Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts.
2025/07/28 01:48:40 ignoring optional flag "sandboxArg"="0"
2025/07/28 01:48:41 parsed 1 programs
[ 54.425700][ T29] audit: type=1400 audit(1753667321.471:61): avc: denied { node_bind } for pid=2951 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 54.447291][ T29] audit: type=1400 audit(1753667321.471:62): avc: denied { module_request } for pid=2951 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 57.163493][ T29] audit: type=1400 audit(1753667324.201:63): avc: denied { mounton } for pid=2960 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 57.172649][ T2960] cgroup: Unknown subsys name 'net'
[ 57.186436][ T29] audit: type=1400 audit(1753667324.211:64): avc: denied { mount } for pid=2960 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 57.214338][ T29] audit: type=1400 audit(1753667324.241:65): avc: denied { unmount } for pid=2960 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 57.337782][ T2960] cgroup: Unknown subsys name 'cpuset'
[ 57.347562][ T2960] cgroup: Unknown subsys name 'rlimit'
[ 57.567048][ T29] audit: type=1400 audit(1753667324.611:66): avc: denied { setattr } for pid=2960 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 57.590875][ T29] audit: type=1400 audit(1753667324.611:67): avc: denied { create } for pid=2960 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 57.611945][ T29] audit: type=1400 audit(1753667324.611:68): avc: denied { write } for pid=2960 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 57.632423][ T29] audit: type=1400 audit(1753667324.611:69): avc: denied { read } for pid=2960 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 57.654139][ T29] audit: type=1400 audit(1753667324.661:70): avc: denied { sys_module } for pid=2960 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 57.750015][ T2965] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 57.797610][ T2960] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 59.449561][ T29] kauditd_printk_skb: 7 callbacks suppressed
[ 59.449586][ T29] audit: type=1400 audit(1753667326.491:78): avc: denied { read } for pid=2971 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 59.544734][ T29] audit: type=1400 audit(1753667326.491:79): avc: denied { open } for pid=2971 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 59.568387][ T29] audit: type=1400 audit(1753667326.491:80): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 59.590050][ T29] audit: type=1400 audit(1753667326.561:81): avc: denied { create } for pid=2970 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 59.610022][ T29] audit: type=1400 audit(1753667326.561:82): avc: denied { sys_admin } for pid=2970 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 59.805298][ T29] audit: type=1400 audit(1753667326.661:83): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.sNVTXR/syz-tmp" dev="sda1" ino=2042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 59.831357][ T29] audit: type=1400 audit(1753667326.661:84): avc: denied { mount } for pid=2971 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 59.853538][ T29] audit: type=1400 audit(1753667326.661:85): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.sNVTXR/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 59.879072][ T29] audit: type=1400 audit(1753667326.661:86): avc: denied { mount } for pid=2971 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 59.901070][ T29] audit: type=1400 audit(1753667326.701:87): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.sNVTXR/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 60.066502][ T2971] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
2025/07/28 01:49:06 executed programs: 0
[ 78.969217][ T29] kauditd_printk_skb: 12 callbacks suppressed
[ 78.969239][ T29] audit: type=1400 audit(1753667346.011:100): avc: denied { write } for pid=2951 comm="syz-execprog" path="pipe:[2254]" dev="pipefs" ino=2254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 79.149821][ T3012] syz-executor (3012) used greatest stack depth: 22888 bytes left
2025/07/28 01:50:00 executed programs: 10
[ 133.249854][ T29] audit: type=1400 audit(1753667400.291:101): avc: denied { read write } for pid=5786 comm="syz.1.17" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 133.273284][ T29] audit: type=1400 audit(1753667400.291:102): avc: denied { open } for pid=5786 comm="syz.1.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 133.386178][ T29] audit: type=1400 audit(1753667400.291:103): avc: denied { ioctl } for pid=5786 comm="syz.1.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 133.529170][ T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 133.715477][ T43] usb 2-1: Using ep0 maxpacket: 32
[ 133.735276][ T43] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[ 133.743633][ T43] usb 2-1: config 0 has no interface number 0
[ 133.764861][ T43] usb 2-1: config 0 interface 89 has no altsetting 0
[ 133.788049][ T43] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 133.797295][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 133.805429][ T43] usb 2-1: Product: syz
[ 133.809638][ T43] usb 2-1: Manufacturer: syz
[ 133.814279][ T43] usb 2-1: SerialNumber: syz
[ 133.826331][ T43] usb 2-1: config 0 descriptor??
[ 133.844199][ T43] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 133.853962][ T43] em28xx 2-1:0.89: Video interface 89 found: bulk
[ 133.964716][ T3094] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 134.095740][ T43] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[ 134.124698][ T3094] usb 8-1: Using ep0 maxpacket: 32
[ 134.132935][ T3094] usb 8-1: config 0 has an invalid interface number: 89 but max is 0
[ 134.141585][ T3094] usb 8-1: config 0 has no interface number 0
[ 134.150013][ T3094] usb 8-1: config 0 interface 89 has no altsetting 0
[ 134.159900][ T3094] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 134.169134][ T3094] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 134.177268][ T3094] usb 8-1: Product: syz
[ 134.181495][ T3094] usb 8-1: Manufacturer: syz
[ 134.186197][ T3094] usb 8-1: SerialNumber: syz
[ 134.194745][ T1120] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 134.195973][ T43] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 134.210684][ T43] em28xx 2-1:0.89: board has no eeprom
[ 134.216314][ T5809] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 134.228873][ T3094] usb 8-1: config 0 descriptor??
[ 134.242983][ T3094] em28xx 8-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 134.252584][ T3094] em28xx 8-1:0.89: Video interface 89 found: bulk
[ 134.324686][ T43] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[ 134.332068][ T43] em28xx 2-1:0.89: analog set to bulk mode.
[ 134.338797][ T5813] em28xx 2-1:0.89: Registering V4L2 extension
[ 134.356451][ T43] usb 2-1: USB disconnect, device number 2
[ 134.357655][ T1120] usb 3-1: Using ep0 maxpacket: 32
[ 134.370248][ T1120] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[ 134.374954][ T43] em28xx 2-1:0.89: Disconnecting em28xx
[ 134.378513][ T1120] usb 3-1: config 0 has no interface number 0
[ 134.393782][ T1120] usb 3-1: config 0 interface 89 has no altsetting 0
[ 134.395071][ T5809] usb 4-1: Using ep0 maxpacket: 32
[ 134.403741][ T1120] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 134.414936][ T1120] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 134.417774][ T5809] usb 4-1: config 0 has an invalid interface number: 89 but max is 0
[ 134.422949][ T1120] usb 3-1: Product: syz
[ 134.422974][ T1120] usb 3-1: Manufacturer: syz
[ 134.431129][ T5809] usb 4-1: config 0 has no interface number 0
[ 134.435288][ T1120] usb 3-1: SerialNumber: syz
[ 134.454731][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 134.454794][ T5809] usb 4-1: config 0 interface 89 has no altsetting 0
[ 134.480530][ T1120] usb 3-1: config 0 descriptor??
[ 134.490195][ T1120] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 134.499985][ T1120] em28xx 3-1:0.89: Video interface 89 found: bulk
[ 134.515026][ T5813] em28xx 2-1:0.89: Config register raw data: 0xffffffed
[ 134.522190][ T5813] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[ 134.530307][ T5813] em28xx 2-1:0.89: No AC97 audio processor
[ 134.551458][ T5809] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 134.560656][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 134.568818][ T5809] usb 4-1: Product: syz
[ 134.573160][ T5809] usb 4-1: Manufacturer: syz
[ 134.577889][ T5809] usb 4-1: SerialNumber: syz
[ 134.585530][ T3094] em28xx 8-1:0.89: unknown em28xx chip ID (0)
[ 134.598157][ T5813] usb 2-1: Decoder not found
[ 134.602839][ T5813] em28xx 2-1:0.89: failed to create media graph
[ 134.610248][ T5809] usb 4-1: config 0 descriptor??
[ 134.624917][ T5813] em28xx 2-1:0.89: V4L2 device video0 deregistered
[ 134.627123][ T10] usb 5-1: Using ep0 maxpacket: 32
[ 134.643185][ T10] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[ 134.644218][ T5809] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 134.652677][ T10] usb 5-1: config 0 has no interface number 0
[ 134.661947][ T5809] em28xx 4-1:0.89: Video interface 89 found: bulk
[ 134.672177][ T3094] em28xx 8-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 134.681731][ T10] usb 5-1: config 0 interface 89 has no altsetting 0
[ 134.683586][ T3094] em28xx 8-1:0.89: board has no eeprom
[ 134.697060][ T5813] em28xx 2-1:0.89: Registering snapshot button...
[ 134.716896][ T5813] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input5
[ 134.722735][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 134.733449][ T5813] em28xx 2-1:0.89: Remote control support is not available for this card.
[ 134.737346][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 134.746986][ T43] em28xx 2-1:0.89: Closing input extension
[ 134.753807][ T10] usb 5-1: Product: syz
[ 134.753833][ T10] usb 5-1: Manufacturer: syz
[ 134.760150][ T43] em28xx 2-1:0.89: Deregistering snapshot button
[ 134.764285][ T10] usb 5-1: SerialNumber: syz
[ 134.767143][ T1120] em28xx 3-1:0.89: unknown em28xx chip ID (0)
[ 134.784721][ T3094] em28xx 8-1:0.89: Identified as Terratec Grabby (card=67)
[ 134.794149][ T3094] em28xx 8-1:0.89: analog set to bulk mode.
[ 134.809327][ T5813] em28xx 8-1:0.89: Registering V4L2 extension
[ 134.809773][ T10] usb 5-1: config 0 descriptor??
[ 134.848138][ T43] em28xx 2-1:0.89: Freeing device
[ 134.865568][ T3094] usb 8-1: USB disconnect, device number 2
[ 134.869916][ T10] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 134.880988][ T10] em28xx 5-1:0.89: Video interface 89 found: bulk
[ 134.884147][ T3094] em28xx 8-1:0.89: Disconnecting em28xx
[ 134.889646][ T1120] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 134.901810][ T1120] em28xx 3-1:0.89: board has no eeprom
[ 134.903613][ T5809] em28xx 4-1:0.89: unknown em28xx chip ID (0)
[ 134.924908][ T5813] em28xx 8-1:0.89: Config register raw data: 0xffffffed
[ 134.932032][ T5813] em28xx 8-1:0.89: AC97 chip type couldn't be determined
[ 134.939495][ T5813] em28xx 8-1:0.89: No AC97 audio processor
[ 134.969995][ T5813] usb 8-1: Decoder not found
[ 134.974823][ T5813] em28xx 8-1:0.89: failed to create media graph
[ 135.004897][ T1120] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[ 135.008917][ T5813] em28xx 8-1:0.89: V4L2 device video0 deregistered
[ 135.012211][ T1120] em28xx 3-1:0.89: analog set to bulk mode.
[ 135.021574][ T5809] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 135.034205][ T5809] em28xx 4-1:0.89: board has no eeprom
[ 135.054307][ T5813] em28xx 8-1:0.89: Registering snapshot button...
[ 135.089127][ T5813] input: em28xx snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.89/input/input6
[ 135.110107][ T10] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[ 135.125356][ T5809] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67)
[ 135.132688][ T5809] em28xx 4-1:0.89: analog set to bulk mode.
[ 135.134409][ T1120] usb 3-1: USB disconnect, device number 2
[ 135.141022][ T5813] em28xx 8-1:0.89: Remote control support is not available for this card.
[ 135.153820][ T5820] em28xx 3-1:0.89: Registering V4L2 extension
[ 135.195059][ T1120] em28xx 3-1:0.89: Disconnecting em28xx
[ 135.202874][ T5809] usb 4-1: USB disconnect, device number 2
[ 135.221105][ T5809] em28xx 4-1:0.89: Disconnecting em28xx
[ 135.240910][ T10] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 135.246052][ T43] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 135.249751][ T10] em28xx 5-1:0.89: board has no eeprom
[ 135.309118][ T5820] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[ 135.316258][ T5820] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[ 135.323332][ T5820] em28xx 3-1:0.89: No AC97 audio processor
[ 135.331692][ T5820] usb 3-1: Decoder not found
[ 135.336412][ T5820] em28xx 3-1:0.89: failed to create media graph
[ 135.342785][ T5820] em28xx 3-1:0.89: V4L2 device video0 deregistered
[ 135.349433][ T10] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[ 135.356762][ T10] em28xx 5-1:0.89: analog set to bulk mode.
[ 135.364278][ T5820] em28xx 3-1:0.89: Registering snapshot button...
[ 135.376835][ T5820] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input7
[ 135.397432][ T5820] em28xx 3-1:0.89: Remote control support is not available for this card.
[ 135.406131][ T5822] em28xx 4-1:0.89: Registering V4L2 extension
[ 135.408389][ T10] usb 5-1: USB disconnect, device number 2
[ 135.436368][ T10] em28xx 5-1:0.89: Disconnecting em28xx
[ 135.445952][ T43] usb 2-1: Using ep0 maxpacket: 32
[ 135.458740][ T43] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[ 135.467252][ T43] usb 2-1: config 0 has no interface number 0
[ 135.473836][ T43] usb 2-1: config 0 interface 89 has no altsetting 0
[ 135.483660][ T43] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 135.493143][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 135.501552][ T43] usb 2-1: Product: syz
[ 135.506085][ T43] usb 2-1: Manufacturer: syz
[ 135.510755][ T43] usb 2-1: SerialNumber: syz
[ 135.515657][ T5822] em28xx 4-1:0.89: Config register raw data: 0xffffffed
[ 135.522640][ T5822] em28xx 4-1:0.89: AC97 chip type couldn't be determined
[ 135.529763][ T5822] em28xx 4-1:0.89: No AC97 audio processor
[ 135.539985][ T5822] usb 4-1: Decoder not found
[ 135.544733][ T5822] em28xx 4-1:0.89: failed to create media graph
[ 135.551872][ T43] usb 2-1: config 0 descriptor??
[ 135.556989][ T5822] em28xx 4-1:0.89: V4L2 device video0 deregistered
[ 135.566939][ T5822] em28xx 4-1:0.89: Registering snapshot button...
[ 135.586662][ T43] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 135.596669][ T43] em28xx 2-1:0.89: Video interface 89 found: bulk
[ 135.604998][ T5822] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input8
[ 135.620628][ T5822] em28xx 4-1:0.89: Remote control support is not available for this card.
[ 135.629441][ T3094] em28xx 8-1:0.89: Closing input extension
[ 135.635593][ T3094] em28xx 8-1:0.89: Deregistering snapshot button
[ 135.646499][ T5834] em28xx 5-1:0.89: Registering V4L2 extension
[ 135.650258][ T3094] em28xx 8-1:0.89: Freeing device
[ 135.724250][ T5834] em28xx 5-1:0.89: Config register raw data: 0xffffffed
[ 135.731764][ T5834] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[ 135.739382][ T5834] em28xx 5-1:0.89: No AC97 audio processor
[ 135.755128][ T5834] usb 5-1: Decoder not found
[ 135.759883][ T5834] em28xx 5-1:0.89: failed to create media graph
[ 135.772536][ T5834] em28xx 5-1:0.89: V4L2 device video0 deregistered
[ 135.780636][ T5834] em28xx 5-1:0.89: Registering snapshot button...
[ 135.780928][ T5842] ==================================================================
[ 135.789882][ T5834] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.89/input/input9
[ 135.795244][ T5842] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 135.813184][ T5842] Read of size 8 at addr ffff88811d128730 by task v4l_id/5842
[ 135.817171][ T5834] em28xx 5-1:0.89: Remote control support is not available for this card.
[ 135.820678][ T5842]
[ 135.820730][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: v4l_id Not tainted 6.16.0-rc7-syzkaller-g51d4b0a44c82 #0 PREEMPT(voluntary)
[ 135.820778][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 135.820806][ T5842] Call Trace:
[ 135.820819][ T5842]
[ 135.820830][ T5842] dump_stack_lvl+0x116/0x1f0
[ 135.820901][ T5842] print_report+0xcd/0x610
[ 135.820939][ T5842] ? __virt_addr_valid+0x81/0x610
[ 135.820984][ T5842] ? __phys_addr+0xe8/0x180
[ 135.821030][ T5842] ? v4l2_fh_init+0x27d/0x2c0
[ 135.821074][ T5842] kasan_report+0xe0/0x110
[ 135.821112][ T5842] ? v4l2_fh_init+0x27d/0x2c0
[ 135.821162][ T5842] v4l2_fh_init+0x27d/0x2c0
[ 135.821205][ T5842] v4l2_fh_open+0x83/0xc0
[ 135.821250][ T5842] em28xx_v4l2_open+0x24e/0x7e0
[ 135.821298][ T5842] v4l2_open+0x222/0x490
[ 135.821336][ T5842] ? __pfx_v4l2_open+0x10/0x10
[ 135.821374][ T5842] chrdev_open+0x234/0x6a0
[ 135.821434][ T5842] ? __pfx_chrdev_open+0x10/0x10
[ 135.821494][ T5842] do_dentry_open+0x6da/0x13a0
[ 135.821541][ T5842] ? __pfx_chrdev_open+0x10/0x10
[ 135.821593][ T5842] ? inode_permission+0x156/0x630
[ 135.821631][ T5842] vfs_open+0x82/0x3f0
[ 135.821660][ T5842] ? may_open+0x1f2/0x400
[ 135.821698][ T5842] path_openat+0x1de4/0x2cb0
[ 135.821754][ T5842] ? __pfx_path_openat+0x10/0x10
[ 135.821805][ T5842] ? __lock_acquire+0xb8a/0x1c90
[ 135.821840][ T5842] do_filp_open+0x20b/0x470
[ 135.821889][ T5842] ? __pfx_do_filp_open+0x10/0x10
[ 135.821956][ T5842] ? alloc_fd+0x420/0x760
[ 135.822008][ T5842] do_sys_openat2+0x11b/0x1d0
[ 135.822041][ T5842] ? __pfx_do_sys_openat2+0x10/0x10
[ 135.822073][ T5842] ? find_held_lock+0x2b/0x80
[ 135.822118][ T5842] ? handle_mm_fault+0x2ab/0xd10
[ 135.822162][ T5842] __x64_sys_openat+0x174/0x210
[ 135.822197][ T5842] ? __pfx___x64_sys_openat+0x10/0x10
[ 135.822236][ T5842] ? do_user_addr_fault+0x83f/0x1240
[ 135.822277][ T5842] do_syscall_64+0xcd/0x4b0
[ 135.822310][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.822346][ T5842] RIP: 0033:0x7faff640a407
[ 135.822384][ T5842] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 135.822423][ T5842] RSP: 002b:00007fff393e2760 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 135.822456][ T5842] RAX: ffffffffffffffda RBX: 00007faff631c880 RCX: 00007faff640a407
[ 135.822479][ T5842] RDX: 0000000000000000 RSI: 00007fff393e3f25 RDI: ffffffffffffff9c
[ 135.822502][ T5842] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 135.822523][ T5842] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 135.822543][ T5842] R13: 00007fff393e29b0 R14: 00007faff6ba0000 R15: 000056292aa6f4d8
[ 135.822578][ T5842]
[ 135.822589][ T5842]
[ 135.829585][ T1120] em28xx 3-1:0.89: Closing input extension
[ 135.831545][ T5842] Allocated by task 5834:
[ 135.850532][ T1120] em28xx 3-1:0.89: Deregistering snapshot button
[ 135.853455][ T5842] kasan_save_stack+0x33/0x60
[ 136.121056][ T5842] kasan_save_track+0x14/0x30
[ 136.125764][ T5842] __kasan_kmalloc+0x8f/0xa0
[ 136.130371][ T5842] em28xx_v4l2_init+0x114/0x40c0
[ 136.135332][ T5842] em28xx_init_extension+0x137/0x200
[ 136.140647][ T5842] request_module_async+0x61/0x70
[ 136.145713][ T5842] process_one_work+0x9cc/0x1b70
[ 136.150699][ T5842] worker_thread+0x6c8/0xf10
[ 136.155313][ T5842] kthread+0x3c2/0x780
[ 136.159400][ T5842] ret_from_fork+0x5b3/0x6c0
[ 136.164020][ T5842] ret_from_fork_asm+0x1a/0x30
[ 136.168808][ T5842]
[ 136.171197][ T5842] Freed by task 5834:
[ 136.175185][ T5842] kasan_save_stack+0x33/0x60
[ 136.179876][ T5842] kasan_save_track+0x14/0x30
[ 136.184571][ T5842] kasan_save_free_info+0x3b/0x60
[ 136.189725][ T5842] __kasan_slab_free+0x37/0x50
[ 136.194507][ T5842] kfree+0x283/0x470
[ 136.198422][ T5842] em28xx_v4l2_init+0x22c5/0x40c0
[ 136.203469][ T5842] em28xx_init_extension+0x137/0x200
[ 136.208786][ T5842] request_module_async+0x61/0x70
[ 136.213844][ T5842] process_one_work+0x9cc/0x1b70
[ 136.218808][ T5842] worker_thread+0x6c8/0xf10
[ 136.223419][ T5842] kthread+0x3c2/0x780
[ 136.227508][ T5842] ret_from_fork+0x5b3/0x6c0
[ 136.232132][ T5842] ret_from_fork_asm+0x1a/0x30
[ 136.236921][ T5842]
[ 136.239253][ T5842] The buggy address belongs to the object at ffff88811d128000
[ 136.239253][ T5842] which belongs to the cache kmalloc-8k of size 8192
[ 136.254368][ T5842] The buggy address is located 1840 bytes inside of
[ 136.254368][ T5842] freed 8192-byte region [ffff88811d128000, ffff88811d12a000)
[ 136.268364][ T5842]
[ 136.270698][ T5842] The buggy address belongs to the physical page:
[ 136.277132][ T5842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d128
[ 136.286000][ T5842] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 136.294541][ T5842] flags: 0x200000000000040(head|node=0|zone=2)
[ 136.300736][ T5842] page_type: f5(slab)
[ 136.304735][ T5842] raw: 0200000000000040 ffff888100042280 ffffea0004754800 0000000000000002
[ 136.313347][ T5842] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 136.321953][ T5842] head: 0200000000000040 ffff888100042280 ffffea0004754800 0000000000000002
[ 136.330653][ T5842] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 136.339344][ T5842] head: 0200000000000003 ffffea0004744a01 00000000ffffffff 00000000ffffffff
[ 136.348036][ T5842] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 136.356728][ T5842] page dumped because: kasan: bad access detected
[ 136.363184][ T5842] page_owner tracks the page as allocated
[ 136.368956][ T5842] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3012, tgid 3012 (syz-executor), ts 62339240487, free_ts 62323565566
[ 136.390344][ T5842] post_alloc_hook+0x1c0/0x230
[ 136.395132][ T5842] get_page_from_freelist+0xf98/0x2ce0
[ 136.400617][ T5842] __alloc_frozen_pages_noprof+0x259/0x21e0
[ 136.406536][ T5842] alloc_pages_mpol+0xe4/0x410
[ 136.411322][ T5842] new_slab+0x23b/0x330
[ 136.415496][ T5842] ___slab_alloc+0xda5/0x1940
[ 136.420196][ T5842] __slab_alloc.constprop.0+0x56/0xb0
[ 136.425590][ T5842] __kmalloc_noprof+0x15b/0x4d0
[ 136.430465][ T5842] cache_create_net+0x9d/0x220
[ 136.435251][ T5842] gss_svc_init_net+0x69/0x660
[ 136.440030][ T5842] ops_init+0x1e2/0x5f0
[ 136.444204][ T5842] setup_net+0x1ff/0x510
[ 136.448461][ T5842] copy_net_ns+0x2a6/0x5f0
[ 136.452894][ T5842] create_new_namespaces+0x3ea/0xa90
[ 136.458209][ T5842] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 136.463876][ T5842] ksys_unshare+0x45b/0xa40
[ 136.468395][ T5842] page last free pid 322 tgid 322 stack trace:
[ 136.474555][ T5842] __free_frozen_pages+0x78a/0x1040
[ 136.479813][ T5842] __put_partials+0x16d/0x1c0
[ 136.484508][ T5842] qlist_free_all+0x4d/0x120
[ 136.489129][ T5842] kasan_quarantine_reduce+0x195/0x1e0
[ 136.494615][ T5842] __kasan_slab_alloc+0x4e/0x70
[ 136.499496][ T5842] __kmalloc_node_noprof+0x1c6/0x4c0
[ 136.504808][ T5842] alloc_slab_obj_exts+0x41/0xa0
[ 136.509770][ T5842] new_slab+0x283/0x330
[ 136.513948][ T5842] ___slab_alloc+0xda5/0x1940
[ 136.518653][ T5842] __slab_alloc.constprop.0+0x56/0xb0
[ 136.524136][ T5842] kmem_cache_alloc_node_noprof+0x1f6/0x3a0
[ 136.530056][ T5842] copy_process+0x4b6/0x7560
[ 136.534680][ T5842] kernel_clone+0xfc/0x960
[ 136.539138][ T5842] user_mode_thread+0xc7/0x110
[ 136.543957][ T5842] call_usermodehelper_exec_work+0x6b/0x170
[ 136.549876][ T5842] process_one_work+0x9cc/0x1b70
[ 136.554841][ T5842]
[ 136.557173][ T5842] Memory state around the buggy address:
[ 136.562810][ T5842] ffff88811d128600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.570884][ T5842] ffff88811d128680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.578965][ T5842] >ffff88811d128700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.587053][ T5842] ^
[ 136.592708][ T5842] ffff88811d128780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.600799][ T5842] ffff88811d128800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.608884][ T5842] ==================================================================
[ 136.617476][ T5842] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 136.624720][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: v4l_id Not tainted 6.16.0-rc7-syzkaller-g51d4b0a44c82 #0 PREEMPT(voluntary)
[ 136.636325][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 136.646459][ T5842] Call Trace:
[ 136.649760][ T5842]
[ 136.652715][ T5842] dump_stack_lvl+0x3d/0x1f0
[ 136.657364][ T5842] panic+0x71c/0x800
[ 136.661302][ T5842] ? __pfx_panic+0x10/0x10
[ 136.665769][ T5842] ? mark_held_locks+0x49/0x80
[ 136.670567][ T5842] ? v4l2_fh_init+0x27d/0x2c0
[ 136.675291][ T5842] ? check_panic_on_warn+0x1f/0xb0
[ 136.680434][ T5842] ? v4l2_fh_init+0x27d/0x2c0
[ 136.685146][ T5842] check_panic_on_warn+0xab/0xb0
[ 136.690120][ T5842] end_report+0x107/0x170
[ 136.694481][ T5842] kasan_report+0xee/0x110
[ 136.698964][ T5842] ? v4l2_fh_init+0x27d/0x2c0
[ 136.703682][ T5842] v4l2_fh_init+0x27d/0x2c0
[ 136.708227][ T5842] v4l2_fh_open+0x83/0xc0
[ 136.712606][ T5842] em28xx_v4l2_open+0x24e/0x7e0
[ 136.717519][ T5842] v4l2_open+0x222/0x490
[ 136.721792][ T5842] ? __pfx_v4l2_open+0x10/0x10
[ 136.726616][ T5842] chrdev_open+0x234/0x6a0
[ 136.731080][ T5842] ? __pfx_chrdev_open+0x10/0x10
[ 136.736070][ T5842] do_dentry_open+0x6da/0x13a0
[ 136.740877][ T5842] ? __pfx_chrdev_open+0x10/0x10
[ 136.745859][ T5842] ? inode_permission+0x156/0x630
[ 136.750917][ T5842] vfs_open+0x82/0x3f0
[ 136.755015][ T5842] ? may_open+0x1f2/0x400
[ 136.759441][ T5842] path_openat+0x1de4/0x2cb0
[ 136.764087][ T5842] ? __pfx_path_openat+0x10/0x10
[ 136.769156][ T5842] ? __lock_acquire+0xb8a/0x1c90
[ 136.774169][ T5842] do_filp_open+0x20b/0x470
[ 136.778741][ T5842] ? __pfx_do_filp_open+0x10/0x10
[ 136.783809][ T5842] ? alloc_fd+0x420/0x760
[ 136.788500][ T5842] do_sys_openat2+0x11b/0x1d0
[ 136.793232][ T5842] ? __pfx_do_sys_openat2+0x10/0x10
[ 136.798471][ T5842] ? find_held_lock+0x2b/0x80
[ 136.803193][ T5842] ? handle_mm_fault+0x2ab/0xd10
[ 136.808178][ T5842] __x64_sys_openat+0x174/0x210
[ 136.813076][ T5842] ? __pfx___x64_sys_openat+0x10/0x10
[ 136.818488][ T5842] ? do_user_addr_fault+0x83f/0x1240
[ 136.823832][ T5842] do_syscall_64+0xcd/0x4b0
[ 136.828373][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.834309][ T5842] RIP: 0033:0x7faff640a407
[ 136.838751][ T5842] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 136.858388][ T5842] RSP: 002b:00007fff393e2760 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 136.866836][ T5842] RAX: ffffffffffffffda RBX: 00007faff631c880 RCX: 00007faff640a407
[ 136.874836][ T5842] RDX: 0000000000000000 RSI: 00007fff393e3f25 RDI: ffffffffffffff9c
[ 136.882827][ T5842] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 136.890820][ T5842] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 136.899009][ T5842] R13: 00007fff393e29b0 R14: 00007faff6ba0000 R15: 000056292aa6f4d8
[ 136.907035][ T5842]
[ 136.910381][ T5842] Kernel Offset: disabled
[ 136.914729][ T5842] Rebooting in 86400 seconds..