Starting System Logging Service... Starting OpenBSD Secure Shell server... Starting Permit User Sessions... [ OK ] Started Regular background program processing daemon. Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. executing program executing program executing program [ 77.878026][ T35] audit: type=1400 audit(1613413749.386:8): avc: denied { execmem } for pid=8422 comm="syz-executor519" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program executing program executing program Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 78.156425][ T34] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 78.187508][ T4373] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 78.195080][ T19] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 78.196423][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 78.210699][ T2990] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 78.217589][ T8439] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 78.426421][ T34] usb 6-1: Using ep0 maxpacket: 8 [ 78.446478][ T4373] usb 5-1: Using ep0 maxpacket: 8 [ 78.456427][ T2990] usb 4-1: Using ep0 maxpacket: 8 [ 78.463094][ T5] usb 1-1: Using ep0 maxpacket: 8 [ 78.466378][ T19] usb 2-1: Using ep0 maxpacket: 8 [ 78.476834][ T8439] usb 3-1: Using ep0 maxpacket: 8 [ 78.576581][ T2990] usb 4-1: config 0 has an invalid interface number: 86 but max is 0 [ 78.576714][ T34] usb 6-1: config 0 has an invalid interface number: 86 but max is 0 [ 78.585260][ T2990] usb 4-1: config 0 has no interface number 0 [ 78.593913][ T34] usb 6-1: config 0 has no interface number 0 [ 78.603841][ T5] usb 1-1: config 0 has an invalid interface number: 86 but max is 0 [ 78.606296][ T4373] usb 5-1: config 0 has an invalid interface number: 86 but max is 0 [ 78.614323][ T5] usb 1-1: config 0 has no interface number 0 [ 78.623165][ T34] usb 6-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 78.632581][ T2990] usb 4-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 78.638882][ T4373] usb 5-1: config 0 has no interface number 0 [ 78.650516][ T5] usb 1-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 78.654768][ T8439] usb 3-1: config 0 has an invalid interface number: 86 but max is 0 [ 78.667919][ T2990] usb 4-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 78.672624][ T19] usb 2-1: config 0 has an invalid interface number: 86 but max is 0 [ 78.684396][ T5] usb 1-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 78.690899][ T34] usb 6-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 78.702677][ T2990] usb 4-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 78.710719][ T4373] usb 5-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 78.722638][ T5] usb 1-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 78.730126][ T8439] usb 3-1: config 0 has no interface number 0 [ 78.730174][ T8439] usb 3-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 78.730202][ T8439] usb 3-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 78.730232][ T8439] usb 3-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 78.730271][ T8439] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 78.746061][ T2990] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 78.747889][ T19] usb 2-1: config 0 has no interface number 0 [ 78.760100][ T2990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.767524][ T34] usb 6-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 78.779653][ T5] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 78.786513][ T4373] usb 5-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 78.797857][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.801852][ T8439] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.820569][ T5] usb 1-1: config 0 descriptor?? [ 78.836454][ T19] usb 2-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 78.838925][ T2990] usb 4-1: config 0 descriptor?? [ 78.854786][ T34] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 78.884640][ T4373] usb 5-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 78.896969][ T19] usb 2-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 78.914901][ T4373] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 78.925935][ T19] usb 2-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 78.931029][ T5] em28xx 1-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 78.938148][ T4373] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.955839][ T2990] em28xx 4-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 78.956974][ T8439] usb 3-1: config 0 descriptor?? [ 78.973422][ T19] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 78.983806][ T2990] em28xx 4-1:0.86: Video interface 86 found: [ 78.989412][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.999604][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.006577][ T5] em28xx 1-1:0.86: Video interface 86 found: [ 79.021608][ T4373] usb 5-1: config 0 descriptor?? [ 79.034795][ T34] usb 6-1: config 0 descriptor?? [ 79.048835][ T8439] em28xx 3-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 79.068824][ T19] usb 2-1: config 0 descriptor?? [ 79.081839][ T8439] em28xx 3-1:0.86: Video interface 86 found: [ 79.099138][ T4373] em28xx 5-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 79.119127][ T34] em28xx 6-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) executing program [ 79.131223][ T19] em28xx 2-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) executing program [ 79.156356][ T4373] em28xx 5-1:0.86: Video interface 86 found: [ 79.174449][ T34] em28xx 6-1:0.86: Video interface 86 found: [ 79.187507][ T19] em28xx 2-1:0.86: Video interface 86 found: executing program [ 79.226570][ T2990] em28xx 4-1:0.86: unknown em28xx chip ID (0) [ 79.246729][ T5] em28xx 1-1:0.86: unknown em28xx chip ID (0) executing program executing program executing program [ 79.316541][ T8439] em28xx 3-1:0.86: unknown em28xx chip ID (0) [ 79.396551][ T5] em28xx 1-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 79.404952][ T5] em28xx 1-1:0.86: board has no eeprom [ 79.410720][ T2990] em28xx 4-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 79.423091][ T2990] em28xx 4-1:0.86: board has no eeprom [ 79.436571][ T19] em28xx 2-1:0.86: unknown em28xx chip ID (0) [ 79.442870][ T34] em28xx 6-1:0.86: unknown em28xx chip ID (0) [ 79.449312][ T4373] em28xx 5-1:0.86: unknown em28xx chip ID (0) [ 79.486890][ T8439] em28xx 3-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 79.495020][ T8439] em28xx 3-1:0.86: board has no eeprom [ 79.546344][ T5] em28xx 1-1:0.86: Identified as Terratec Grabby (card=67) [ 79.553570][ T5] em28xx 1-1:0.86: analog set to bulk mode. [ 79.560143][ T2990] em28xx 4-1:0.86: Identified as Terratec Grabby (card=67) [ 79.567522][ T2990] em28xx 4-1:0.86: analog set to bulk mode. [ 79.588783][ T5] usb 1-1: USB disconnect, device number 2 [ 79.596823][ T2990] usb 4-1: USB disconnect, device number 2 [ 79.606256][ T8439] em28xx 3-1:0.86: Identified as Terratec Grabby (card=67) [ 79.613493][ T8439] em28xx 3-1:0.86: analog set to bulk mode. [ 79.627755][ T4373] em28xx 5-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 79.636818][ T19] em28xx 2-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 79.650928][ T8447] em28xx 1-1:0.86: Registering V4L2 extension [ 79.652272][ T4373] em28xx 5-1:0.86: board has no eeprom [ 79.659140][ T2990] em28xx 4-1:0.86: Disconnecting em28xx [ 79.663033][ T34] em28xx 6-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 79.678156][ T19] em28xx 2-1:0.86: board has no eeprom [ 79.679304][ T5] em28xx 1-1:0.86: Disconnecting em28xx [ 79.709863][ T8439] usb 3-1: USB disconnect, device number 2 [ 79.725515][ T34] em28xx 6-1:0.86: board has no eeprom [ 79.743889][ T8439] em28xx 3-1:0.86: Disconnecting em28xx [ 79.805330][ T8447] em28xx 1-1:0.86: Config register raw data: 0xffffffed [ 79.826277][ T8447] em28xx 1-1:0.86: AC97 chip type couldn't be determined [ 79.836663][ T4373] em28xx 5-1:0.86: Identified as Terratec Grabby (card=67) [ 79.844040][ T19] em28xx 2-1:0.86: Identified as Terratec Grabby (card=67) [ 79.846483][ T8447] em28xx 1-1:0.86: No AC97 audio processor [ 79.851401][ T34] em28xx 6-1:0.86: Identified as Terratec Grabby (card=67) [ 79.864500][ T34] em28xx 6-1:0.86: analog set to bulk mode. [ 79.881889][ T19] em28xx 2-1:0.86: analog set to bulk mode. [ 79.882006][ T8447] usb 1-1: Decoder not found [ 79.887929][ T4373] em28xx 5-1:0.86: analog set to bulk mode. [ 79.901025][ T4373] usb 5-1: USB disconnect, device number 2 [ 79.914563][ T34] usb 6-1: USB disconnect, device number 2 [ 79.929861][ T19] usb 2-1: USB disconnect, device number 2 [ 79.940203][ T4373] em28xx 5-1:0.86: Disconnecting em28xx [ 79.966532][ T34] em28xx 6-1:0.86: Disconnecting em28xx [ 79.969849][ T8447] em28xx 1-1:0.86: failed to create media graph [ 79.974452][ T19] em28xx 2-1:0.86: Disconnecting em28xx [ 79.998945][ T8447] em28xx 1-1:0.86: V4L2 device video71 deregistered [ 80.028037][ T8447] em28xx 1-1:0.86: Registering snapshot button... [ 80.082833][ T8447] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.86/input/input5 [ 80.120487][ T8447] em28xx 1-1:0.86: Remote control support is not available for this card. [ 80.129854][ T7] em28xx 4-1:0.86: Registering V4L2 extension [ 80.148859][ T7] em28xx 4-1:0.86: Config register raw data: 0xffffffed [ 80.155838][ T7] em28xx 4-1:0.86: AC97 chip type couldn't be determined [ 80.163403][ T7] em28xx 4-1:0.86: No AC97 audio processor [ 80.177016][ T7] usb 4-1: Decoder not found [ 80.181640][ T7] em28xx 4-1:0.86: failed to create media graph [ 80.196240][ T7] em28xx 4-1:0.86: V4L2 device video71 deregistered [ 80.217437][ T7] em28xx 4-1:0.86: Registering snapshot button... [ 80.236576][ T7] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.86/input/input6 [ 80.277243][ T7] em28xx 4-1:0.86: Remote control support is not available for this card. [ 80.285912][ T8449] em28xx 3-1:0.86: Registering V4L2 extension [ 80.310579][ T8449] em28xx 3-1:0.86: Config register raw data: 0xffffffed [ 80.318357][ T8449] em28xx 3-1:0.86: AC97 chip type couldn't be determined [ 80.325699][ T8449] em28xx 3-1:0.86: No AC97 audio processor [ 80.335243][ T8449] usb 3-1: Decoder not found [ 80.341589][ T8449] em28xx 3-1:0.86: failed to create media graph [ 80.348749][ T8449] em28xx 3-1:0.86: V4L2 device video71 deregistered [ 80.358949][ T8449] em28xx 3-1:0.86: Registering snapshot button... [ 80.376044][ T8449] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.86/input/input7 [ 80.404949][ T8449] em28xx 3-1:0.86: Remote control support is not available for this card. [ 80.425437][ T8511] em28xx 5-1:0.86: Registering V4L2 extension [ 80.460090][ T8511] em28xx 5-1:0.86: Config register raw data: 0xffffffed [ 80.469535][ T8511] em28xx 5-1:0.86: AC97 chip type couldn't be determined [ 80.480023][ T8511] em28xx 5-1:0.86: No AC97 audio processor [ 80.496364][ T8511] usb 5-1: Decoder not found [ 80.505600][ T8511] em28xx 5-1:0.86: failed to create media graph [ 80.520303][ T8511] em28xx 5-1:0.86: V4L2 device video71 deregistered [ 80.537932][ T8511] em28xx 5-1:0.86: Registering snapshot button... [ 80.545921][ T8511] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.86/input/input8 [ 80.559166][ T8511] em28xx 5-1:0.86: Remote control support is not available for this card. [ 80.569081][ T8436] em28xx 6-1:0.86: Registering V4L2 extension [ 80.604823][ T8436] em28xx 6-1:0.86: Config register raw data: 0xffffffed [ 80.612354][ T8436] em28xx 6-1:0.86: AC97 chip type couldn't be determined [ 80.620764][ T8436] em28xx 6-1:0.86: No AC97 audio processor [ 80.628926][ T8436] usb 6-1: Decoder not found [ 80.634227][ T8436] em28xx 6-1:0.86: failed to create media graph [ 80.641270][ T8436] em28xx 6-1:0.86: V4L2 device video71 deregistered [ 80.649901][ T8436] em28xx 6-1:0.86: Registering snapshot button... [ 80.659051][ T8436] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.86/input/input9 [ 80.673006][ T8436] em28xx 6-1:0.86: Remote control support is not available for this card. [ 80.684445][ T8523] em28xx 2-1:0.86: Registering V4L2 extension [ 80.721157][ T8523] em28xx 2-1:0.86: Config register raw data: 0xffffffed [ 80.730890][ T8523] em28xx 2-1:0.86: AC97 chip type couldn't be determined [ 80.744327][ T8523] em28xx 2-1:0.86: No AC97 audio processor [ 80.769396][ T8523] usb 2-1: Decoder not found [ 80.780272][ T8523] em28xx 2-1:0.86: failed to create media graph [ 80.802484][ T8523] em28xx 2-1:0.86: V4L2 device video71 deregistered [ 80.819688][ T8523] em28xx 2-1:0.86: Registering snapshot button... [ 80.819754][ T8558] ================================================================== [ 80.828341][ T8523] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.86/input/input10 [ 80.834284][ T8558] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 80.834338][ T8558] Read of size 8 at addr ffff8880367d88b8 by task v4l_id/8558 [ 80.834359][ T8558] [ 80.834367][ T8558] CPU: 0 PID: 8558 Comm: v4l_id Not tainted 5.11.0-syzkaller #0 [ 80.834391][ T8558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.852676][ T8523] em28xx 2-1:0.86: Remote control support is not available for this card. [ 80.859317][ T8558] Call Trace: [ 80.859331][ T8558] dump_stack+0x107/0x163 [ 80.859369][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 80.859398][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 80.859424][ T8558] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 80.859459][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 80.859485][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 80.868202][ T19] em28xx 2-1:0.86: Closing input extension [ 80.869428][ T8558] kasan_report.cold+0x79/0xd5 [ 80.869467][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 80.882894][ T19] em28xx 2-1:0.86: Deregistering snapshot button [ 80.888433][ T8558] v4l2_fh_init+0x279/0x2c0 [ 80.888475][ T8558] v4l2_fh_open+0x88/0xc0 [ 80.888505][ T8558] em28xx_v4l2_open+0x11c/0x570 [ 80.888539][ T8558] v4l2_open+0x21c/0x3f0 [ 80.888567][ T8558] ? v4l2_release+0x3b0/0x3b0 [ 80.888591][ T8558] chrdev_open+0x266/0x770 [ 80.970311][ T8558] ? cdev_device_add+0x210/0x210 [ 80.975283][ T8558] ? security_file_open+0x205/0x4f0 [ 80.980513][ T8558] do_dentry_open+0x4b9/0x11b0 [ 80.985301][ T8558] ? cdev_device_add+0x210/0x210 [ 80.990241][ T8558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 80.996486][ T8558] ? may_open+0x1e4/0x400 [ 81.000831][ T8558] path_openat+0x1b9a/0x2730 [ 81.005430][ T8558] ? path_lookupat+0x830/0x830 [ 81.010224][ T8558] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 81.016246][ T8558] do_filp_open+0x17e/0x3c0 [ 81.020773][ T8558] ? may_open_dev+0xf0/0xf0 [ 81.025275][ T8558] ? do_raw_spin_lock+0x120/0x2b0 [ 81.030294][ T8558] ? rwlock_bug.part.0+0x90/0x90 [ 81.035230][ T8558] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 81.041480][ T8558] ? _raw_spin_unlock+0x24/0x40 [ 81.046343][ T8558] ? alloc_fd+0x2bc/0x640 [ 81.050706][ T8558] do_sys_openat2+0x16d/0x420 [ 81.055405][ T8558] ? build_open_flags+0x680/0x680 [ 81.060447][ T8558] __x64_sys_open+0x119/0x1c0 [ 81.065125][ T8558] ? do_sys_open+0x140/0x140 [ 81.069706][ T8558] ? __secure_computing+0x104/0x360 [ 81.074931][ T8558] do_syscall_64+0x2d/0x70 [ 81.079339][ T8558] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 81.085225][ T8558] RIP: 0033:0x7f1b6b279840 [ 81.089631][ T8558] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 81.109260][ T8558] RSP: 002b:00007ffec8393f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 81.117699][ T8558] RAX: ffffffffffffffda RBX: 00007ffec8394098 RCX: 00007f1b6b279840 [ 81.125658][ T8558] RDX: 00007f1b6b265ea0 RSI: 0000000000000000 RDI: 00007ffec8394f1f [ 81.133618][ T8558] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 81.141578][ T8558] R10: 0000000000000002 R11: 0000000000000246 R12: 000055c0ace068d0 [ 81.149538][ T8558] R13: 00007ffec8394090 R14: 0000000000000000 R15: 0000000000000000 [ 81.157524][ T8558] [ 81.159836][ T8558] Allocated by task 8523: [ 81.164160][ T8558] kasan_save_stack+0x1b/0x40 [ 81.168827][ T8558] ____kasan_kmalloc.constprop.0+0x7f/0xa0 [ 81.174619][ T8558] kmem_cache_alloc_trace+0x1e0/0x400 [ 81.179977][ T8558] em28xx_v4l2_init.cold+0x93/0x329d [ 81.185253][ T8558] em28xx_init_extension+0x12f/0x1f0 [ 81.190542][ T8558] request_module_async+0x5d/0x70 [ 81.195568][ T8558] process_one_work+0x98d/0x15f0 [ 81.200497][ T8558] worker_thread+0x7da/0x1120 [ 81.205161][ T8558] kthread+0x3b1/0x4a0 [ 81.209244][ T8558] ret_from_fork+0x1f/0x30 [ 81.213687][ T8558] [ 81.215996][ T8558] Freed by task 8523: [ 81.219967][ T8558] kasan_save_stack+0x1b/0x40 [ 81.224703][ T8558] kasan_set_track+0x1c/0x30 [ 81.229282][ T8558] kasan_set_free_info+0x20/0x30 [ 81.234255][ T8558] ____kasan_slab_free+0xb0/0xe0 [ 81.239179][ T8558] kfree+0xed/0x270 [ 81.242981][ T8558] kref_put.isra.0+0x6f/0xa0 [ 81.247603][ T8558] em28xx_v4l2_init.cold+0x263/0x329d [ 81.252968][ T8558] em28xx_init_extension+0x12f/0x1f0 [ 81.258246][ T8558] request_module_async+0x5d/0x70 [ 81.263286][ T8558] process_one_work+0x98d/0x15f0 [ 81.268214][ T8558] worker_thread+0x7da/0x1120 [ 81.272886][ T8558] kthread+0x3b1/0x4a0 [ 81.276952][ T8558] ret_from_fork+0x1f/0x30 [ 81.281379][ T8558] [ 81.283714][ T8558] The buggy address belongs to the object at ffff8880367d8000 [ 81.283714][ T8558] which belongs to the cache kmalloc-16k of size 16384 [ 81.297982][ T8558] The buggy address is located 2232 bytes inside of [ 81.297982][ T8558] 16384-byte region [ffff8880367d8000, ffff8880367dc000) [ 81.311536][ T8558] The buggy address belongs to the page: [ 81.317179][ T8558] page:000000001d9248b1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x367d8 [ 81.327351][ T8558] head:000000001d9248b1 order:3 compound_mapcount:0 compound_pincount:0 [ 81.335690][ T8558] flags: 0xfff00000010200(slab|head) [ 81.341006][ T8558] raw: 00fff00000010200 ffffea00004c8608 ffff888010c41c50 ffff888010c40b00 [ 81.349610][ T8558] raw: 0000000000000000 ffff8880367d8000 0000000100000001 0000000000000000 [ 81.358202][ T8558] page dumped because: kasan: bad access detected [ 81.364619][ T8558] [ 81.366954][ T8558] Memory state around the buggy address: [ 81.372592][ T8558] ffff8880367d8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.380668][ T8558] ffff8880367d8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.388775][ T8558] >ffff8880367d8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.396842][ T8558] ^ [ 81.402742][ T8558] ffff8880367d8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.410819][ T8558] ffff8880367d8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.418911][ T8558] ================================================================== [ 81.426971][ T8558] Disabling lock debugging due to kernel taint [ 81.439455][ T5] em28xx 1-1:0.86: Closing input extension [ 81.445375][ T5] em28xx 1-1:0.86: Deregistering snapshot button [ 81.470019][ T2990] em28xx 4-1:0.86: Closing input extension [ 81.480866][ T5] em28xx 1-1:0.86: Freeing device [ 81.489366][ T2990] em28xx 4-1:0.86: Deregistering snapshot button [ 81.515488][ T8558] Kernel panic - not syncing: panic_on_warn set ... [ 81.522106][ T8558] CPU: 1 PID: 8558 Comm: v4l_id Tainted: G B 5.11.0-syzkaller #0 [ 81.531136][ T8558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.541194][ T8558] Call Trace: [ 81.544458][ T8558] dump_stack+0x107/0x163 [ 81.548791][ T8558] ? v4l2_fh_init+0x1d0/0x2c0 [ 81.553453][ T8558] panic+0x306/0x73d [ 81.557331][ T8558] ? __warn_printk+0xf3/0xf3 [ 81.561918][ T8558] ? preempt_schedule_common+0x59/0xc0 [ 81.567361][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 81.572025][ T8558] ? preempt_schedule_thunk+0x16/0x18 [ 81.577387][ T8558] ? trace_hardirqs_on+0x38/0x1c0 [ 81.582396][ T8558] ? trace_hardirqs_on+0x51/0x1c0 [ 81.587418][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 81.592094][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 81.596755][ T8558] end_report+0x58/0x5e [ 81.600911][ T8558] kasan_report.cold+0x67/0xd5 [ 81.605658][ T8558] ? v4l2_fh_init+0x279/0x2c0 [ 81.610321][ T8558] v4l2_fh_init+0x279/0x2c0 [ 81.614808][ T8558] v4l2_fh_open+0x88/0xc0 [ 81.619124][ T8558] em28xx_v4l2_open+0x11c/0x570 [ 81.623972][ T8558] v4l2_open+0x21c/0x3f0 [ 81.628196][ T8558] ? v4l2_release+0x3b0/0x3b0 [ 81.632855][ T8558] chrdev_open+0x266/0x770 [ 81.637253][ T8558] ? cdev_device_add+0x210/0x210 [ 81.642187][ T8558] ? security_file_open+0x205/0x4f0 [ 81.647371][ T8558] do_dentry_open+0x4b9/0x11b0 [ 81.652135][ T8558] ? cdev_device_add+0x210/0x210 [ 81.657066][ T8558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.663303][ T8558] ? may_open+0x1e4/0x400 [ 81.667626][ T8558] path_openat+0x1b9a/0x2730 [ 81.672201][ T8558] ? path_lookupat+0x830/0x830 [ 81.676950][ T8558] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 81.682928][ T8558] do_filp_open+0x17e/0x3c0 [ 81.687414][ T8558] ? may_open_dev+0xf0/0xf0 [ 81.691927][ T8558] ? do_raw_spin_lock+0x120/0x2b0 [ 81.696937][ T8558] ? rwlock_bug.part.0+0x90/0x90 [ 81.701877][ T8558] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 81.708115][ T8558] ? _raw_spin_unlock+0x24/0x40 [ 81.712950][ T8558] ? alloc_fd+0x2bc/0x640 [ 81.717279][ T8558] do_sys_openat2+0x16d/0x420 [ 81.721957][ T8558] ? build_open_flags+0x680/0x680 [ 81.726982][ T8558] __x64_sys_open+0x119/0x1c0 [ 81.731654][ T8558] ? do_sys_open+0x140/0x140 [ 81.736243][ T8558] ? __secure_computing+0x104/0x360 [ 81.741452][ T8558] do_syscall_64+0x2d/0x70 [ 81.745879][ T8558] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 81.751759][ T8558] RIP: 0033:0x7f1b6b279840 [ 81.756165][ T8558] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 81.775767][ T8558] RSP: 002b:00007ffec8393f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 81.784261][ T8558] RAX: ffffffffffffffda RBX: 00007ffec8394098 RCX: 00007f1b6b279840 [ 81.792213][ T8558] RDX: 00007f1b6b265ea0 RSI: 0000000000000000 RDI: 00007ffec8394f1f [ 81.800179][ T8558] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 81.808143][ T8558] R10: 0000000000000002 R11: 0000000000000246 R12: 000055c0ace068d0 [ 81.816098][ T8558] R13: 00007ffec8394090 R14: 0000000000000000 R15: 0000000000000000 [ 81.824557][ T8558] Kernel Offset: disabled [ 81.828876][ T8558] Rebooting in 86400 seconds..