Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts.
executing program
[ 42.838262][ T29] audit: type=1400 audit(1736093815.830:80): avc: denied { execmem } for pid=2945 comm="syz-executor328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 42.857958][ T29] audit: type=1400 audit(1736093815.850:81): avc: denied { read write } for pid=2947 comm="syz-executor328" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
executing program
executing program
executing program
executing program
[ 42.881911][ T29] audit: type=1400 audit(1736093815.850:82): avc: denied { open } for pid=2947 comm="syz-executor328" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 42.905693][ T29] audit: type=1400 audit(1736093815.850:83): avc: denied { ioctl } for pid=2947 comm="syz-executor328" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 43.088407][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 43.108270][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 43.115941][ T1119] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 43.178336][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 43.188306][ T36] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 43.238266][ T9] usb 1-1: Using ep0 maxpacket: 32
[ 43.245739][ T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 43.254135][ T9] usb 1-1: config 0 has no interface number 0
[ 43.260885][ T9] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 43.272845][ T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 43.278250][ T24] usb 5-1: Using ep0 maxpacket: 32
[ 43.281979][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 43.287085][ T1119] usb 3-1: Using ep0 maxpacket: 32
[ 43.295021][ T9] usb 1-1: Product: syz
[ 43.295050][ T9] usb 1-1: Manufacturer: syz
[ 43.303531][ T24] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 43.304330][ T9] usb 1-1: SerialNumber: syz
[ 43.309667][ T9] usb 1-1: config 0 descriptor??
[ 43.317282][ T24] usb 5-1: config 0 has no interface number 0
[ 43.326842][ T2947] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 43.327151][ T1119] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 43.338342][ T8] usb 2-1: Using ep0 maxpacket: 32
[ 43.340317][ T1119] usb 3-1: config 0 has no interface number 0
[ 43.350460][ T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 43.353620][ T24] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 43.359820][ T9] em28xx 1-1:0.132: Video interface 132 found: bulk
[ 43.370466][ T1119] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 43.383829][ T8] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 43.389430][ T24] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 43.396368][ T8] usb 2-1: config 0 has no interface number 0
[ 43.404402][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 43.417105][ T8] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 43.419541][ T24] usb 5-1: Product: syz
[ 43.419569][ T24] usb 5-1: Manufacturer: syz
[ 43.419596][ T24] usb 5-1: SerialNumber: syz
[ 43.432526][ T8] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 43.437611][ T36] usb 4-1: Using ep0 maxpacket: 32
[ 43.442003][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 43.447470][ T1119] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 43.451042][ T8] usb 2-1: Product: syz
[ 43.451074][ T8] usb 2-1: Manufacturer: syz
[ 43.451097][ T8] usb 2-1: SerialNumber: syz
[ 43.465566][ T8] usb 2-1: config 0 descriptor??
[ 43.465705][ T1119] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 43.465744][ T1119] usb 3-1: Product: syz
[ 43.474840][ T2953] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[ 43.482875][ T1119] usb 3-1: Manufacturer: syz
[ 43.493362][ T8] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 43.496263][ T1119] usb 3-1: SerialNumber: syz
executing program
[ 43.499929][ T36] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 43.501367][ T8] em28xx 2-1:0.132: Video interface 132 found: bulk
[ 43.509331][ T36] usb 4-1: config 0 has no interface number 0
[ 43.509383][ T36] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 43.572643][ T24] usb 5-1: config 0 descriptor??
[ 43.578071][ T2952] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 43.584160][ T1119] usb 3-1: config 0 descriptor??
[ 43.597425][ T24] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 43.607365][ T24] em28xx 5-1:0.132: Video interface 132 found: bulk
[ 43.615033][ T9] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 43.616479][ T2954] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 43.629791][ T36] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 43.639162][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 43.647210][ T36] usb 4-1: Product: syz
[ 43.651669][ T36] usb 4-1: Manufacturer: syz
[ 43.656317][ T36] usb 4-1: SerialNumber: syz
[ 43.665026][ T1119] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 43.674933][ T1119] em28xx 3-1:0.132: Video interface 132 found: bulk
executing program
[ 43.684071][ T9] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 43.685558][ T36] usb 4-1: config 0 descriptor??
[ 43.693133][ T9] em28xx 1-1:0.132: board has no eeprom
[ 43.704737][ T2955] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 43.721539][ T36] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 43.731573][ T36] em28xx 4-1:0.132: Video interface 132 found: bulk
[ 43.768413][ T9] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 43.776510][ T9] em28xx 1-1:0.132: analog set to bulk mode.
[ 43.783418][ T2962] em28xx 1-1:0.132: Registering V4L2 extension
[ 43.790056][ T8] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 43.809811][ T9] usb 1-1: USB disconnect, device number 2
executing program
executing program
[ 43.816892][ T9] em28xx 1-1:0.132: Disconnecting em28xx
executing program
[ 43.859764][ T8] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 43.868600][ T8] em28xx 2-1:0.132: board has no eeprom
[ 43.878695][ T24] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 43.888928][ T1119] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 43.930653][ T8] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 43.938916][ T8] em28xx 2-1:0.132: analog set to bulk mode.
[ 43.946900][ T2962] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 43.950286][ T24] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 43.954130][ T2962] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 43.962822][ T24] em28xx 5-1:0.132: board has no eeprom
[ 43.969924][ T2962] em28xx 1-1:0.132: No AC97 audio processor
[ 43.977287][ T1119] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 43.986032][ T8] usb 2-1: USB disconnect, device number 2
[ 43.990191][ T1119] em28xx 3-1:0.132: board has no eeprom
[ 44.003072][ T36] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 44.007974][ T8] em28xx 2-1:0.132: Disconnecting em28xx
[ 44.023088][ T2962] usb 1-1: Decoder not found
[ 44.027868][ T2962] em28xx 1-1:0.132: failed to create media graph
[ 44.034991][ T2962] em28xx 1-1:0.132: V4L2 device video0 deregistered
[ 44.043769][ T2962] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 44.052742][ T2970] em28xx 2-1:0.132: Registering V4L2 extension
[ 44.068332][ T24] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 44.076294][ T24] em28xx 5-1:0.132: analog set to bulk mode.
[ 44.083810][ T36] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 44.092616][ T36] em28xx 4-1:0.132: board has no eeprom
[ 44.098321][ T1119] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 44.106208][ T1119] em28xx 3-1:0.132: analog set to bulk mode.
[ 44.145510][ T1119] usb 3-1: USB disconnect, device number 2
[ 44.165790][ T1119] em28xx 3-1:0.132: Disconnecting em28xx
[ 44.174692][ T24] usb 5-1: USB disconnect, device number 2
[ 44.181752][ T36] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 44.189811][ T36] em28xx 4-1:0.132: analog set to bulk mode.
[ 44.192883][ T2970] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 44.198066][ T24] em28xx 5-1:0.132: Disconnecting em28xx
[ 44.203080][ T2970] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 44.215799][ T2970] em28xx 2-1:0.132: No AC97 audio processor
[ 44.230136][ T2970] usb 2-1: Decoder not found
[ 44.234845][ T2970] em28xx 2-1:0.132: failed to create media graph
[ 44.235699][ T36] usb 4-1: USB disconnect, device number 2
[ 44.241943][ T2970] em28xx 2-1:0.132: V4L2 device video0 deregistered
[ 44.252029][ T36] em28xx 4-1:0.132: Disconnecting em28xx
[ 44.259697][ T2970] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 44.268832][ T9] em28xx 1-1:0.132: Closing input extension
[ 44.275022][ T2960] em28xx 5-1:0.132: Registering V4L2 extension
[ 44.279771][ T9] em28xx 1-1:0.132: Freeing device
[ 44.367244][ T2960] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[ 44.374982][ T2960] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[ 44.382403][ T2960] em28xx 5-1:0.132: No AC97 audio processor
[ 44.391011][ T2960] usb 5-1: Decoder not found
[ 44.395681][ T2960] em28xx 5-1:0.132: failed to create media graph
[ 44.402548][ T2960] em28xx 5-1:0.132: V4L2 device video0 deregistered
[ 44.412526][ T2960] em28xx 5-1:0.132: Remote control support is not available for this card.
[ 44.412732][ T2985] ==================================================================
[ 44.421345][ T2956] em28xx 3-1:0.132: Registering V4L2 extension
[ 44.429236][ T2985] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 44.442931][ T2985] Read of size 8 at addr ffff88812107c730 by task v4l_id/2985
[ 44.450450][ T2985]
[ 44.452830][ T2985] CPU: 0 UID: 0 PID: 2985 Comm: v4l_id Not tainted 6.13.0-rc4-syzkaller-00080-gf1a2241778d9 #0
[ 44.463214][ T2985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 44.473321][ T2985] Call Trace:
[ 44.476638][ T2985]
[ 44.479605][ T2985] dump_stack_lvl+0x116/0x1f0
[ 44.484357][ T2985] print_report+0xc3/0x620
[ 44.488835][ T2985] ? __virt_addr_valid+0x5e/0x590
[ 44.493937][ T2985] ? __phys_addr+0xc6/0x150
[ 44.498515][ T2985] kasan_report+0xd9/0x110
[ 44.502996][ T2985] ? v4l2_fh_init+0x27d/0x2c0
[ 44.507734][ T2985] ? v4l2_fh_init+0x27d/0x2c0
[ 44.512474][ T2985] v4l2_fh_init+0x27d/0x2c0
[ 44.517044][ T2985] v4l2_fh_open+0x83/0xc0
[ 44.521441][ T2985] em28xx_v4l2_open+0x250/0x7e0
[ 44.526354][ T2985] v4l2_open+0x222/0x490
[ 44.530585][ T2956] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[ 44.530645][ T2985] ? __pfx_v4l2_open+0x10/0x10
[ 44.537708][ T2956] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[ 44.542416][ T2985] chrdev_open+0x237/0x6a0
[ 44.542468][ T2985] ? __pfx_chrdev_open+0x10/0x10
[ 44.549628][ T2956] em28xx 3-1:0.132: No AC97 audio processor
[ 44.553986][ T2985] ? lockref_get+0x15/0x50
[ 44.564354][ T2956] usb 3-1: Decoder not found
[ 44.564827][ T2985] do_dentry_open+0x6cb/0x1390
[ 44.569348][ T2956] em28xx 3-1:0.132: failed to create media graph
[ 44.573821][ T2985] ? __pfx_chrdev_open+0x10/0x10
[ 44.579415][ T2956] em28xx 3-1:0.132: V4L2 device video1 deregistered
[ 44.584892][ T2985] ? inode_permission+0xdd/0x5f0
[ 44.591883][ T2956] em28xx 3-1:0.132: Remote control support is not available for this card.
[ 44.596395][ T2985] vfs_open+0x82/0x3f0
[ 44.601626][ T2981] em28xx 4-1:0.132: Registering V4L2 extension
[ 44.609895][ T2985] ? may_open+0x1f2/0x400
[ 44.609932][ T2985] path_openat+0x1e6a/0x2d60
[ 44.609989][ T2985] ? __pfx_path_openat+0x10/0x10
[ 44.634422][ T2985] ? __pfx___lock_acquire+0x10/0x10
[ 44.639682][ T2985] ? lock_acquire.part.0+0x11b/0x380
[ 44.645029][ T2985] ? find_held_lock+0x2d/0x110
[ 44.649864][ T2985] do_filp_open+0x20c/0x470
[ 44.654435][ T2985] ? __pfx_do_filp_open+0x10/0x10
[ 44.659518][ T2985] ? find_held_lock+0x2d/0x110
[ 44.664364][ T2985] ? alloc_fd+0x41f/0x760
[ 44.668756][ T2985] do_sys_openat2+0x17a/0x1e0
[ 44.673479][ T2985] ? __pfx_do_sys_openat2+0x10/0x10
[ 44.678723][ T2985] ? do_user_addr_fault+0xd97/0x12c0
[ 44.684060][ T2985] ? __pfx_lock_release+0x10/0x10
[ 44.689148][ T2985] __x64_sys_openat+0x175/0x210
[ 44.694052][ T2985] ? __pfx___x64_sys_openat+0x10/0x10
[ 44.699477][ T2985] ? do_user_addr_fault+0x839/0x12c0
[ 44.704836][ T2985] do_syscall_64+0xcd/0x250
[ 44.709419][ T2985] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 44.711083][ T2981] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 44.715354][ T2985] RIP: 0033:0x7f7312ac49a4
[ 44.722471][ T2981] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 44.726786][ T2985] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 44.733924][ T2981] em28xx 4-1:0.132: No AC97 audio processor
[ 44.753469][ T2985] RSP: 002b:00007fff093b8990 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 44.753503][ T2985] RAX: ffffffffffffffda RBX: 00007fff093b8ba8 RCX: 00007f7312ac49a4
[ 44.763842][ T2981] usb 4-1: Decoder not found
[ 44.767813][ T2985] RDX: 0000000000000000 RSI: 00007fff093b9f25 RDI: 00000000ffffff9c
[ 44.775971][ T2981] em28xx 4-1:0.132: failed to create media graph
[ 44.780370][ T2985] RBP: 00007fff093b9f25 R08: 0000000000000000 R09: 0000000000000000
[ 44.780396][ T2985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 44.780418][ T2985] R13: 00007fff093b8bc0 R14: 0000556923203670 R15: 00007f7312f13a80
[ 44.789818][ T2981] em28xx 4-1:0.132: V4L2 device video1 deregistered
[ 44.794705][ T2985]
[ 44.804851][ T2981] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 44.810632][ T2985]
[ 44.810641][ T2985] Allocated by task 2960:
[ 44.810657][ T2985] kasan_save_stack+0x33/0x60
[ 44.810692][ T2985] kasan_save_track+0x14/0x30
[ 44.820505][ T36] em28xx 4-1:0.132: Closing input extension
[ 44.825250][ T2985] __kasan_kmalloc+0x8f/0xa0
[ 44.831907][ T36] em28xx 4-1:0.132: Freeing device
[ 44.836842][ T2985] em28xx_v4l2_init+0x114/0x4050
[ 44.873702][ T2985] em28xx_init_extension+0x137/0x200
[ 44.879018][ T2985] request_module_async+0x61/0x70
[ 44.884064][ T2985] process_one_work+0x9c5/0x1ba0
[ 44.889102][ T2985] worker_thread+0x6c8/0xf00
[ 44.893729][ T2985] kthread+0x2c1/0x3a0
[ 44.897817][ T2985] ret_from_fork+0x45/0x80
[ 44.902374][ T2985] ret_from_fork_asm+0x1a/0x30
[ 44.907140][ T2985]
[ 44.909487][ T2985] Freed by task 2960:
[ 44.913476][ T2985] kasan_save_stack+0x33/0x60
[ 44.918213][ T2985] kasan_save_track+0x14/0x30
[ 44.922930][ T2985] kasan_save_free_info+0x3b/0x60
[ 44.927975][ T2985] __kasan_slab_free+0x37/0x50
[ 44.932753][ T2985] kfree+0x130/0x470
[ 44.936665][ T2985] em28xx_v4l2_init+0x22a4/0x4050
[ 44.941715][ T2985] em28xx_init_extension+0x137/0x200
[ 44.947059][ T2985] request_module_async+0x61/0x70
[ 44.952131][ T2985] process_one_work+0x9c5/0x1ba0
[ 44.957117][ T2985] worker_thread+0x6c8/0xf00
[ 44.961730][ T2985] kthread+0x2c1/0x3a0
[ 44.965826][ T2985] ret_from_fork+0x45/0x80
[ 44.970262][ T2985] ret_from_fork_asm+0x1a/0x30
[ 44.975042][ T2985]
[ 44.977379][ T2985] The buggy address belongs to the object at ffff88812107c000
[ 44.977379][ T2985] which belongs to the cache kmalloc-8k of size 8192
[ 44.991466][ T2985] The buggy address is located 1840 bytes inside of
[ 44.991466][ T2985] freed 8192-byte region [ffff88812107c000, ffff88812107e000)
[ 45.005483][ T2985]
[ 45.007807][ T2985] The buggy address belongs to the physical page:
[ 45.014226][ T2985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121078
[ 45.023090][ T2985] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 45.031631][ T2985] flags: 0x200000000000040(head|node=0|zone=2)
[ 45.037854][ T2985] page_type: f5(slab)
[ 45.041856][ T2985] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 45.050481][ T2985] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 45.059090][ T2985] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 45.067780][ T2985] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 45.076467][ T2985] head: 0200000000000003 ffffea0004841e01 ffffffffffffffff 0000000000000000
[ 45.085150][ T2985] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 45.093820][ T2985] page dumped because: kasan: bad access detected
[ 45.100235][ T2985] page_owner tracks the page as allocated
[ 45.105956][ T2985] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2943, tgid 2943 (sshd), ts 42533232230, free_ts 33825694664
[ 45.126471][ T2985] post_alloc_hook+0x2d1/0x350
[ 45.131273][ T2985] get_page_from_freelist+0xe76/0x2b90
[ 45.136753][ T2985] __alloc_pages_noprof+0x21c/0x22a0
[ 45.142053][ T2985] alloc_pages_mpol_noprof+0xeb/0x400
[ 45.147450][ T2985] new_slab+0x2c9/0x410
[ 45.151619][ T2985] ___slab_alloc+0xd1d/0x16e0
[ 45.156320][ T2985] __slab_alloc.constprop.0+0x56/0xb0
[ 45.161709][ T2985] __kmalloc_node_track_caller_noprof+0x157/0x4c0
[ 45.168161][ T2985] kmalloc_reserve+0xef/0x2c0
[ 45.172879][ T2985] __alloc_skb+0x164/0x380
[ 45.177302][ T2985] netlink_dump+0x2b7/0x11f0
[ 45.181920][ T2985] netlink_recvmsg+0x94f/0xe20
[ 45.186729][ T2985] sock_recvmsg+0x1f6/0x250
[ 45.191276][ T2985] ____sys_recvmsg+0x219/0x6b0
[ 45.196055][ T2985] ___sys_recvmsg+0x115/0x1a0
[ 45.200741][ T2985] __sys_recvmsg+0x16b/0x220
[ 45.205341][ T2985] page last free pid 2930 tgid 2930 stack trace:
[ 45.211668][ T2985] free_unref_page+0x661/0xe40
[ 45.216448][ T2985] __folio_put+0x1e8/0x2d0
[ 45.218661][ T36] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 45.220871][ T2985] skb_release_data+0x5d6/0x910
[ 45.233195][ T2985] skb_attempt_defer_free+0x1b9/0x630
[ 45.238596][ T2985] tcp_recvmsg_locked+0x11da/0x2730
[ 45.243841][ T2985] tcp_recvmsg+0x12e/0x680
[ 45.248302][ T2985] inet_recvmsg+0x12b/0x6a0
[ 45.248627][ T29] audit: type=1400 audit(1736093818.220:84): avc: denied { remove_name } for pid=2827 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 45.252820][ T2985] sock_recvmsg+0x1b2/0x250
[ 45.252864][ T2985] sock_read_iter+0x2bb/0x3b0
[ 45.275328][ T29] audit: type=1400 audit(1736093818.220:85): avc: denied { rename } for pid=2827 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.279760][ T2985] vfs_read+0xa4c/0xbe0
[ 45.279822][ T2985] ksys_read+0x207/0x250
[ 45.279857][ T2985] do_syscall_64+0xcd/0x250
[ 45.319496][ T2985] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 45.325424][ T2985]
[ 45.327766][ T2985] Memory state around the buggy address:
[ 45.333398][ T2985] ffff88812107c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.341468][ T2985] ffff88812107c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.349536][ T2985] >ffff88812107c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.357598][ T2985] ^
[ 45.363228][ T2985] ffff88812107c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.371295][ T2985] ffff88812107c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.379364][ T2985] ==================================================================
[ 45.387706][ T2985] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 45.394929][ T2985] CPU: 0 UID: 0 PID: 2985 Comm: v4l_id Not tainted 6.13.0-rc4-syzkaller-00080-gf1a2241778d9 #0
[ 45.405274][ T2985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 45.415363][ T2985] Call Trace:
[ 45.418646][ T2985]
[ 45.421590][ T2985] dump_stack_lvl+0x3d/0x1f0
[ 45.426205][ T2985] panic+0x71d/0x800
[ 45.430119][ T2985] ? __pfx_panic+0x10/0x10
[ 45.434560][ T2985] ? check_panic_on_warn+0x1f/0xb0
[ 45.439686][ T2985] check_panic_on_warn+0xab/0xb0
[ 45.444640][ T2985] end_report+0x117/0x180
[ 45.449072][ T2985] kasan_report+0xe9/0x110
[ 45.453587][ T2985] ? v4l2_fh_init+0x27d/0x2c0
[ 45.458286][ T2985] ? v4l2_fh_init+0x27d/0x2c0
[ 45.462994][ T2985] v4l2_fh_init+0x27d/0x2c0
[ 45.467515][ T2985] v4l2_fh_open+0x83/0xc0
[ 45.471872][ T2985] em28xx_v4l2_open+0x250/0x7e0
[ 45.476744][ T2985] v4l2_open+0x222/0x490
[ 45.481022][ T2985] ? __pfx_v4l2_open+0x10/0x10
[ 45.485861][ T2985] chrdev_open+0x237/0x6a0
[ 45.490351][ T2985] ? __pfx_chrdev_open+0x10/0x10
[ 45.495379][ T2985] ? lockref_get+0x15/0x50
[ 45.499894][ T2985] do_dentry_open+0x6cb/0x1390
[ 45.504698][ T2985] ? __pfx_chrdev_open+0x10/0x10
[ 45.509670][ T2985] ? inode_permission+0xdd/0x5f0
[ 45.514671][ T2985] vfs_open+0x82/0x3f0
[ 45.518787][ T2985] ? may_open+0x1f2/0x400
[ 45.523178][ T2985] path_openat+0x1e6a/0x2d60
[ 45.527829][ T2985] ? __pfx_path_openat+0x10/0x10
[ 45.532799][ T2985] ? __pfx___lock_acquire+0x10/0x10
[ 45.538031][ T2985] ? lock_acquire.part.0+0x11b/0x380
[ 45.543358][ T2985] ? find_held_lock+0x2d/0x110
[ 45.548164][ T2985] do_filp_open+0x20c/0x470
[ 45.552722][ T2985] ? __pfx_do_filp_open+0x10/0x10
[ 45.557779][ T2985] ? find_held_lock+0x2d/0x110
[ 45.562591][ T2985] ? alloc_fd+0x41f/0x760
[ 45.566959][ T2985] do_sys_openat2+0x17a/0x1e0
[ 45.571668][ T2985] ? __pfx_do_sys_openat2+0x10/0x10
[ 45.576916][ T2985] ? do_user_addr_fault+0xd97/0x12c0
[ 45.582238][ T2985] ? __pfx_lock_release+0x10/0x10
[ 45.587295][ T2985] __x64_sys_openat+0x175/0x210
[ 45.592179][ T2985] ? __pfx___x64_sys_openat+0x10/0x10
[ 45.597589][ T2985] ? do_user_addr_fault+0x839/0x12c0
[ 45.602925][ T2985] do_syscall_64+0xcd/0x250
[ 45.607467][ T2985] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 45.613416][ T2985] RIP: 0033:0x7f7312ac49a4
[ 45.617851][ T2985] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 45.637528][ T2985] RSP: 002b:00007fff093b8990 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 45.645974][ T2985] RAX: ffffffffffffffda RBX: 00007fff093b8ba8 RCX: 00007f7312ac49a4
[ 45.653999][ T2985] RDX: 0000000000000000 RSI: 00007fff093b9f25 RDI: 00000000ffffff9c
[ 45.661996][ T2985] RBP: 00007fff093b9f25 R08: 0000000000000000 R09: 0000000000000000
[ 45.669988][ T2985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 45.677982][ T2985] R13: 00007fff093b8bc0 R14: 0000556923203670 R15: 00007f7312f13a80
[ 45.685991][ T2985]
[ 45.689399][ T2985] Kernel Offset: disabled
[ 45.693735][ T2985] Rebooting in 86400 seconds..