Warning: Permanently added '10.128.1.24' (ED25519) to the list of known hosts.
2025/11/12 11:03:15 parsed 1 programs
[ 39.306062][ T29] audit: type=1400 audit(1762945395.387:61): avc: denied { node_bind } for pid=2962 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 39.326926][ T29] audit: type=1400 audit(1762945395.387:62): avc: denied { module_request } for pid=2962 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 40.801691][ T29] audit: type=1400 audit(1762945396.887:63): avc: denied { mounton } for pid=2973 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 40.825318][ T29] audit: type=1400 audit(1762945396.907:64): avc: denied { mount } for pid=2973 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 40.828547][ T2973] cgroup: Unknown subsys name 'net'
[ 40.854732][ T29] audit: type=1400 audit(1762945396.937:65): avc: denied { unmount } for pid=2973 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 40.952407][ T2973] cgroup: Unknown subsys name 'cpuset'
[ 40.960664][ T2973] cgroup: Unknown subsys name 'rlimit'
[ 41.136402][ T29] audit: type=1400 audit(1762945397.217:66): avc: denied { setattr } for pid=2973 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.159841][ T29] audit: type=1400 audit(1762945397.217:67): avc: denied { create } for pid=2973 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.180373][ T29] audit: type=1400 audit(1762945397.217:68): avc: denied { write } for pid=2973 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.200782][ T29] audit: type=1400 audit(1762945397.217:69): avc: denied { read } for pid=2973 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.236872][ T29] audit: type=1400 audit(1762945397.247:70): avc: denied { sys_module } for pid=2973 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 41.280116][ T2977] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 41.400797][ T2973] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 43.087230][ T2985] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 44.554380][ T29] kauditd_printk_skb: 26 callbacks suppressed
[ 44.554398][ T29] audit: type=1400 audit(1762945400.637:97): avc: denied { create } for pid=3034 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 44.667273][ T29] audit: type=1400 audit(1762945400.677:98): avc: denied { sys_admin } for pid=3034 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 44.761285][ T29] audit: type=1400 audit(1762945400.847:99): avc: denied { sys_chroot } for pid=3041 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
2025/11/12 11:03:31 executed programs: 0
[ 55.282669][ T29] audit: type=1400 audit(1762945411.367:100): avc: denied { write } for pid=2962 comm="syz-execprog" path="pipe:[486]" dev="pipefs" ino=486 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 55.417589][ T3046] syz-executor (3046) used greatest stack depth: 22744 bytes left
2025/11/12 11:04:13 executed programs: 10
[ 97.746099][ T29] audit: type=1400 audit(1762945453.827:101): avc: denied { read write } for pid=5734 comm="syz.1.18" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 97.769762][ T29] audit: type=1400 audit(1762945453.827:102): avc: denied { open } for pid=5734 comm="syz.1.18" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 97.793660][ T29] audit: type=1400 audit(1762945453.827:103): avc: denied { ioctl } for pid=5734 comm="syz.1.18" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 98.017769][ T700] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 98.104317][ T2803] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 98.195851][ T700] usb 2-1: Using ep0 maxpacket: 32
[ 98.203203][ T700] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 98.211536][ T700] usb 2-1: config 0 has no interface number 0
[ 98.217721][ T700] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 98.240092][ T700] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 98.249212][ T700] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 98.257198][ T700] usb 2-1: Product: syz
[ 98.261448][ T700] usb 2-1: Manufacturer: syz
[ 98.266046][ T700] usb 2-1: SerialNumber: syz
[ 98.268709][ T2803] usb 7-1: Using ep0 maxpacket: 32
[ 98.274823][ T700] usb 2-1: config 0 descriptor??
[ 98.278963][ T2803] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[ 98.280781][ T37] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 98.288855][ T2803] usb 7-1: config 0 has no interface number 0
[ 98.300365][ T2803] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 98.321336][ T700] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 98.330207][ T2803] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 98.331183][ T700] em28xx 2-1:0.132: Video interface 132 found:
[ 98.340159][ T2803] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 98.354266][ T2803] usb 7-1: Product: syz
[ 98.358428][ T2803] usb 7-1: Manufacturer: syz
[ 98.363054][ T2803] usb 7-1: SerialNumber: syz
[ 98.400834][ T2803] usb 7-1: config 0 descriptor??
[ 98.424710][ T2803] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 98.434907][ T2803] em28xx 7-1:0.132: Video interface 132 found:
[ 98.493872][ T37] usb 1-1: Using ep0 maxpacket: 32
[ 98.511390][ T37] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 98.520078][ T37] usb 1-1: config 0 has no interface number 0
[ 98.537975][ T37] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 98.568113][ T37] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 98.577556][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 98.585878][ T37] usb 1-1: Product: syz
[ 98.590114][ T37] usb 1-1: Manufacturer: syz
[ 98.594703][ T37] usb 1-1: SerialNumber: syz
[ 98.600290][ T700] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 98.612235][ T37] usb 1-1: config 0 descriptor??
[ 98.620592][ T37] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 98.630560][ T37] em28xx 1-1:0.132: Video interface 132 found:
[ 98.658984][ T2803] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[ 98.671190][ T700] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 98.679974][ T700] em28xx 2-1:0.132: board has no eeprom
[ 98.720165][ T2803] em28xx 7-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 98.728913][ T2803] em28xx 7-1:0.132: board has no eeprom
[ 98.748699][ T5752] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 98.756414][ T700] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 98.764336][ T700] em28xx 2-1:0.132: analog set to bulk mode.
[ 98.770696][ T5765] em28xx 2-1:0.132: Registering V4L2 extension
[ 98.788742][ T2803] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 98.793551][ T700] usb 2-1: USB disconnect, device number 2
[ 98.796560][ T2803] em28xx 7-1:0.132: analog set to bulk mode.
[ 98.809742][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 98.810637][ T700] em28xx 2-1:0.132: Disconnecting em28xx
[ 98.820419][ T2803] usb 7-1: USB disconnect, device number 2
[ 98.848234][ T2803] em28xx 7-1:0.132: Disconnecting em28xx
[ 98.889696][ T37] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 98.916206][ T5765] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 98.924154][ T5765] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 98.931295][ T5765] em28xx 2-1:0.132: No AC97 audio processor
[ 98.937308][ T5752] usb 4-1: Using ep0 maxpacket: 32
[ 98.943878][ T5752] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 98.952122][ T5752] usb 4-1: config 0 has no interface number 0
[ 98.960715][ T5765] usb 2-1: Decoder not found
[ 98.965293][ T5765] em28xx 2-1:0.132: failed to create media graph
[ 98.972070][ T37] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 98.981763][ T37] em28xx 1-1:0.132: board has no eeprom
[ 98.988439][ T5752] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 98.998417][ T5765] em28xx 2-1:0.132: V4L2 device video0 deregistered
[ 98.998858][ T10] usb 8-1: Using ep0 maxpacket: 32
[ 99.008456][ T5752] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 99.011872][ T10] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[ 99.019173][ T5752] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 99.027357][ T10] usb 8-1: config 0 has no interface number 0
[ 99.035275][ T5752] usb 4-1: Product: syz
[ 99.041989][ T10] usb 8-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 99.045465][ T5752] usb 4-1: Manufacturer: syz
[ 99.045484][ T5752] usb 4-1: SerialNumber: syz
[ 99.065725][ T5765] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 99.074552][ T9] em28xx 7-1:0.132: Registering V4L2 extension
[ 99.075199][ T37] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 99.088735][ T37] em28xx 1-1:0.132: analog set to bulk mode.
[ 99.093360][ T10] usb 8-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 99.099008][ T37] usb 1-1: USB disconnect, device number 2
[ 99.104339][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 99.111392][ T37] em28xx 1-1:0.132: Disconnecting em28xx
[ 99.118012][ T10] usb 8-1: Product: syz
[ 99.127503][ T5752] usb 4-1: config 0 descriptor??
[ 99.127759][ T10] usb 8-1: Manufacturer: syz
[ 99.137272][ T10] usb 8-1: SerialNumber: syz
[ 99.155955][ T5752] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 99.165794][ T5752] em28xx 4-1:0.132: Video interface 132 found:
[ 99.236014][ T10] usb 8-1: config 0 descriptor??
[ 99.249274][ T10] em28xx 8-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 99.259191][ T10] em28xx 8-1:0.132: Video interface 132 found:
[ 99.300081][ T9] em28xx 7-1:0.132: Config register raw data: 0xffffffed
[ 99.307542][ T9] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[ 99.314897][ T9] em28xx 7-1:0.132: No AC97 audio processor
[ 99.322389][ T9] usb 7-1: Decoder not found
[ 99.327011][ T9] em28xx 7-1:0.132: failed to create media graph
[ 99.333399][ T9] em28xx 7-1:0.132: V4L2 device video0 deregistered
[ 99.341769][ T9] em28xx 7-1:0.132: Remote control support is not available for this card.
[ 99.350487][ T2803] em28xx 7-1:0.132: Closing input extension
[ 99.356508][ T5765] em28xx 1-1:0.132: Registering V4L2 extension
[ 99.360774][ T2803] em28xx 7-1:0.132: Freeing device
[ 99.429205][ T5752] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 99.488348][ T5765] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 99.495635][ T5765] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 99.503370][ T5765] em28xx 1-1:0.132: No AC97 audio processor
[ 99.509008][ T10] em28xx 8-1:0.132: unknown em28xx chip ID (0)
[ 99.510829][ T5752] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 99.524080][ T5752] em28xx 4-1:0.132: board has no eeprom
[ 99.535389][ T5765] usb 1-1: Decoder not found
[ 99.540029][ T5765] em28xx 1-1:0.132: failed to create media graph
[ 99.546421][ T5765] em28xx 1-1:0.132: V4L2 device video0 deregistered
[ 99.554145][ T5765] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 99.562765][ T700] em28xx 2-1:0.132: Closing input extension
[ 99.569128][ T37] em28xx 1-1:0.132: Closing input extension
[ 99.576244][ T700] em28xx 2-1:0.132: Freeing device
[ 99.580561][ T10] em28xx 8-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 99.590098][ T10] em28xx 8-1:0.132: board has no eeprom
[ 99.599024][ T5752] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 99.606823][ T5752] em28xx 4-1:0.132: analog set to bulk mode.
[ 99.613144][ T5765] em28xx 4-1:0.132: Registering V4L2 extension
[ 99.622422][ T37] em28xx 1-1:0.132: Freeing device
[ 99.657822][ T5752] usb 4-1: USB disconnect, device number 2
[ 99.660922][ T10] em28xx 8-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 99.670372][ T5752] em28xx 4-1:0.132: Disconnecting em28xx
[ 99.671503][ T10] em28xx 8-1:0.132: analog set to bulk mode.
[ 99.699319][ T2803] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 99.729670][ T10] usb 8-1: USB disconnect, device number 2
[ 99.753583][ T10] em28xx 8-1:0.132: Disconnecting em28xx
[ 99.829871][ T5765] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 99.836936][ T5765] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 99.844487][ T5765] em28xx 4-1:0.132: No AC97 audio processor
[ 99.860328][ T5765] usb 4-1: Decoder not found
[ 99.864970][ T5765] em28xx 4-1:0.132: failed to create media graph
[ 99.871411][ T5765] em28xx 4-1:0.132: V4L2 device video0 deregistered
[ 99.878726][ T2803] usb 7-1: Using ep0 maxpacket: 32
[ 99.879834][ T5765] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 99.892588][ T5791] ==================================================================
[ 99.892602][ T5791] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 99.892651][ T5791] Read of size 8 at addr ffff88811d104738 by task v4l_id/5791
[ 99.892670][ T5791]
[ 99.892694][ T5791] CPU: 0 UID: 0 PID: 5791 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary)
[ 99.892722][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 99.892746][ T5791] Call Trace:
[ 99.892754][ T5791]
[ 99.892762][ T5791] dump_stack_lvl+0x116/0x1f0
[ 99.892802][ T5791] print_report+0xcd/0x630
[ 99.892833][ T5791] ? __virt_addr_valid+0x81/0x610
[ 99.892865][ T5791] ? __phys_addr+0xe8/0x180
[ 99.892897][ T5791] ? v4l2_fh_init+0x27d/0x2c0
[ 99.892925][ T5791] kasan_report+0xe0/0x110
[ 99.892956][ T5791] ? v4l2_fh_init+0x27d/0x2c0
[ 99.892990][ T5791] v4l2_fh_init+0x27d/0x2c0
[ 99.893021][ T5791] v4l2_fh_open+0x64/0xa0
[ 99.893051][ T5791] em28xx_v4l2_open+0x24e/0x7e0
[ 99.893081][ T5791] v4l2_open+0x1d2/0x5e0
[ 99.893108][ T5791] ? __pfx_v4l2_open+0x10/0x10
[ 99.893135][ T5791] chrdev_open+0x234/0x6a0
[ 99.893161][ T5791] ? __pfx_chrdev_open+0x10/0x10
[ 99.893190][ T5791] do_dentry_open+0x6da/0x13a0
[ 99.893213][ T5791] ? __pfx_chrdev_open+0x10/0x10
[ 99.893237][ T5791] ? inode_permission+0x156/0x630
[ 99.893268][ T5791] vfs_open+0x82/0x3f0
[ 99.893293][ T5791] ? may_open+0x1f2/0x400
[ 99.893324][ T5791] path_openat+0x1de4/0x2cb0
[ 99.893352][ T5791] ? __pfx_path_openat+0x10/0x10
[ 99.893376][ T5791] ? __lock_acquire+0xb8a/0x1c90
[ 99.893404][ T5791] do_filp_open+0x20b/0x470
[ 99.893427][ T5791] ? __pfx_do_filp_open+0x10/0x10
[ 99.893462][ T5791] ? alloc_fd+0x420/0x760
[ 99.893488][ T5791] do_sys_openat2+0x11b/0x1d0
[ 99.893516][ T5791] ? __pfx_do_sys_openat2+0x10/0x10
[ 99.893544][ T5791] ? find_held_lock+0x2b/0x80
[ 99.893576][ T5791] ? handle_mm_fault+0x2ab/0xd10
[ 99.893608][ T5791] __x64_sys_openat+0x174/0x210
[ 99.893637][ T5791] ? __pfx___x64_sys_openat+0x10/0x10
[ 99.893667][ T5791] ? do_user_addr_fault+0x83f/0x1240
[ 99.893697][ T5791] do_syscall_64+0xcd/0x4d0
[ 99.893719][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.893748][ T5791] RIP: 0033:0x7f6b028fd407
[ 99.893770][ T5791] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 99.893791][ T5791] RSP: 002b:00007fff300f3330 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 99.893814][ T5791] RAX: ffffffffffffffda RBX: 00007f6b0280f880 RCX: 00007f6b028fd407
[ 99.893829][ T5791] RDX: 0000000000000000 RSI: 00007fff300f3f25 RDI: ffffffffffffff9c
[ 99.893844][ T5791] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 99.893857][ T5791] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 99.893871][ T5791] R13: 00007fff300f3580 R14: 00007f6b03093000 R15: 000055ce6f8fe4d8
[ 99.893895][ T5791]
[ 99.893903][ T5791]
[ 99.905892][ T5752] em28xx 4-1:0.132: Closing input extension
[ 99.908213][ T5791] Allocated by task 5765:
[ 100.191058][ T5791] kasan_save_stack+0x33/0x60
[ 100.195731][ T5791] kasan_save_track+0x14/0x30
[ 100.200395][ T5791] __kasan_kmalloc+0x8f/0xa0
[ 100.204975][ T5791] em28xx_v4l2_init+0x114/0x4080
[ 100.209901][ T5791] em28xx_init_extension+0x13a/0x200
[ 100.215178][ T5791] request_module_async+0x61/0x70
[ 100.220185][ T5791] process_one_work+0x9cf/0x1b70
[ 100.225117][ T5791] worker_thread+0x6c8/0xf10
[ 100.229707][ T5791] kthread+0x3c5/0x780
[ 100.233768][ T5791] ret_from_fork+0x56d/0x700
[ 100.238342][ T5791] ret_from_fork_asm+0x1a/0x30
[ 100.243094][ T5791]
[ 100.245399][ T5791] Freed by task 5765:
[ 100.249359][ T5791] kasan_save_stack+0x33/0x60
[ 100.254028][ T5791] kasan_save_track+0x14/0x30
[ 100.258692][ T5791] __kasan_save_free_info+0x3b/0x60
[ 100.263879][ T5791] __kasan_slab_free+0x43/0x70
[ 100.268633][ T5791] kfree+0x288/0x670
[ 100.272519][ T5791] em28xx_v4l2_init+0x22b5/0x4080
[ 100.277533][ T5791] em28xx_init_extension+0x13a/0x200
[ 100.282812][ T5791] request_module_async+0x61/0x70
[ 100.287820][ T5791] process_one_work+0x9cf/0x1b70
[ 100.292747][ T5791] worker_thread+0x6c8/0xf10
[ 100.297329][ T5791] kthread+0x3c5/0x780
[ 100.301385][ T5791] ret_from_fork+0x56d/0x700
[ 100.305960][ T5791] ret_from_fork_asm+0x1a/0x30
[ 100.310712][ T5791]
[ 100.313018][ T5791] The buggy address belongs to the object at ffff88811d104000
[ 100.313018][ T5791] which belongs to the cache kmalloc-8k of size 8192
[ 100.327050][ T5791] The buggy address is located 1848 bytes inside of
[ 100.327050][ T5791] freed 8192-byte region [ffff88811d104000, ffff88811d106000)
[ 100.341002][ T5791]
[ 100.343309][ T5791] The buggy address belongs to the physical page:
[ 100.349716][ T5791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d100
[ 100.358544][ T5791] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 100.367023][ T5791] flags: 0x200000000000040(head|node=0|zone=2)
[ 100.373165][ T5791] page_type: f5(slab)
[ 100.377131][ T5791] raw: 0200000000000040 ffff888100042280 ffffea000478fa00 0000000000000004
[ 100.385700][ T5791] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 100.394266][ T5791] head: 0200000000000040 ffff888100042280 ffffea000478fa00 0000000000000004
[ 100.402919][ T5791] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 100.411573][ T5791] head: 0200000000000003 ffffea0004744001 00000000ffffffff 00000000ffffffff
[ 100.420226][ T5791] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 100.428872][ T5791] page dumped because: kasan: bad access detected
[ 100.435264][ T5791] page_owner tracks the page as allocated
[ 100.440958][ T5791] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3041, tgid 3041 (syz-executor), ts 44639658789, free_ts 44491027732
[ 100.462300][ T5791] post_alloc_hook+0x1c0/0x230
[ 100.467054][ T5791] get_page_from_freelist+0x1003/0x2dc0
[ 100.472590][ T5791] __alloc_frozen_pages_noprof+0x259/0x21f0
[ 100.478475][ T5791] alloc_pages_mpol+0xe4/0x410
[ 100.483232][ T5791] new_slab+0x24a/0x360
[ 100.487379][ T5791] ___slab_alloc+0xdb7/0x1a70
[ 100.492048][ T5791] __slab_alloc.constprop.0+0x63/0x110
[ 100.497497][ T5791] __kmalloc_cache_noprof+0x3c8/0x750
[ 100.502862][ T5791] mr_table_alloc+0x5f/0x2e0
[ 100.507439][ T5791] ipmr_net_init+0x2b1/0x370
[ 100.512012][ T5791] ops_init+0x1e2/0x5f0
[ 100.516150][ T5791] setup_net+0x100/0x390
[ 100.520377][ T5791] copy_net_ns+0x2f8/0x690
[ 100.524782][ T5791] create_new_namespaces+0x3ea/0xa90
[ 100.530056][ T5791] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 100.535678][ T5791] ksys_unshare+0x45b/0xa40
[ 100.540168][ T5791] page last free pid 3037 tgid 3037 stack trace:
[ 100.546478][ T5791] __free_frozen_pages+0x78f/0x1000
[ 100.551672][ T5791] __put_partials+0x130/0x170
[ 100.556343][ T5791] qlist_free_all+0x4d/0x120
[ 100.560922][ T5791] kasan_quarantine_reduce+0x195/0x1e0
[ 100.566369][ T5791] __kasan_slab_alloc+0x4e/0x70
[ 100.571208][ T5791] kmem_cache_alloc_noprof+0x260/0x6c0
[ 100.576660][ T5791] getname_flags.part.0+0x4c/0x550
[ 100.581763][ T5791] getname_flags+0x93/0xf0
[ 100.586162][ T5791] do_sys_openat2+0xb8/0x1d0
[ 100.590745][ T5791] __x64_sys_openat+0x174/0x210
[ 100.595584][ T5791] do_syscall_64+0xcd/0x4d0
[ 100.600071][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.605950][ T5791]
[ 100.608255][ T5791] Memory state around the buggy address:
[ 100.613862][ T5791] ffff88811d104600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.621905][ T5791] ffff88811d104680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.629947][ T5791] >ffff88811d104700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.637988][ T5791] ^
[ 100.643859][ T5791] ffff88811d104780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.651906][ T5791] ffff88811d104800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.659949][ T5791] ==================================================================
[ 100.668165][ T37] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 100.668183][ T5791] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 100.682797][ T5791] CPU: 0 UID: 0 PID: 5791 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary)
[ 100.692159][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 100.702202][ T5791] Call Trace:
[ 100.705468][ T5791]
[ 100.708386][ T5791] dump_stack_lvl+0x3d/0x1f0
[ 100.712988][ T5791] vpanic+0x640/0x6f0
[ 100.716964][ T5791] panic+0xca/0xd0
[ 100.720674][ T5791] ? __pfx_panic+0x10/0x10
[ 100.725083][ T5791] ? check_panic_on_warn+0x1f/0xb0
[ 100.730188][ T5791] check_panic_on_warn+0xab/0xb0
[ 100.735118][ T5791] end_report+0x107/0x170
[ 100.739440][ T5791] kasan_report+0xee/0x110
[ 100.743852][ T5791] ? v4l2_fh_init+0x27d/0x2c0
[ 100.748525][ T5791] v4l2_fh_init+0x27d/0x2c0
[ 100.753021][ T5791] v4l2_fh_open+0x64/0xa0
[ 100.757344][ T5791] em28xx_v4l2_open+0x24e/0x7e0
[ 100.762189][ T5791] v4l2_open+0x1d2/0x5e0
[ 100.766421][ T5791] ? __pfx_v4l2_open+0x10/0x10
[ 100.771175][ T5791] chrdev_open+0x234/0x6a0
[ 100.775579][ T5791] ? __pfx_chrdev_open+0x10/0x10
[ 100.780508][ T5791] do_dentry_open+0x6da/0x13a0
[ 100.785257][ T5791] ? __pfx_chrdev_open+0x10/0x10
[ 100.790195][ T5791] ? inode_permission+0x156/0x630
[ 100.795220][ T5791] vfs_open+0x82/0x3f0
[ 100.799280][ T5791] ? may_open+0x1f2/0x400
[ 100.803605][ T5791] path_openat+0x1de4/0x2cb0
[ 100.808187][ T5791] ? __pfx_path_openat+0x10/0x10
[ 100.813116][ T5791] ? __lock_acquire+0xb8a/0x1c90
[ 100.818042][ T5791] do_filp_open+0x20b/0x470
[ 100.822532][ T5791] ? __pfx_do_filp_open+0x10/0x10
[ 100.827554][ T5791] ? alloc_fd+0x420/0x760
[ 100.831874][ T5791] do_sys_openat2+0x11b/0x1d0
[ 100.836546][ T5791] ? __pfx_do_sys_openat2+0x10/0x10
[ 100.841737][ T5791] ? find_held_lock+0x2b/0x80
[ 100.846415][ T5791] ? handle_mm_fault+0x2ab/0xd10
[ 100.851347][ T5791] __x64_sys_openat+0x174/0x210
[ 100.856191][ T5791] ? __pfx___x64_sys_openat+0x10/0x10
[ 100.861556][ T5791] ? do_user_addr_fault+0x83f/0x1240
[ 100.866833][ T5791] do_syscall_64+0xcd/0x4d0
[ 100.871324][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.877207][ T5791] RIP: 0033:0x7f6b028fd407
[ 100.881608][ T5791] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 100.901201][ T5791] RSP: 002b:00007fff300f3330 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 100.909602][ T5791] RAX: ffffffffffffffda RBX: 00007f6b0280f880 RCX: 00007f6b028fd407
[ 100.917557][ T5791] RDX: 0000000000000000 RSI: 00007fff300f3f25 RDI: ffffffffffffff9c
[ 100.925515][ T5791] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 100.933470][ T5791] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 100.941426][ T5791] R13: 00007fff300f3580 R14: 00007f6b03093000 R15: 000055ce6f8fe4d8
[ 100.949395][ T5791]
[ 100.952625][ T5791] Kernel Offset: disabled
[ 100.956933][ T5791] Rebooting in 86400 seconds..