Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.696019][ T138] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 41.935953][ T138] usb 1-1: Using ep0 maxpacket: 32 [ 42.066004][ T138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 42.076063][ T138] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 42.255909][ T138] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 42.265109][ T138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.273337][ T138] usb 1-1: Product: syz [ 42.277569][ T138] usb 1-1: Manufacturer: syz [ 42.282286][ T138] usb 1-1: SerialNumber: syz [ 42.289236][ T138] usb 1-1: config 0 descriptor?? [ 42.331065][ T138] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 42.340424][ T138] em28xx 1-1:0.0: Video interface 0 found: executing program [ 42.575899][ T138] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 42.795824][ T138] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 42.806283][ T138] em28xx 1-1:0.0: board has no eeprom [ 42.925651][ T138] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 42.934098][ T138] em28xx 1-1:0.0: analog set to bulk mode. [ 42.941265][ T17] em28xx 1-1:0.0: Registering V4L2 extension [ 42.950084][ T138] usb 1-1: USB disconnect, device number 2 [ 42.958645][ T138] em28xx 1-1:0.0: Disconnecting em28xx [ 42.984204][ C1] random: crng init done [ 42.988502][ C1] random: 7 urandom warning(s) missed due to ratelimiting [ 43.078020][ T17] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 43.084985][ T17] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 43.092004][ T17] em28xx 1-1:0.0: No AC97 audio processor [ 43.099277][ T17] usb 1-1: Decoder not found [ 43.103913][ T17] em28xx 1-1:0.0: failed to create media graph [ 43.111718][ T17] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 43.119915][ T17] em28xx 1-1:0.0: Binding DVB extension [ 43.126137][ T17] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 43.133761][ T17] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 43.142111][ T17] em28xx 1-1:0.0: Remote control support is not available for this card. [ 43.152054][ T138] em28xx 1-1:0.0: Closing input extension [ 43.160805][ T138] em28xx 1-1:0.0: Freeing device [ 43.515439][ T138] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 43.755419][ T138] usb 1-1: Using ep0 maxpacket: 32 [ 43.875507][ T138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 43.885428][ T138] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 44.055510][ T138] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 44.064864][ T138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.072956][ T138] usb 1-1: Product: syz [ 44.077239][ T138] usb 1-1: Manufacturer: syz [ 44.081819][ T138] usb 1-1: SerialNumber: syz [ 44.088107][ T138] usb 1-1: config 0 descriptor?? [ 44.129405][ T138] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 44.138881][ T138] em28xx 1-1:0.0: Video interface 0 found: executing program [ 44.375573][ T138] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 44.595254][ T138] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 44.603369][ T138] em28xx 1-1:0.0: board has no eeprom [ 44.735184][ T138] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 44.743486][ T138] em28xx 1-1:0.0: analog set to bulk mode. [ 44.753509][ T138] usb 1-1: USB disconnect, device number 3 [ 44.761406][ T138] em28xx 1-1:0.0: Disconnecting em28xx [ 44.767629][ T17] em28xx 1-1:0.0: Registering V4L2 extension [ 44.781398][ T17] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 44.788313][ T17] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 44.795427][ T17] em28xx 1-1:0.0: No AC97 audio processor [ 44.801990][ T17] usb 1-1: Decoder not found [ 44.806779][ T17] em28xx 1-1:0.0: failed to create media graph [ 44.813143][ T17] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 44.820909][ T17] em28xx 1-1:0.0: Binding DVB extension [ 44.821066][ T350] ================================================================== [ 44.827488][ T17] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 44.834622][ T350] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 44.842247][ T17] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 44.849180][ T350] Read of size 8 at addr ffff8881cc4908c8 by task v4l_id/350 [ 44.849185][ T350] [ 44.849200][ T350] CPU: 0 PID: 350 Comm: v4l_id Not tainted 5.8.0-rc1-syzkaller #0 [ 44.849212][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.857490][ T17] em28xx 1-1:0.0: Remote control support is not available for this card. [ 44.864786][ T350] Call Trace: [ 44.870207][ T138] em28xx 1-1:0.0: Closing input extension [ 44.874914][ T350] dump_stack+0xf6/0x16e [ 44.906549][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 44.911224][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 44.916012][ T350] print_address_description.constprop.0.cold+0xd3/0x415 [ 44.923052][ T350] ? vprintk_func+0x93/0x133 [ 44.927635][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 44.932313][ T350] kasan_report.cold+0x37/0x7c [ 44.937061][ T350] ? memmove+0x50/0x60 [ 44.941122][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 44.945777][ T350] v4l2_fh_init+0x279/0x2c0 [ 44.950263][ T350] v4l2_fh_open+0x88/0xc0 [ 44.954569][ T350] em28xx_v4l2_open+0x11a/0x570 [ 44.959395][ T350] v4l2_open+0x20f/0x3d0 [ 44.963613][ T350] ? v4l2_release+0x390/0x390 [ 44.968354][ T350] chrdev_open+0x219/0x5c0 [ 44.972763][ T350] ? cdev_put.part.0+0x50/0x50 [ 44.977503][ T350] ? security_file_open+0x84/0x410 [ 44.982605][ T350] do_dentry_open+0x4fd/0x1170 [ 44.987353][ T350] ? cdev_put.part.0+0x50/0x50 [ 44.992106][ T350] path_openat+0x1cc5/0x26c0 [ 44.996672][ T350] ? path_lookupat.isra.0+0x530/0x530 [ 45.002020][ T350] ? lockdep_hardirqs_on_prepare+0x550/0x550 [ 45.007999][ T350] ? lockdep_hardirqs_on_prepare+0x550/0x550 [ 45.013986][ T350] ? filemap_map_pages+0x8a2/0x1010 [ 45.019162][ T350] do_filp_open+0x192/0x260 [ 45.023642][ T350] ? may_open_dev+0xf0/0xf0 [ 45.028137][ T350] ? do_raw_spin_lock+0x120/0x290 [ 45.033136][ T350] ? _raw_spin_unlock+0x1a/0x30 [ 45.037986][ T350] ? __alloc_fd+0x463/0x600 [ 45.042481][ T350] do_sys_openat2+0x585/0x7d0 [ 45.047132][ T350] ? file_open_root+0x400/0x400 [ 45.051959][ T350] ? prepare_exit_to_usermode+0xa/0x30 [ 45.057394][ T350] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 45.062930][ T350] do_sys_open+0xc3/0x140 [ 45.067258][ T350] ? filp_open+0x70/0x70 [ 45.071482][ T350] ? __secure_computing+0xb4/0x280 [ 45.076568][ T350] ? syscall_trace_enter+0x108/0x320 [ 45.081949][ T350] do_syscall_64+0x50/0x90 [ 45.086358][ T350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.092265][ T350] RIP: 0033:0x7f46d1b3e840 [ 45.096760][ T350] Code: Bad RIP value. [ 45.100854][ T350] RSP: 002b:00007ffed0512148 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 45.109270][ T350] RAX: ffffffffffffffda RBX: 00007ffed05122b8 RCX: 00007f46d1b3e840 [ 45.117329][ T350] RDX: 00007f46d1b2aea0 RSI: 0000000000000000 RDI: 00007ffed0512f25 [ 45.125286][ T350] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 45.133238][ T350] R10: 0000000000000002 R11: 0000000000000246 R12: 000055afadcb78d0 [ 45.141186][ T350] R13: 00007ffed05122b0 R14: 0000000000000000 R15: 0000000000000000 [ 45.149274][ T350] [ 45.151883][ T350] The buggy address belongs to the page: [ 45.157634][ T350] page:ffffea0007312400 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 45.167118][ T350] flags: 0x200000000000000() [ 45.171848][ T350] raw: 0200000000000000 ffffea00073b7d08 ffff88821fffabd0 0000000000000000 [ 45.180410][ T350] raw: 0000000000000000 0000000000000002 00000000ffffff7f 0000000000000000 [ 45.188984][ T350] page dumped because: kasan: bad access detected [ 45.195368][ T350] [ 45.197686][ T350] Memory state around the buggy address: [ 45.203324][ T350] ffff8881cc490780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.211543][ T350] ffff8881cc490800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.219582][ T350] >ffff8881cc490880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.227631][ T350] ^ [ 45.234032][ T350] ffff8881cc490900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.242083][ T350] ffff8881cc490980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.250128][ T350] ================================================================== [ 45.258194][ T350] Disabling lock debugging due to kernel taint [ 45.264453][ T350] Kernel panic - not syncing: panic_on_warn set ... [ 45.271041][ T350] CPU: 0 PID: 350 Comm: v4l_id Tainted: G B 5.8.0-rc1-syzkaller #0 [ 45.280221][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.290342][ T350] Call Trace: [ 45.293623][ T350] dump_stack+0xf6/0x16e [ 45.297851][ T350] ? v4l2_fh_init+0x240/0x2c0 [ 45.302531][ T350] panic+0x2aa/0x6e1 [ 45.306410][ T350] ? __warn_printk+0xf3/0xf3 [ 45.311174][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 45.315832][ T350] ? trace_hardirqs_on+0x55/0x200 [ 45.320835][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 45.325487][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 45.330163][ T350] end_report+0x4d/0x53 [ 45.334351][ T350] kasan_report.cold+0x72/0x7c [ 45.339122][ T350] ? memmove+0x50/0x60 [ 45.343170][ T350] ? v4l2_fh_init+0x279/0x2c0 [ 45.347828][ T350] v4l2_fh_init+0x279/0x2c0 [ 45.352309][ T350] v4l2_fh_open+0x88/0xc0 [ 45.356629][ T350] em28xx_v4l2_open+0x11a/0x570 [ 45.361469][ T350] v4l2_open+0x20f/0x3d0 [ 45.365693][ T350] ? v4l2_release+0x390/0x390 [ 45.370503][ T350] chrdev_open+0x219/0x5c0 [ 45.374907][ T350] ? cdev_put.part.0+0x50/0x50 [ 45.379676][ T350] ? security_file_open+0x84/0x410 [ 45.384768][ T350] do_dentry_open+0x4fd/0x1170 [ 45.389516][ T350] ? cdev_put.part.0+0x50/0x50 [ 45.394259][ T350] path_openat+0x1cc5/0x26c0 [ 45.398826][ T350] ? path_lookupat.isra.0+0x530/0x530 [ 45.404205][ T350] ? lockdep_hardirqs_on_prepare+0x550/0x550 [ 45.410185][ T350] ? lockdep_hardirqs_on_prepare+0x550/0x550 [ 45.416260][ T350] ? filemap_map_pages+0x8a2/0x1010 [ 45.421437][ T350] do_filp_open+0x192/0x260 [ 45.426090][ T350] ? may_open_dev+0xf0/0xf0 [ 45.430595][ T350] ? do_raw_spin_lock+0x120/0x290 [ 45.435621][ T350] ? _raw_spin_unlock+0x1a/0x30 [ 45.440543][ T350] ? __alloc_fd+0x463/0x600 [ 45.445242][ T350] do_sys_openat2+0x585/0x7d0 [ 45.450003][ T350] ? file_open_root+0x400/0x400 [ 45.454982][ T350] ? prepare_exit_to_usermode+0xa/0x30 [ 45.460446][ T350] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 45.465993][ T350] do_sys_open+0xc3/0x140 [ 45.470333][ T350] ? filp_open+0x70/0x70 [ 45.474575][ T350] ? __secure_computing+0xb4/0x280 [ 45.479663][ T350] ? syscall_trace_enter+0x108/0x320 [ 45.484946][ T350] do_syscall_64+0x50/0x90 [ 45.489357][ T350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.495240][ T350] RIP: 0033:0x7f46d1b3e840 [ 45.499627][ T350] Code: Bad RIP value. [ 45.503669][ T350] RSP: 002b:00007ffed0512148 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 45.512054][ T350] RAX: ffffffffffffffda RBX: 00007ffed05122b8 RCX: 00007f46d1b3e840 [ 45.520009][ T350] RDX: 00007f46d1b2aea0 RSI: 0000000000000000 RDI: 00007ffed0512f25 [ 45.527977][ T350] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 45.535947][ T350] R10: 0000000000000002 R11: 0000000000000246 R12: 000055afadcb78d0 [ 45.543904][ T350] R13: 00007ffed05122b0 R14: 0000000000000000 R15: 0000000000000000 [ 45.552498][ T350] Kernel Offset: disabled [ 45.556837][ T350] Rebooting in 86400 seconds..