Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts.
2026/04/06 06:20:25 parsed 1 programs
[ 38.667763][ T29] audit: type=1400 audit(1775456425.360:62): avc: denied { node_bind } for pid=2962 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 38.688667][ T29] audit: type=1400 audit(1775456425.360:63): avc: denied { module_request } for pid=2962 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 40.390197][ T29] audit: type=1400 audit(1775456427.080:64): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 40.413602][ T29] audit: type=1400 audit(1775456427.100:65): avc: denied { mount } for pid=2971 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 40.416636][ T2971] cgroup: Unknown subsys name 'net'
[ 40.442809][ T29] audit: type=1400 audit(1775456427.140:66): avc: denied { unmount } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 40.579285][ T2971] cgroup: Unknown subsys name 'cpuset'
[ 40.587163][ T2971] cgroup: Unknown subsys name 'rlimit'
[ 40.729365][ T29] audit: type=1400 audit(1775456427.420:67): avc: denied { setattr } for pid=2971 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 40.752738][ T29] audit: type=1400 audit(1775456427.420:68): avc: denied { create } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 40.773635][ T29] audit: type=1400 audit(1775456427.420:69): avc: denied { write } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 40.794788][ T29] audit: type=1400 audit(1775456427.420:70): avc: denied { read } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 40.815369][ T29] audit: type=1400 audit(1775456427.460:71): avc: denied { sys_module } for pid=2971 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 40.882380][ T2977] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 40.953614][ T2971] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 42.738736][ T2986] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 44.302295][ T29] kauditd_printk_skb: 29 callbacks suppressed
[ 44.302314][ T29] audit: type=1400 audit(1775456430.990:101): avc: denied { create } for pid=3059 comm="syz-executor" name="tun" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[ 44.397390][ T29] audit: type=1400 audit(1775456430.990:102): avc: denied { setattr } for pid=3059 comm="syz-executor" name="tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[ 44.438340][ T29] audit: type=1400 audit(1775456430.990:103): avc: denied { read write } for pid=3059 comm="syz-executor" name="tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[ 44.527355][ T29] audit: type=1400 audit(1775456430.990:104): avc: denied { open } for pid=3059 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
2026/04/06 06:20:40 executed programs: 0
2026/04/06 06:21:22 executed programs: 10
[ 96.074911][ T29] audit: type=1400 audit(1775456482.760:105): avc: denied { read write } for pid=5723 comm="syz.6.20" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 96.166564][ T29] audit: type=1400 audit(1775456482.800:106): avc: denied { open } for pid=5723 comm="syz.6.20" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 96.251989][ T29] audit: type=1400 audit(1775456482.830:107): avc: denied { ioctl } for pid=5723 comm="syz.6.20" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 96.377627][ T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 96.538336][ T23] usb 7-1: Using ep0 maxpacket: 32
[ 96.562287][ T23] usb 7-1: config 0 has an invalid interface number: 89 but max is 0
[ 96.592220][ T23] usb 7-1: config 0 has no interface number 0
[ 96.612463][ T23] usb 7-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 96.638280][ T23] usb 7-1: config 0 interface 89 has no altsetting 0
[ 96.648600][ T23] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[ 96.668790][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 96.676818][ T23] usb 7-1: Product: syz
[ 96.702244][ T23] usb 7-1: Manufacturer: syz
[ 96.706883][ T23] usb 7-1: SerialNumber: syz
[ 96.717348][ T359] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 96.741327][ T23] usb 7-1: config 0 descriptor??
[ 96.759084][ T23] em28xx 7-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 96.794379][ T23] em28xx 7-1:0.89: Video interface 89 found:
[ 96.898551][ T359] usb 8-1: Using ep0 maxpacket: 32
[ 96.918892][ T359] usb 8-1: config 0 has an invalid interface number: 89 but max is 0
[ 96.934648][ T359] usb 8-1: config 0 has no interface number 0
[ 96.941100][ T359] usb 8-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 96.951098][ T359] usb 8-1: config 0 interface 89 has no altsetting 0
[ 96.971397][ T359] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[ 96.987840][ T359] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 96.996945][ T359] usb 8-1: Product: syz
[ 97.001246][ T359] usb 8-1: Manufacturer: syz
[ 97.005856][ T359] usb 8-1: SerialNumber: syz
[ 97.020153][ T23] em28xx 7-1:0.89: unknown em28xx chip ID (0)
[ 97.036019][ T359] usb 8-1: config 0 descriptor??
[ 97.061106][ T359] em28xx 8-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 97.075877][ T359] em28xx 8-1:0.89: Video interface 89 found:
[ 97.100277][ T23] em28xx 7-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 97.109711][ T23] em28xx 7-1:0.89: board has no eeprom
[ 97.127339][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 97.171207][ T23] em28xx 7-1:0.89: Identified as Terratec Grabby (card=67)
[ 97.178634][ T23] em28xx 7-1:0.89: analog set to bulk mode.
[ 97.185097][ T5768] em28xx 7-1:0.89: Registering V4L2 extension
[ 97.205652][ T23] usb 7-1: USB disconnect, device number 2
[ 97.218516][ T23] em28xx 7-1:0.89: Disconnecting em28xx
[ 97.232850][ T5768] em28xx 7-1:0.89: Config register raw data: 0xffffffed
[ 97.240033][ T5768] em28xx 7-1:0.89: AC97 chip type couldn't be determined
[ 97.250143][ T5768] em28xx 7-1:0.89: No AC97 audio processor
[ 97.268634][ T5768] usb 7-1: Decoder not found
[ 97.275302][ T5768] em28xx 7-1:0.89: failed to create media graph
[ 97.277322][ T10] usb 5-1: Using ep0 maxpacket: 32
[ 97.281827][ T1123] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 97.294336][ T5768] em28xx 7-1:0.89: V4L2 device video0 deregistered
[ 97.301641][ T10] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[ 97.312302][ T10] usb 5-1: config 0 has no interface number 0
[ 97.312915][ T5768] em28xx 7-1:0.89: Registering snapshot button...
[ 97.319893][ T10] usb 5-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 97.327836][ T5768] input: em28xx snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.89/input/input5
[ 97.335158][ T359] em28xx 8-1:0.89: unknown em28xx chip ID (0)
[ 97.348855][ T5768] em28xx 7-1:0.89: Remote control support is not available for this card.
[ 97.353954][ T10] usb 5-1: config 0 interface 89 has no altsetting 0
[ 97.361580][ T23] em28xx 7-1:0.89: Closing input extension
[ 97.374253][ T23] em28xx 7-1:0.89: Deregistering snapshot button
[ 97.375311][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[ 97.389835][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 97.398166][ T10] usb 5-1: Product: syz
[ 97.402417][ T10] usb 5-1: Manufacturer: syz
[ 97.407021][ T10] usb 5-1: SerialNumber: syz
[ 97.407385][ T5771] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 97.421043][ T10] usb 5-1: config 0 descriptor??
[ 97.424292][ T23] em28xx 7-1:0.89: Freeing device
[ 97.434199][ T10] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 97.446451][ T10] em28xx 5-1:0.89: Video interface 89 found:
[ 97.447811][ T1123] usb 2-1: Using ep0 maxpacket: 32
[ 97.453004][ T359] em28xx 8-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 97.465824][ T359] em28xx 8-1:0.89: board has no eeprom
[ 97.478501][ T1123] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[ 97.492683][ T1123] usb 2-1: config 0 has no interface number 0
[ 97.500362][ T1123] usb 2-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 97.518421][ T1123] usb 2-1: config 0 interface 89 has no altsetting 0
[ 97.529330][ T1123] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[ 97.538587][ T1123] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 97.539714][ T359] em28xx 8-1:0.89: Identified as Terratec Grabby (card=67)
[ 97.546588][ T1123] usb 2-1: Product: syz
[ 97.546607][ T1123] usb 2-1: Manufacturer: syz
[ 97.546625][ T1123] usb 2-1: SerialNumber: syz
[ 97.564505][ T359] em28xx 8-1:0.89: analog set to bulk mode.
[ 97.573502][ T3073] em28xx 8-1:0.89: Registering V4L2 extension
[ 97.587316][ T5771] usb 6-1: Using ep0 maxpacket: 32
[ 97.598592][ T5771] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[ 97.622089][ T5771] usb 6-1: config 0 has no interface number 0
[ 97.630125][ T1123] usb 2-1: config 0 descriptor??
[ 97.635318][ T5771] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 97.641476][ T359] usb 8-1: USB disconnect, device number 2
[ 97.663751][ T1123] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 97.667157][ T3073] em28xx 8-1:0.89: reading from i2c device at 0x4a failed (error=-19)
[ 97.683669][ T5771] usb 6-1: config 0 interface 89 has no altsetting 0
[ 97.689113][ T359] em28xx 8-1:0.89: Disconnecting em28xx
[ 97.697575][ T1123] em28xx 2-1:0.89: Video interface 89 found:
[ 97.708282][ T5771] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[ 97.712413][ T10] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[ 97.721977][ T5771] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 97.727661][ T3073] em28xx 8-1:0.89: Config register raw data: 0xffffffed
[ 97.743089][ T5771] usb 6-1: Product: syz
[ 97.747440][ T3073] em28xx 8-1:0.89: AC97 chip type couldn't be determined
[ 97.747462][ T3073] em28xx 8-1:0.89: No AC97 audio processor
[ 97.762177][ T5771] usb 6-1: Manufacturer: syz
[ 97.762855][ T3073] usb 8-1: Decoder not found
[ 97.766799][ T5771] usb 6-1: SerialNumber: syz
[ 97.773660][ T3073] em28xx 8-1:0.89: failed to create media graph
[ 97.785286][ T5771] usb 6-1: config 0 descriptor??
[ 97.794553][ T3073] em28xx 8-1:0.89: V4L2 device video0 deregistered
[ 97.800023][ T5771] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 97.812322][ T10] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 97.815138][ T5771] em28xx 6-1:0.89: Video interface 89 found:
[ 97.834083][ T3073] em28xx 8-1:0.89: Registering snapshot button...
[ 97.841884][ T10] em28xx 5-1:0.89: board has no eeprom
[ 97.849089][ T3073] input: em28xx snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.89/input/input6
[ 97.862498][ T3073] em28xx 8-1:0.89: Remote control support is not available for this card.
[ 97.869067][ T23] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 97.871837][ T359] em28xx 8-1:0.89: Closing input extension
[ 97.884543][ T359] em28xx 8-1:0.89: Deregistering snapshot button
[ 97.896944][ T359] em28xx 8-1:0.89: Freeing device
[ 97.907729][ T1123] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[ 97.918773][ T10] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[ 97.926531][ T10] em28xx 5-1:0.89: analog set to bulk mode.
[ 97.932961][ T3073] em28xx 5-1:0.89: Registering V4L2 extension
[ 97.958348][ T10] usb 5-1: USB disconnect, device number 2
[ 97.982150][ T10] em28xx 5-1:0.89: Disconnecting em28xx
[ 97.985453][ T1123] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 98.005597][ T3073] em28xx 5-1:0.89: Config register raw data: 0xffffffed
[ 98.010964][ T1123] em28xx 2-1:0.89: board has no eeprom
[ 98.014400][ T3073] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[ 98.025533][ T3073] em28xx 5-1:0.89: No AC97 audio processor
[ 98.030299][ T23] usb 7-1: Using ep0 maxpacket: 32
[ 98.033921][ T3073] usb 5-1: Decoder not found
[ 98.041194][ T3073] em28xx 5-1:0.89: failed to create media graph
[ 98.050182][ T3073] em28xx 5-1:0.89: V4L2 device video0 deregistered
[ 98.050590][ T23] usb 7-1: config 0 has an invalid interface number: 89 but max is 0
[ 98.058966][ T5781] ==================================================================
[ 98.065719][ T23] usb 7-1: config 0 has no interface number 0
[ 98.072802][ T5781] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 98.072841][ T5781] Read of size 8 at addr ffff888115a9c740 by task v4l_id/5781
[ 98.072859][ T5781]
[ 98.072881][ T5781] CPU: 0 UID: 0 PID: 5781 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full)
[ 98.072908][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 98.072930][ T5781] Call Trace:
[ 98.072938][ T5781]
[ 98.072947][ T5781] dump_stack_lvl+0x100/0x190
[ 98.072981][ T5781] print_report+0x156/0x4c9
[ 98.073013][ T5781] ? __virt_addr_valid+0x81/0x620
[ 98.073048][ T5781] ? __phys_addr+0xe8/0x180
[ 98.073076][ T5781] ? v4l2_fh_init+0x27d/0x2c0
[ 98.073097][ T5781] kasan_report+0xdf/0x1e0
[ 98.073134][ T5781] ? v4l2_fh_init+0x27d/0x2c0
[ 98.073160][ T5781] v4l2_fh_init+0x27d/0x2c0
[ 98.073182][ T5781] v4l2_fh_open+0x64/0xa0
[ 98.073205][ T5781] em28xx_v4l2_open+0x11e/0x570
[ 98.073237][ T5781] v4l2_open+0x1d2/0x490
[ 98.073260][ T5781] ? __pfx_v4l2_open+0x10/0x10
[ 98.073283][ T5781] chrdev_open+0x234/0x6a0
[ 98.073310][ T5781] ? __pfx_chrdev_open+0x10/0x10
[ 98.073337][ T5781] ? path_get+0x61/0x80
[ 98.073370][ T5781] do_dentry_open+0x68b/0x14b0
[ 98.073394][ T5781] ? __pfx_chrdev_open+0x10/0x10
[ 98.073422][ T5781] ? inode_permission+0x374/0x620
[ 98.073457][ T5781] vfs_open+0x82/0x3f0
[ 98.073486][ T5781] ? may_open+0x1f3/0x410
[ 98.073520][ T5781] path_openat+0x208c/0x31a0
[ 98.073553][ T5781] ? __pfx_path_openat+0x10/0x10
[ 98.073587][ T5781] do_file_open+0x20e/0x430
[ 98.073616][ T5781] ? __pfx_do_file_open+0x10/0x10
[ 98.073654][ T5781] ? alloc_fd+0x42a/0x730
[ 98.073683][ T5781] ? do_getname+0x191/0x390
[ 98.073717][ T5781] do_sys_openat2+0x10d/0x1e0
[ 98.073748][ T5781] ? __pfx_do_sys_openat2+0x10/0x10
[ 98.073786][ T5781] __x64_sys_openat+0x12d/0x210
[ 98.073819][ T5781] ? __pfx___x64_sys_openat+0x10/0x10
[ 98.073853][ T5781] ? do_user_addr_fault+0x3e3/0x11d0
[ 98.073892][ T5781] do_syscall_64+0x106/0x7b0
[ 98.073917][ T5781] ? irqentry_exit+0x117/0x620
[ 98.073952][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 98.073977][ T5781] RIP: 0033:0x7fa2cd1cb407
[ 98.074000][ T5781] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 98.074028][ T5781] RSP: 002b:00007fff10057670 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 98.074055][ T5781] RAX: ffffffffffffffda RBX: 00007fa2cd0dd880 RCX: 00007fa2cd1cb407
[ 98.074071][ T5781] RDX: 0000000000000000 RSI: 00007fff10058f26 RDI: ffffffffffffff9c
[ 98.074087][ T5781] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 98.074101][ T5781] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 98.074116][ T5781] R13: 00007fff100578c0 R14: 00007fa2cd961000 R15: 000055ecd4d354d8
[ 98.074139][ T5781]
[ 98.074147][ T5781]
[ 98.080485][ T5771] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[ 98.086352][ T5781] Allocated by task 3073:
[ 98.098239][ T23] usb 7-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 98.105361][ T5781] kasan_save_stack+0x30/0x50
[ 98.115884][ T1123] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[ 98.118695][ T5781] kasan_save_track+0x14/0x30
[ 98.118728][ T5781] __kasan_kmalloc+0x8f/0xa0
[ 98.118755][ T5781] em28xx_v4l2_init.cold+0x94/0x3503
[ 98.121780][ T1123] em28xx 2-1:0.89: analog set to bulk mode.
[ 98.126352][ T5781] em28xx_init_extension+0x13a/0x200
[ 98.126392][ T5781] request_module_async+0x61/0x80
[ 98.133804][ T23] usb 7-1: config 0 interface 89 has no altsetting 0
[ 98.135901][ T5781] process_one_work+0xa23/0x19a0
[ 98.142887][ T23] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[ 98.145083][ T5781] worker_thread+0x5ef/0xe50
[ 98.153342][ T1123] usb 2-1: USB disconnect, device number 2
[ 98.154154][ T5781] kthread+0x370/0x450
[ 98.158774][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 98.162952][ T5781] ret_from_fork+0x6c3/0xcb0
[ 98.162987][ T5781] ret_from_fork_asm+0x1a/0x30
[ 98.169866][ T1123] em28xx 2-1:0.89: Disconnecting em28xx
[ 98.172041][ T5781]
[ 98.172049][ T5781] Freed by task 3073:
[ 98.176913][ T23] usb 7-1: Product: syz
[ 98.181187][ T5781] kasan_save_stack+0x30/0x50
[ 98.181221][ T5781] kasan_save_track+0x14/0x30
[ 98.181249][ T5781] kasan_save_free_info+0x3b/0x70
[ 98.181274][ T5781] __kasan_slab_free+0x43/0x70
[ 98.188929][ T23] usb 7-1: Manufacturer: syz
[ 98.190346][ T5781] kfree+0x1dc/0x640
[ 98.190369][ T5781] kref_put.isra.0+0x56/0x90
[ 98.190394][ T5781] em28xx_v4l2_init.cold+0x280/0x3503
[ 98.195225][ T5771] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 98.200065][ T5781] em28xx_init_extension+0x13a/0x200
[ 98.200101][ T5781] request_module_async+0x61/0x80
[ 98.200122][ T5781] process_one_work+0xa23/0x19a0
[ 98.200146][ T5781] worker_thread+0x5ef/0xe50
[ 98.200168][ T5781] kthread+0x370/0x450
[ 98.206265][ T5771] em28xx 6-1:0.89: board has no eeprom
[ 98.209235][ T5781] ret_from_fork+0x6c3/0xcb0
[ 98.209268][ T5781] ret_from_fork_asm+0x1a/0x30
[ 98.209299][ T5781]
[ 98.209305][ T5781] The buggy address belongs to the object at ffff888115a9c000
[ 98.209305][ T5781] which belongs to the cache kmalloc-8k of size 8192
[ 98.214780][ T23] usb 7-1: SerialNumber: syz
[ 98.218189][ T5781] The buggy address is located 1856 bytes inside of
[ 98.218189][ T5781] freed 8192-byte region [ffff888115a9c000, ffff888115a9e000)
[ 98.218216][ T5781]
[ 98.218222][ T5781] The buggy address belongs to the physical page:
[ 98.218241][ T5781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115a98
[ 98.218267][ T5781] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 98.218285][ T5781] flags: 0x200000000000040(head|node=0|zone=2)
[ 98.226988][ T23] usb 7-1: config 0 descriptor??
[ 98.227696][ T5781] page_type: f5(slab)
[ 98.227719][ T5781] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 98.227748][ T5781] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[ 98.236412][ T23] em28xx 7-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 98.237073][ T5781] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 98.242141][ T23] em28xx 7-1:0.89: Video interface 89 found:
[ 98.246209][ T5781] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[ 98.246232][ T5781] head: 0200000000000003 ffffea000456a601 00000000ffffffff 00000000ffffffff
[ 98.246253][ T5781] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 98.267385][ T5771] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[ 98.271440][ T5781] page dumped because: kasan: bad access detected
[ 98.271468][ T5781] page_owner tracks the page as allocated
[ 98.276573][ T5771] em28xx 6-1:0.89: analog set to bulk mode.
[ 98.282091][ T5781] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3522, tgid 3522 (syz-executor), ts 55390982122, free_ts 54044976044
[ 98.282135][ T5781] post_alloc_hook+0x153/0x170
[ 98.282173][ T5781] get_page_from_freelist+0xf10/0x39f0
[ 98.290389][ T29] audit: type=1400 audit(1775456484.980:108): avc: denied { read } for pid=2837 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 98.306159][ T5781] __alloc_frozen_pages_noprof+0x273/0x2860
[ 98.306190][ T5781] new_slab+0xa6/0x6c0
[ 98.306222][ T5781] refill_objects+0x26b/0x400
[ 98.306241][ T5781] __pcs_replace_empty_main+0x1ab/0x660
[ 98.306264][ T5781] __kmalloc_cache_noprof+0x52c/0x6b0
[ 98.306295][ T5781] mr_table_alloc+0x5f/0x2e0
[ 98.323265][ T5771] usb 6-1: USB disconnect, device number 2
[ 98.330743][ T5781] ipmr_net_init+0x1ef/0x340
[ 98.330772][ T5781] ops_init+0x1e2/0x5f0
[ 98.330796][ T5781] setup_net+0x118/0x3a0
[ 98.330818][ T5781] copy_net_ns+0x440/0x780
[ 98.330844][ T5781] create_new_namespaces+0x3ea/0xc00
[ 98.339211][ T29] audit: type=1400 audit(1775456484.980:109): avc: denied { search } for pid=2837 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 98.346784][ T5781] unshare_nsproxy_namespaces+0xc3/0x1f0
[ 98.881931][ T5781] ksys_unshare+0x473/0xad0
[ 98.886454][ T5781] __x64_sys_unshare+0x31/0x40
[ 98.891252][ T5781] page last free pid 3501 tgid 3501 stack trace:
[ 98.897580][ T5781] __free_frozen_pages+0x7b1/0xfb0
[ 98.902706][ T5781] qlist_free_all+0x47/0xe0
[ 98.907216][ T5781] kasan_quarantine_reduce+0x1a0/0x1f0
[ 98.912688][ T5781] __kasan_slab_alloc+0x4e/0x70
[ 98.917556][ T5781] kmem_cache_alloc_noprof+0x2e7/0x6a0
[ 98.923035][ T5781] vm_area_dup+0x25/0x6e0
[ 98.927366][ T5781] __split_vma+0x18c/0xd60
[ 98.931782][ T5781] vma_modify+0x10bd/0x21e0
[ 98.936283][ T5781] vma_modify_flags+0x1f2/0x350
[ 98.941132][ T5781] mprotect_fixup+0x209/0xb70
[ 98.945821][ T5781] do_mprotect_pkey+0x9e1/0xe70
[ 98.950668][ T5781] __x64_sys_mprotect+0x78/0xc0
[ 98.955514][ T5781] do_syscall_64+0x106/0x7b0
[ 98.960105][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 98.966000][ T5781]
[ 98.968315][ T5781] Memory state around the buggy address:
[ 98.973937][ T5781] ffff888115a9c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.981992][ T5781] ffff888115a9c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.990049][ T5781] >ffff888115a9c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.998105][ T5781] ^
[ 99.004250][ T5781] ffff888115a9c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.012315][ T5781] ffff888115a9c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.020375][ T5781] ==================================================================
[ 99.028588][ T3073] em28xx 5-1:0.89: Registering snapshot button...
[ 99.031490][ T5771] em28xx 6-1:0.89: Disconnecting em28xx
[ 99.036389][ T3073] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.89/input/input7
[ 99.051106][ T29] audit: type=1400 audit(1775456484.980:110): avc: denied { search } for pid=2837 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 99.101061][ T29] audit: type=1400 audit(1775456484.980:111): avc: denied { add_name } for pid=2837 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 99.114441][ T5781] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 99.114462][ T5781] CPU: 1 UID: 0 PID: 5781 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full)
[ 99.114492][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 99.114507][ T5781] Call Trace:
[ 99.114515][ T5781]
[ 99.114524][ T5781] dump_stack_lvl+0x100/0x190
[ 99.114559][ T5781] vpanic+0x552/0x970
[ 99.114587][ T5781] ? __pfx_vpanic+0x10/0x10
[ 99.114617][ T5781] ? v4l2_fh_init+0x27d/0x2c0
[ 99.114640][ T5781] panic+0xd1/0xe0
[ 99.114665][ T5781] ? __pfx_panic+0x10/0x10
[ 99.114693][ T5781] ? v4l2_fh_init+0x27d/0x2c0
[ 99.114715][ T5781] ? preempt_schedule_common+0x42/0xc0
[ 99.114751][ T5781] ? check_panic_on_warn+0x1f/0x90
[ 99.114794][ T5781] check_panic_on_warn.cold+0x19/0x34
[ 99.114824][ T5781] end_report.part.0+0x3a/0x90
[ 99.114856][ T5781] kasan_report.cold+0xe/0x18
[ 99.114888][ T5781] ? v4l2_fh_init+0x27d/0x2c0
[ 99.114915][ T5781] v4l2_fh_init+0x27d/0x2c0
[ 99.114938][ T5781] v4l2_fh_open+0x64/0xa0
[ 99.114962][ T5781] em28xx_v4l2_open+0x11e/0x570
[ 99.114991][ T5781] v4l2_open+0x1d2/0x490
[ 99.115010][ T5781] ? __pfx_v4l2_open+0x10/0x10
[ 99.115029][ T5781] chrdev_open+0x234/0x6a0
[ 99.115058][ T5781] ? __pfx_chrdev_open+0x10/0x10
[ 99.115084][ T5781] ? path_get+0x61/0x80
[ 99.115118][ T5781] do_dentry_open+0x68b/0x14b0
[ 99.115142][ T5781] ? __pfx_chrdev_open+0x10/0x10
[ 99.115171][ T5781] ? inode_permission+0x374/0x620
[ 99.115207][ T5781] vfs_open+0x82/0x3f0
[ 99.115243][ T5781] ? may_open+0x1f3/0x410
[ 99.115278][ T5781] path_openat+0x208c/0x31a0
[ 99.115312][ T5781] ? __pfx_path_openat+0x10/0x10
[ 99.115346][ T5781] do_file_open+0x20e/0x430
[ 99.115375][ T5781] ? __pfx_do_file_open+0x10/0x10
[ 99.115415][ T5781] ? alloc_fd+0x42a/0x730
[ 99.115445][ T5781] ? do_getname+0x191/0x390
[ 99.115479][ T5781] do_sys_openat2+0x10d/0x1e0
[ 99.115511][ T5781] ? __pfx_do_sys_openat2+0x10/0x10
[ 99.115549][ T5781] __x64_sys_openat+0x12d/0x210
[ 99.115582][ T5781] ? __pfx___x64_sys_openat+0x10/0x10
[ 99.115618][ T5781] ? do_user_addr_fault+0x3e3/0x11d0
[ 99.115657][ T5781] do_syscall_64+0x106/0x7b0
[ 99.115681][ T5781] ? irqentry_exit+0x117/0x620
[ 99.115718][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.115743][ T5781] RIP: 0033:0x7fa2cd1cb407
[ 99.115762][ T5781] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 99.115786][ T5781] RSP: 002b:00007fff10057670 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 99.115810][ T5781] RAX: ffffffffffffffda RBX: 00007fa2cd0dd880 RCX: 00007fa2cd1cb407
[ 99.115828][ T5781] RDX: 0000000000000000 RSI: 00007fff10058f26 RDI: ffffffffffffff9c
[ 99.115843][ T5781] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 99.115858][ T5781] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 99.115873][ T5781] R13: 00007fff100578c0 R14: 00007fa2cd961000 R15: 000055ecd4d354d8
[ 99.115896][ T5781]
[ 99.121857][ T5781] Kernel Offset: disabled