Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
[ 38.385500][ T29] audit: type=1400 audit(1727974878.969:80): avc: denied { execmem } for pid=2647 comm="syz-executor229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
executing program
[ 38.417352][ T29] audit: type=1400 audit(1727974878.969:81): avc: denied { read write } for pid=2649 comm="syz-executor229" name="raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.441331][ T29] audit: type=1400 audit(1727974878.969:82): avc: denied { open } for pid=2649 comm="syz-executor229" path="/dev/raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.465116][ T29] audit: type=1400 audit(1727974878.969:83): avc: denied { ioctl } for pid=2649 comm="syz-executor229" path="/dev/raw-gadget" dev="devtmpfs" ino=140 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.649379][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 38.669321][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 38.677023][ T2664] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 38.759533][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 38.767210][ T2662] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 38.799259][ T24] usb 5-1: Using ep0 maxpacket: 32
[ 38.806705][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 38.816298][ T24] usb 5-1: config 0 has an invalid interface number: 185 but max is 0
[ 38.824686][ T24] usb 5-1: config 0 has no interface number 0
[ 38.831229][ T24] usb 5-1: config 0 interface 185 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 38.844452][ T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0096, bcdDevice=d7.88
[ 38.853864][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.859232][ T8] usb 2-1: Using ep0 maxpacket: 32
[ 38.861924][ T24] usb 5-1: Product: syz
[ 38.867152][ T2664] usb 1-1: Using ep0 maxpacket: 32
[ 38.871234][ T24] usb 5-1: Manufacturer: syz
[ 38.871263][ T24] usb 5-1: SerialNumber: syz
[ 38.881548][ T8] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 38.890361][ T24] usb 5-1: config 0 descriptor??
[ 38.893681][ T2664] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 38.904810][ T24] em28xx 5-1:0.185: New device syz syz @ 480 Mbps (0ccd:0096, interface 185, class 185)
[ 38.916071][ T24] em28xx 5-1:0.185: Video interface 185 found:
[ 38.921423][ T8] usb 2-1: config 0 has an invalid interface number: 185 but max is 0
[ 38.930797][ T8] usb 2-1: config 0 has no interface number 0
[ 38.936958][ T2662] usb 3-1: Using ep0 maxpacket: 32
[ 38.942221][ T9] usb 4-1: Using ep0 maxpacket: 32
[ 38.947950][ T8] usb 2-1: config 0 interface 185 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 38.959576][ T2664] usb 1-1: config 0 has an invalid interface number: 185 but max is 0
[ 38.967979][ T2664] usb 1-1: config 0 has no interface number 0
[ 38.974953][ T2664] usb 1-1: config 0 interface 185 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 38.988400][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 38.996355][ T2662] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 39.005908][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0096, bcdDevice=d7.88
[ 39.015088][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.023185][ T8] usb 2-1: Product: syz
[ 39.027400][ T8] usb 2-1: Manufacturer: syz
[ 39.032084][ T8] usb 2-1: SerialNumber: syz
[ 39.037431][ T9] usb 4-1: config 0 has an invalid interface number: 185 but max is 0
[ 39.047204][ T9] usb 4-1: config 0 has no interface number 0
[ 39.053664][ T9] usb 4-1: config 0 interface 185 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 39.065081][ T2662] usb 3-1: config 0 has an invalid interface number: 185 but max is 0
[ 39.073362][ T2662] usb 3-1: config 0 has no interface number 0
[ 39.079802][ T2662] usb 3-1: config 0 interface 185 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 39.091637][ T2664] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0096, bcdDevice=d7.88
[ 39.101157][ T2664] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
executing program
[ 39.109301][ T2664] usb 1-1: Product: syz
[ 39.113527][ T2664] usb 1-1: Manufacturer: syz
[ 39.118162][ T2664] usb 1-1: SerialNumber: syz
[ 39.129824][ T8] usb 2-1: config 0 descriptor??
[ 39.135146][ T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0096, bcdDevice=d7.88
[ 39.144427][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.152546][ T9] usb 4-1: Product: syz
[ 39.156759][ T9] usb 4-1: Manufacturer: syz
[ 39.159579][ T24] em28xx 5-1:0.185: unknown em28xx chip ID (0)
[ 39.161467][ T9] usb 4-1: SerialNumber: syz
[ 39.172337][ T2662] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0096, bcdDevice=d7.88
[ 39.181466][ T2662] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.189556][ T2662] usb 3-1: Product: syz
[ 39.193756][ T2662] usb 3-1: Manufacturer: syz
[ 39.198364][ T2662] usb 3-1: SerialNumber: syz
[ 39.204135][ T2664] usb 1-1: config 0 descriptor??
[ 39.212420][ T8] em28xx 2-1:0.185: New device syz syz @ 480 Mbps (0ccd:0096, interface 185, class 185)
[ 39.222305][ T8] em28xx 2-1:0.185: Video interface 185 found:
[ 39.231387][ T2664] em28xx 1-1:0.185: New device syz syz @ 480 Mbps (0ccd:0096, interface 185, class 185)
[ 39.234463][ T24] em28xx 5-1:0.185: reading from i2c device at 0xa0 failed (error=-5)
[ 39.241211][ T2664] em28xx 1-1:0.185: Video interface 185 found:
[ 39.246737][ T9] usb 4-1: config 0 descriptor??
[ 39.249831][ T24] em28xx 5-1:0.185: board has no eeprom
[ 39.258081][ T2662] usb 3-1: config 0 descriptor??
[ 39.277257][ T9] em28xx 4-1:0.185: New device syz syz @ 480 Mbps (0ccd:0096, interface 185, class 185)
[ 39.287226][ T9] em28xx 4-1:0.185: Video interface 185 found:
[ 39.296250][ T2662] em28xx 3-1:0.185: New device syz syz @ 480 Mbps (0ccd:0096, interface 185, class 185)
[ 39.306213][ T2662] em28xx 3-1:0.185: Video interface 185 found:
[ 39.329250][ T24] em28xx 5-1:0.185: Identified as Terratec Grabby (card=67)
[ 39.336666][ T24] em28xx 5-1:0.185: analog set to bulk mode.
[ 39.344683][ T645] em28xx 5-1:0.185: Registering V4L2 extension
[ 39.359406][ T24] usb 5-1: USB disconnect, device number 2
[ 39.366730][ T24] em28xx 5-1:0.185: Disconnecting em28xx
executing program
[ 39.400192][ T645] em28xx 5-1:0.185: Config register raw data: 0xffffffed
[ 39.407623][ T645] em28xx 5-1:0.185: AC97 chip type couldn't be determined
[ 39.415042][ T645] em28xx 5-1:0.185: No AC97 audio processor
[ 39.427725][ T645] usb 5-1: Decoder not found
[ 39.432640][ T645] em28xx 5-1:0.185: failed to create media graph
executing program
executing program
[ 39.445626][ T645] em28xx 5-1:0.185: V4L2 device video0 deregistered
[ 39.455889][ T645] em28xx 5-1:0.185: Registering snapshot button...
[ 39.465528][ T645] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.185/input/input6
[ 39.490177][ T645] em28xx 5-1:0.185: Remote control support is not available for this card.
executing program
[ 39.493653][ T8] em28xx 2-1:0.185: unknown em28xx chip ID (0)
[ 39.505617][ T2664] em28xx 1-1:0.185: unknown em28xx chip ID (0)
[ 39.509568][ T24] em28xx 5-1:0.185: Closing input extension
[ 39.525718][ T24] em28xx 5-1:0.185: Deregistering snapshot button
[ 39.539738][ T9] em28xx 4-1:0.185: unknown em28xx chip ID (0)
[ 39.545636][ T24] em28xx 5-1:0.185: Freeing device
[ 39.548493][ T2662] em28xx 3-1:0.185: unknown em28xx chip ID (0)
[ 39.591782][ T2664] em28xx 1-1:0.185: reading from i2c device at 0xa0 failed (error=-5)
[ 39.600249][ T2664] em28xx 1-1:0.185: board has no eeprom
[ 39.606188][ T8] em28xx 2-1:0.185: reading from i2c device at 0xa0 failed (error=-5)
[ 39.614741][ T8] em28xx 2-1:0.185: board has no eeprom
[ 39.629554][ T9] em28xx 4-1:0.185: reading from i2c device at 0xa0 failed (error=-5)
[ 39.638134][ T9] em28xx 4-1:0.185: board has no eeprom
[ 39.647046][ T2662] em28xx 3-1:0.185: reading from i2c device at 0xa0 failed (error=-5)
[ 39.655587][ T2662] em28xx 3-1:0.185: board has no eeprom
[ 39.719291][ T2664] em28xx 1-1:0.185: Identified as Terratec Grabby (card=67)
[ 39.726800][ T2664] em28xx 1-1:0.185: analog set to bulk mode.
[ 39.733274][ T748] em28xx 1-1:0.185: Registering V4L2 extension
[ 39.740632][ T9] em28xx 4-1:0.185: Identified as Terratec Grabby (card=67)
[ 39.748019][ T9] em28xx 4-1:0.185: analog set to bulk mode.
[ 39.754258][ T8] em28xx 2-1:0.185: Identified as Terratec Grabby (card=67)
[ 39.761792][ T8] em28xx 2-1:0.185: analog set to bulk mode.
[ 39.768172][ T2662] em28xx 3-1:0.185: Identified as Terratec Grabby (card=67)
[ 39.775563][ T2662] em28xx 3-1:0.185: analog set to bulk mode.
[ 39.782322][ T748] em28xx 1-1:0.185: reading from i2c device at 0x4a failed (error=-5)
[ 39.793899][ T2664] usb 1-1: USB disconnect, device number 2
[ 39.802414][ T748] em28xx 1-1:0.185: reading from i2c device at 0x48 failed (error=-19)
[ 39.811914][ T748] em28xx 1-1:0.185: reading from i2c device at 0x42 failed (error=-19)
[ 39.820707][ T748] em28xx 1-1:0.185: reading from i2c device at 0x40 failed (error=-19)
[ 39.829648][ T9] usb 4-1: USB disconnect, device number 2
[ 39.837801][ T9] em28xx 4-1:0.185: Disconnecting em28xx
[ 39.839795][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 39.844554][ T2664] em28xx 1-1:0.185: Disconnecting em28xx
[ 39.857843][ T748] em28xx 1-1:0.185: Config register raw data: 0xffffffed
[ 39.865282][ T748] em28xx 1-1:0.185: AC97 chip type couldn't be determined
[ 39.872516][ T748] em28xx 1-1:0.185: No AC97 audio processor
[ 39.882931][ T8] usb 2-1: USB disconnect, device number 2
[ 39.891672][ T2662] usb 3-1: USB disconnect, device number 2
[ 39.898478][ T2662] em28xx 3-1:0.185: Disconnecting em28xx
[ 39.905208][ T8] em28xx 2-1:0.185: Disconnecting em28xx
[ 39.912593][ T748] usb 1-1: Decoder not found
[ 39.917245][ T748] em28xx 1-1:0.185: failed to create media graph
[ 39.923842][ T748] em28xx 1-1:0.185: V4L2 device video0 deregistered
[ 39.932065][ T748] em28xx 1-1:0.185: Registering snapshot button...
[ 39.940746][ T748] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.185/input/input7
[ 39.953383][ T748] em28xx 1-1:0.185: Remote control support is not available for this card.
[ 39.962655][ T2663] em28xx 4-1:0.185: Registering V4L2 extension
[ 39.988855][ T2663] em28xx 4-1:0.185: Config register raw data: 0xffffffed
[ 39.996264][ T2663] em28xx 4-1:0.185: AC97 chip type couldn't be determined
[ 40.003642][ T2663] em28xx 4-1:0.185: No AC97 audio processor
[ 40.010795][ T2663] usb 4-1: Decoder not found
[ 40.015449][ T2663] em28xx 4-1:0.185: failed to create media graph
[ 40.019255][ T24] usb 5-1: Using ep0 maxpacket: 32
[ 40.021891][ T2663] em28xx 4-1:0.185: V4L2 device video0 deregistered
[ 40.029967][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 40.037038][ T2663] em28xx 4-1:0.185: Registering snapshot button...
[ 40.044627][ T24] usb 5-1: config 0 has an invalid interface number: 185 but max is 0
[ 40.051738][ T2663] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.185/input/input8
[ 40.057526][ T24] usb 5-1: config 0 has no interface number 0
[ 40.071074][ T2663] em28xx 4-1:0.185: Remote control support is not available for this card.
[ 40.074466][ T24] usb 5-1: config 0 interface 185 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 40.083198][ T2681] em28xx 2-1:0.185: Registering V4L2 extension
[ 40.096862][ T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0096, bcdDevice=d7.88
[ 40.109925][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.118025][ T24] usb 5-1: Product: syz
[ 40.122370][ T24] usb 5-1: Manufacturer: syz
[ 40.127020][ T24] usb 5-1: SerialNumber: syz
[ 40.130735][ T2681] em28xx 2-1:0.185: Config register raw data: 0xffffffed
[ 40.138934][ T2681] em28xx 2-1:0.185: AC97 chip type couldn't be determined
[ 40.143761][ T24] usb 5-1: config 0 descriptor??
[ 40.146164][ T2681] em28xx 2-1:0.185: No AC97 audio processor
[ 40.160446][ T2681] usb 2-1: Decoder not found
[ 40.161828][ T24] em28xx 5-1:0.185: New device syz syz @ 480 Mbps (0ccd:0096, interface 185, class 185)
[ 40.165075][ T2681] em28xx 2-1:0.185: failed to create media graph
[ 40.165115][ T2681] em28xx 2-1:0.185: V4L2 device video0 deregistered
[ 40.166226][ T2681] em28xx 2-1:0.185: Registering snapshot button...
[ 40.174960][ T24] em28xx 5-1:0.185: Video interface 185 found:
[ 40.191592][ T2681] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.185/input/input9
[ 40.213790][ T2681] em28xx 2-1:0.185: Remote control support is not available for this card.
[ 40.222671][ T2682] em28xx 3-1:0.185: Registering V4L2 extension
[ 40.254862][ T2682] em28xx 3-1:0.185: Config register raw data: 0xffffffed
[ 40.262306][ T2682] em28xx 3-1:0.185: AC97 chip type couldn't be determined
[ 40.269589][ T2682] em28xx 3-1:0.185: No AC97 audio processor
[ 40.277394][ T2682] usb 3-1: Decoder not found
[ 40.282120][ T2682] em28xx 3-1:0.185: failed to create media graph
[ 40.288607][ T2682] em28xx 3-1:0.185: V4L2 device video0 deregistered
[ 40.298325][ T2682] em28xx 3-1:0.185: Registering snapshot button...
[ 40.306346][ T2682] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.185/input/input10
[ 40.318998][ T2682] em28xx 3-1:0.185: Remote control support is not available for this card.
[ 40.327785][ T2664] em28xx 1-1:0.185: Closing input extension
[ 40.334269][ T2664] em28xx 1-1:0.185: Deregistering snapshot button
[ 40.345355][ T9] em28xx 4-1:0.185: Closing input extension
executing program
[ 40.351400][ T9] em28xx 4-1:0.185: Deregistering snapshot button
[ 40.360932][ T2664] em28xx 1-1:0.185: Freeing device
[ 40.370965][ T8] em28xx 2-1:0.185: Closing input extension
[ 40.386071][ T9] em28xx 4-1:0.185: Freeing device
[ 40.392104][ T8] em28xx 2-1:0.185: Deregistering snapshot button
[ 40.421528][ T24] em28xx 5-1:0.185: unknown em28xx chip ID (0)
[ 40.432317][ T8] em28xx 2-1:0.185: Freeing device
[ 40.439754][ T2662] em28xx 3-1:0.185: Closing input extension
[ 40.449211][ T2662] em28xx 3-1:0.185: Deregistering snapshot button
[ 40.488274][ T2662] em28xx 3-1:0.185: Freeing device
[ 40.503253][ T24] em28xx 5-1:0.185: reading from i2c device at 0xa0 failed (error=-5)
[ 40.511916][ T24] em28xx 5-1:0.185: board has no eeprom
[ 40.589339][ T24] em28xx 5-1:0.185: Identified as Terratec Grabby (card=67)
[ 40.596791][ T24] em28xx 5-1:0.185: analog set to bulk mode.
[ 40.603294][ T645] em28xx 5-1:0.185: Registering V4L2 extension
[ 40.622791][ T24] usb 5-1: USB disconnect, device number 3
[ 40.640203][ T24] em28xx 5-1:0.185: Disconnecting em28xx
[ 40.663671][ T645] em28xx 5-1:0.185: Config register raw data: 0xffffffed
[ 40.671158][ T645] em28xx 5-1:0.185: AC97 chip type couldn't be determined
[ 40.678492][ T645] em28xx 5-1:0.185: No AC97 audio processor
[ 40.692243][ T2664] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 40.705491][ T645] usb 5-1: Decoder not found
[ 40.710458][ T645] em28xx 5-1:0.185: failed to create media graph
[ 40.717073][ T645] em28xx 5-1:0.185: V4L2 device video0 deregistered
[ 40.725649][ T645] em28xx 5-1:0.185: Registering snapshot button...
[ 40.725817][ T2693] ==================================================================
[ 40.734011][ T645] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.185/input/input11
[ 40.740249][ T2693] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 40.740335][ T2693] Read of size 8 at addr ffff888115ae0730 by task v4l_id/2693
[ 40.740362][ T2693]
[ 40.740383][ T2693] CPU: 0 UID: 0 PID: 2693 Comm: v4l_id Not tainted 6.12.0-rc1-syzkaller #0
[ 40.754474][ T645] em28xx 5-1:0.185: Remote control support is not available for this card.
[ 40.758544][ T2693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 40.766699][ T24] em28xx 5-1:0.185: Closing input extension
[ 40.768336][ T2693] Call Trace:
[ 40.777883][ T24] em28xx 5-1:0.185: Deregistering snapshot button
[ 40.785480][ T2693]
[ 40.785496][ T2693] dump_stack_lvl+0x116/0x1f0
[ 40.818923][ T2693] print_report+0xc3/0x620
[ 40.823558][ T2693] ? __virt_addr_valid+0x5e/0x590
[ 40.828611][ T2693] ? __phys_addr+0xc6/0x150
[ 40.833230][ T2693] kasan_report+0xd9/0x110
[ 40.837690][ T2693] ? v4l2_fh_init+0x27d/0x2c0
[ 40.842443][ T2693] ? v4l2_fh_init+0x27d/0x2c0
[ 40.847164][ T2693] v4l2_fh_init+0x27d/0x2c0
[ 40.851731][ T2693] v4l2_fh_open+0x83/0xc0
[ 40.856088][ T2693] em28xx_v4l2_open+0x250/0x7e0
[ 40.860967][ T2693] v4l2_open+0x222/0x490
[ 40.865253][ T2693] ? __pfx_v4l2_open+0x10/0x10
[ 40.870042][ T2693] chrdev_open+0x237/0x6a0
[ 40.874476][ T2693] ? __pfx_chrdev_open+0x10/0x10
[ 40.879424][ T2693] ? lockref_get+0x15/0x50
[ 40.883878][ T2693] do_dentry_open+0x6cb/0x1390
[ 40.888961][ T2693] ? __pfx_chrdev_open+0x10/0x10
[ 40.893947][ T2693] ? inode_permission+0xdd/0x5f0
[ 40.898916][ T2693] vfs_open+0x82/0x3f0
[ 40.903190][ T2693] ? may_open+0x1f2/0x400
[ 40.907544][ T2693] path_openat+0x1e6a/0x2d60
[ 40.912174][ T2693] ? __pfx_path_openat+0x10/0x10
[ 40.917151][ T2693] ? __pfx___lock_acquire+0x10/0x10
[ 40.922377][ T2693] do_filp_open+0x1dc/0x430
[ 40.926935][ T2693] ? __pfx_do_filp_open+0x10/0x10
[ 40.931991][ T2693] ? find_held_lock+0x2d/0x110
[ 40.936792][ T2693] ? _raw_spin_unlock+0x28/0x50
[ 40.941666][ T2693] ? alloc_fd+0x2d7/0x6c0
[ 40.946108][ T2693] do_sys_openat2+0x17a/0x1e0
[ 40.950803][ T2693] ? __pfx_do_sys_openat2+0x10/0x10
[ 40.956025][ T2693] ? do_user_addr_fault+0xd97/0x12c0
[ 40.961443][ T2693] ? __pfx_lock_release+0x10/0x10
[ 40.966489][ T2693] ? trace_lock_acquire+0x14a/0x1d0
[ 40.971710][ T2693] __x64_sys_openat+0x175/0x210
[ 40.976596][ T2693] ? __pfx___x64_sys_openat+0x10/0x10
[ 40.982105][ T2693] ? do_user_addr_fault+0x839/0x12c0
[ 40.987433][ T2693] do_syscall_64+0xcd/0x250
[ 40.991981][ T2693] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 40.998008][ T2693] RIP: 0033:0x7f4c2221b9a4
[ 41.002453][ T2693] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 41.022176][ T2693] RSP: 002b:00007ffd7986f600 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 41.033412][ T2693] RAX: ffffffffffffffda RBX: 00007ffd7986f818 RCX: 00007f4c2221b9a4
[ 41.041401][ T2693] RDX: 0000000000000000 RSI: 00007ffd79870f25 RDI: 00000000ffffff9c
[ 41.049386][ T2693] RBP: 00007ffd79870f25 R08: 0000000000000000 R09: 0000000000000000
[ 41.057373][ T2693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 41.065456][ T2693] R13: 00007ffd7986f830 R14: 0000561e12bf5670 R15: 00007f4c2266aa80
[ 41.073770][ T2693]
[ 41.076841][ T2693]
[ 41.079346][ T2693] Allocated by task 645:
[ 41.083596][ T2693] kasan_save_stack+0x33/0x60
[ 41.088328][ T2693] kasan_save_track+0x14/0x30
[ 41.093054][ T2693] __kasan_kmalloc+0x8f/0xa0
[ 41.097773][ T2693] em28xx_v4l2_init+0x114/0x4050
[ 41.102955][ T2693] em28xx_init_extension+0x137/0x200
[ 41.108268][ T2693] request_module_async+0x61/0x70
[ 41.113308][ T2693] process_one_work+0x9c5/0x1ba0
[ 41.118287][ T2693] worker_thread+0x6c8/0xf00
[ 41.122920][ T2693] kthread+0x2c1/0x3a0
[ 41.127032][ T2693] ret_from_fork+0x45/0x80
[ 41.131474][ T2693] ret_from_fork_asm+0x1a/0x30
[ 41.136260][ T2693]
[ 41.138583][ T2693] Freed by task 645:
[ 41.142580][ T2693] kasan_save_stack+0x33/0x60
[ 41.147278][ T2693] kasan_save_track+0x14/0x30
[ 41.152002][ T2693] kasan_save_free_info+0x3b/0x60
[ 41.157043][ T2693] __kasan_slab_free+0x37/0x50
[ 41.161841][ T2693] kfree+0x130/0x480
[ 41.165841][ T2693] em28xx_v4l2_init+0x22a4/0x4050
[ 41.170925][ T2693] em28xx_init_extension+0x137/0x200
[ 41.176243][ T2693] request_module_async+0x61/0x70
[ 41.181302][ T2693] process_one_work+0x9c5/0x1ba0
[ 41.186266][ T2693] worker_thread+0x6c8/0xf00
[ 41.190878][ T2693] kthread+0x2c1/0x3a0
[ 41.194977][ T2693] ret_from_fork+0x45/0x80
[ 41.199467][ T2693] ret_from_fork_asm+0x1a/0x30
[ 41.204276][ T2693]
[ 41.206608][ T2693] The buggy address belongs to the object at ffff888115ae0000
[ 41.206608][ T2693] which belongs to the cache kmalloc-8k of size 8192
[ 41.220683][ T2693] The buggy address is located 1840 bytes inside of
[ 41.220683][ T2693] freed 8192-byte region [ffff888115ae0000, ffff888115ae2000)
[ 41.234672][ T2693]
[ 41.237004][ T2693] The buggy address belongs to the physical page:
[ 41.243428][ T2693] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115ae0
[ 41.252292][ T2693] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 41.260805][ T2693] flags: 0x200000000000040(head|node=0|zone=2)
[ 41.266972][ T2693] page_type: f5(slab)
[ 41.271515][ T2693] raw: 0200000000000040 ffff888100042280 ffffea0004567c00 0000000000000004
[ 41.280151][ T2693] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 41.288765][ T2693] head: 0200000000000040 ffff888100042280 ffffea0004567c00 0000000000000004
[ 41.297460][ T2693] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 41.306162][ T2693] head: 0200000000000003 ffffea000456b801 ffffffffffffffff 0000000000000000
[ 41.314862][ T2693] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 41.323654][ T2693] page dumped because: kasan: bad access detected
[ 41.330081][ T2693] page_owner tracks the page as allocated
[ 41.335812][ T2693] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2537, tgid 2537 (klogd), ts 12519701174, free_ts 0
[ 41.353745][ T2693] post_alloc_hook+0x2d1/0x350
[ 41.358528][ T2693] get_page_from_freelist+0xd5c/0x2630
[ 41.364093][ T2693] __alloc_pages_noprof+0x221/0x22a0
[ 41.369481][ T2693] alloc_pages_mpol_noprof+0xeb/0x400
[ 41.374865][ T2693] new_slab+0x2ba/0x3f0
[ 41.379147][ T2693] ___slab_alloc+0xd45/0x1760
[ 41.384030][ T2693] __slab_alloc.constprop.0+0x56/0xb0
[ 41.389425][ T2693] __kmalloc_cache_noprof+0x27a/0x2c0
[ 41.394870][ T2693] audit_log_d_path+0xce/0x1e0
[ 41.399760][ T2693] common_lsm_audit+0x3d3/0x2210
[ 41.404725][ T2693] slow_avc_audit+0x17d/0x210
[ 41.409789][ T2693] avc_has_perm+0x18d/0x1c0
[ 41.414348][ T2693] inode_has_perm+0x168/0x1d0
[ 41.419057][ T2693] file_has_perm+0x2e8/0x350
[ 41.423695][ T2693] match_file+0xd7/0x150
[ 41.428064][ T2693] iterate_fd+0x119/0x390
[ 41.432961][ T2693] page_owner free stack trace missing
[ 41.438364][ T2693]
[ 41.440697][ T2693] Memory state around the buggy address:
[ 41.446354][ T2693] ffff888115ae0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.454430][ T2693] ffff888115ae0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.462513][ T2693] >ffff888115ae0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.470610][ T2693] ^
[ 41.476285][ T2693] ffff888115ae0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.484479][ T2693] ffff888115ae0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.492557][ T2693] ==================================================================
[ 41.500813][ T2693] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 41.508057][ T2693] CPU: 0 UID: 0 PID: 2693 Comm: v4l_id Not tainted 6.12.0-rc1-syzkaller #0
[ 41.516704][ T2693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 41.526933][ T2693] Call Trace:
[ 41.530363][ T2693]
[ 41.533426][ T2693] dump_stack_lvl+0x3d/0x1f0
[ 41.538064][ T2693] panic+0x71d/0x800
[ 41.542103][ T2693] ? __pfx_panic+0x10/0x10
[ 41.546563][ T2693] ? check_panic_on_warn+0x1f/0xb0
[ 41.551725][ T2693] check_panic_on_warn+0xab/0xb0
[ 41.556710][ T2693] end_report+0x117/0x180
[ 41.561099][ T2693] kasan_report+0xe9/0x110
[ 41.565553][ T2693] ? v4l2_fh_init+0x27d/0x2c0
[ 41.570268][ T2693] ? v4l2_fh_init+0x27d/0x2c0
[ 41.574986][ T2693] v4l2_fh_init+0x27d/0x2c0
[ 41.579524][ T2693] v4l2_fh_open+0x83/0xc0
[ 41.583986][ T2693] em28xx_v4l2_open+0x250/0x7e0
[ 41.588890][ T2693] v4l2_open+0x222/0x490
[ 41.593355][ T2693] ? __pfx_v4l2_open+0x10/0x10
[ 41.598170][ T2693] chrdev_open+0x237/0x6a0
[ 41.602619][ T2693] ? __pfx_chrdev_open+0x10/0x10
[ 41.607587][ T2693] ? lockref_get+0x15/0x50
[ 41.612130][ T2693] do_dentry_open+0x6cb/0x1390
[ 41.616962][ T2693] ? __pfx_chrdev_open+0x10/0x10
[ 41.621936][ T2693] ? inode_permission+0xdd/0x5f0
[ 41.627007][ T2693] vfs_open+0x82/0x3f0
[ 41.631122][ T2693] ? may_open+0x1f2/0x400
[ 41.635492][ T2693] path_openat+0x1e6a/0x2d60
[ 41.640126][ T2693] ? __pfx_path_openat+0x10/0x10
[ 41.645097][ T2693] ? __pfx___lock_acquire+0x10/0x10
[ 41.650329][ T2693] do_filp_open+0x1dc/0x430
[ 41.654968][ T2693] ? __pfx_do_filp_open+0x10/0x10
[ 41.660050][ T2693] ? find_held_lock+0x2d/0x110
[ 41.664910][ T2693] ? _raw_spin_unlock+0x28/0x50
[ 41.669943][ T2693] ? alloc_fd+0x2d7/0x6c0
[ 41.674324][ T2693] do_sys_openat2+0x17a/0x1e0
[ 41.679126][ T2693] ? __pfx_do_sys_openat2+0x10/0x10
[ 41.684372][ T2693] ? do_user_addr_fault+0xd97/0x12c0
[ 41.689718][ T2693] ? __pfx_lock_release+0x10/0x10
[ 41.694772][ T2693] ? trace_lock_acquire+0x14a/0x1d0
[ 41.700007][ T2693] __x64_sys_openat+0x175/0x210
[ 41.704884][ T2693] ? __pfx___x64_sys_openat+0x10/0x10
[ 41.710370][ T2693] ? do_user_addr_fault+0x839/0x12c0
[ 41.715796][ T2693] do_syscall_64+0xcd/0x250
[ 41.720369][ T2693] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 41.726300][ T2693] RIP: 0033:0x7f4c2221b9a4
[ 41.730732][ T2693] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 41.750369][ T2693] RSP: 002b:00007ffd7986f600 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 41.758803][ T2693] RAX: ffffffffffffffda RBX: 00007ffd7986f818 RCX: 00007f4c2221b9a4
[ 41.766799][ T2693] RDX: 0000000000000000 RSI: 00007ffd79870f25 RDI: 00000000ffffff9c
[ 41.774791][ T2693] RBP: 00007ffd79870f25 R08: 0000000000000000 R09: 0000000000000000
[ 41.782794][ T2693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 41.790785][ T2693] R13: 00007ffd7986f830 R14: 0000561e12bf5670 R15: 00007f4c2266aa80
[ 41.798779][ T2693]
[ 41.802217][ T2693] Kernel Offset: disabled
[ 41.806569][ T2693] Rebooting in 86400 seconds..