Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts.
2025/09/07 15:46:38 parsed 1 programs
[ 42.315637][ T29] audit: type=1400 audit(1757259998.983:61): avc: denied { node_bind } for pid=2954 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 42.336667][ T29] audit: type=1400 audit(1757259998.983:62): avc: denied { module_request } for pid=2954 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 43.927504][ T29] audit: type=1400 audit(1757260000.603:63): avc: denied { mounton } for pid=2963 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 43.931939][ T2963] cgroup: Unknown subsys name 'net'
[ 43.950669][ T29] audit: type=1400 audit(1757260000.603:64): avc: denied { mount } for pid=2963 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 43.979571][ T29] audit: type=1400 audit(1757260000.653:65): avc: denied { unmount } for pid=2963 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 44.119375][ T2963] cgroup: Unknown subsys name 'cpuset'
[ 44.127623][ T2963] cgroup: Unknown subsys name 'rlimit'
[ 44.325175][ T29] audit: type=1400 audit(1757260000.993:66): avc: denied { setattr } for pid=2963 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 44.348902][ T29] audit: type=1400 audit(1757260000.993:67): avc: denied { create } for pid=2963 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 44.370228][ T29] audit: type=1400 audit(1757260000.993:68): avc: denied { write } for pid=2963 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 44.391523][ T29] audit: type=1400 audit(1757260001.003:69): avc: denied { read } for pid=2963 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 44.412922][ T29] audit: type=1400 audit(1757260001.033:70): avc: denied { sys_module } for pid=2963 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 44.472467][ T2969] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 44.509896][ T2963] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 46.255658][ T2977] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 47.923062][ T29] kauditd_printk_skb: 28 callbacks suppressed
[ 47.923083][ T29] audit: type=1401 audit(1757260004.593:99): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/09/07 15:46:56 executed programs: 0
[ 59.482902][ T29] audit: type=1400 audit(1757260016.153:100): avc: denied { write } for pid=2954 comm="syz-execprog" path="pipe:[2128]" dev="pipefs" ino=2128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 77.466860][ T4281] modprobe (4281) used greatest stack depth: 23656 bytes left
2025/09/07 15:47:44 executed programs: 10
[ 107.977415][ T29] audit: type=1400 audit(1757260064.643:101): avc: denied { read write } for pid=5728 comm="syz.7.18" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 108.002900][ T29] audit: type=1400 audit(1757260064.643:102): avc: denied { open } for pid=5728 comm="syz.7.18" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 108.030249][ T29] audit: type=1400 audit(1757260064.643:103): avc: denied { ioctl } for pid=5728 comm="syz.7.18" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 108.228543][ T37] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 108.429057][ T37] usb 8-1: Using ep0 maxpacket: 32
[ 108.442285][ T37] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[ 108.450690][ T37] usb 8-1: config 0 has no interface number 0
[ 108.467396][ T37] usb 8-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 108.490047][ T37] usb 8-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 108.499836][ T37] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 108.508455][ T37] usb 8-1: Product: syz
[ 108.512899][ T37] usb 8-1: Manufacturer: syz
[ 108.517950][ T37] usb 8-1: SerialNumber: syz
[ 108.542025][ T37] usb 8-1: config 0 descriptor??
[ 108.549247][ T5728] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 108.557841][ T3032] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 108.572322][ T37] em28xx 8-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 108.583931][ T37] em28xx 8-1:0.132: Video interface 132 found: bulk
[ 108.597294][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 108.719742][ T3032] usb 4-1: Using ep0 maxpacket: 32
[ 108.743305][ T3032] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 108.752935][ T3032] usb 4-1: config 0 has no interface number 0
[ 108.767400][ T3032] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 108.780411][ T9] usb 6-1: Using ep0 maxpacket: 32
[ 108.789193][ T9] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[ 108.798198][ T9] usb 6-1: config 0 has no interface number 0
[ 108.808820][ T3032] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 108.818332][ T3032] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 108.818747][ T37] em28xx 8-1:0.132: unknown em28xx chip ID (0)
[ 108.826635][ T3032] usb 4-1: Product: syz
[ 108.826668][ T3032] usb 4-1: Manufacturer: syz
[ 108.826693][ T3032] usb 4-1: SerialNumber: syz
[ 108.847918][ T9] usb 6-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 108.860426][ T9] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 108.869787][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 108.878250][ T9] usb 6-1: Product: syz
[ 108.882520][ T9] usb 6-1: Manufacturer: syz
[ 108.887168][ T9] usb 6-1: SerialNumber: syz
[ 108.894010][ T3032] usb 4-1: config 0 descriptor??
[ 108.899867][ T5743] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 108.904360][ T9] usb 6-1: config 0 descriptor??
[ 108.909509][ T37] em28xx 8-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 108.919452][ T3032] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 108.921937][ T37] em28xx 8-1:0.132: board has no eeprom
[ 108.931958][ T3032] em28xx 4-1:0.132: Video interface 132 found: bulk
[ 108.942721][ T5744] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 108.955296][ T9] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 108.965840][ T9] em28xx 6-1:0.132: Video interface 132 found: bulk
[ 108.997082][ T37] em28xx 8-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 109.005558][ T37] em28xx 8-1:0.132: analog set to bulk mode.
[ 109.013028][ T5761] em28xx 8-1:0.132: Registering V4L2 extension
[ 109.020274][ T1119] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 109.037079][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 109.047140][ T37] usb 8-1: USB disconnect, device number 2
[ 109.055509][ T37] em28xx 8-1:0.132: Disconnecting em28xx
[ 109.164546][ T5761] em28xx 8-1:0.132: Config register raw data: 0xffffffed
[ 109.173325][ T5761] em28xx 8-1:0.132: AC97 chip type couldn't be determined
[ 109.180801][ T5761] em28xx 8-1:0.132: No AC97 audio processor
[ 109.187298][ T1119] usb 5-1: Using ep0 maxpacket: 32
[ 109.187469][ T3032] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 109.198199][ T1119] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 109.201358][ T10] usb 3-1: Using ep0 maxpacket: 32
[ 109.209201][ T1119] usb 5-1: config 0 has no interface number 0
[ 109.209969][ T5761] usb 8-1: Decoder not found
[ 109.216929][ T9] em28xx 6-1:0.132: unknown em28xx chip ID (0)
[ 109.221530][ T5761] em28xx 8-1:0.132: failed to create media graph
[ 109.230649][ T10] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 109.233519][ T1119] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 109.239612][ T10] usb 3-1: config 0 has no interface number 0
[ 109.240447][ T10] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 109.250712][ T5761] em28xx 8-1:0.132: V4L2 device video0 deregistered
[ 109.263006][ T10] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 109.273011][ T1119] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 109.277261][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 109.283863][ T1119] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 109.293646][ T10] usb 3-1: Product: syz
[ 109.303678][ T1119] usb 5-1: Product: syz
[ 109.312730][ T10] usb 3-1: Manufacturer: syz
[ 109.312752][ T10] usb 3-1: SerialNumber: syz
[ 109.315848][ T3032] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 109.323076][ T1119] usb 5-1: Manufacturer: syz
[ 109.327546][ T3032] em28xx 4-1:0.132: board has no eeprom
[ 109.332307][ T1119] usb 5-1: SerialNumber: syz
[ 109.337443][ T9] em28xx 6-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 109.375946][ T9] em28xx 6-1:0.132: board has no eeprom
[ 109.384454][ T5761] em28xx 8-1:0.132: Remote control support is not available for this card.
[ 109.385887][ T10] usb 3-1: config 0 descriptor??
[ 109.396262][ T1119] usb 5-1: config 0 descriptor??
[ 109.399951][ T5758] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 109.413210][ T37] em28xx 8-1:0.132: Closing input extension
[ 109.416487][ T10] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 109.430210][ T10] em28xx 3-1:0.132: Video interface 132 found: bulk
[ 109.437286][ T3032] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 109.445977][ T3032] em28xx 4-1:0.132: analog set to bulk mode.
[ 109.452906][ T3029] em28xx 4-1:0.132: Registering V4L2 extension
[ 109.456663][ T37] em28xx 8-1:0.132: Freeing device
[ 109.459522][ T5759] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[ 109.473080][ T9] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 109.481376][ T9] em28xx 6-1:0.132: analog set to bulk mode.
[ 109.494793][ T3032] usb 4-1: USB disconnect, device number 2
[ 109.499749][ T1119] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 109.503989][ T9] usb 6-1: USB disconnect, device number 2
[ 109.510742][ T1119] em28xx 5-1:0.132: Video interface 132 found: bulk
[ 109.519843][ T3032] em28xx 4-1:0.132: Disconnecting em28xx
[ 109.532655][ T9] em28xx 6-1:0.132: Disconnecting em28xx
[ 109.667400][ T10] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 109.721981][ T3029] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 109.729888][ T3029] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 109.738008][ T3029] em28xx 4-1:0.132: No AC97 audio processor
[ 109.747544][ T10] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 109.749803][ T1119] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 109.757598][ T10] em28xx 3-1:0.132: board has no eeprom
[ 109.787758][ T3029] usb 4-1: Decoder not found
[ 109.792429][ T3029] em28xx 4-1:0.132: failed to create media graph
[ 109.800724][ T3029] em28xx 4-1:0.132: V4L2 device video0 deregistered
[ 109.810304][ T3029] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 109.813755][ T5774] ==================================================================
[ 109.819680][ T5770] em28xx 6-1:0.132: Registering V4L2 extension
[ 109.827662][ T5774] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 109.827718][ T5774] Read of size 8 at addr ffff88811c8f0738 by task v4l_id/5774
[ 109.849109][ T5774]
[ 109.851557][ T5774] CPU: 1 UID: 0 PID: 5774 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary)
[ 109.851590][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 109.851612][ T5774] Call Trace:
[ 109.851621][ T5774]
[ 109.851630][ T5774] dump_stack_lvl+0x116/0x1f0
[ 109.851670][ T5774] print_report+0xcd/0x630
[ 109.851701][ T5774] ? __virt_addr_valid+0x81/0x610
[ 109.851734][ T5774] ? __phys_addr+0xe8/0x180
[ 109.851767][ T5774] ? v4l2_fh_init+0x27d/0x2c0
[ 109.851792][ T5774] kasan_report+0xe0/0x110
[ 109.851824][ T5774] ? v4l2_fh_init+0x27d/0x2c0
[ 109.851852][ T5774] v4l2_fh_init+0x27d/0x2c0
[ 109.851877][ T5774] v4l2_fh_open+0x83/0xc0
[ 109.851901][ T5774] em28xx_v4l2_open+0x24e/0x7e0
[ 109.851927][ T5774] v4l2_open+0x222/0x490
[ 109.851948][ T5774] ? __pfx_v4l2_open+0x10/0x10
[ 109.851969][ T5774] chrdev_open+0x231/0x6a0
[ 109.851997][ T5774] ? __pfx_chrdev_open+0x10/0x10
[ 109.852029][ T5774] do_dentry_open+0x6da/0x13a0
[ 109.852055][ T5774] ? __pfx_chrdev_open+0x10/0x10
[ 109.852083][ T5774] ? inode_permission+0x156/0x630
[ 109.852125][ T5774] vfs_open+0x82/0x3f0
[ 109.852154][ T5774] ? may_open+0x1f2/0x400
[ 109.852190][ T5774] path_openat+0x1de4/0x2cb0
[ 109.852223][ T5774] ? __pfx_path_openat+0x10/0x10
[ 109.852253][ T5774] do_filp_open+0x20b/0x470
[ 109.852280][ T5774] ? __pfx_do_filp_open+0x10/0x10
[ 109.852319][ T5774] ? alloc_fd+0x420/0x760
[ 109.852348][ T5774] do_sys_openat2+0x11b/0x1d0
[ 109.852379][ T5774] ? __pfx_do_sys_openat2+0x10/0x10
[ 109.852410][ T5774] ? find_held_lock+0x2b/0x80
[ 109.852442][ T5774] ? handle_mm_fault+0x2ab/0xd10
[ 109.852478][ T5774] __x64_sys_openat+0x174/0x210
[ 109.852511][ T5774] ? __pfx___x64_sys_openat+0x10/0x10
[ 109.852545][ T5774] ? do_user_addr_fault+0x83f/0x1240
[ 109.852574][ T5774] do_syscall_64+0xcd/0x4b0
[ 109.852609][ T5774] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.852635][ T5774] RIP: 0033:0x7fd565f08407
[ 109.852664][ T5774] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 109.852691][ T5774] RSP: 002b:00007ffdd96e7c30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 109.852716][ T5774] RAX: ffffffffffffffda RBX: 00007fd565e1a880 RCX: 00007fd565f08407
[ 109.852734][ T5774] RDX: 0000000000000000 RSI: 00007ffdd96e8f24 RDI: ffffffffffffff9c
[ 109.852750][ T5774] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 109.852765][ T5774] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 109.852780][ T5774] R13: 00007ffdd96e7e80 R14: 00007fd56669e000 R15: 000055c9af33d4d8
[ 109.852805][ T5774]
[ 109.852814][ T5774]
[ 109.857274][ T10] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 109.862612][ T5774] Allocated by task 3029:
[ 109.873101][ T10] em28xx 3-1:0.132: analog set to bulk mode.
[ 109.876271][ T5774] kasan_save_stack+0x33/0x60
[ 110.145869][ T5774] kasan_save_track+0x14/0x30
[ 110.151004][ T5774] __kasan_kmalloc+0x8f/0xa0
[ 110.156131][ T5774] em28xx_v4l2_init+0x114/0x4080
[ 110.161124][ T5774] em28xx_init_extension+0x13a/0x200
[ 110.166515][ T5774] request_module_async+0x61/0x70
[ 110.171627][ T5774] process_one_work+0x9cc/0x1b70
[ 110.176660][ T5774] worker_thread+0x6c8/0xf10
[ 110.181754][ T5774] kthread+0x3c5/0x780
[ 110.185918][ T5774] ret_from_fork+0x5b6/0x6c0
[ 110.190768][ T5774] ret_from_fork_asm+0x1a/0x30
[ 110.195670][ T5774]
[ 110.198015][ T5774] Freed by task 3029:
[ 110.202121][ T5774] kasan_save_stack+0x33/0x60
[ 110.207000][ T5774] kasan_save_track+0x14/0x30
[ 110.212075][ T5774] kasan_save_free_info+0x3b/0x60
[ 110.217287][ T5774] __kasan_slab_free+0x3e/0x50
[ 110.223256][ T5774] kfree+0x283/0x470
[ 110.227776][ T5774] em28xx_v4l2_init+0x22b5/0x4080
[ 110.233724][ T5774] em28xx_init_extension+0x13a/0x200
[ 110.239522][ T5774] request_module_async+0x61/0x70
[ 110.244655][ T5774] process_one_work+0x9cc/0x1b70
[ 110.249702][ T5774] worker_thread+0x6c8/0xf10
[ 110.254589][ T5774] kthread+0x3c5/0x780
[ 110.258845][ T5774] ret_from_fork+0x5b6/0x6c0
[ 110.264187][ T5774] ret_from_fork_asm+0x1a/0x30
[ 110.269522][ T5774]
[ 110.271947][ T5774] The buggy address belongs to the object at ffff88811c8f0000
[ 110.271947][ T5774] which belongs to the cache kmalloc-8k of size 8192
[ 110.286967][ T5774] The buggy address is located 1848 bytes inside of
[ 110.286967][ T5774] freed 8192-byte region [ffff88811c8f0000, ffff88811c8f2000)
[ 110.302002][ T5774]
[ 110.304460][ T5774] The buggy address belongs to the physical page:
[ 110.311611][ T5774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c8f0
[ 110.321602][ T5774] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 110.331166][ T5774] flags: 0x200000000000040(head|node=0|zone=2)
[ 110.338191][ T5774] page_type: f5(slab)
[ 110.342294][ T5774] raw: 0200000000000040 ffff888100042280 ffffea0004711200 0000000000000004
[ 110.352265][ T5774] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 110.361479][ T5774] head: 0200000000000040 ffff888100042280 ffffea0004711200 0000000000000004
[ 110.371903][ T5774] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 110.381822][ T5774] head: 0200000000000003 ffffea0004723c01 00000000ffffffff 00000000ffffffff
[ 110.391537][ T5774] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 110.400980][ T5774] page dumped because: kasan: bad access detected
[ 110.408332][ T5774] page_owner tracks the page as allocated
[ 110.414677][ T5774] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3026, tgid 3026 (syz-executor), ts 47220257197, free_ts 47151248222
[ 110.438878][ T5774] post_alloc_hook+0x1c0/0x230
[ 110.445184][ T5774] get_page_from_freelist+0xf98/0x2ce0
[ 110.451561][ T5774] __alloc_frozen_pages_noprof+0x259/0x21e0
[ 110.457858][ T5774] alloc_pages_mpol+0xe4/0x410
[ 110.463278][ T5774] new_slab+0x247/0x330
[ 110.468845][ T5774] ___slab_alloc+0xc78/0x1680
[ 110.473983][ T5774] __slab_alloc.constprop.0+0x56/0xb0
[ 110.480465][ T5774] __kmalloc_node_track_caller_noprof+0x15e/0x4c0
[ 110.488495][ T5774] kmemdup_noprof+0x29/0x60
[ 110.493577][ T5774] ipv4_sysctl_init_net+0x3e/0x350
[ 110.499332][ T5774] ops_init+0x1e2/0x5f0
[ 110.504496][ T5774] setup_net+0x10f/0x380
[ 110.508778][ T5774] copy_net_ns+0x2a6/0x5f0
[ 110.513568][ T5774] create_new_namespaces+0x3ea/0xa90
[ 110.519324][ T5774] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 110.525343][ T5774] ksys_unshare+0x45b/0xa40
[ 110.530118][ T5774] page last free pid 3024 tgid 3024 stack trace:
[ 110.536845][ T5774] __free_frozen_pages+0x78a/0xfd0
[ 110.542500][ T5774] __put_partials+0x165/0x1c0
[ 110.547455][ T5774] qlist_free_all+0x4d/0x120
[ 110.552220][ T5774] kasan_quarantine_reduce+0x195/0x1e0
[ 110.558041][ T5774] __kasan_slab_alloc+0x4e/0x70
[ 110.563263][ T5774] kmem_cache_alloc_noprof+0x14f/0x3b0
[ 110.569223][ T5774] getname_flags.part.0+0x4c/0x550
[ 110.574674][ T5774] getname_flags+0x93/0xf0
[ 110.579467][ T5774] vfs_fstatat+0xe1/0xf0
[ 110.584342][ T5774] __do_sys_newfstatat+0x97/0x120
[ 110.590363][ T5774] do_syscall_64+0xcd/0x4b0
[ 110.595354][ T5774] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.601574][ T5774]
[ 110.604142][ T5774] Memory state around the buggy address:
[ 110.610666][ T5774] ffff88811c8f0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.621708][ T5774] ffff88811c8f0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.630589][ T5774] >ffff88811c8f0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.639354][ T5774] ^
[ 110.646485][ T5774] ffff88811c8f0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.655693][ T5774] ffff88811c8f0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.665426][ T5774] ==================================================================
[ 110.675833][ T5774] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 110.683665][ T5774] CPU: 1 UID: 0 PID: 5774 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(voluntary)
[ 110.693230][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 110.703474][ T5774] Call Trace:
[ 110.706861][ T5774]
[ 110.710171][ T5774] dump_stack_lvl+0x3d/0x1f0
[ 110.714855][ T5774] vpanic+0x6e8/0x7a0
[ 110.718960][ T5774] ? __pfx_vpanic+0x10/0x10
[ 110.723581][ T5774] ? __pfx_vprintk_emit+0x10/0x10
[ 110.728818][ T5774] ? v4l2_fh_init+0x27d/0x2c0
[ 110.735006][ T5774] panic+0xca/0xd0
[ 110.739291][ T5774] ? __pfx_panic+0x10/0x10
[ 110.744009][ T5774] ? check_panic_on_warn+0x1f/0xb0
[ 110.750299][ T5774] check_panic_on_warn+0xab/0xb0
[ 110.757258][ T5774] end_report+0x107/0x170
[ 110.762902][ T5774] kasan_report+0xee/0x110
[ 110.768198][ T5774] ? v4l2_fh_init+0x27d/0x2c0
[ 110.773452][ T5774] v4l2_fh_init+0x27d/0x2c0
[ 110.778440][ T5774] v4l2_fh_open+0x83/0xc0
[ 110.783502][ T5774] em28xx_v4l2_open+0x24e/0x7e0
[ 110.788825][ T5774] v4l2_open+0x222/0x490
[ 110.793559][ T5774] ? __pfx_v4l2_open+0x10/0x10
[ 110.799343][ T5774] chrdev_open+0x231/0x6a0
[ 110.803788][ T5774] ? __pfx_chrdev_open+0x10/0x10
[ 110.809210][ T5774] do_dentry_open+0x6da/0x13a0
[ 110.814113][ T5774] ? __pfx_chrdev_open+0x10/0x10
[ 110.819122][ T5774] ? inode_permission+0x156/0x630
[ 110.824464][ T5774] vfs_open+0x82/0x3f0
[ 110.828794][ T5774] ? may_open+0x1f2/0x400
[ 110.833606][ T5774] path_openat+0x1de4/0x2cb0
[ 110.838408][ T5774] ? __pfx_path_openat+0x10/0x10
[ 110.843734][ T5774] do_filp_open+0x20b/0x470
[ 110.848709][ T5774] ? __pfx_do_filp_open+0x10/0x10
[ 110.854450][ T5774] ? alloc_fd+0x420/0x760
[ 110.858993][ T5774] do_sys_openat2+0x11b/0x1d0
[ 110.864922][ T5774] ? __pfx_do_sys_openat2+0x10/0x10
[ 110.870350][ T5774] ? find_held_lock+0x2b/0x80
[ 110.875769][ T5774] ? handle_mm_fault+0x2ab/0xd10
[ 110.881126][ T5774] __x64_sys_openat+0x174/0x210
[ 110.886344][ T5774] ? __pfx___x64_sys_openat+0x10/0x10
[ 110.892274][ T5774] ? do_user_addr_fault+0x83f/0x1240
[ 110.898183][ T5774] do_syscall_64+0xcd/0x4b0
[ 110.902723][ T5774] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.908655][ T5774] RIP: 0033:0x7fd565f08407
[ 110.913170][ T5774] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 110.933979][ T5774] RSP: 002b:00007ffdd96e7c30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 110.943366][ T5774] RAX: ffffffffffffffda RBX: 00007fd565e1a880 RCX: 00007fd565f08407
[ 110.951958][ T5774] RDX: 0000000000000000 RSI: 00007ffdd96e8f24 RDI: ffffffffffffff9c
[ 110.960378][ T5774] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 110.969412][ T5774] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 110.978083][ T5774] R13: 00007ffdd96e7e80 R14: 00007fd56669e000 R15: 000055c9af33d4d8
[ 110.986534][ T5774]
[ 110.989925][ T5774] Kernel Offset: disabled
[ 110.994333][ T5774] Rebooting in 86400 seconds..