Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 39.368374][ T29] audit: type=1400 audit(1738236948.375:80): avc: denied { execmem } for pid=2941 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 39.401840][ T29] audit: type=1400 audit(1738236948.385:81): avc: denied { read write } for pid=2943 comm="syz-executor116" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 39.426019][ T29] audit: type=1400 audit(1738236948.385:82): avc: denied { open } for pid=2943 comm="syz-executor116" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 39.449950][ T29] audit: type=1400 audit(1738236948.385:83): avc: denied { ioctl } for pid=2943 comm="syz-executor116" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 39.622044][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 39.651910][ T1120] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 39.659541][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 39.671901][ T2866] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 39.701885][ T2953] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 39.771878][ T9] usb 1-1: Using ep0 maxpacket: 32
[ 39.779314][ T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 39.787684][ T9] usb 1-1: config 0 has no interface number 0
[ 39.794222][ T9] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 39.806601][ T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 39.815730][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.821889][ T2866] usb 4-1: Using ep0 maxpacket: 32
[ 39.823776][ T9] usb 1-1: Product: syz
[ 39.831923][ T2866] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 39.833162][ T9] usb 1-1: Manufacturer: syz
[ 39.841316][ T2866] usb 4-1: config 0 has no interface number 0
[ 39.845962][ T9] usb 1-1: SerialNumber: syz
[ 39.852887][ T2866] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 39.856770][ T8] usb 3-1: Using ep0 maxpacket: 32
[ 39.869414][ T2866] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 39.871907][ T1120] usb 2-1: Using ep0 maxpacket: 32
[ 39.880971][ T2866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.891917][ T1120] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 39.894134][ T2866] usb 4-1: Product: syz
[ 39.902398][ T1120] usb 2-1: config 0 has no interface number 0
[ 39.906479][ T2866] usb 4-1: Manufacturer: syz
[ 39.906505][ T2866] usb 4-1: SerialNumber: syz
[ 39.912632][ T2953] usb 5-1: Using ep0 maxpacket: 32
[ 39.921245][ T2866] usb 4-1: config 0 descriptor??
[ 39.923798][ T9] usb 1-1: config 0 descriptor??
[ 39.931115][ T2949] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 39.932329][ T8] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 39.944097][ T2866] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 39.944166][ T2866] em28xx 4-1:0.132: Video interface 132 found: bulk
[ 39.969114][ T8] usb 3-1: config 0 has no interface number 0
[ 39.975986][ T1120] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 39.976096][ T2943] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 39.993525][ T2953] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 40.001721][ T2953] usb 5-1: config 0 has no interface number 0
[ 40.011163][ T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.021121][ T9] em28xx 1-1:0.132: Video interface 132 found: bulk
[ 40.027980][ T2953] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.038526][ T8] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 40.050749][ T2953] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.060107][ T2953] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.068257][ T2953] usb 5-1: Product: syz
[ 40.072638][ T2953] usb 5-1: Manufacturer: syz
[ 40.077318][ T2953] usb 5-1: SerialNumber: syz
[ 40.082621][ T8] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.091713][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.099915][ T8] usb 3-1: Product: syz
[ 40.104182][ T8] usb 3-1: Manufacturer: syz
[ 40.108864][ T8] usb 3-1: SerialNumber: syz
[ 40.113680][ T1120] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 40.122863][ T1120] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 40.130915][ T1120] usb 2-1: Product: syz
[ 40.135188][ T1120] usb 2-1: Manufacturer: syz
[ 40.139842][ T1120] usb 2-1: SerialNumber: syz
[ 40.147090][ T2953] usb 5-1: config 0 descriptor??
[ 40.152616][ T2950] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[ 40.157982][ T8] usb 3-1: config 0 descriptor??
[ 40.169594][ T2953] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.179670][ T2953] em28xx 5-1:0.132: Video interface 132 found: bulk
[ 40.187932][ T1120] usb 2-1: config 0 descriptor??
[ 40.196263][ T2948] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 40.203749][ T2951] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 40.221354][ T8] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.231394][ T8] em28xx 3-1:0.132: Video interface 132 found: bulk
[ 40.240018][ T1120] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 40.249913][ T1120] em28xx 2-1:0.132: Video interface 132 found: bulk
executing program
[ 40.342558][ T2866] em28xx 4-1:0.132: unknown em28xx chip ID (0)
executing program
[ 40.398508][ T9] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 40.413334][ T2866] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.422466][ T2866] em28xx 4-1:0.132: board has no eeprom
[ 40.473479][ T9] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.481915][ T2866] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 40.482374][ T9] em28xx 1-1:0.132: board has no eeprom
[ 40.490566][ T2866] em28xx 4-1:0.132: analog set to bulk mode.
[ 40.503688][ T36] em28xx 4-1:0.132: Registering V4L2 extension
[ 40.521955][ T2866] usb 4-1: USB disconnect, device number 2
[ 40.532416][ T2866] em28xx 4-1:0.132: Disconnecting em28xx
[ 40.553015][ T9] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 40.561052][ T9] em28xx 1-1:0.132: analog set to bulk mode.
executing program
[ 40.576236][ T2953] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 40.599257][ T9] usb 1-1: USB disconnect, device number 2
[ 40.616583][ T9] em28xx 1-1:0.132: Disconnecting em28xx
executing program
executing program
[ 40.635781][ T8] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 40.636400][ T36] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 40.647511][ T1120] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 40.649669][ T36] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 40.663225][ T36] em28xx 4-1:0.132: No AC97 audio processor
[ 40.674003][ T2953] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.683462][ T2953] em28xx 5-1:0.132: board has no eeprom
[ 40.703720][ T36] usb 4-1: Decoder not found
[ 40.708399][ T36] em28xx 4-1:0.132: failed to create media graph
[ 40.715073][ T36] em28xx 4-1:0.132: V4L2 device video0 deregistered
[ 40.724025][ T36] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 40.733291][ T2956] em28xx 1-1:0.132: Registering V4L2 extension
[ 40.743609][ T1120] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.752594][ T1120] em28xx 2-1:0.132: board has no eeprom
[ 40.758727][ T2953] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 40.766701][ T2953] em28xx 5-1:0.132: analog set to bulk mode.
[ 40.774747][ T8] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 40.783627][ T8] em28xx 3-1:0.132: board has no eeprom
[ 40.793783][ T2953] usb 5-1: USB disconnect, device number 2
[ 40.800562][ T2953] em28xx 5-1:0.132: Disconnecting em28xx
[ 40.835096][ T2956] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 40.842248][ T2956] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 40.849401][ T2956] em28xx 1-1:0.132: No AC97 audio processor
[ 40.855660][ T1120] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 40.863748][ T1120] em28xx 2-1:0.132: analog set to bulk mode.
[ 40.870816][ T8] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 40.878770][ T8] em28xx 3-1:0.132: analog set to bulk mode.
[ 40.889374][ T1120] usb 2-1: USB disconnect, device number 2
[ 40.896604][ T8] usb 3-1: USB disconnect, device number 2
[ 40.904359][ T1120] em28xx 2-1:0.132: Disconnecting em28xx
[ 40.910993][ T2956] usb 1-1: Decoder not found
[ 40.915754][ T2956] em28xx 1-1:0.132: failed to create media graph
[ 40.923309][ T8] em28xx 3-1:0.132: Disconnecting em28xx
[ 40.929134][ T2956] em28xx 1-1:0.132: V4L2 device video0 deregistered
[ 40.938033][ T2956] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 40.947088][ T9] em28xx 1-1:0.132: Closing input extension
[ 40.953808][ T2866] em28xx 4-1:0.132: Closing input extension
[ 40.957765][ T9] em28xx 1-1:0.132: Freeing device
[ 40.964089][ T2866] em28xx 4-1:0.132: Freeing device
[ 40.965843][ T2969] em28xx 5-1:0.132: Registering V4L2 extension
[ 41.073741][ T2969] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[ 41.080867][ T2969] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[ 41.088135][ T2969] em28xx 5-1:0.132: No AC97 audio processor
[ 41.096284][ T2969] usb 5-1: Decoder not found
[ 41.100964][ T2969] em28xx 5-1:0.132: failed to create media graph
[ 41.107412][ T2969] em28xx 5-1:0.132: V4L2 device video0 deregistered
[ 41.116963][ T2969] em28xx 5-1:0.132: Remote control support is not available for this card.
[ 41.117194][ T2982] ==================================================================
[ 41.126062][ T2976] em28xx 2-1:0.132: Registering V4L2 extension
[ 41.134055][ T2982] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 41.147798][ T2982] Read of size 8 at addr ffff888118f80730 by task v4l_id/2982
[ 41.155303][ T2982]
[ 41.157757][ T2982] CPU: 1 UID: 0 PID: 2982 Comm: v4l_id Not tainted 6.13.0-syzkaller-09485-g72deda0abee6 #0
[ 41.157794][ T2982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 41.157815][ T2982] Call Trace:
[ 41.157825][ T2982]
[ 41.157840][ T2982] dump_stack_lvl+0x116/0x1f0
[ 41.157886][ T2982] print_report+0xc3/0x620
[ 41.157933][ T2982] ? __virt_addr_valid+0x5e/0x590
[ 41.157966][ T2982] ? __phys_addr+0xc6/0x150
[ 41.157998][ T2982] kasan_report+0xd9/0x110
[ 41.158027][ T2982] ? v4l2_fh_init+0x27d/0x2c0
[ 41.158070][ T2982] ? v4l2_fh_init+0x27d/0x2c0
[ 41.158109][ T2982] v4l2_fh_init+0x27d/0x2c0
[ 41.158149][ T2982] v4l2_fh_open+0x83/0xc0
[ 41.158188][ T2982] em28xx_v4l2_open+0x250/0x7e0
[ 41.158236][ T2982] v4l2_open+0x222/0x490
[ 41.158271][ T2982] ? __pfx_v4l2_open+0x10/0x10
[ 41.158307][ T2982] chrdev_open+0x237/0x6a0
[ 41.158426][ T2982] ? __pfx_chrdev_open+0x10/0x10
[ 41.158479][ T2982] ? lockref_get+0x15/0x50
[ 41.158524][ T2982] do_dentry_open+0x6cb/0x1390
[ 41.158561][ T2982] ? __pfx_chrdev_open+0x10/0x10
[ 41.158601][ T2982] ? inode_permission+0xdd/0x5f0
[ 41.158682][ T2982] vfs_open+0x82/0x3f0
[ 41.158725][ T2982] ? may_open+0x1f2/0x400
[ 41.158773][ T2982] path_openat+0x1e88/0x2d80
[ 41.158816][ T2982] ? __pfx_path_openat+0x10/0x10
[ 41.158854][ T2982] ? __pfx___lock_acquire+0x10/0x10
[ 41.158906][ T2982] ? lock_acquire.part.0+0x11b/0x380
[ 41.158935][ T2982] ? find_held_lock+0x2d/0x110
[ 41.158975][ T2982] do_filp_open+0x20c/0x470
[ 41.159013][ T2982] ? __pfx_do_filp_open+0x10/0x10
[ 41.159049][ T2982] ? find_held_lock+0x2d/0x110
[ 41.159100][ T2982] ? alloc_fd+0x41f/0x760
[ 41.159143][ T2982] do_sys_openat2+0x17a/0x1e0
[ 41.159183][ T2982] ? __pfx_do_sys_openat2+0x10/0x10
[ 41.159231][ T2982] ? do_user_addr_fault+0xd97/0x12c0
[ 41.159278][ T2982] ? __pfx_lock_release+0x10/0x10
[ 41.159309][ T2982] __x64_sys_openat+0x175/0x210
[ 41.159359][ T2982] ? __pfx___x64_sys_openat+0x10/0x10
[ 41.159535][ T2982] ? do_user_addr_fault+0x839/0x12c0
[ 41.159585][ T2982] do_syscall_64+0xcd/0x250
[ 41.159619][ T2982] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 41.159658][ T2982] RIP: 0033:0x7fbacd53f9a4
[ 41.159698][ T2982] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 41.159728][ T2982] RSP: 002b:00007ffcb7540550 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 41.159757][ T2982] RAX: ffffffffffffffda RBX: 00007ffcb7540768 RCX: 00007fbacd53f9a4
[ 41.159776][ T2982] RDX: 0000000000000000 RSI: 00007ffcb7541f25 RDI: 00000000ffffff9c
[ 41.159795][ T2982] RBP: 00007ffcb7541f25 R08: 0000000000000000 R09: 0000000000000000
[ 41.159814][ T2982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 41.159837][ T2982] R13: 00007ffcb7540780 R14: 00005629aa4b4670 R15: 00007fbacd98ea80
[ 41.159862][ T2982]
[ 41.159871][ T2982]
[ 41.233853][ T2976] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 41.236758][ T2982] Allocated by task 2969:
[ 41.241538][ T2976] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 41.245936][ T2982] kasan_save_stack+0x33/0x60
[ 41.245987][ T2982] kasan_save_track+0x14/0x30
[ 41.251039][ T2976] em28xx 2-1:0.132: No AC97 audio processor
[ 41.255437][ T2982] __kasan_kmalloc+0x8f/0xa0
[ 41.255483][ T2982] em28xx_v4l2_init+0x114/0x4050
[ 41.269318][ T2976] usb 2-1: Decoder not found
[ 41.270164][ T2982] em28xx_init_extension+0x137/0x200
[ 41.274290][ T2976] em28xx 2-1:0.132: failed to create media graph
[ 41.278554][ T2982] request_module_async+0x61/0x70
[ 41.284282][ T2976] em28xx 2-1:0.132: V4L2 device video1 deregistered
[ 41.288071][ T2982] process_one_work+0x9c5/0x1ba0
[ 41.296258][ T2976] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 41.298549][ T2982] worker_thread+0x6c8/0xf00
[ 41.303473][ T2954] em28xx 3-1:0.132: Registering V4L2 extension
[ 41.307835][ T2982] kthread+0x3af/0x750
[ 41.407873][ T2954] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[ 41.408775][ T2982] ret_from_fork+0x45/0x80
[ 41.416909][ T2954] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[ 41.424767][ T2982] ret_from_fork_asm+0x1a/0x30
[ 41.424813][ T2982]
[ 41.424822][ T2982] Freed by task 2969:
[ 41.424837][ T2982] kasan_save_stack+0x33/0x60
[ 41.432838][ T2954] em28xx 3-1:0.132: No AC97 audio processor
[ 41.440768][ T2982] kasan_save_track+0x14/0x30
[ 41.444270][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 41.446111][ T2982] kasan_save_free_info+0x3b/0x60
[ 41.457431][ T2954] usb 3-1: Decoder not found
[ 41.457462][ T2954] em28xx 3-1:0.132: failed to create media graph
[ 41.457503][ T2954] em28xx 3-1:0.132: V4L2 device video1 deregistered
[ 41.464582][ T2982] __kasan_slab_free+0x37/0x50
[ 41.464615][ T2982] kfree+0x294/0x480
[ 41.464643][ T2982] em28xx_v4l2_init+0x22a4/0x4050
[ 41.464676][ T2982] em28xx_init_extension+0x137/0x200
[ 41.472788][ T2954] em28xx 3-1:0.132: Remote control support is not available for this card.
[ 41.474143][ T2982] request_module_async+0x61/0x70
[ 41.480091][ T2953] em28xx 5-1:0.132: Closing input extension
[ 41.484620][ T2982] process_one_work+0x9c5/0x1ba0
[ 41.484669][ T2982] worker_thread+0x6c8/0xf00
[ 41.491843][ T1120] em28xx 2-1:0.132: Closing input extension
[ 41.494253][ T2982] kthread+0x3af/0x750
[ 41.500668][ T8] em28xx 3-1:0.132: Closing input extension
[ 41.505867][ T2982] ret_from_fork+0x45/0x80
[ 41.505915][ T2982] ret_from_fork_asm+0x1a/0x30
[ 41.515727][ T1120] em28xx 2-1:0.132: Freeing device
[ 41.517654][ T2982]
[ 41.517664][ T2982] The buggy address belongs to the object at ffff888118f80000
[ 41.517664][ T2982] which belongs to the cache kmalloc-8k of size 8192
[ 41.525090][ T8] em28xx 3-1:0.132: Freeing device
[ 41.531174][ T2982] The buggy address is located 1840 bytes inside of
[ 41.531174][ T2982] freed 8192-byte region [ffff888118f80000, ffff888118f82000)
[ 41.662286][ T9] usb 1-1: Using ep0 maxpacket: 32
[ 41.664646][ T2982]
[ 41.664656][ T2982] The buggy address belongs to the physical page:
[ 41.670898][ T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 41.675205][ T2982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118f80
[ 41.675244][ T2982] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 41.679322][ T9] usb 1-1: config 0 has no interface number 0
[ 41.685241][ T2982] flags: 0x200000000000040(head|node=0|zone=2)
[ 41.685268][ T2982] page_type: f5(slab)
[ 41.685310][ T2982] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 41.691088][ T9] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 41.694471][ T2982] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 41.694500][ T2982] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[ 41.702453][ T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 41.716046][ T2982] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 41.716075][ T2982] head: 0200000000000003 ffffea000463e001 ffffffffffffffff 0000000000000000
[ 41.716101][ T2982] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 41.716118][ T2982] page dumped because: kasan: bad access detected
[ 41.716132][ T2982] page_owner tracks the page as allocated
[ 41.716142][ T2982] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2969, tgid 2969 (kworker/0:6), ts 40977682338, free_ts 40830188146
[ 41.721257][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 41.735234][ T2982] post_alloc_hook+0x181/0x1b0
[ 41.735277][ T2982] get_page_from_freelist+0xe76/0x2b90
[ 41.735312][ T2982] __alloc_frozen_pages_noprof+0x21c/0x2290
[ 41.740461][ T9] usb 1-1: Product: syz
[ 41.742781][ T2982] alloc_pages_mpol+0xe7/0x410
[ 41.742827][ T2982] new_slab+0x23d/0x330
[ 41.742859][ T2982] ___slab_alloc+0xc41/0x1670
[ 41.749282][ T9] usb 1-1: Manufacturer: syz
[ 41.757425][ T2982] __slab_alloc.constprop.0+0x56/0xb0
[ 41.757469][ T2982] __kmalloc_cache_noprof+0x217/0x3e0
[ 41.757502][ T2982] em28xx_v4l2_init+0x114/0x4050
[ 41.766670][ T9] usb 1-1: SerialNumber: syz
[ 41.775118][ T2982] em28xx_init_extension+0x137/0x200
[ 41.775167][ T2982] request_module_async+0x61/0x70
[ 41.789991][ T9] usb 1-1: config 0 descriptor??
[ 41.792087][ T2982] process_one_work+0x9c5/0x1ba0
[ 41.792140][ T2982] worker_thread+0x6c8/0xf00
[ 41.802626][ T2963] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 41.810692][ T2982] kthread+0x3af/0x750
[ 41.824728][ T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 41.827942][ T2982] ret_from_fork+0x45/0x80
[ 41.837079][ T9] em28xx 1-1:0.132: Video interface 132 found: bulk
[ 41.845668][ T2982] ret_from_fork_asm+0x1a/0x30
[ 41.845711][ T2982] page last free pid 2977 tgid 2977 stack trace:
[ 41.845730][ T2982] free_frozen_pages+0x653/0xde0
[ 41.873106][ T29] audit: type=1400 audit(1738236950.785:84): avc: denied { remove_name } for pid=2824 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 41.875308][ T2982] __put_partials+0x14c/0x170
[ 41.875351][ T2982] qlist_free_all+0x4e/0x120
[ 41.896712][ T29] audit: type=1400 audit(1738236950.785:85): avc: denied { rename } for pid=2824 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 41.904569][ T2982] kasan_quarantine_reduce+0x195/0x1e0
[ 41.904621][ T2982] __kasan_slab_alloc+0x4e/0x70
[ 41.904649][ T2982] kmem_cache_alloc_noprof+0x154/0x3b0
[ 41.931962][ T1120] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 41.933917][ T2982] getname_flags.part.0+0x4c/0x550
[ 42.082064][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 42.089944][ T2982] getname_flags+0x93/0xf0
[ 42.089987][ T2982] user_path_at+0x24/0x60
[ 42.135755][ T2982] user_statfs+0xa0/0x180
[ 42.140197][ T2982] __do_sys_statfs+0x8a/0x100
[ 42.144952][ T2982] do_syscall_64+0xcd/0x250
[ 42.149511][ T2982] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 42.155639][ T2982]
[ 42.157988][ T2982] Memory state around the buggy address:
[ 42.163785][ T2982] ffff888118f80600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.171907][ T2982] ffff888118f80680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.180107][ T2982] >ffff888118f80700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.182158][ T1120] usb 2-1: Using ep0 maxpacket: 32
[ 42.188349][ T2982] ^
[ 42.188376][ T2982] ffff888118f80780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.188398][ T2982] ffff888118f80800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.188415][ T2982] ==================================================================
[ 42.188933][ T2982] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 42.188953][ T2982] CPU: 1 UID: 0 PID: 2982 Comm: v4l_id Not tainted 6.13.0-syzkaller-09485-g72deda0abee6 #0
[ 42.188990][ T2982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 42.189010][ T2982] Call Trace:
[ 42.189020][ T2982]
[ 42.189030][ T2982] dump_stack_lvl+0x3d/0x1f0
[ 42.189072][ T2982] panic+0x71d/0x800
[ 42.189118][ T2982] ? __pfx_panic+0x10/0x10
[ 42.189170][ T2982] ? check_panic_on_warn+0x1f/0xb0
[ 42.189232][ T2982] check_panic_on_warn+0xab/0xb0
[ 42.189280][ T2982] end_report+0x117/0x180
[ 42.189312][ T2982] kasan_report+0xe9/0x110
[ 42.189343][ T2982] ? v4l2_fh_init+0x27d/0x2c0
[ 42.189389][ T2982] ? v4l2_fh_init+0x27d/0x2c0
[ 42.189433][ T2982] v4l2_fh_init+0x27d/0x2c0
[ 42.189474][ T2982] v4l2_fh_open+0x83/0xc0
[ 42.189515][ T2982] em28xx_v4l2_open+0x250/0x7e0
[ 42.189557][ T2982] v4l2_open+0x222/0x490
[ 42.189594][ T2982] ? __pfx_v4l2_open+0x10/0x10
[ 42.189631][ T2982] chrdev_open+0x237/0x6a0
[ 42.189673][ T2982] ? __pfx_chrdev_open+0x10/0x10
[ 42.189714][ T2982] ? lockref_get+0x15/0x50
[ 42.189762][ T2982] do_dentry_open+0x6cb/0x1390
[ 42.189800][ T2982] ? __pfx_chrdev_open+0x10/0x10
[ 42.189841][ T2982] ? inode_permission+0xdd/0x5f0
[ 42.189891][ T2982] vfs_open+0x82/0x3f0
[ 42.189937][ T2982] ? may_open+0x1f2/0x400
[ 42.189988][ T2982] path_openat+0x1e88/0x2d80
[ 42.190033][ T2982] ? __pfx_path_openat+0x10/0x10
[ 42.190070][ T2982] ? __pfx___lock_acquire+0x10/0x10
[ 42.190123][ T2982] ? lock_acquire.part.0+0x11b/0x380
[ 42.190152][ T2982] ? find_held_lock+0x2d/0x110
[ 42.190203][ T2982] do_filp_open+0x20c/0x470
[ 42.190240][ T2982] ? __pfx_do_filp_open+0x10/0x10
[ 42.190277][ T2982] ? find_held_lock+0x2d/0x110
[ 42.190329][ T2982] ? alloc_fd+0x41f/0x760
[ 42.190371][ T2982] do_sys_openat2+0x17a/0x1e0
[ 42.190417][ T2982] ? __pfx_do_sys_openat2+0x10/0x10
[ 42.190467][ T2982] ? do_user_addr_fault+0xd97/0x12c0
[ 42.190512][ T2982] ? __pfx_lock_release+0x10/0x10
[ 42.190543][ T2982] __x64_sys_openat+0x175/0x210
[ 42.190592][ T2982] ? __pfx___x64_sys_openat+0x10/0x10
[ 42.190644][ T2982] ? do_user_addr_fault+0x839/0x12c0
[ 42.190693][ T2982] do_syscall_64+0xcd/0x250
[ 42.190727][ T2982] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 42.190769][ T2982] RIP: 0033:0x7fbacd53f9a4
[ 42.190794][ T2982] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 42.190825][ T2982] RSP: 002b:00007ffcb7540550 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 42.190856][ T2982] RAX: ffffffffffffffda RBX: 00007ffcb7540768 RCX: 00007fbacd53f9a4
[ 42.190877][ T2982] RDX: 0000000000000000 RSI: 00007ffcb7541f25 RDI: 00000000ffffff9c
[ 42.190897][ T2982] RBP: 00007ffcb7541f25 R08: 0000000000000000 R09: 0000000000000000
[ 42.190917][ T2982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 42.190936][ T2982] R13: 00007ffcb7540780 R14: 00005629aa4b4670 R15: 00007fbacd98ea80
[ 42.190967][ T2982]
[ 42.193794][ T2982] Kernel Offset: disabled