Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts.
2026/05/01 20:40:39 parsed 1 programs
[ 63.380534][ T29] audit: type=1400 audit(1777668039.268:62): avc: denied { node_bind } for pid=2979 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 63.401810][ T29] audit: type=1400 audit(1777668039.278:63): avc: denied { module_request } for pid=2979 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 66.619418][ T29] audit: type=1400 audit(1777668042.508:64): avc: denied { mounton } for pid=2990 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 66.643681][ T29] audit: type=1400 audit(1777668042.538:65): avc: denied { mount } for pid=2990 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 66.657873][ T2990] cgroup: Unknown subsys name 'net'
[ 66.673303][ T29] audit: type=1400 audit(1777668042.558:66): avc: denied { unmount } for pid=2990 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 66.817844][ T2990] cgroup: Unknown subsys name 'cpuset'
[ 66.826903][ T2990] cgroup: Unknown subsys name 'rlimit'
[ 67.025011][ T29] audit: type=1400 audit(1777668042.918:67): avc: denied { setattr } for pid=2990 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 67.048654][ T29] audit: type=1400 audit(1777668042.918:68): avc: denied { create } for pid=2990 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 67.069650][ T29] audit: type=1400 audit(1777668042.918:69): avc: denied { write } for pid=2990 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 67.090503][ T29] audit: type=1400 audit(1777668042.918:70): avc: denied { read } for pid=2990 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 67.120287][ T29] audit: type=1400 audit(1777668043.008:71): avc: denied { sys_module } for pid=2990 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 67.245683][ T2994] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 67.363738][ T2990] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 69.035654][ T29] kauditd_printk_skb: 8 callbacks suppressed
[ 69.035680][ T29] audit: type=1400 audit(1777668044.918:80): avc: denied { execmem } for pid=2995 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 69.134946][ T29] audit: type=1400 audit(1777668044.978:81): avc: denied { create } for pid=2996 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 69.217549][ T29] audit: type=1400 audit(1777668044.978:82): avc: denied { sys_admin } for pid=2996 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 69.262914][ T29] audit: type=1400 audit(1777668044.988:83): avc: denied { read } for pid=3000 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 69.311989][ T29] audit: type=1400 audit(1777668044.988:84): avc: denied { open } for pid=3000 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 69.355308][ T29] audit: type=1400 audit(1777668044.988:85): avc: denied { mounton } for pid=3000 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 69.404519][ T29] audit: type=1400 audit(1777668045.108:86): avc: denied { mounton } for pid=2997 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=531 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 69.491061][ T29] audit: type=1400 audit(1777668045.178:87): avc: denied { mounton } for pid=3000 comm="syz-executor" path="/root/syzkaller.tzLolt/syz-tmp" dev="sda1" ino=2043 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 69.570685][ T29] audit: type=1400 audit(1777668045.188:88): avc: denied { mount } for pid=3000 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 69.650753][ T29] audit: type=1400 audit(1777668045.188:89): avc: denied { mounton } for pid=3000 comm="syz-executor" path="/root/syzkaller.tzLolt/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 69.880161][ T3000] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 71.904297][ T3028] syz-executor (3028) used greatest stack depth: 23432 bytes left
2026/05/01 20:41:02 executed programs: 0
2026/05/01 20:41:54 executed programs: 10
[ 138.916031][ T29] kauditd_printk_skb: 15 callbacks suppressed
[ 138.916078][ T29] audit: type=1400 audit(1777668114.798:105): avc: denied { read write } for pid=5762 comm="syz.6.18" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 139.040058][ T29] audit: type=1400 audit(1777668114.808:106): avc: denied { open } for pid=5762 comm="syz.6.18" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 139.126179][ T29] audit: type=1400 audit(1777668114.808:107): avc: denied { ioctl } for pid=5762 comm="syz.6.18" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 139.255375][ T3084] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 139.444642][ T3084] usb 7-1: Using ep0 maxpacket: 32
[ 139.453274][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 139.464145][ T3084] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[ 139.477652][ T3084] usb 7-1: config 0 has no interface number 0
[ 139.485273][ T3084] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 139.497784][ T3084] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 139.523982][ T3084] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 139.532117][ T3084] usb 7-1: Product: syz
[ 139.541790][ T3084] usb 7-1: Manufacturer: syz
[ 139.548940][ T3084] usb 7-1: SerialNumber: syz
[ 139.566831][ T3084] usb 7-1: config 0 descriptor??
[ 139.631904][ T3084] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 139.650526][ T3084] em28xx 7-1:0.132: Video interface 132 found:
[ 139.655608][ T10] usb 8-1: Using ep0 maxpacket: 32
[ 139.663341][ T2816] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 139.676100][ T10] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[ 139.690085][ T10] usb 8-1: config 0 has no interface number 0
[ 139.696489][ T10] usb 8-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 139.709637][ T10] usb 8-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 139.726066][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 139.735178][ T10] usb 8-1: Product: syz
[ 139.739719][ T10] usb 8-1: Manufacturer: syz
[ 139.744492][ T10] usb 8-1: SerialNumber: syz
[ 139.755257][ T10] usb 8-1: config 0 descriptor??
[ 139.767644][ T10] em28xx 8-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 139.778331][ T10] em28xx 8-1:0.132: Video interface 132 found:
[ 139.833285][ T2816] usb 5-1: Using ep0 maxpacket: 32
[ 139.840616][ T2816] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 139.850071][ T2816] usb 5-1: config 0 has no interface number 0
[ 139.853820][ T800] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 139.857246][ T2816] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 139.874469][ T3084] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[ 139.884071][ T2816] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 139.893317][ T2816] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 139.901433][ T2816] usb 5-1: Product: syz
[ 139.905999][ T2816] usb 5-1: Manufacturer: syz
[ 139.910814][ T2816] usb 5-1: SerialNumber: syz
[ 139.918830][ T2816] usb 5-1: config 0 descriptor??
[ 139.932530][ T2816] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 139.944416][ T2816] em28xx 5-1:0.132: Video interface 132 found:
[ 139.954119][ T3084] em28xx 7-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 139.963106][ T3084] em28xx 7-1:0.132: board has no eeprom
[ 139.973655][ T5782] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 140.014590][ T10] em28xx 8-1:0.132: unknown em28xx chip ID (0)
[ 140.023934][ T3084] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 140.031985][ T3084] em28xx 7-1:0.132: analog set to bulk mode.
[ 140.038778][ T5783] em28xx 7-1:0.132: Registering V4L2 extension
[ 140.043483][ T800] usb 6-1: Using ep0 maxpacket: 32
[ 140.052462][ T800] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[ 140.063239][ T800] usb 6-1: config 0 has no interface number 0
[ 140.069488][ T800] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 140.082513][ T10] em28xx 8-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 140.092518][ T10] em28xx 8-1:0.132: board has no eeprom
[ 140.101002][ T800] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 140.113053][ T3084] usb 7-1: USB disconnect, device number 2
[ 140.119254][ T800] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 140.136951][ T800] usb 6-1: Product: syz
[ 140.142347][ T800] usb 6-1: Manufacturer: syz
[ 140.147159][ T5782] usb 1-1: Using ep0 maxpacket: 32
[ 140.152611][ T800] usb 6-1: SerialNumber: syz
[ 140.157520][ T10] em28xx 8-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 140.166952][ T10] em28xx 8-1:0.132: analog set to bulk mode.
[ 140.178113][ T3084] em28xx 7-1:0.132: Disconnecting em28xx
[ 140.179634][ T5782] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 140.184806][ T2816] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 140.210362][ T800] usb 6-1: config 0 descriptor??
[ 140.229661][ T5782] usb 1-1: config 0 has no interface number 0
[ 140.240487][ T10] usb 8-1: USB disconnect, device number 2
[ 140.261114][ T5782] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 140.271625][ T800] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 140.288174][ T2816] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 140.299041][ T10] em28xx 8-1:0.132: Disconnecting em28xx
[ 140.306474][ T800] em28xx 6-1:0.132: Video interface 132 found:
[ 140.320538][ T2816] em28xx 5-1:0.132: board has no eeprom
[ 140.321141][ T5782] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 140.353265][ T5782] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 140.363633][ T5782] usb 1-1: Product: syz
[ 140.374109][ T5782] usb 1-1: Manufacturer: syz
[ 140.381704][ T5782] usb 1-1: SerialNumber: syz
[ 140.396033][ T2816] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 140.410386][ T2816] em28xx 5-1:0.132: analog set to bulk mode.
[ 140.425125][ T5782] usb 1-1: config 0 descriptor??
[ 140.458985][ T2816] usb 5-1: USB disconnect, device number 2
[ 140.476425][ T2816] em28xx 5-1:0.132: Disconnecting em28xx
[ 140.483015][ T5782] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 140.499714][ T800] em28xx 6-1:0.132: unknown em28xx chip ID (0)
[ 140.520551][ T5782] em28xx 1-1:0.132: Video interface 132 found:
[ 140.521200][ T5783] em28xx 7-1:0.132: Config register raw data: 0xffffffed
[ 140.542513][ T5783] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[ 140.558980][ T5783] em28xx 7-1:0.132: No AC97 audio processor
[ 140.576474][ T5783] usb 7-1: Decoder not found
[ 140.581828][ T5783] em28xx 7-1:0.132: failed to create media graph
[ 140.589221][ T5783] em28xx 7-1:0.132: V4L2 device video0 deregistered
[ 140.601117][ T5783] em28xx 7-1:0.132: Remote control support is not available for this card.
[ 140.603799][ T800] em28xx 6-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 140.614798][ T3084] em28xx 7-1:0.132: Closing input extension
[ 140.628726][ T5789] em28xx 8-1:0.132: Registering V4L2 extension
[ 140.643145][ T3084] em28xx 7-1:0.132: Freeing device
[ 140.649827][ T800] em28xx 6-1:0.132: board has no eeprom
[ 140.706863][ T5782] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 140.723373][ T800] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 140.746487][ T800] em28xx 6-1:0.132: analog set to bulk mode.
[ 140.771742][ T800] usb 6-1: USB disconnect, device number 2
[ 140.792131][ T800] em28xx 6-1:0.132: Disconnecting em28xx
[ 140.802020][ T5782] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 140.814895][ T5782] em28xx 1-1:0.132: board has no eeprom
[ 140.858877][ T5789] em28xx 8-1:0.132: Config register raw data: 0xffffffed
[ 140.866372][ T5789] em28xx 8-1:0.132: AC97 chip type couldn't be determined
[ 140.878772][ T5789] em28xx 8-1:0.132: No AC97 audio processor
[ 140.884863][ T5782] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 140.894155][ T5782] em28xx 1-1:0.132: analog set to bulk mode.
[ 140.901333][ T5789] usb 8-1: Decoder not found
[ 140.906208][ T5789] em28xx 8-1:0.132: failed to create media graph
[ 140.914003][ T5789] em28xx 8-1:0.132: V4L2 device video0 deregistered
[ 140.925417][ T5782] usb 1-1: USB disconnect, device number 2
[ 140.934995][ T5789] em28xx 8-1:0.132: Remote control support is not available for this card.
[ 140.935022][ T5802] ==================================================================
[ 140.935039][ T5802] BUG: KASAN: slab-use-after-free in v4l2_open+0x351/0x490
[ 140.958958][ T5802] Read of size 4 at addr ffff888117770858 by task v4l_id/5802
[ 140.966453][ T5802]
[ 140.968841][ T5802] CPU: 1 UID: 0 PID: 5802 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full)
[ 140.968874][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 140.968898][ T5802] Call Trace:
[ 140.968909][ T5802]
[ 140.968924][ T5802] dump_stack_lvl+0x100/0x190
[ 140.968960][ T5802] print_report+0x13d/0x4b0
[ 140.968999][ T5802] ? __virt_addr_valid+0x239/0x430
[ 140.969032][ T5802] ? v4l2_open+0x351/0x490
[ 140.969065][ T5802] kasan_report+0xdf/0x1d0
[ 140.969100][ T5802] ? v4l2_open+0x351/0x490
[ 140.969137][ T5802] v4l2_open+0x351/0x490
[ 140.969170][ T5802] ? __pfx_v4l2_open+0x10/0x10
[ 140.969203][ T5802] chrdev_open+0x234/0x6a0
[ 140.969228][ T5802] ? __pfx_chrdev_open+0x10/0x10
[ 140.969256][ T5802] ? path_get+0x61/0x80
[ 140.969287][ T5802] do_dentry_open+0x68b/0x14b0
[ 140.969326][ T5802] ? __pfx_chrdev_open+0x10/0x10
[ 140.969351][ T5802] ? inode_permission+0x374/0x620
[ 140.969385][ T5802] vfs_open+0x82/0x3f0
[ 140.969412][ T5802] ? may_open+0x1f3/0x410
[ 140.969445][ T5802] path_openat+0x208c/0x31a0
[ 140.969475][ T5802] ? __pfx_path_openat+0x10/0x10
[ 140.969506][ T5802] do_file_open+0x20e/0x430
[ 140.969532][ T5802] ? __pfx_do_file_open+0x10/0x10
[ 140.969569][ T5802] ? alloc_fd+0x42a/0x730
[ 140.969594][ T5802] ? do_getname+0x191/0x390
[ 140.969626][ T5802] do_sys_openat2+0x10d/0x1e0
[ 140.969656][ T5802] ? __pfx_do_sys_openat2+0x10/0x10
[ 140.969692][ T5802] __x64_sys_openat+0x12d/0x210
[ 140.969722][ T5802] ? __pfx___x64_sys_openat+0x10/0x10
[ 140.969761][ T5802] ? rcu_is_watching+0x12/0xc0
[ 140.969795][ T5802] do_syscall_64+0x10b/0x7f0
[ 140.969834][ T5802] ? irqentry_exit+0xe5/0x6c0
[ 140.969870][ T5802] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 140.969904][ T5802] RIP: 0033:0x7fb9a3591407
[ 140.969931][ T5802] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 140.969960][ T5802] RSP: 002b:00007ffd727ee1a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 140.969990][ T5802] RAX: ffffffffffffffda RBX: 00007fb9a34a3880 RCX: 00007fb9a3591407
[ 140.970010][ T5802] RDX: 0000000000000000 RSI: 00007ffd727eef25 RDI: ffffffffffffff9c
[ 140.970027][ T5802] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 140.970043][ T5802] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 140.970059][ T5802] R13: 00007ffd727ee3f0 R14: 00007fb9a3d27000 R15: 00005601911e54d8
[ 140.970084][ T5802]
[ 140.970093][ T5802]
[ 141.214770][ T5802] Allocated by task 5789:
[ 141.219141][ T5802] kasan_save_stack+0x30/0x50
[ 141.223866][ T5802] kasan_save_track+0x14/0x30
[ 141.228581][ T5802] __kasan_kmalloc+0x8f/0xa0
[ 141.233218][ T5802] em28xx_v4l2_init.cold+0x94/0x3a40
[ 141.238557][ T5802] em28xx_init_extension+0x13a/0x200
[ 141.243892][ T5802] request_module_async+0x61/0x80
[ 141.248973][ T5802] process_one_work+0xa0e/0x1980
[ 141.253948][ T5802] worker_thread+0x5ef/0xe50
[ 141.258581][ T5802] kthread+0x370/0x450
[ 141.262694][ T5802] ret_from_fork+0x69a/0xc80
[ 141.267345][ T5802] ret_from_fork_asm+0x1a/0x30
[ 141.272163][ T5802]
[ 141.274515][ T5802] Freed by task 5789:
[ 141.278524][ T5802] kasan_save_stack+0x30/0x50
[ 141.283243][ T5802] kasan_save_track+0x14/0x30
[ 141.287974][ T5802] kasan_save_free_info+0x3b/0x70
[ 141.293067][ T5802] __kasan_slab_free+0x43/0x70
[ 141.297881][ T5802] kfree+0x204/0x650
[ 141.301829][ T5802] kref_put.isra.0+0x53/0x75
[ 141.306483][ T5802] em28xx_v4l2_init.cold+0x280/0x3a40
[ 141.311910][ T5802] em28xx_init_extension+0x13a/0x200
[ 141.317244][ T5802] request_module_async+0x61/0x80
[ 141.322325][ T5802] process_one_work+0xa0e/0x1980
[ 141.327307][ T5802] worker_thread+0x5ef/0xe50
[ 141.331934][ T5802] kthread+0x370/0x450
[ 141.336050][ T5802] ret_from_fork+0x69a/0xc80
[ 141.340730][ T5802] ret_from_fork_asm+0x1a/0x30
[ 141.345554][ T5802]
[ 141.347918][ T5802] The buggy address belongs to the object at ffff888117770000
[ 141.347918][ T5802] which belongs to the cache kmalloc-8k of size 8192
[ 141.362024][ T5802] The buggy address is located 2136 bytes inside of
[ 141.362024][ T5802] freed 8192-byte region [ffff888117770000, ffff888117772000)
[ 141.376057][ T5802]
[ 141.378415][ T5802] The buggy address belongs to the physical page:
[ 141.384865][ T5802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117770
[ 141.393789][ T5802] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 141.402325][ T5802] flags: 0x200000000000040(head|node=0|zone=2)
[ 141.408527][ T5802] page_type: f5(slab)
[ 141.412548][ T5802] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
[ 141.421193][ T5802] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[ 141.429826][ T5802] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122
[ 141.438555][ T5802] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[ 141.447276][ T5802] head: 0200000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 141.455992][ T5802] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 141.464940][ T5802] page dumped because: kasan: bad access detected
[ 141.471498][ T5802] page_owner tracks the page as allocated
[ 141.477247][ T5802] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2841, tgid 2841 (acpid), ts 18103181167, free_ts 0
[ 141.496579][ T5802] post_alloc_hook+0x153/0x170
[ 141.501401][ T5802] get_page_from_freelist+0xf34/0x3a90
[ 141.506904][ T5802] __alloc_frozen_pages_noprof+0x273/0x28a0
[ 141.512861][ T5802] new_slab+0xa6/0x6b0
[ 141.516991][ T5802] refill_objects+0x277/0x420
[ 141.521726][ T5802] __pcs_replace_empty_main+0x375/0x650
[ 141.527354][ T5802] __kmalloc_cache_noprof+0x52c/0x6b0
[ 141.532794][ T5802] audit_log_d_path+0xed/0x210
[ 141.537609][ T5802] audit_log_lsm_data+0xff3/0x1fa0
[ 141.542769][ T5802] common_lsm_audit+0x229/0x2b0
[ 141.547668][ T5802] slow_avc_audit+0x186/0x210
[ 141.552404][ T5802] avc_has_perm+0x1a6/0x1e0
[ 141.556944][ T5802] inode_has_perm+0x166/0x1d0
[ 141.561670][ T5802] selinux_file_open+0x39d/0x510
[ 141.566684][ T5802] security_file_open+0x34/0x70
[ 141.571592][ T5802] do_dentry_open+0x589/0x14b0
[ 141.576411][ T5802] page_owner free stack trace missing
[ 141.581816][ T5802]
[ 141.584176][ T5802] Memory state around the buggy address:
[ 141.589848][ T5802] ffff888117770700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.597948][ T5802] ffff888117770780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.606071][ T5802] >ffff888117770800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.614239][ T5802] ^
[ 141.621209][ T5802] ffff888117770880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.629345][ T5802] ffff888117770900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.637441][ T5802] ==================================================================
[ 141.646903][ T5782] em28xx 1-1:0.132: Disconnecting em28xx
[ 141.649328][ T3084] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 141.657296][ T10] em28xx 8-1:0.132: Closing input extension
[ 141.666255][ T28] em28xx 5-1:0.132: Registering V4L2 extension
[ 141.672602][ T5802] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 141.679867][ T5802] CPU: 0 UID: 0 PID: 5802 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full)
[ 141.688859][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 141.698957][ T5802] Call Trace:
[ 141.702276][ T5802]
[ 141.705247][ T5802] dump_stack_lvl+0x100/0x190
[ 141.709977][ T5802] vpanic+0x552/0x970
[ 141.714013][ T5802] ? __pfx_vpanic+0x10/0x10
[ 141.718566][ T5802] ? rcu_is_watching+0x12/0xc0
[ 141.723372][ T5802] ? irqentry_exit+0x214/0x6c0
[ 141.728190][ T5802] ? v4l2_open+0x351/0x490
[ 141.732664][ T5802] panic+0xd1/0xe0
[ 141.736432][ T5802] ? __pfx_panic+0x10/0x10
[ 141.740921][ T5802] ? check_panic_on_warn+0x1f/0x90
[ 141.746086][ T5802] check_panic_on_warn.cold+0x19/0x34
[ 141.751510][ T5802] end_report.part.0+0x3a/0x90
[ 141.756327][ T5802] kasan_report.cold+0xe/0x18
[ 141.761063][ T5802] ? v4l2_open+0x351/0x490
[ 141.765537][ T5802] v4l2_open+0x351/0x490
[ 141.769839][ T5802] ? __pfx_v4l2_open+0x10/0x10
[ 141.774661][ T5802] chrdev_open+0x234/0x6a0
[ 141.779136][ T5802] ? __pfx_chrdev_open+0x10/0x10
[ 141.784146][ T5802] ? path_get+0x61/0x80
[ 141.788350][ T5802] do_dentry_open+0x68b/0x14b0
[ 141.793170][ T5802] ? __pfx_chrdev_open+0x10/0x10
[ 141.798177][ T5802] ? inode_permission+0x374/0x620
[ 141.803267][ T5802] vfs_open+0x82/0x3f0
[ 141.807407][ T5802] ? may_open+0x1f3/0x410
[ 141.811794][ T5802] path_openat+0x208c/0x31a0
[ 141.816435][ T5802] ? __pfx_path_openat+0x10/0x10
[ 141.821430][ T5802] do_file_open+0x20e/0x430
[ 141.825979][ T5802] ? __pfx_do_file_open+0x10/0x10
[ 141.831067][ T5802] ? alloc_fd+0x42a/0x730
[ 141.835452][ T5802] ? do_getname+0x191/0x390
[ 141.840011][ T5802] do_sys_openat2+0x10d/0x1e0
[ 141.844825][ T5802] ? __pfx_do_sys_openat2+0x10/0x10
[ 141.850097][ T5802] __x64_sys_openat+0x12d/0x210
[ 141.855049][ T5802] ? __pfx___x64_sys_openat+0x10/0x10
[ 141.860496][ T5802] ? rcu_is_watching+0x12/0xc0
[ 141.865320][ T5802] do_syscall_64+0x10b/0x7f0
[ 141.869982][ T5802] ? irqentry_exit+0xe5/0x6c0
[ 141.874725][ T5802] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 141.880666][ T5802] RIP: 0033:0x7fb9a3591407
[ 141.885119][ T5802] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 141.904896][ T5802] RSP: 002b:00007ffd727ee1a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 141.913370][ T5802] RAX: ffffffffffffffda RBX: 00007fb9a34a3880 RCX: 00007fb9a3591407
[ 141.921395][ T5802] RDX: 0000000000000000 RSI: 00007ffd727eef25 RDI: ffffffffffffff9c
[ 141.929468][ T5802] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 141.937510][ T5802] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 141.945534][ T5802] R13: 00007ffd727ee3f0 R14: 00007fb9a3d27000 R15: 00005601911e54d8
[ 141.953572][ T5802]
[ 141.957210][ T5802] Kernel Offset: disabled
[ 141.961560][ T5802] Rebooting in 86400 seconds..