syzkaller login: [ 20.696771][ T29] audit: type=1400 audit(1733621420.246:73): avc: denied { read } for pid=2908 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=400 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 20.719774][ T29] audit: type=1400 audit(1733621420.246:74): avc: denied { open } for pid=2908 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=400 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 25.902401][ T29] audit: type=1400 audit(1733621425.456:75): avc: denied { transition } for pid=2927 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 25.924407][ T29] audit: type=1400 audit(1733621425.456:76): avc: denied { noatsecure } for pid=2927 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 25.943570][ T29] audit: type=1400 audit(1733621425.456:77): avc: denied { write } for pid=2927 comm="sh" path="pipe:[858]" dev="pipefs" ino=858 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 25.965564][ T29] audit: type=1400 audit(1733621425.456:78): avc: denied { rlimitinh } for pid=2927 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 25.984333][ T29] audit: type=1400 audit(1733621425.456:79): avc: denied { siginh } for pid=2927 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 29.610434][ T2928] sshd (2928) used greatest stack depth: 23200 bytes left
[ 31.567845][ T2932] sshd (2932) used greatest stack depth: 22736 bytes left
Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 37.988253][ T29] audit: type=1400 audit(1733621437.536:80): avc: denied { execmem } for pid=2943 comm="syz-executor378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 38.016905][ T29] audit: type=1400 audit(1733621437.546:81): avc: denied { read write } for pid=2949 comm="syz-executor378" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.040811][ T29] audit: type=1400 audit(1733621437.546:82): avc: denied { open } for pid=2949 comm="syz-executor378" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.064552][ T29] audit: type=1400 audit(1733621437.546:83): avc: denied { ioctl } for pid=2949 comm="syz-executor378" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.240723][ T2806] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 38.248388][ T41] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 38.280589][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 38.288603][ T1075] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 38.320871][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 38.400556][ T2806] usb 3-1: Using ep0 maxpacket: 32
[ 38.405853][ T41] usb 2-1: Using ep0 maxpacket: 32
[ 38.412988][ T2806] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 38.421367][ T2806] usb 3-1: config 0 has no interface number 0
[ 38.427470][ T2806] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 38.437560][ T41] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 38.445760][ T41] usb 2-1: config 0 has no interface number 0
[ 38.451906][ T41] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 38.460656][ T1075] usb 5-1: Using ep0 maxpacket: 32
[ 38.465175][ T2806] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 38.467046][ T9] usb 1-1: Using ep0 maxpacket: 32
[ 38.476137][ T2806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.483982][ T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 38.489316][ T2806] usb 3-1: Product: syz
[ 38.497538][ T9] usb 1-1: config 0 has no interface number 0
[ 38.501702][ T2806] usb 3-1: Manufacturer: syz
[ 38.508828][ T9] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 38.512355][ T2806] usb 3-1: SerialNumber: syz
[ 38.512421][ T24] usb 4-1: Using ep0 maxpacket: 32
[ 38.523986][ T1075] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 38.527034][ T41] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 38.532144][ T1075] usb 5-1: config 0 has no interface number 0
[ 38.540264][ T41] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.540295][ T41] usb 2-1: Product: syz
[ 38.540314][ T41] usb 2-1: Manufacturer: syz
[ 38.540333][ T41] usb 2-1: SerialNumber: syz
[ 38.550767][ T1075] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 38.558066][ T24] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 38.564836][ T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 38.567619][ T24] usb 4-1: config 0 has no interface number 0
[ 38.567950][ T24] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 38.572280][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.578793][ T41] usb 2-1: config 0 descriptor??
[ 38.586914][ T9] usb 1-1: Product: syz
[ 38.586934][ T9] usb 1-1: Manufacturer: syz
[ 38.586953][ T9] usb 1-1: SerialNumber: syz
[ 38.599700][ T24] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 38.604678][ T2949] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 38.610506][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.623143][ T1075] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 38.628576][ T24] usb 4-1: Product: syz
[ 38.633526][ T1075] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.637616][ T24] usb 4-1: Manufacturer: syz
[ 38.642208][ T1075] usb 5-1: Product: syz
[ 38.646778][ T24] usb 4-1: SerialNumber: syz
[ 38.655834][ T1075] usb 5-1: Manufacturer: syz
[ 38.710121][ T1075] usb 5-1: SerialNumber: syz
[ 38.717903][ T41] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 38.727805][ T41] em28xx 2-1:0.132: Video interface 132 found: bulk
[ 38.736378][ T9] usb 1-1: config 0 descriptor??
[ 38.744583][ T1075] usb 5-1: config 0 descriptor??
[ 38.744583][ T24] usb 4-1: config 0 descriptor??
[ 38.745401][ T2950] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 38.749724][ T2953] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[ 38.758465][ T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 38.762093][ T2952] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 38.768762][ T9] em28xx 1-1:0.132: Video interface 132 found: bulk
[ 38.780423][ T2806] usb 3-1: config 0 descriptor??
[ 38.803459][ T1075] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 38.811294][ T24] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 38.813398][ T1075] em28xx 5-1:0.132: Video interface 132 found: bulk
[ 38.823005][ T24] em28xx 4-1:0.132: Video interface 132 found: bulk
[ 38.836828][ T2951] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
executing program
[ 38.848410][ T2806] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 38.858610][ T2806] em28xx 3-1:0.132: Video interface 132 found: bulk
[ 38.930951][ T41] em28xx 2-1:0.132: unknown em28xx chip ID (0)
executing program
executing program
executing program
[ 38.997794][ T41] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 39.006811][ T41] em28xx 2-1:0.132: board has no eeprom
executing program
[ 39.051179][ T9] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 39.071029][ T41] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 39.071483][ T1075] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 39.078988][ T41] em28xx 2-1:0.132: analog set to bulk mode.
[ 39.092318][ T2959] em28xx 2-1:0.132: Registering V4L2 extension
[ 39.099605][ T24] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 39.113962][ T2806] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 39.118620][ T9] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 39.121088][ T41] usb 2-1: USB disconnect, device number 2
[ 39.129227][ T9] em28xx 1-1:0.132: board has no eeprom
[ 39.136139][ T41] em28xx 2-1:0.132: Disconnecting em28xx
[ 39.156904][ T1075] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 39.161657][ T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 39.165706][ T1075] em28xx 5-1:0.132: board has no eeprom
[ 39.174299][ T24] em28xx 4-1:0.132: board has no eeprom
[ 39.191982][ T2806] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 39.200784][ T2806] em28xx 3-1:0.132: board has no eeprom
[ 39.211513][ T2959] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 39.218737][ T2959] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 39.226053][ T2959] em28xx 2-1:0.132: No AC97 audio processor
[ 39.234909][ T2959] usb 2-1: Decoder not found
[ 39.239511][ T2959] em28xx 2-1:0.132: failed to create media graph
[ 39.245980][ T2959] em28xx 2-1:0.132: V4L2 device video0 deregistered
[ 39.250589][ T1075] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 39.252644][ T24] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 39.260494][ T1075] em28xx 5-1:0.132: analog set to bulk mode.
[ 39.268289][ T24] em28xx 4-1:0.132: analog set to bulk mode.
[ 39.274449][ T9] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 39.281312][ T2806] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 39.288023][ T9] em28xx 1-1:0.132: analog set to bulk mode.
[ 39.295826][ T2806] em28xx 3-1:0.132: analog set to bulk mode.
[ 39.306299][ T1075] usb 5-1: USB disconnect, device number 2
[ 39.308953][ T2959] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 39.322519][ T2957] em28xx 5-1:0.132: Registering V4L2 extension
[ 39.334201][ T24] usb 4-1: USB disconnect, device number 2
[ 39.350992][ T9] usb 1-1: USB disconnect, device number 2
[ 39.358227][ T9] em28xx 1-1:0.132: Disconnecting em28xx
[ 39.364216][ T2806] usb 3-1: USB disconnect, device number 2
[ 39.365528][ T1075] em28xx 5-1:0.132: Disconnecting em28xx
[ 39.371071][ T24] em28xx 4-1:0.132: Disconnecting em28xx
[ 39.391678][ T2806] em28xx 3-1:0.132: Disconnecting em28xx
[ 39.442567][ T2957] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[ 39.449617][ T2957] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[ 39.456799][ T2957] em28xx 5-1:0.132: No AC97 audio processor
[ 39.465756][ T2957] usb 5-1: Decoder not found
[ 39.470356][ T2957] em28xx 5-1:0.132: failed to create media graph
[ 39.476751][ T2957] em28xx 5-1:0.132: V4L2 device video0 deregistered
[ 39.484327][ T2957] em28xx 5-1:0.132: Remote control support is not available for this card.
[ 39.493017][ T2970] em28xx 4-1:0.132: Registering V4L2 extension
[ 39.544688][ T2970] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 39.551882][ T2970] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 39.558983][ T2970] em28xx 4-1:0.132: No AC97 audio processor
[ 39.566446][ T2970] usb 4-1: Decoder not found
[ 39.571121][ T2970] em28xx 4-1:0.132: failed to create media graph
[ 39.577484][ T2970] em28xx 4-1:0.132: V4L2 device video0 deregistered
[ 39.585215][ T2970] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 39.593914][ T8] em28xx 1-1:0.132: Registering V4L2 extension
[ 39.642668][ T8] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 39.649715][ T8] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 39.657072][ T8] em28xx 1-1:0.132: No AC97 audio processor
[ 39.664198][ T8] usb 1-1: Decoder not found
[ 39.668800][ T8] em28xx 1-1:0.132: failed to create media graph
[ 39.675211][ T8] em28xx 1-1:0.132: V4L2 device video0 deregistered
[ 39.682655][ T8] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 39.691345][ T2954] em28xx 3-1:0.132: Registering V4L2 extension
[ 39.740319][ T2954] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[ 39.747401][ T2954] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[ 39.754708][ T2954] em28xx 3-1:0.132: No AC97 audio processor
[ 39.761607][ T2954] usb 3-1: Decoder not found
[ 39.766230][ T2954] em28xx 3-1:0.132: failed to create media graph
[ 39.772637][ T2954] em28xx 3-1:0.132: V4L2 device video0 deregistered
[ 39.780085][ T2954] em28xx 3-1:0.132: Remote control support is not available for this card.
[ 39.789165][ T41] em28xx 2-1:0.132: Closing input extension
[ 39.795312][ T1075] em28xx 5-1:0.132: Closing input extension
[ 39.798936][ T41] em28xx 2-1:0.132: Freeing device
[ 39.805222][ T1075] em28xx 5-1:0.132: Freeing device
[ 39.806572][ T24] em28xx 4-1:0.132: Closing input extension
[ 39.818538][ T9] em28xx 1-1:0.132: Closing input extension
[ 39.831715][ T2806] em28xx 3-1:0.132: Closing input extension
[ 39.843620][ T24] em28xx 4-1:0.132: Freeing device
[ 39.859088][ T2806] em28xx 3-1:0.132: Freeing device
[ 39.862830][ T9] em28xx 1-1:0.132: Freeing device
[ 40.130888][ T41] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 40.150571][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 40.160747][ T2806] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 40.170714][ T1075] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 40.190561][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 40.310554][ T24] usb 4-1: Using ep0 maxpacket: 32
[ 40.315777][ T41] usb 2-1: Using ep0 maxpacket: 32
[ 40.320678][ T1075] usb 5-1: Using ep0 maxpacket: 32
[ 40.321119][ T2806] usb 3-1: Using ep0 maxpacket: 32
[ 40.328226][ T1075] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 40.333558][ T41] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 40.339508][ T1075] usb 5-1: config 0 has no interface number 0
[ 40.347714][ T41] usb 2-1: config 0 has no interface number 0
[ 40.347788][ T24] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 40.353991][ T9] usb 1-1: Using ep0 maxpacket: 32
[ 40.359924][ T24] usb 4-1: config 0 has no interface number 0
[ 40.369147][ T1075] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.373526][ T41] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.381223][ T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 40.389521][ T24] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.399293][ T9] usb 1-1: config 0 has no interface number 0
[ 40.408549][ T2806] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 40.418116][ T9] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.423633][ T2806] usb 3-1: config 0 has no interface number 0
[ 40.431945][ T1075] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.442383][ T2806] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.447806][ T1075] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.459287][ T24] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.466895][ T1075] usb 5-1: Product: syz
[ 40.474925][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.483906][ T1075] usb 5-1: Manufacturer: syz
[ 40.483926][ T1075] usb 5-1: SerialNumber: syz
[ 40.488087][ T24] usb 4-1: Product: syz
[ 40.501249][ T1075] usb 5-1: config 0 descriptor??
[ 40.505362][ T24] usb 4-1: Manufacturer: syz
[ 40.505383][ T24] usb 4-1: SerialNumber: syz
[ 40.512037][ T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.514639][ T2806] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.519054][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.519080][ T9] usb 1-1: Product: syz
[ 40.523701][ T2806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.523725][ T2806] usb 3-1: Product: syz
[ 40.523744][ T2806] usb 3-1: Manufacturer: syz
[ 40.523763][ T2806] usb 3-1: SerialNumber: syz
[ 40.526319][ T41] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.532846][ T9] usb 1-1: Manufacturer: syz
[ 40.541873][ T41] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.541899][ T41] usb 2-1: Product: syz
[ 40.541919][ T41] usb 2-1: Manufacturer: syz
[ 40.549883][ T9] usb 1-1: SerialNumber: syz
[ 40.554022][ T41] usb 2-1: SerialNumber: syz
[ 40.554966][ T2966] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[ 40.564924][ T9] usb 1-1: config 0 descriptor??
[ 40.567479][ T2806] usb 3-1: config 0 descriptor??
[ 40.575907][ T1075] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.584673][ T2965] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 40.589040][ T1075] em28xx 5-1:0.132: Video interface 132 found: bulk
[ 40.601291][ T41] usb 2-1: config 0 descriptor??
[ 40.606075][ T2968] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 40.612281][ T24] usb 4-1: config 0 descriptor??
[ 40.618291][ T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.625128][ T2806] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.627172][ T9] em28xx 1-1:0.132: Video interface 132 found: bulk
[ 40.632131][ T2806] em28xx 3-1:0.132: Video interface 132 found: bulk
executing program
[ 40.633157][ T2962] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 40.643404][ T2967] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 40.654113][ T41] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.730415][ T41] em28xx 2-1:0.132: Video interface 132 found: bulk
[ 40.740246][ T24] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.750134][ T24] em28xx 4-1:0.132: Video interface 132 found: bulk
executing program
executing program
executing program
executing program
[ 40.831372][ T1075] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 40.871729][ T9] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 40.892177][ T1075] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.901101][ T1075] em28xx 5-1:0.132: board has no eeprom
[ 40.911460][ T41] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 40.917776][ T2806] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 40.924490][ T24] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 40.931641][ T9] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.940404][ T9] em28xx 1-1:0.132: board has no eeprom
[ 40.970583][ T1075] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 40.978475][ T1075] em28xx 5-1:0.132: analog set to bulk mode.
[ 40.982021][ T41] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.984557][ T8] em28xx 5-1:0.132: Registering V4L2 extension
[ 40.993248][ T41] em28xx 2-1:0.132: board has no eeprom
[ 41.006861][ T2806] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 41.010599][ T9] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 41.015701][ T2806] em28xx 3-1:0.132: board has no eeprom
[ 41.023457][ T9] em28xx 1-1:0.132: analog set to bulk mode.
[ 41.029614][ T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 41.043839][ T24] em28xx 4-1:0.132: board has no eeprom
[ 41.050290][ T1075] usb 5-1: USB disconnect, device number 3
[ 41.056928][ T8] em28xx 5-1:0.132: failed to trigger read from i2c address 0x4a (error=-19)
[ 41.066740][ T1075] em28xx 5-1:0.132: Disconnecting em28xx
[ 41.083406][ T9] usb 1-1: USB disconnect, device number 3
[ 41.090044][ T9] em28xx 1-1:0.132: Disconnecting em28xx
[ 41.110052][ T8] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[ 41.110615][ T41] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 41.117258][ T8] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[ 41.124963][ T41] em28xx 2-1:0.132: analog set to bulk mode.
[ 41.130621][ T2806] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 41.132389][ T8] em28xx 5-1:0.132: No AC97 audio processor
[ 41.138148][ T2806] em28xx 3-1:0.132: analog set to bulk mode.
[ 41.149405][ T29] audit: type=1400 audit(1733621440.706:84): avc: denied { remove_name } for pid=2825 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 41.151956][ T24] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 41.151983][ T24] em28xx 4-1:0.132: analog set to bulk mode.
[ 41.154708][ T24] usb 4-1: USB disconnect, device number 3
[ 41.159080][ T29] audit: type=1400 audit(1733621440.706:85): avc: denied { rename } for pid=2825 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 41.187161][ T41] usb 2-1: USB disconnect, device number 3
[ 41.200815][ T8] usb 5-1: Decoder not found
[ 41.206208][ T2806] usb 3-1: USB disconnect, device number 3
[ 41.223607][ T8] em28xx 5-1:0.132: failed to create media graph
[ 41.223833][ T8] em28xx 5-1:0.132: V4L2 device video0 deregistered
[ 41.230261][ T41] em28xx 2-1:0.132: Disconnecting em28xx
[ 41.241259][ T8] em28xx 5-1:0.132: Remote control support is not available for this card.
[ 41.247917][ T24] em28xx 4-1:0.132: Disconnecting em28xx
[ 41.253132][ T2957] em28xx 1-1:0.132: Registering V4L2 extension
[ 41.259390][ T2806] em28xx 3-1:0.132: Disconnecting em28xx
[ 41.318496][ T2957] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 41.325765][ T2957] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 41.333097][ T2957] em28xx 1-1:0.132: No AC97 audio processor
[ 41.340515][ T2957] usb 1-1: Decoder not found
[ 41.345139][ T2957] em28xx 1-1:0.132: failed to create media graph
[ 41.351517][ T2957] em28xx 1-1:0.132: V4L2 device video0 deregistered
[ 41.358798][ T2957] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 41.367529][ T2954] em28xx 2-1:0.132: Registering V4L2 extension
[ 41.417226][ T2954] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 41.424362][ T2954] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 41.431589][ T2954] em28xx 2-1:0.132: No AC97 audio processor
[ 41.438406][ T2954] usb 2-1: Decoder not found
[ 41.443226][ T2954] em28xx 2-1:0.132: failed to create media graph
[ 41.449581][ T2954] em28xx 2-1:0.132: V4L2 device video0 deregistered
[ 41.457161][ T2954] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 41.465877][ T2970] em28xx 3-1:0.132: Registering V4L2 extension
[ 41.515541][ T2970] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[ 41.523472][ T2970] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[ 41.530827][ T2970] em28xx 3-1:0.132: No AC97 audio processor
[ 41.538982][ T2970] usb 3-1: Decoder not found
[ 41.544112][ T2970] em28xx 3-1:0.132: failed to create media graph
[ 41.550661][ T2970] em28xx 3-1:0.132: V4L2 device video0 deregistered
[ 41.558078][ T2970] em28xx 3-1:0.132: Remote control support is not available for this card.
[ 41.566771][ T2959] em28xx 4-1:0.132: Registering V4L2 extension
[ 41.615940][ T2959] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 41.623737][ T2959] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 41.630913][ T2959] em28xx 4-1:0.132: No AC97 audio processor
[ 41.637835][ T2959] usb 4-1: Decoder not found
[ 41.642517][ T2959] em28xx 4-1:0.132: failed to create media graph
[ 41.648897][ T2959] em28xx 4-1:0.132: V4L2 device video0 deregistered
[ 41.658795][ T2959] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 41.667515][ T1075] em28xx 5-1:0.132: Closing input extension
[ 41.674289][ T9] em28xx 1-1:0.132: Closing input extension
[ 41.680260][ T41] em28xx 2-1:0.132: Closing input extension
[ 41.681380][ T1075] em28xx 5-1:0.132: Freeing device
[ 41.686963][ T2806] em28xx 3-1:0.132: Closing input extension
[ 41.698320][ T41] em28xx 2-1:0.132: Freeing device
[ 41.698976][ T9] em28xx 1-1:0.132: Freeing device
[ 41.703967][ T24] em28xx 4-1:0.132: Closing input extension
[ 41.716816][ T2806] em28xx 3-1:0.132: Freeing device
[ 41.726337][ T24] em28xx 4-1:0.132: Freeing device
[ 42.010597][ T41] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 42.020596][ T2806] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[ 42.020596][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 42.020738][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 42.028153][ T1075] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 42.160683][ T41] usb 2-1: Using ep0 maxpacket: 32
[ 42.167354][ T41] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 42.175678][ T41] usb 2-1: config 0 has no interface number 0
[ 42.181857][ T2806] usb 3-1: Using ep0 maxpacket: 32
[ 42.187086][ T24] usb 4-1: Using ep0 maxpacket: 32
[ 42.192328][ T41] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 42.203647][ T2806] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 42.211955][ T2806] usb 3-1: config 0 has no interface number 0
[ 42.218143][ T2806] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 42.220541][ T1075] usb 5-1: Using ep0 maxpacket: 32
[ 42.229638][ T24] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 42.233319][ T9] usb 1-1: Using ep0 maxpacket: 32
[ 42.241547][ T24] usb 4-1: config 0 has no interface number 0
[ 42.248374][ T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 42.253075][ T24] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 42.260956][ T9] usb 1-1: config 0 has no interface number 0
[ 42.273505][ T24] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 42.277583][ T9] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 42.286186][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 42.298427][ T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 42.304102][ T24] usb 4-1: Product: syz
[ 42.313168][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 42.317284][ T24] usb 4-1: Manufacturer: syz
[ 42.325258][ T9] usb 1-1: Product: syz
[ 42.329830][ T24] usb 4-1: SerialNumber: syz
[ 42.333982][ T9] usb 1-1: Manufacturer: syz
[ 42.338790][ T41] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 42.343152][ T9] usb 1-1: SerialNumber: syz
[ 42.345846][ T9] usb 1-1: config 0 descriptor??
[ 42.352345][ T41] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 42.360148][ T1075] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 42.361838][ T41] usb 2-1: Product: syz
[ 42.361859][ T41] usb 2-1: Manufacturer: syz
[ 42.361878][ T41] usb 2-1: SerialNumber: syz
[ 42.369910][ T1075] usb 5-1: config 0 has no interface number 0
[ 42.379377][ T2990] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 42.383579][ T1075] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 42.386910][ T2806] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 42.396485][ T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 42.397424][ T2806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 42.397452][ T2806] usb 3-1: Product: syz
[ 42.404653][ T9] em28xx 1-1:0.132: Video interface 132 found: bulk
[ 42.414592][ T2806] usb 3-1: Manufacturer: syz
[ 42.414613][ T2806] usb 3-1: SerialNumber: syz
[ 42.426802][ T1075] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 42.434338][ T41] usb 2-1: config 0 descriptor??
[ 42.441455][ T1075] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 42.446144][ T2992] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 42.452231][ T1075] usb 5-1: Product: syz
[ 42.462412][ T41] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 42.470550][ T1075] usb 5-1: Manufacturer: syz
[ 42.475469][ T41] em28xx 2-1:0.132: Video interface 132 found: bulk
[ 42.479578][ T24] usb 4-1: config 0 descriptor??
[ 42.483575][ T1075] usb 5-1: SerialNumber: syz
[ 42.493279][ T2806] usb 3-1: config 0 descriptor??
[ 42.497271][ T1075] usb 5-1: config 0 descriptor??
[ 42.506917][ T2993] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 42.509398][ T2991] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 42.520422][ T24] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
executing program
[ 42.521524][ T2989] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[ 42.525431][ T24] em28xx 4-1:0.132: Video interface 132 found: bulk
[ 42.533777][ T1075] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 42.539003][ T2806] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 42.542473][ T1075] em28xx 5-1:0.132: Video interface 132 found: bulk
[ 42.600346][ T2806] em28xx 3-1:0.132: Video interface 132 found: bulk
executing program
[ 42.662159][ T9] em28xx 1-1:0.132: unknown em28xx chip ID (0)
executing program
executing program
executing program
[ 42.720930][ T41] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 42.743391][ T9] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.752287][ T9] em28xx 1-1:0.132: board has no eeprom
[ 42.781440][ T41] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.790231][ T41] em28xx 2-1:0.132: board has no eeprom
[ 42.797150][ T2806] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 42.801243][ T1075] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 42.820859][ T24] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 42.830725][ T9] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 42.838622][ T9] em28xx 1-1:0.132: analog set to bulk mode.
[ 42.844706][ T2957] em28xx 1-1:0.132: Registering V4L2 extension
[ 42.850546][ T41] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 42.858748][ T41] em28xx 2-1:0.132: analog set to bulk mode.
[ 42.866671][ T2806] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.872599][ T9] usb 1-1: USB disconnect, device number 4
[ 42.875636][ T2806] em28xx 3-1:0.132: board has no eeprom
[ 42.881443][ T1075] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.888617][ T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 42.895837][ T1075] em28xx 5-1:0.132: board has no eeprom
[ 42.904372][ T24] em28xx 4-1:0.132: board has no eeprom
[ 42.914945][ T41] usb 2-1: USB disconnect, device number 4
[ 42.917092][ T9] em28xx 1-1:0.132: Disconnecting em28xx
[ 42.922274][ T41] em28xx 2-1:0.132: Disconnecting em28xx
[ 42.960583][ T2806] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 42.968538][ T2806] em28xx 3-1:0.132: analog set to bulk mode.
[ 42.976720][ T24] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 42.983405][ T2957] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 42.984605][ T24] em28xx 4-1:0.132: analog set to bulk mode.
[ 42.991614][ T2957] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 42.991634][ T2957] em28xx 1-1:0.132: No AC97 audio processor
[ 43.010879][ T1075] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 43.010926][ T2806] usb 3-1: USB disconnect, device number 4
[ 43.018697][ T1075] em28xx 5-1:0.132: analog set to bulk mode.
[ 43.033784][ T24] usb 4-1: USB disconnect, device number 4
[ 43.034557][ T1075] usb 5-1: USB disconnect, device number 4
[ 43.040336][ T24] em28xx 4-1:0.132: Disconnecting em28xx
[ 43.048428][ T2957] usb 1-1: Decoder not found
[ 43.052241][ T2806] em28xx 3-1:0.132: Disconnecting em28xx
[ 43.056015][ T2957] em28xx 1-1:0.132: failed to create media graph
[ 43.068853][ T1075] em28xx 5-1:0.132: Disconnecting em28xx
[ 43.074857][ T2957] em28xx 1-1:0.132: V4L2 device video0 deregistered
[ 43.082816][ T2957] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 43.082981][ T3017] ==================================================================
[ 43.091499][ T9] em28xx 1-1:0.132: Closing input extension
[ 43.099453][ T3017] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 43.112803][ T3017] Read of size 8 at addr ffff88811a358730 by task v4l_id/3017
[ 43.120244][ T3017]
[ 43.122568][ T3017] CPU: 1 UID: 0 PID: 3017 Comm: v4l_id Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
[ 43.132364][ T3017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 43.142524][ T3017] Call Trace:
[ 43.145801][ T3017]
[ 43.148752][ T3017] dump_stack_lvl+0x116/0x1f0
[ 43.153447][ T3017] print_report+0xc3/0x620
[ 43.157877][ T3017] ? __virt_addr_valid+0x5e/0x590
[ 43.162920][ T3017] ? __phys_addr+0xc6/0x150
[ 43.167423][ T3017] kasan_report+0xd9/0x110
[ 43.171836][ T3017] ? v4l2_fh_init+0x27d/0x2c0
[ 43.176516][ T3017] ? v4l2_fh_init+0x27d/0x2c0
[ 43.181204][ T3017] v4l2_fh_init+0x27d/0x2c0
[ 43.185701][ T3017] v4l2_fh_open+0x83/0xc0
[ 43.190021][ T3017] em28xx_v4l2_open+0x250/0x7e0
[ 43.194861][ T3017] v4l2_open+0x222/0x490
[ 43.199093][ T3017] ? __pfx_v4l2_open+0x10/0x10
[ 43.203846][ T3017] chrdev_open+0x237/0x6a0
[ 43.208258][ T3017] ? __pfx_chrdev_open+0x10/0x10
[ 43.213185][ T3017] ? lockref_get+0x15/0x50
[ 43.217622][ T3017] do_dentry_open+0x6cb/0x1390
[ 43.222400][ T3017] ? __pfx_chrdev_open+0x10/0x10
[ 43.227340][ T3017] ? inode_permission+0xdd/0x5f0
[ 43.232291][ T3017] vfs_open+0x82/0x3f0
[ 43.236352][ T3017] ? may_open+0x1f2/0x400
[ 43.240675][ T3017] path_openat+0x1e6a/0x2d60
[ 43.245259][ T3017] ? __pfx_path_openat+0x10/0x10
[ 43.250257][ T3017] ? __pfx___lock_acquire+0x10/0x10
[ 43.255459][ T3017] ? lock_acquire.part.0+0x11b/0x380
[ 43.260763][ T3017] ? find_held_lock+0x2d/0x110
[ 43.265529][ T3017] do_filp_open+0x20c/0x470
[ 43.270029][ T3017] ? __pfx_do_filp_open+0x10/0x10
[ 43.275082][ T3017] ? find_held_lock+0x2d/0x110
[ 43.279859][ T3017] ? alloc_fd+0x41f/0x760
[ 43.284201][ T3017] do_sys_openat2+0x17a/0x1e0
[ 43.288881][ T3017] ? __pfx_do_sys_openat2+0x10/0x10
[ 43.294072][ T3017] ? do_user_addr_fault+0xd97/0x12c0
[ 43.299352][ T3017] ? __pfx_lock_release+0x10/0x10
[ 43.304381][ T3017] __x64_sys_openat+0x175/0x210
[ 43.309311][ T3017] ? __pfx___x64_sys_openat+0x10/0x10
[ 43.314693][ T3017] ? do_user_addr_fault+0x839/0x12c0
[ 43.319971][ T3017] do_syscall_64+0xcd/0x250
[ 43.324475][ T3017] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 43.330384][ T3017] RIP: 0033:0x7fa32bc9f9a4
[ 43.334796][ T3017] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 43.354402][ T3017] RSP: 002b:00007ffc79a7a910 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 43.362827][ T3017] RAX: ffffffffffffffda RBX: 00007ffc79a7ab28 RCX: 00007fa32bc9f9a4
[ 43.370795][ T3017] RDX: 0000000000000000 RSI: 00007ffc79a7af25 RDI: 00000000ffffff9c
[ 43.378788][ T3017] RBP: 00007ffc79a7af25 R08: 0000000000000000 R09: 0000000000000000
[ 43.386760][ T3017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 43.394727][ T3017] R13: 00007ffc79a7ab40 R14: 000055fe297f7670 R15: 00007fa32c0eea80
[ 43.402695][ T3017]
[ 43.405729][ T3017]
[ 43.408052][ T3017] Allocated by task 2957:
[ 43.412362][ T3017] kasan_save_stack+0x33/0x60
[ 43.417028][ T3017] kasan_save_track+0x14/0x30
[ 43.421690][ T3017] __kasan_kmalloc+0x8f/0xa0
[ 43.426263][ T3017] em28xx_v4l2_init+0x114/0x4050
[ 43.431187][ T3017] em28xx_init_extension+0x137/0x200
[ 43.436484][ T3017] request_module_async+0x61/0x70
[ 43.441498][ T3017] process_one_work+0x9c5/0x1ba0
[ 43.446425][ T3017] worker_thread+0x6c8/0xf00
[ 43.451015][ T3017] kthread+0x2c1/0x3a0
[ 43.455078][ T3017] ret_from_fork+0x45/0x80
[ 43.459478][ T3017] ret_from_fork_asm+0x1a/0x30
[ 43.464229][ T3017]
[ 43.466535][ T3017] Freed by task 2957:
[ 43.470562][ T3017] kasan_save_stack+0x33/0x60
[ 43.475288][ T3017] kasan_save_track+0x14/0x30
[ 43.479985][ T3017] kasan_save_free_info+0x3b/0x60
[ 43.485043][ T3017] __kasan_slab_free+0x37/0x50
[ 43.489797][ T3017] kfree+0x130/0x470
[ 43.493683][ T3017] em28xx_v4l2_init+0x22a4/0x4050
[ 43.498697][ T3017] em28xx_init_extension+0x137/0x200
[ 43.503976][ T3017] request_module_async+0x61/0x70
[ 43.508991][ T3017] process_one_work+0x9c5/0x1ba0
[ 43.513919][ T3017] worker_thread+0x6c8/0xf00
[ 43.518500][ T3017] kthread+0x2c1/0x3a0
[ 43.522559][ T3017] ret_from_fork+0x45/0x80
[ 43.526962][ T3017] ret_from_fork_asm+0x1a/0x30
[ 43.531711][ T3017]
[ 43.534035][ T3017] The buggy address belongs to the object at ffff88811a358000
[ 43.534035][ T3017] which belongs to the cache kmalloc-8k of size 8192
[ 43.548077][ T3017] The buggy address is located 1840 bytes inside of
[ 43.548077][ T3017] freed 8192-byte region [ffff88811a358000, ffff88811a35a000)
[ 43.562031][ T3017]
[ 43.564341][ T3017] The buggy address belongs to the physical page:
[ 43.570745][ T3017] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a358
[ 43.579579][ T3017] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 43.588065][ T3017] flags: 0x200000000000040(head|node=0|zone=2)
[ 43.594230][ T3017] page_type: f5(slab)
[ 43.598204][ T3017] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 43.606785][ T3017] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 43.615364][ T3017] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 43.624025][ T3017] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 43.632686][ T3017] head: 0200000000000003 ffffea000468d601 ffffffffffffffff 0000000000000000
[ 43.641345][ T3017] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 43.650009][ T3017] page dumped because: kasan: bad access detected
[ 43.656407][ T3017] page_owner tracks the page as allocated
[ 43.662113][ T3017] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2957, tgid 2957 (kworker/0:3), ts 42850921429, free_ts 41272043240
[ 43.683378][ T3017] post_alloc_hook+0x2d1/0x350
[ 43.688160][ T3017] get_page_from_freelist+0xe76/0x2b90
[ 43.693615][ T3017] __alloc_pages_noprof+0x21c/0x22a0
[ 43.698921][ T3017] alloc_pages_mpol_noprof+0xeb/0x400
[ 43.704294][ T3017] new_slab+0x2c9/0x410
[ 43.708442][ T3017] ___slab_alloc+0xd45/0x1750
[ 43.713112][ T3017] __slab_alloc.constprop.0+0x56/0xb0
[ 43.718482][ T3017] __kmalloc_cache_noprof+0x217/0x3e0
[ 43.723849][ T3017] em28xx_v4l2_init+0x114/0x4050
[ 43.728779][ T3017] em28xx_init_extension+0x137/0x200
[ 43.734057][ T3017] request_module_async+0x61/0x70
[ 43.739076][ T3017] process_one_work+0x9c5/0x1ba0
[ 43.744004][ T3017] worker_thread+0x6c8/0xf00
[ 43.748598][ T3017] kthread+0x2c1/0x3a0
[ 43.752704][ T3017] ret_from_fork+0x45/0x80
[ 43.757114][ T3017] ret_from_fork_asm+0x1a/0x30
[ 43.761895][ T3017] page last free pid 2998 tgid 2998 stack trace:
[ 43.768209][ T3017] free_unref_page+0x661/0xe40
[ 43.772986][ T3017] __put_partials+0x14c/0x170
[ 43.777662][ T3017] qlist_free_all+0x4e/0x120
[ 43.782271][ T3017] kasan_quarantine_reduce+0x195/0x1e0
[ 43.787721][ T3017] __kasan_slab_alloc+0x4e/0x70
[ 43.792565][ T3017] kmem_cache_alloc_noprof+0x154/0x3b0
[ 43.798019][ T3017] getname_flags.part.0+0x4c/0x550
[ 43.803119][ T3017] getname+0x8d/0xe0
[ 43.807030][ T3017] do_sys_openat2+0x104/0x1e0
[ 43.811693][ T3017] __x64_sys_openat+0x175/0x210
[ 43.816526][ T3017] do_syscall_64+0xcd/0x250
[ 43.821040][ T3017] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 43.826925][ T3017]
[ 43.829238][ T3017] Memory state around the buggy address:
[ 43.834850][ T3017] ffff88811a358600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.842898][ T3017] ffff88811a358680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.850944][ T3017] >ffff88811a358700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.859014][ T3017] ^
[ 43.864629][ T3017] ffff88811a358780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.872697][ T3017] ffff88811a358800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.880740][ T3017] ==================================================================
[ 43.889035][ T3017] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 43.896239][ T3017] CPU: 1 UID: 0 PID: 3017 Comm: v4l_id Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
[ 43.906054][ T3017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 43.916099][ T3017] Call Trace:
[ 43.919367][ T3017]
[ 43.922289][ T3017] dump_stack_lvl+0x3d/0x1f0
[ 43.926873][ T3017] panic+0x71d/0x800
[ 43.930788][ T3017] ? __pfx_panic+0x10/0x10
[ 43.935198][ T3017] ? check_panic_on_warn+0x1f/0xb0
[ 43.940303][ T3017] check_panic_on_warn+0xab/0xb0
[ 43.945230][ T3017] end_report+0x117/0x180
[ 43.949553][ T3017] kasan_report+0xe9/0x110
[ 43.953961][ T3017] ? v4l2_fh_init+0x27d/0x2c0
[ 43.958638][ T3017] ? v4l2_fh_init+0x27d/0x2c0
[ 43.963330][ T3017] v4l2_fh_init+0x27d/0x2c0
[ 43.967831][ T3017] v4l2_fh_open+0x83/0xc0
[ 43.972154][ T3017] em28xx_v4l2_open+0x250/0x7e0
[ 43.976993][ T3017] v4l2_open+0x222/0x490
[ 43.981253][ T3017] ? __pfx_v4l2_open+0x10/0x10
[ 43.986033][ T3017] chrdev_open+0x237/0x6a0
[ 43.990445][ T3017] ? __pfx_chrdev_open+0x10/0x10
[ 43.995396][ T3017] ? lockref_get+0x15/0x50
[ 43.999814][ T3017] do_dentry_open+0x6cb/0x1390
[ 44.004571][ T3017] ? __pfx_chrdev_open+0x10/0x10
[ 44.009503][ T3017] ? inode_permission+0xdd/0x5f0
[ 44.014427][ T3017] vfs_open+0x82/0x3f0
[ 44.018493][ T3017] ? may_open+0x1f2/0x400
[ 44.022813][ T3017] path_openat+0x1e6a/0x2d60
[ 44.027404][ T3017] ? __pfx_path_openat+0x10/0x10
[ 44.032340][ T3017] ? __pfx___lock_acquire+0x10/0x10
[ 44.037532][ T3017] ? lock_acquire.part.0+0x11b/0x380
[ 44.042810][ T3017] ? find_held_lock+0x2d/0x110
[ 44.047570][ T3017] do_filp_open+0x20c/0x470
[ 44.052066][ T3017] ? __pfx_do_filp_open+0x10/0x10
[ 44.057079][ T3017] ? find_held_lock+0x2d/0x110
[ 44.061842][ T3017] ? alloc_fd+0x41f/0x760
[ 44.066171][ T3017] do_sys_openat2+0x17a/0x1e0
[ 44.070854][ T3017] ? __pfx_do_sys_openat2+0x10/0x10
[ 44.076037][ T3017] ? do_user_addr_fault+0xd97/0x12c0
[ 44.081332][ T3017] ? __pfx_lock_release+0x10/0x10
[ 44.086347][ T3017] __x64_sys_openat+0x175/0x210
[ 44.091186][ T3017] ? __pfx___x64_sys_openat+0x10/0x10
[ 44.096543][ T3017] ? do_user_addr_fault+0x839/0x12c0
[ 44.101818][ T3017] do_syscall_64+0xcd/0x250
[ 44.106316][ T3017] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 44.112200][ T3017] RIP: 0033:0x7fa32bc9f9a4
[ 44.116602][ T3017] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 44.136226][ T3017] RSP: 002b:00007ffc79a7a910 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 44.144633][ T3017] RAX: ffffffffffffffda RBX: 00007ffc79a7ab28 RCX: 00007fa32bc9f9a4
[ 44.152616][ T3017] RDX: 0000000000000000 RSI: 00007ffc79a7af25 RDI: 00000000ffffff9c
[ 44.160581][ T3017] RBP: 00007ffc79a7af25 R08: 0000000000000000 R09: 0000000000000000
[ 44.168541][ T3017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 44.176512][ T3017] R13: 00007ffc79a7ab40 R14: 000055fe297f7670 R15: 00007fa32c0eea80
[ 44.184486][ T3017]
[ 44.187729][ T3017] Kernel Offset: disabled
[ 44.192056][ T3017] Rebooting in 86400 seconds..