be4d58aa2c342e5e9e5b0fdacd128e5081cc493035abf43e38fe76d74c1e31e1f702893e8a5e727654ad3348aba3eeba1756884719c262da5637ba96d688b9ad0fbc7df3c95de26b9fc35ae446e9c9da0f11685b756880225dbe71b4aa9ceaf04204662402f0075f063a1f81d2e4d850af86fe1cb18045eefa05d0a054a5c88729d75f1bab5e73af05a7bb83baf5c5c222a7af10265569cac8f6b1579d295cbd11611a7ece539b1e63e385c96f4"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x458}}, {0x2f, &(0x7f00000006c0)=@string={0x2f, 0x3, "097adbaa0ed5cbf697ab61cfd0109fba1037d28ad057687209322be95b2f96bee48c74f83d05ac71705791c312"}}]})
syz_usb_control_io$uac1(r3, &(0x7f00000008c0)={0x14, &(0x7f00000007c0)={0x40, 0xc, 0xf8, {0xf8, 0x8, "a6ad0fb1fc918ca34b8d72750ed810a253dbae4d664c7fb0413bf8814f26f259b2058bea192022f174f552915a5597668f328b812f93412278d0d448972400c1b18f61eba971b8ea1a14238bc1e88aafeb28674b03e393d332b5821dc530fb079f73d789d30b09395f81d121c47c2b47105cf556b9cb36d76c2acf459feaa7f11c62b08c1f263217e1e1fed3f2b052726accfa0759ff5de9eb2985e737fcda0d4a1b55424ae3a5146ecdc89cc90bced3e91e6d75bb9a9948b46b67b54bd4b69bc018ceb09eb8d8431902e85ea8d9961bea3944229f14d86e0404f0d913f50aa2de1901917d1f508cf113ec8ffca6aabd2d56303972b0"}}, 0x0}, &(0x7f0000000b80)={0x44, &(0x7f0000000900)={0x20, 0x17, 0x9f, "8226d28057b8671ae6bf12185bd55ecd0bb53fe427815125d4127d8308dae224a591837e28ff29ecfd213263ec357f7e49f169d80ed988c3ffd56520d27531eba11a8a34f946879e950e629ca408cdd07ffc5bae5cf90d7071e63780130e6f68c877972df2f866adad9e70c98392f6fafb9ef2df46a8376c97b1b6014f4896cb214fa874925775a91b94145aa7fc8188e6066eacbf08b7d0285f96e006699a"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1}, &(0x7f0000000a40)={0x20, 0x81, 0x1, "cb"}, &(0x7f0000000a80)={0x20, 0x82, 0x3, "e5446e"}, &(0x7f0000000ac0)={0x20, 0x83, 0x2, "03eb"}, &(0x7f0000000b00)={0x20, 0x84, 0x1, 'n'}, &(0x7f0000000b40)={0x20, 0x85, 0x3, "b9c957"}})
syz_usb_control_io(r2, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid-syz_usb_connect$uac1-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
r2 = syz_usb_connect$uac1(0x1, 0x132, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x582, 0x14, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x3, 0x1, 0x0, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf, 0x45}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x4, 0x4, [0x9, 0x2, 0x5, 0x0], 0x6}, @processing_unit={0xb, 0x24, 0x7, 0x4, 0x3, 0x2a, "4ce23d27"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x101, 0x3, 0x6, 0x8e}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x1}, @mixer_unit={0x6, 0x24, 0x4, 0x2, 0x3, "17"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x35f4, 0x54, "b6dc3148"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x7, 0x2}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x2, 0xff, 0x1, "1038cb14e9cb5e9c"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x9, 0x1, 0x2, 0xf5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x81, 0x2, 0x4, 0x7, "ef196af6dccc"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x3, 0x9, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x5, 0x8, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x4, 0x53, {0x7, 0x25, 0x1, 0x4, 0x81, 0x58fa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0xc, 0x6, 0xff}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x3, 0x24, 0x8, '&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x1, 0x4, "", "ee"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xd, 0x9, 0x6, "8173c750b02c3894"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x3f48, 0x3, 0x5}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x40, 0x3, 0xa4, 0x10, "60b8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x50, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x42, 0x1}}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x2, 0x2353e69cf973037, 0x7f}, 0x6b, &(0x7f0000000380)={0x5, 0xf, 0x6b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3c, "c4e8c2a4823bc849717ca02970f7dfdd"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xd, 0xe, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0x0, 0x3}, @generic={0x3a, 0x10, 0x4, "b1c8e10dacaa32f04c935aa7d14243f2ccb9f45e3822697e9c450722f95f0ea1bc233ad88ead9a2f8e7a3ce4f8af6643a2bcadfe2b94c2"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0x2, 0xb92}]}, 0x9, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3822}}, {0x5a, &(0x7f0000000440)=@string={0x5a, 0x3, "8f03c7e1e3621825909a8d8879c898cebdac3d8ce20771e45fc05d39c3d0859e88bc5123505607f2eb27b6203ba7c469c999380e592eb2263a913f5ef059aa95803589a1e25cd0bd4e8e96984cacfdb763dc727df5c379a1"}}, {0x101, &(0x7f00000004c0)=@string={0x101, 0x3, "2def65527f49ac01113daea0705795b5284f1b0f23b241dbf4deafc53a6ce1b4ff33d63e4403cde6c4316aaefb400a3930f3932fd046e799e33531a580ceb94343a569728648128075b255fee962dbf3786be4d58aa2c342e5e9e5b0fdacd128e5081cc493035abf43e38fe76d74c1e31e1f702893e8a5e727654ad3348aba3eeba1756884719c262da5637ba96d688b9ad0fbc7df3c95de26b9fc35ae446e9c9da0f11685b756880225dbe71b4aa9ceaf04204662402f0075f063a1f81d2e4d850af86fe1cb18045eefa05d0a054a5c88729d75f1bab5e73af05a7bb83baf5c5c222a7af10265569cac8f6b1579d295cbd11611a7ece539b1e63e385c96f4"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x458}}, {0x2f, &(0x7f00000006c0)=@string={0x2f, 0x3, "097adbaa0ed5cbf697ab61cfd0109fba1037d28ad057687209322be95b2f96bee48c74f83d05ac71705791c312"}}]})
syz_usb_control_io$uac1(r2, &(0x7f00000008c0)={0x14, &(0x7f00000007c0)={0x40, 0xc, 0xf8, {0xf8, 0x8, "a6ad0fb1fc918ca34b8d72750ed810a253dbae4d664c7fb0413bf8814f26f259b2058bea192022f174f552915a5597668f328b812f93412278d0d448972400c1b18f61eba971b8ea1a14238bc1e88aafeb28674b03e393d332b5821dc530fb079f73d789d30b09395f81d121c47c2b47105cf556b9cb36d76c2acf459feaa7f11c62b08c1f263217e1e1fed3f2b052726accfa0759ff5de9eb2985e737fcda0d4a1b55424ae3a5146ecdc89cc90bced3e91e6d75bb9a9948b46b67b54bd4b69bc018ceb09eb8d8431902e85ea8d9961bea3944229f14d86e0404f0d913f50aa2de1901917d1f508cf113ec8ffca6aabd2d56303972b0"}}, 0x0}, &(0x7f0000000b80)={0x44, &(0x7f0000000900)={0x20, 0x17, 0x9f, "8226d28057b8671ae6bf12185bd55ecd0bb53fe427815125d4127d8308dae224a591837e28ff29ecfd213263ec357f7e49f169d80ed988c3ffd56520d27531eba11a8a34f946879e950e629ca408cdd07ffc5bae5cf90d7071e63780130e6f68c877972df2f866adad9e70c98392f6fafb9ef2df46a8376c97b1b6014f4896cb214fa874925775a91b94145aa7fc8188e6066eacbf08b7d0285f96e006699a"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1}, &(0x7f0000000a40)={0x20, 0x81, 0x1, "cb"}, &(0x7f0000000a80)={0x20, 0x82, 0x3, "e5446e"}, &(0x7f0000000ac0)={0x20, 0x83, 0x2, "03eb"}, &(0x7f0000000b00)={0x20, 0x84, 0x1, 'n'}, &(0x7f0000000b40)={0x20, 0x85, 0x3, "b9c957"}})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid-syz_usb_connect$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
syz_usb_connect$uac1(0x1, 0x132, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x582, 0x14, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x3, 0x1, 0x0, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf, 0x45}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x4, 0x4, [0x9, 0x2, 0x5, 0x0], 0x6}, @processing_unit={0xb, 0x24, 0x7, 0x4, 0x3, 0x2a, "4ce23d27"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x101, 0x3, 0x6, 0x8e}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x1}, @mixer_unit={0x6, 0x24, 0x4, 0x2, 0x3, "17"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x35f4, 0x54, "b6dc3148"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x7, 0x2}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x2, 0xff, 0x1, "1038cb14e9cb5e9c"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x9, 0x1, 0x2, 0xf5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x81, 0x2, 0x4, 0x7, "ef196af6dccc"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x3, 0x9, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x5, 0x8, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x4, 0x53, {0x7, 0x25, 0x1, 0x4, 0x81, 0x58fa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0xc, 0x6, 0xff}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x3, 0x24, 0x8, '&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x1, 0x4, "", "ee"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xd, 0x9, 0x6, "8173c750b02c3894"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x3f48, 0x3, 0x5}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x40, 0x3, 0xa4, 0x10, "60b8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x50, 0x4, 0x9, {0x7, 0x25, 0x1, 0x0, 0x42, 0x1}}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x2, 0x2353e69cf973037, 0x7f}, 0x6b, &(0x7f0000000380)={0x5, 0xf, 0x6b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3c, "c4e8c2a4823bc849717ca02970f7dfdd"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xd, 0xe, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0x0, 0x3}, @generic={0x3a, 0x10, 0x4, "b1c8e10dacaa32f04c935aa7d14243f2ccb9f45e3822697e9c450722f95f0ea1bc233ad88ead9a2f8e7a3ce4f8af6643a2bcadfe2b94c2"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0x2, 0xb92}]}, 0x9, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3822}}, {0x5a, &(0x7f0000000440)=@string={0x5a, 0x3, "8f03c7e1e3621825909a8d8879c898cebdac3d8ce20771e45fc05d39c3d0859e88bc5123505607f2eb27b6203ba7c469c999380e592eb2263a913f5ef059aa95803589a1e25cd0bd4e8e96984cacfdb763dc727df5c379a1"}}, {0x101, &(0x7f00000004c0)=@string={0x101, 0x3, "2def65527f49ac01113daea0705795b5284f1b0f23b241dbf4deafc53a6ce1b4ff33d63e4403cde6c4316aaefb400a3930f3932fd046e799e33531a580ceb94343a569728648128075b255fee962dbf3786be4d58aa2c342e5e9e5b0fdacd128e5081cc493035abf43e38fe76d74c1e31e1f702893e8a5e727654ad3348aba3eeba1756884719c262da5637ba96d688b9ad0fbc7df3c95de26b9fc35ae446e9c9da0f11685b756880225dbe71b4aa9ceaf04204662402f0075f063a1f81d2e4d850af86fe1cb18045eefa05d0a054a5c88729d75f1bab5e73af05a7bb83baf5c5c222a7af10265569cac8f6b1579d295cbd11611a7ece539b1e63e385c96f4"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x458}}, {0x2f, &(0x7f00000006c0)=@string={0x2f, 0x3, "097adbaa0ed5cbf697ab61cfd0109fba1037d28ad057687209322be95b2f96bee48c74f83d05ac71705791c312"}}]})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x9, {0x9, 0x21, 0xb8c, 0x1, 0x1, {0x22, 0xeed}}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB], 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_init
validation run: crashed=true
reproducing took 1h16m49.618044545s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff888122ca4740 by task v4l_id/5859

CPU: 1 UID: 0 PID: 5859 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1e0 mm/kasan/report.c:595
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x64/0xa0 drivers/media/v4l2-core/v4l2-fh.c:64
 em28xx_v4l2_open+0x11e/0x570 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x1d2/0x490 drivers/media/v4l2-core/v4l2-dev.c:433
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x68b/0x14b0 fs/open.c:949
 vfs_open+0x82/0x3f0 fs/open.c:1081
 do_open fs/namei.c:4671 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4830
 do_file_open+0x20e/0x430 fs/namei.c:4859
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1366
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3b834e4407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd5d221070 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f3b833f6880 RCX: 00007f3b834e4407
RDX: 0000000000000000 RSI: 00007ffd5d221f24 RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd5d2212c0 R14: 00007f3b83c7a000 R15: 000055c1fb8da4d8
 </TASK>

Allocated by task 5782:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 5782:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2685 [inline]
 slab_free mm/slub.c:6165 [inline]
 kfree+0x1dc/0x640 mm/slub.c:6483
 kref_put.isra.0+0x56/0x90 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888122ca4000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1856 bytes inside of
 freed 8192-byte region [ffff888122ca4000, ffff888122ca6000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122ca0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000003 ffffea00048b2801 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5782, tgid 5782 (kworker/0:6), ts 102684935985, free_ts 102680704880
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x153/0x170 mm/page_alloc.c:1889
 prep_new_page mm/page_alloc.c:1897 [inline]
 get_page_from_freelist+0xf10/0x39f0 mm/page_alloc.c:3962
 __alloc_frozen_pages_noprof+0x273/0x2860 mm/page_alloc.c:5250
 alloc_slab_page mm/slub.c:3292 [inline]
 allocate_slab mm/slub.c:3481 [inline]
 new_slab+0xa6/0x6c0 mm/slub.c:3539
 refill_objects+0x26b/0x400 mm/slub.c:7175
 refill_sheaf mm/slub.c:2812 [inline]
 __pcs_replace_empty_main+0x1ab/0x660 mm/slub.c:4615
 alloc_from_pcs mm/slub.c:4717 [inline]
 slab_alloc_node mm/slub.c:4851 [inline]
 __kmalloc_cache_noprof+0x52c/0x6b0 mm/slub.c:5375
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
page last free pid 5778 tgid 5778 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x7b1/0xfb0 mm/page_alloc.c:2978
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4538 [inline]
 slab_alloc_node mm/slub.c:4866 [inline]
 __kmalloc_cache_noprof+0x254/0x6b0 mm/slub.c:5375
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 kernfs_iop_get_link fs/kernfs/symlink.c:137 [inline]
 kernfs_iop_get_link+0x65/0x16a0 fs/kernfs/symlink.c:128
 pick_link+0xd17/0x13c0 fs/namei.c:2065
 step_into_slowpath+0x9ba/0xf90 fs/namei.c:2124
 step_into fs/namei.c:2149 [inline]
 open_last_lookups fs/namei.c:4618 [inline]
 path_openat+0xf95/0x31a0 fs/namei.c:4827
 do_file_open+0x20e/0x430 fs/namei.c:4859
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1366
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888122ca4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888122ca4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888122ca4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff888122ca4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888122ca4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
Read of size 8 at addr ffff888122ca4740 by task v4l_id/5859

CPU: 1 UID: 0 PID: 5859 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1e0 mm/kasan/report.c:595
 v4l2_fh_init+0x27d/0x2c0 drivers/media/v4l2-core/v4l2-fh.c:25
 v4l2_fh_open+0x64/0xa0 drivers/media/v4l2-core/v4l2-fh.c:64
 em28xx_v4l2_open+0x11e/0x570 drivers/media/usb/em28xx/em28xx-video.c:2153
 v4l2_open+0x1d2/0x490 drivers/media/v4l2-core/v4l2-dev.c:433
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x68b/0x14b0 fs/open.c:949
 vfs_open+0x82/0x3f0 fs/open.c:1081
 do_open fs/namei.c:4671 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4830
 do_file_open+0x20e/0x430 fs/namei.c:4859
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1366
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3b834e4407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd5d221070 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f3b833f6880 RCX: 00007f3b834e4407
RDX: 0000000000000000 RSI: 00007ffd5d221f24 RDI: ffffffffffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd5d2212c0 R14: 00007f3b83c7a000 R15: 000055c1fb8da4d8
 </TASK>

Allocated by task 5782:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 5782:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2685 [inline]
 slab_free mm/slub.c:6165 [inline]
 kfree+0x1dc/0x640 mm/slub.c:6483
 kref_put.isra.0+0x56/0x90 include/linux/kref.h:65
 em28xx_v4l2_init.cold+0x280/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2901
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888122ca4000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1856 bytes inside of
 freed 8192-byte region [ffff888122ca4000, ffff888122ca6000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122ca0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000000040(head|node=0|zone=2)
page_type: f5(slab)
raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
head: 0200000000000003 ffffea00048b2801 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5782, tgid 5782 (kworker/0:6), ts 102684935985, free_ts 102680704880
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x153/0x170 mm/page_alloc.c:1889
 prep_new_page mm/page_alloc.c:1897 [inline]
 get_page_from_freelist+0xf10/0x39f0 mm/page_alloc.c:3962
 __alloc_frozen_pages_noprof+0x273/0x2860 mm/page_alloc.c:5250
 alloc_slab_page mm/slub.c:3292 [inline]
 allocate_slab mm/slub.c:3481 [inline]
 new_slab+0xa6/0x6c0 mm/slub.c:3539
 refill_objects+0x26b/0x400 mm/slub.c:7175
 refill_sheaf mm/slub.c:2812 [inline]
 __pcs_replace_empty_main+0x1ab/0x660 mm/slub.c:4615
 alloc_from_pcs mm/slub.c:4717 [inline]
 slab_alloc_node mm/slub.c:4851 [inline]
 __kmalloc_cache_noprof+0x52c/0x6b0 mm/slub.c:5375
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 em28xx_v4l2_init.cold+0x94/0x3503 drivers/media/usb/em28xx/em28xx-video.c:2532
 em28xx_init_extension+0x13a/0x200 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x61/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
page last free pid 5778 tgid 5778 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x7b1/0xfb0 mm/page_alloc.c:2978
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x4e/0x70 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4538 [inline]
 slab_alloc_node mm/slub.c:4866 [inline]
 __kmalloc_cache_noprof+0x254/0x6b0 mm/slub.c:5375
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 kernfs_iop_get_link fs/kernfs/symlink.c:137 [inline]
 kernfs_iop_get_link+0x65/0x16a0 fs/kernfs/symlink.c:128
 pick_link+0xd17/0x13c0 fs/namei.c:2065
 step_into_slowpath+0x9ba/0xf90 fs/namei.c:2124
 step_into fs/namei.c:2149 [inline]
 open_last_lookups fs/namei.c:4618 [inline]
 path_openat+0xf95/0x31a0 fs/namei.c:4827
 do_file_open+0x20e/0x430 fs/namei.c:4859
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1366
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888122ca4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888122ca4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888122ca4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff888122ca4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888122ca4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================