Warning: Permanently added '10.128.0.164' (ED25519) to the list of known hosts.
2025/09/30 12:08:10 parsed 1 programs
[ 56.670373][ T29] audit: type=1400 audit(1759234090.525:61): avc: denied { node_bind } for pid=2961 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 56.692086][ T29] audit: type=1400 audit(1759234090.525:62): avc: denied { module_request } for pid=2961 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 59.495066][ T29] audit: type=1400 audit(1759234093.355:63): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 59.501127][ T2971] cgroup: Unknown subsys name 'net'
[ 59.520021][ T29] audit: type=1400 audit(1759234093.355:64): avc: denied { mount } for pid=2971 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 59.548995][ T29] audit: type=1400 audit(1759234093.385:65): avc: denied { unmount } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 59.736790][ T2971] cgroup: Unknown subsys name 'cpuset'
[ 59.746308][ T2971] cgroup: Unknown subsys name 'rlimit'
[ 59.975698][ T29] audit: type=1400 audit(1759234093.835:66): avc: denied { setattr } for pid=2971 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 60.000015][ T29] audit: type=1400 audit(1759234093.835:67): avc: denied { create } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 60.021087][ T29] audit: type=1400 audit(1759234093.835:68): avc: denied { write } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 60.042069][ T29] audit: type=1400 audit(1759234093.835:69): avc: denied { read } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 60.064730][ T29] audit: type=1400 audit(1759234093.885:70): avc: denied { sys_module } for pid=2971 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 60.186174][ T2975] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 60.252893][ T2971] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 61.874126][ T29] kauditd_printk_skb: 6 callbacks suppressed
[ 61.874153][ T29] audit: type=1400 audit(1759234095.725:77): avc: denied { execmem } for pid=2977 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 61.993580][ T29] audit: type=1400 audit(1759234095.845:78): avc: denied { read } for pid=2982 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 62.015207][ T29] audit: type=1400 audit(1759234095.845:79): avc: denied { read } for pid=2983 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 62.036681][ T29] audit: type=1400 audit(1759234095.845:80): avc: denied { open } for pid=2983 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 62.060829][ T29] audit: type=1400 audit(1759234095.845:81): avc: denied { open } for pid=2982 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 62.167980][ T29] audit: type=1400 audit(1759234095.865:82): avc: denied { mounton } for pid=2983 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 62.189932][ T29] audit: type=1400 audit(1759234095.975:83): avc: denied { mounton } for pid=2983 comm="syz-executor" path="/root/syzkaller.rH1Vnm/syz-tmp" dev="sda1" ino=2042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 62.214640][ T29] audit: type=1400 audit(1759234095.985:84): avc: denied { mount } for pid=2983 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 62.237070][ T29] audit: type=1400 audit(1759234095.995:85): avc: denied { mounton } for pid=2983 comm="syz-executor" path="/root/syzkaller.rH1Vnm/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 62.262674][ T29] audit: type=1400 audit(1759234095.995:86): avc: denied { mount } for pid=2983 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 62.691391][ T2983] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
2025/09/30 12:08:34 executed programs: 0
[ 80.151725][ T29] kauditd_printk_skb: 15 callbacks suppressed
[ 80.151748][ T29] audit: type=1400 audit(1759234114.005:102): avc: denied { write } for pid=2961 comm="syz-execprog" path="pipe:[840]" dev="pipefs" ino=840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 80.525283][ T3032] syz-executor (3032) used greatest stack depth: 22680 bytes left
2025/09/30 12:09:29 executed programs: 10
[ 135.500400][ T29] audit: type=1400 audit(1759234169.345:103): avc: denied { read write } for pid=5740 comm="syz.6.21" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 135.525185][ T29] audit: type=1400 audit(1759234169.345:104): avc: denied { open } for pid=5740 comm="syz.6.21" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 135.629168][ T29] audit: type=1400 audit(1759234169.375:105): avc: denied { ioctl } for pid=5740 comm="syz.6.21" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 135.756033][ T1124] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 135.920241][ T1124] usb 7-1: Using ep0 maxpacket: 32
[ 135.929288][ T1124] usb 7-1: config 0 has an invalid interface number: 89 but max is 0
[ 135.938354][ T1124] usb 7-1: config 0 has no interface number 0
[ 135.944788][ T38] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 135.966484][ T1124] usb 7-1: config 0 interface 89 has no altsetting 0
[ 135.983878][ T5751] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 135.994337][ T1124] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 136.004188][ T1124] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 136.012588][ T1124] usb 7-1: Product: syz
[ 136.017348][ T1124] usb 7-1: Manufacturer: syz
[ 136.022102][ T1124] usb 7-1: SerialNumber: syz
[ 136.065880][ T1124] usb 7-1: config 0 descriptor??
[ 136.097863][ T1124] em28xx 7-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 136.108842][ T1124] em28xx 7-1:0.89: Video interface 89 found: bulk
[ 136.117225][ T38] usb 1-1: Using ep0 maxpacket: 32
[ 136.124833][ T38] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[ 136.133234][ T38] usb 1-1: config 0 has no interface number 0
[ 136.141470][ T5751] usb 2-1: Using ep0 maxpacket: 32
[ 136.147612][ T38] usb 1-1: config 0 interface 89 has no altsetting 0
[ 136.159377][ T38] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 136.171056][ T38] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 136.180684][ T38] usb 1-1: Product: syz
[ 136.185513][ T38] usb 1-1: Manufacturer: syz
[ 136.190735][ T38] usb 1-1: SerialNumber: syz
[ 136.200081][ T5751] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[ 136.208406][ T5751] usb 2-1: config 0 has no interface number 0
[ 136.215589][ T5751] usb 2-1: config 0 interface 89 has no altsetting 0
[ 136.228535][ T5751] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 136.238332][ T5751] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 136.246771][ T5751] usb 2-1: Product: syz
[ 136.251024][ T5751] usb 2-1: Manufacturer: syz
[ 136.255881][ T5751] usb 2-1: SerialNumber: syz
[ 136.261323][ T38] usb 1-1: config 0 descriptor??
[ 136.271227][ T38] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 136.281602][ T38] em28xx 1-1:0.89: Video interface 89 found: bulk
[ 136.292232][ T5751] usb 2-1: config 0 descriptor??
[ 136.303818][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 136.307010][ T5751] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 136.322103][ T5751] em28xx 2-1:0.89: Video interface 89 found: bulk
[ 136.354183][ T1124] em28xx 7-1:0.89: unknown em28xx chip ID (0)
[ 136.417714][ T1124] em28xx 7-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 136.426220][ T1124] em28xx 7-1:0.89: board has no eeprom
[ 136.433836][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 136.453795][ T10] usb 8-1: Using ep0 maxpacket: 32
[ 136.461007][ T10] usb 8-1: config 0 has an invalid interface number: 89 but max is 0
[ 136.469585][ T10] usb 8-1: config 0 has no interface number 0
[ 136.475816][ T10] usb 8-1: config 0 interface 89 has no altsetting 0
[ 136.483980][ T1124] em28xx 7-1:0.89: Identified as Terratec Grabby (card=67)
[ 136.485625][ T10] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 136.491347][ T1124] em28xx 7-1:0.89: analog set to bulk mode.
[ 136.500510][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 136.500545][ T10] usb 8-1: Product: syz
[ 136.500569][ T10] usb 8-1: Manufacturer: syz
[ 136.500593][ T10] usb 8-1: SerialNumber: syz
[ 136.504990][ T10] usb 8-1: config 0 descriptor??
[ 136.507881][ T5753] em28xx 7-1:0.89: Registering V4L2 extension
[ 136.521842][ T10] em28xx 8-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 136.528984][ T38] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[ 136.530047][ T10] em28xx 8-1:0.89: Video interface 89 found: bulk
[ 136.587834][ T1124] usb 7-1: USB disconnect, device number 2
[ 136.604340][ T5751] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[ 136.613770][ T9] usb 6-1: Using ep0 maxpacket: 32
[ 136.615386][ T38] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 136.627831][ T38] em28xx 1-1:0.89: board has no eeprom
[ 136.636755][ T9] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[ 136.637237][ T5753] em28xx 7-1:0.89: reading from i2c device at 0x4a failed (error=-19)
[ 136.645213][ T9] usb 6-1: config 0 has no interface number 0
[ 136.661045][ T9] usb 6-1: config 0 interface 89 has no altsetting 0
[ 136.663017][ T5753] em28xx 7-1:0.89: reading from i2c device at 0x48 failed (error=-19)
[ 136.678852][ T1124] em28xx 7-1:0.89: Disconnecting em28xx
[ 136.685190][ T5753] em28xx 7-1:0.89: Config register raw data: 0xffffffed
[ 136.692680][ T5753] em28xx 7-1:0.89: AC97 chip type couldn't be determined
[ 136.695211][ T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 136.700065][ T5753] em28xx 7-1:0.89: No AC97 audio processor
[ 136.709322][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 136.718558][ T5751] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 136.723759][ T9] usb 6-1: Product: syz
[ 136.731864][ T5751] em28xx 2-1:0.89: board has no eeprom
[ 136.736013][ T9] usb 6-1: Manufacturer: syz
[ 136.741618][ T38] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[ 136.746163][ T9] usb 6-1: SerialNumber: syz
[ 136.753662][ T38] em28xx 1-1:0.89: analog set to bulk mode.
[ 136.774202][ T5753] usb 7-1: Decoder not found
[ 136.779010][ T5753] em28xx 7-1:0.89: failed to create media graph
[ 136.785924][ T5753] em28xx 7-1:0.89: V4L2 device video0 deregistered
[ 136.799783][ T5753] em28xx 7-1:0.89: Registering snapshot button...
[ 136.813624][ T5753] input: em28xx snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.89/input/input5
[ 136.827107][ T5751] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[ 136.832814][ T9] usb 6-1: config 0 descriptor??
[ 136.834447][ T5751] em28xx 2-1:0.89: analog set to bulk mode.
[ 136.846913][ T38] usb 1-1: USB disconnect, device number 2
[ 136.849163][ T38] em28xx 1-1:0.89: Disconnecting em28xx
[ 136.859302][ T10] em28xx 8-1:0.89: unknown em28xx chip ID (0)
[ 136.869187][ T5751] usb 2-1: USB disconnect, device number 2
[ 136.876646][ T5753] em28xx 7-1:0.89: Remote control support is not available for this card.
[ 136.886833][ T5770] em28xx 1-1:0.89: Registering V4L2 extension
[ 136.905991][ T5751] em28xx 2-1:0.89: Disconnecting em28xx
[ 136.948493][ T10] em28xx 8-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 136.958200][ T10] em28xx 8-1:0.89: board has no eeprom
[ 136.970602][ T9] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 136.981032][ T9] em28xx 6-1:0.89: Video interface 89 found: bulk
[ 136.991433][ T5770] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[ 136.999087][ T5770] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[ 137.006704][ T5770] em28xx 1-1:0.89: No AC97 audio processor
[ 137.041554][ T5770] usb 1-1: Decoder not found
[ 137.046388][ T5770] em28xx 1-1:0.89: failed to create media graph
[ 137.056243][ T5770] em28xx 1-1:0.89: V4L2 device video0 deregistered
[ 137.065631][ T10] em28xx 8-1:0.89: Identified as Terratec Grabby (card=67)
[ 137.068038][ T5770] em28xx 1-1:0.89: Registering snapshot button...
[ 137.073527][ T10] em28xx 8-1:0.89: analog set to bulk mode.
[ 137.082889][ T5770] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input6
[ 137.100853][ T5770] em28xx 1-1:0.89: Remote control support is not available for this card.
[ 137.110038][ T23] em28xx 2-1:0.89: Registering V4L2 extension
[ 137.147122][ T10] usb 8-1: USB disconnect, device number 2
[ 137.182221][ T10] em28xx 8-1:0.89: Disconnecting em28xx
[ 137.217325][ T23] em28xx 2-1:0.89: Config register raw data: 0xffffffed
[ 137.224818][ T23] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[ 137.233945][ T23] em28xx 2-1:0.89: No AC97 audio processor
[ 137.244137][ T9] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[ 137.247676][ T23] usb 2-1: Decoder not found
[ 137.255306][ T23] em28xx 2-1:0.89: failed to create media graph
[ 137.262266][ T23] em28xx 2-1:0.89: V4L2 device video0 deregistered
[ 137.271238][ T23] em28xx 2-1:0.89: Registering snapshot button...
[ 137.279722][ T23] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input7
[ 137.295579][ T23] em28xx 2-1:0.89: Remote control support is not available for this card.
[ 137.305333][ T1124] em28xx 7-1:0.89: Closing input extension
[ 137.312002][ T1124] em28xx 7-1:0.89: Deregistering snapshot button
[ 137.328457][ T9] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 137.337594][ T1124] em28xx 7-1:0.89: Freeing device
[ 137.344774][ T9] em28xx 6-1:0.89: board has no eeprom
[ 137.350503][ T5765] em28xx 8-1:0.89: Registering V4L2 extension
[ 137.418922][ T5765] em28xx 8-1:0.89: Config register raw data: 0xffffffed
[ 137.426045][ T5765] em28xx 8-1:0.89: AC97 chip type couldn't be determined
[ 137.433407][ T5765] em28xx 8-1:0.89: No AC97 audio processor
[ 137.439756][ T9] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[ 137.447699][ T9] em28xx 6-1:0.89: analog set to bulk mode.
[ 137.464588][ T5765] usb 8-1: Decoder not found
[ 137.469350][ T5765] em28xx 8-1:0.89: failed to create media graph
[ 137.479240][ T9] usb 6-1: USB disconnect, device number 2
[ 137.490518][ T5765] em28xx 8-1:0.89: V4L2 device video0 deregistered
[ 137.500250][ T9] em28xx 6-1:0.89: Disconnecting em28xx
[ 137.508260][ T5765] em28xx 8-1:0.89: Registering snapshot button...
[ 137.512878][ T5784] ==================================================================
[ 137.520332][ T5765] input: em28xx snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.89/input/input8
[ 137.523711][ T5784] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 137.542044][ T5784] Read of size 8 at addr ffff888123104738 by task v4l_id/5784
[ 137.549830][ T5784]
[ 137.552678][ T5784] CPU: 1 UID: 0 PID: 5784 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary)
[ 137.552714][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 137.552739][ T5784] Call Trace:
[ 137.552749][ T5784]
[ 137.552758][ T5784] dump_stack_lvl+0x116/0x1f0
[ 137.552797][ T5784] print_report+0xcd/0x630
[ 137.552835][ T5784] ? __virt_addr_valid+0x81/0x610
[ 137.552874][ T5784] ? __phys_addr+0xe8/0x180
[ 137.552912][ T5784] ? v4l2_fh_init+0x27d/0x2c0
[ 137.552951][ T5784] kasan_report+0xe0/0x110
[ 137.552991][ T5784] ? v4l2_fh_init+0x27d/0x2c0
[ 137.553038][ T5784] v4l2_fh_init+0x27d/0x2c0
[ 137.553082][ T5784] v4l2_fh_open+0x83/0xc0
[ 137.553126][ T5784] em28xx_v4l2_open+0x24e/0x7e0
[ 137.553170][ T5784] v4l2_open+0x222/0x490
[ 137.553210][ T5784] ? __pfx_v4l2_open+0x10/0x10
[ 137.553249][ T5784] chrdev_open+0x234/0x6a0
[ 137.553287][ T5784] ? __pfx_chrdev_open+0x10/0x10
[ 137.553331][ T5784] do_dentry_open+0x6d7/0x13a0
[ 137.553372][ T5784] ? __pfx_chrdev_open+0x10/0x10
[ 137.553408][ T5784] ? inode_permission+0x156/0x630
[ 137.553453][ T5784] vfs_open+0x82/0x3f0
[ 137.553493][ T5784] ? may_open+0x1f2/0x400
[ 137.553543][ T5784] path_openat+0x1de4/0x2cb0
[ 137.553583][ T5784] ? __pfx_path_openat+0x10/0x10
[ 137.553623][ T5784] do_filp_open+0x20b/0x470
[ 137.553659][ T5784] ? __pfx_do_filp_open+0x10/0x10
[ 137.553707][ T5784] ? alloc_fd+0x420/0x760
[ 137.553745][ T5784] do_sys_openat2+0x11b/0x1d0
[ 137.553786][ T5784] ? __pfx_do_sys_openat2+0x10/0x10
[ 137.553828][ T5784] ? find_held_lock+0x2b/0x80
[ 137.553871][ T5784] ? handle_mm_fault+0x2ab/0xd10
[ 137.553920][ T5784] __x64_sys_openat+0x174/0x210
[ 137.553965][ T5784] ? __pfx___x64_sys_openat+0x10/0x10
[ 137.554013][ T5784] ? do_user_addr_fault+0x83f/0x1240
[ 137.554051][ T5784] do_syscall_64+0xcd/0x4d0
[ 137.554087][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.554120][ T5784] RIP: 0033:0x7f1b680fa407
[ 137.554160][ T5784] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 137.554197][ T5784] RSP: 002b:00007ffce73355d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 137.554229][ T5784] RAX: ffffffffffffffda RBX: 00007f1b6800c880 RCX: 00007f1b680fa407
[ 137.554252][ T5784] RDX: 0000000000000000 RSI: 00007ffce7336f25 RDI: ffffffffffffff9c
[ 137.554274][ T5784] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 137.554294][ T5784] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 137.554313][ T5784] R13: 00007ffce7335820 R14: 00007f1b68890000 R15: 0000556b49d974d8
[ 137.554352][ T5784]
[ 137.554364][ T5784]
[ 137.554793][ T5765] em28xx 8-1:0.89: Remote control support is not available for this card.
[ 137.564257][ T5784] Allocated by task 5765:
[ 137.564277][ T5784] kasan_save_stack+0x33/0x60
[ 137.564318][ T5784] kasan_save_track+0x14/0x30
[ 137.574916][ T10] em28xx 8-1:0.89: Closing input extension
[ 137.578127][ T5784] __kasan_kmalloc+0x8f/0xa0
[ 137.581349][ T10] em28xx 8-1:0.89: Deregistering snapshot button
[ 137.586130][ T5784] em28xx_v4l2_init+0x114/0x4080
[ 137.586174][ T5784] em28xx_init_extension+0x13a/0x200
[ 137.875113][ T5784] request_module_async+0x61/0x70
[ 137.880169][ T5784] process_one_work+0x9cf/0x1b70
[ 137.885139][ T5784] worker_thread+0x6c8/0xf10
[ 137.890202][ T5784] kthread+0x3c5/0x780
[ 137.894391][ T5784] ret_from_fork+0x56d/0x700
[ 137.899180][ T5784] ret_from_fork_asm+0x1a/0x30
[ 137.904000][ T5784]
[ 137.906337][ T5784] Freed by task 5765:
[ 137.910342][ T5784] kasan_save_stack+0x33/0x60
[ 137.915127][ T5784] kasan_save_track+0x14/0x30
[ 137.919836][ T5784] kasan_save_free_info+0x3b/0x60
[ 137.925067][ T5784] __kasan_slab_free+0x3e/0x50
[ 137.929869][ T5784] kfree+0x283/0x470
[ 137.933976][ T5784] em28xx_v4l2_init+0x22b5/0x4080
[ 137.939052][ T5784] em28xx_init_extension+0x13a/0x200
[ 137.944471][ T5784] request_module_async+0x61/0x70
[ 137.949787][ T5784] process_one_work+0x9cf/0x1b70
[ 137.954785][ T5784] worker_thread+0x6c8/0xf10
[ 137.959580][ T5784] kthread+0x3c5/0x780
[ 137.963764][ T5784] ret_from_fork+0x56d/0x700
[ 137.968498][ T5784] ret_from_fork_asm+0x1a/0x30
[ 137.973557][ T5784]
[ 137.975904][ T5784] The buggy address belongs to the object at ffff888123104000
[ 137.975904][ T5784] which belongs to the cache kmalloc-8k of size 8192
[ 137.990587][ T5784] The buggy address is located 1848 bytes inside of
[ 137.990587][ T5784] freed 8192-byte region [ffff888123104000, ffff888123106000)
[ 138.004689][ T5784]
[ 138.007228][ T5784] The buggy address belongs to the physical page:
[ 138.013849][ T5784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123100
[ 138.022940][ T5784] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 138.031638][ T5784] flags: 0x200000000000040(head|node=0|zone=2)
[ 138.037911][ T5784] page_type: f5(slab)
[ 138.042092][ T5784] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 138.050791][ T5784] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 138.059404][ T5784] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 138.068381][ T5784] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 138.077136][ T5784] head: 0200000000000003 ffffea00048c4001 00000000ffffffff 00000000ffffffff
[ 138.086112][ T5784] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 138.095580][ T5784] page dumped because: kasan: bad access detected
[ 138.102198][ T5784] page_owner tracks the page as allocated
[ 138.108020][ T5784] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3520, tgid 3520 (syz-executor), ts 81797733568, free_ts 81270746975
[ 138.130658][ T5784] post_alloc_hook+0x1c0/0x230
[ 138.135645][ T5784] get_page_from_freelist+0xf98/0x2ce0
[ 138.141390][ T5784] __alloc_frozen_pages_noprof+0x259/0x21e0
[ 138.147568][ T5784] alloc_pages_mpol+0xe4/0x410
[ 138.152380][ T5784] new_slab+0x247/0x330
[ 138.156580][ T5784] ___slab_alloc+0xc55/0x1620
[ 138.161486][ T5784] __slab_alloc.constprop.0+0x56/0xb0
[ 138.167182][ T5784] __kmalloc_noprof+0x15b/0x4d0
[ 138.172279][ T5784] cache_create_net+0x9d/0x220
[ 138.177693][ T5784] gss_svc_init_net+0x69/0x660
[ 138.182533][ T5784] ops_init+0x1df/0x5f0
[ 138.186921][ T5784] setup_net+0x10f/0x380
[ 138.191556][ T5784] copy_net_ns+0x2a6/0x5f0
[ 138.196452][ T5784] create_new_namespaces+0x3ea/0xa90
[ 138.202397][ T5784] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 138.208178][ T5784] ksys_unshare+0x45b/0xa40
[ 138.212723][ T5784] page last free pid 3536 tgid 3536 stack trace:
[ 138.219423][ T5784] __free_frozen_pages+0x78a/0xfd0
[ 138.225122][ T5784] __put_partials+0x165/0x1c0
[ 138.230055][ T5784] qlist_free_all+0x4d/0x120
[ 138.234975][ T5784] kasan_quarantine_reduce+0x195/0x1e0
[ 138.241069][ T5784] __kasan_slab_alloc+0x4e/0x70
[ 138.246057][ T5784] kmem_cache_alloc_noprof+0x14f/0x3b0
[ 138.251758][ T5784] getname_flags.part.0+0x4c/0x550
[ 138.257057][ T5784] getname_flags+0x93/0xf0
[ 138.261543][ T5784] user_path_at+0x24/0x60
[ 138.266075][ T5784] __x64_sys_chdir+0xbe/0x270
[ 138.271016][ T5784] do_syscall_64+0xcd/0x4d0
[ 138.275763][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.282056][ T5784]
[ 138.284424][ T5784] Memory state around the buggy address:
[ 138.290362][ T5784] ffff888123104600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.298734][ T5784] ffff888123104680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.307465][ T5784] >ffff888123104700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.315917][ T5784] ^
[ 138.322263][ T5784] ffff888123104780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.330529][ T5784] ffff888123104800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.338699][ T5784] ==================================================================
[ 138.347332][ T5784] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 138.354659][ T5784] CPU: 1 UID: 0 PID: 5784 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary)
[ 138.364163][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 138.374361][ T5784] Call Trace:
[ 138.377680][ T5784]
[ 138.380640][ T5784] dump_stack_lvl+0x3d/0x1f0
[ 138.385362][ T5784] vpanic+0x6e8/0x7a0
[ 138.389571][ T5784] ? __pfx_vpanic+0x10/0x10
[ 138.394125][ T5784] ? __pfx_vprintk_emit+0x10/0x10
[ 138.399466][ T5784] ? v4l2_fh_init+0x27d/0x2c0
[ 138.404747][ T5784] panic+0xca/0xd0
[ 138.408521][ T5784] ? __pfx_panic+0x10/0x10
[ 138.413086][ T5784] ? check_panic_on_warn+0x1f/0xb0
[ 138.418301][ T5784] check_panic_on_warn+0xab/0xb0
[ 138.423406][ T5784] end_report+0x107/0x170
[ 138.427808][ T5784] kasan_report+0xee/0x110
[ 138.432284][ T5784] ? v4l2_fh_init+0x27d/0x2c0
[ 138.437035][ T5784] v4l2_fh_init+0x27d/0x2c0
[ 138.441597][ T5784] v4l2_fh_open+0x83/0xc0
[ 138.445996][ T5784] em28xx_v4l2_open+0x24e/0x7e0
[ 138.450919][ T5784] v4l2_open+0x222/0x490
[ 138.455227][ T5784] ? __pfx_v4l2_open+0x10/0x10
[ 138.460056][ T5784] chrdev_open+0x234/0x6a0
[ 138.464637][ T5784] ? __pfx_chrdev_open+0x10/0x10
[ 138.469636][ T5784] do_dentry_open+0x6d7/0x13a0
[ 138.474463][ T5784] ? __pfx_chrdev_open+0x10/0x10
[ 138.479544][ T5784] ? inode_permission+0x156/0x630
[ 138.484744][ T5784] vfs_open+0x82/0x3f0
[ 138.488880][ T5784] ? may_open+0x1f2/0x400
[ 138.493716][ T5784] path_openat+0x1de4/0x2cb0
[ 138.498791][ T5784] ? __pfx_path_openat+0x10/0x10
[ 138.504386][ T5784] do_filp_open+0x20b/0x470
[ 138.508946][ T5784] ? __pfx_do_filp_open+0x10/0x10
[ 138.514251][ T5784] ? alloc_fd+0x420/0x760
[ 138.518913][ T5784] do_sys_openat2+0x11b/0x1d0
[ 138.524549][ T5784] ? __pfx_do_sys_openat2+0x10/0x10
[ 138.529906][ T5784] ? find_held_lock+0x2b/0x80
[ 138.535125][ T5784] ? handle_mm_fault+0x2ab/0xd10
[ 138.540217][ T5784] __x64_sys_openat+0x174/0x210
[ 138.545243][ T5784] ? __pfx___x64_sys_openat+0x10/0x10
[ 138.550678][ T5784] ? do_user_addr_fault+0x83f/0x1240
[ 138.556301][ T5784] do_syscall_64+0xcd/0x4d0
[ 138.561144][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.567250][ T5784] RIP: 0033:0x7f1b680fa407
[ 138.571875][ T5784] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 138.591538][ T5784] RSP: 002b:00007ffce73355d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 138.600445][ T5784] RAX: ffffffffffffffda RBX: 00007f1b6800c880 RCX: 00007f1b680fa407
[ 138.611769][ T5784] RDX: 0000000000000000 RSI: 00007ffce7336f25 RDI: ffffffffffffff9c
[ 138.620312][ T5784] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 138.628883][ T5784] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 138.636882][ T5784] R13: 00007ffce7335820 R14: 00007f1b68890000 R15: 0000556b49d974d8
[ 138.645251][ T5784]
[ 138.648835][ T5784] Kernel Offset: disabled
[ 138.653298][ T5784] Rebooting in 86400 seconds..