Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   62.264615][   T78] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   62.624754][   T78] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   62.635973][   T78] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has wMaxPacketSize 0, skipping
[   62.646174][   T78] usb 1-1: New USB device found, idVendor=eb1a, idProduct=5006, bcdDevice=ed.9a
[   62.655521][   T78] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.665264][   T78] usb 1-1: config 0 descriptor??
[   62.707041][   T78] em28xx 1-1:0.0: New device   @ 480 Mbps (eb1a:5006, interface 0, class 0)
[   62.716054][   T78] em28xx 1-1:0.0: Video interface 0 found: isoc
executing program
[   62.954686][   T78] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[   63.094659][   T78] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   63.103170][   T78] em28xx 1-1:0.0: board has no eeprom
[   63.214571][   T78] em28xx 1-1:0.0: Identified as Honestech Vidbox NW03 (card=83)
[   63.223615][   T78] em28xx 1-1:0.0: analog set to isoc mode.
[   63.230546][ T1725] em28xx 1-1:0.0: Registering V4L2 extension
[   63.240475][   T78] usb 1-1: USB disconnect, device number 2
[   63.248586][   T78] em28xx 1-1:0.0: Disconnecting em28xx
[   63.254356][ T1725] em28xx 1-1:0.0: Config register raw data: 0xffffffed
[   63.261430][ T1725] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[   63.268457][ T1725] em28xx 1-1:0.0: No AC97 audio processor
[   63.276506][ T1725] usb 1-1: Decoder not found
[   63.281163][ T1725] em28xx 1-1:0.0: failed to create media graph
[   63.287596][ T1725] em28xx 1-1:0.0: V4L2 device video0 deregistered
[   63.295436][ T1725] em28xx 1-1:0.0: Remote control support is not available for this card.
[   63.304602][   T78] em28xx 1-1:0.0: Closing input extension
[   63.315254][   T78] em28xx 1-1:0.0: Freeing device
[   63.664533][   T78] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   64.024667][   T78] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   64.035794][   T78] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has wMaxPacketSize 0, skipping
[   64.046033][   T78] usb 1-1: New USB device found, idVendor=eb1a, idProduct=5006, bcdDevice=ed.9a
[   64.055348][   T78] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.064781][   T78] usb 1-1: config 0 descriptor??
[   64.106598][   T78] em28xx 1-1:0.0: New device   @ 480 Mbps (eb1a:5006, interface 0, class 0)
[   64.115419][   T78] em28xx 1-1:0.0: Video interface 0 found: isoc
executing program
[   64.344763][   T78] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[   64.474644][   T78] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   64.483054][   T78] em28xx 1-1:0.0: board has no eeprom
[   64.594554][   T78] em28xx 1-1:0.0: Identified as Honestech Vidbox NW03 (card=83)
[   64.602252][   T78] em28xx 1-1:0.0: analog set to isoc mode.
[   64.608665][ T1725] em28xx 1-1:0.0: Registering V4L2 extension
[   64.616172][   T78] usb 1-1: USB disconnect, device number 3
[   64.622596][   T78] em28xx 1-1:0.0: Disconnecting em28xx
[   64.628932][ T1725] em28xx 1-1:0.0: Config register raw data: 0xffffffed
[   64.635876][ T1725] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[   64.642901][ T1725] em28xx 1-1:0.0: No AC97 audio processor
[   64.649514][ T1725] usb 1-1: Decoder not found
[   64.654229][ T1725] em28xx 1-1:0.0: failed to create media graph
[   64.660652][ T1725] em28xx 1-1:0.0: V4L2 device video0 deregistered
[   64.668354][ T1725] em28xx 1-1:0.0: Remote control support is not available for this card.
[   64.668563][ T1734] ==================================================================
[   64.676943][   T78] em28xx 1-1:0.0: Closing input extension
[   64.684954][ T1734] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0
[   64.684964][ T1734] Read of size 8 at addr ffff8881cfb9c870 by task v4l_id/1734
[   64.684967][ T1734] 
[   64.684985][ T1734] CPU: 0 PID: 1734 Comm: v4l_id Not tainted 5.4.0-syzkaller #0
[   64.715826][ T1734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.725887][ T1734] Call Trace:
[   64.729174][ T1734]  dump_stack+0xef/0x16e
[   64.733404][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   64.738065][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   64.742732][ T1734]  print_address_description.constprop.0+0x36/0x50
[   64.749224][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   64.753887][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   64.758563][ T1734]  __kasan_report.cold+0x1a/0x33
[   64.763494][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   64.768156][ T1734]  kasan_report+0xe/0x20
[   64.772403][ T1734]  v4l2_fh_init+0x279/0x2c0
[   64.776894][ T1734]  v4l2_fh_open+0x88/0xc0
[   64.781376][ T1734]  em28xx_v4l2_open+0x11a/0x570
[   64.786255][ T1734]  v4l2_open+0x20f/0x3d0
[   64.790522][ T1734]  ? v4l2_release+0x390/0x390
[   64.795218][ T1734]  chrdev_open+0x219/0x5c0
[   64.799733][ T1734]  ? cdev_put.part.0+0x50/0x50
[   64.804495][ T1734]  do_dentry_open+0x494/0x1120
[   64.809249][ T1734]  ? cdev_put.part.0+0x50/0x50
[   64.814020][ T1734]  ? chmod_common+0x3c0/0x3c0
[   64.818685][ T1734]  ? inode_permission+0xbe/0x3a0
[   64.823637][ T1734]  path_openat+0x142b/0x4030
[   64.828228][ T1734]  ? save_stack+0x1b/0x80
[   64.832545][ T1734]  ? do_sys_open+0x294/0x580
[   64.837123][ T1734]  ? do_syscall_64+0xb7/0x5b0
[   64.841790][ T1734]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.847842][ T1734]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   64.853211][ T1734]  ? __lock_acquire+0x145e/0x3b60
[   64.858223][ T1734]  do_filp_open+0x1a1/0x280
[   64.862723][ T1734]  ? may_open_dev+0xf0/0xf0
[   64.867215][ T1734]  ? __alloc_fd+0x46d/0x600
[   64.871706][ T1734]  ? do_raw_spin_lock+0x11a/0x280
[   64.876737][ T1734]  ? do_raw_spin_unlock+0x13f/0x220
[   64.881922][ T1734]  ? _raw_spin_unlock+0x1a/0x30
[   64.886759][ T1734]  ? __alloc_fd+0x46d/0x600
[   64.891247][ T1734]  do_sys_open+0x3c0/0x580
[   64.895648][ T1734]  ? filp_open+0x70/0x70
[   64.899877][ T1734]  ? trace_hardirqs_off_caller+0x55/0x1e0
[   64.905582][ T1734]  do_syscall_64+0xb7/0x5b0
[   64.910094][ T1734]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.915974][ T1734] RIP: 0033:0x7fd4ab389120
[   64.920395][ T1734] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[   64.940001][ T1734] RSP: 002b:00007ffc50836ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   64.948662][ T1734] RAX: ffffffffffffffda RBX: 00007ffc50837158 RCX: 00007fd4ab389120
[   64.956781][ T1734] RDX: 00007fd4ab63e138 RSI: 0000000000000000 RDI: 00007ffc50838f1f
[   64.964783][ T1734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   64.972990][ T1734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884
[   64.980950][ T1734] R13: 00007ffc50837150 R14: 0000000000000000 R15: 0000000000000000
[   64.989152][ T1734] 
[   64.991495][ T1734] Allocated by task 1725:
[   64.995822][ T1734]  save_stack+0x1b/0x80
[   64.999973][ T1734]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.005597][ T1734]  em28xx_v4l2_init.cold+0x93/0x33eb
[   65.010871][ T1734]  em28xx_init_extension+0x12f/0x1f0
[   65.016233][ T1734]  request_module_async+0x5d/0x70
[   65.021243][ T1734]  process_one_work+0x92b/0x1530
[   65.026170][ T1734]  worker_thread+0x96/0xe20
[   65.030750][ T1734]  kthread+0x318/0x420
[   65.034912][ T1734]  ret_from_fork+0x24/0x30
[   65.039308][ T1734] 
[   65.041642][ T1734] Freed by task 1725:
[   65.045612][ T1734]  save_stack+0x1b/0x80
[   65.049863][ T1734]  __kasan_slab_free+0x130/0x180
[   65.054787][ T1734]  kfree+0xdc/0x310
[   65.058605][ T1734]  em28xx_v4l2_init.cold+0x2d4/0x33eb
[   65.063964][ T1734]  em28xx_init_extension+0x12f/0x1f0
[   65.069325][ T1734]  request_module_async+0x5d/0x70
[   65.074351][ T1734]  process_one_work+0x92b/0x1530
[   65.079363][ T1734]  worker_thread+0x96/0xe20
[   65.083850][ T1734]  kthread+0x318/0x420
[   65.088618][ T1734]  ret_from_fork+0x24/0x30
[   65.093026][ T1734] 
[   65.095341][ T1734] The buggy address belongs to the object at ffff8881cfb9c000
[   65.095341][ T1734]  which belongs to the cache kmalloc-8k of size 8192
[   65.109381][ T1734] The buggy address is located 2160 bytes inside of
[   65.109381][ T1734]  8192-byte region [ffff8881cfb9c000, ffff8881cfb9e000)
[   65.122813][ T1734] The buggy address belongs to the page:
[   65.128440][ T1734] page:ffffea00073ee600 refcount:1 mapcount:0 mapping:ffff8881da40c500 index:0x0 compound_mapcount: 0
[   65.139357][ T1734] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da40c500
[   65.148116][ T1734] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[   65.156690][ T1734] page dumped because: kasan: bad access detected
[   65.163170][ T1734] 
[   65.165482][ T1734] Memory state around the buggy address:
[   65.171107][ T1734]  ffff8881cfb9c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.179241][ T1734]  ffff8881cfb9c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.187287][ T1734] >ffff8881cfb9c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.195341][ T1734]                                                              ^
[   65.203047][ T1734]  ffff8881cfb9c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.211105][ T1734]  ffff8881cfb9c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.219151][ T1734] ==================================================================
[   65.227282][ T1734] Disabling lock debugging due to kernel taint
[   65.233565][ T1734] Kernel panic - not syncing: panic_on_warn set ...
[   65.240305][ T1734] CPU: 0 PID: 1734 Comm: v4l_id Tainted: G    B             5.4.0-syzkaller #0
[   65.249310][ T1734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.259467][ T1734] Call Trace:
[   65.262751][ T1734]  dump_stack+0xef/0x16e
[   65.266996][ T1734]  panic+0x2aa/0x6e1
[   65.270883][ T1734]  ? add_taint.cold+0x16/0x16
[   65.275778][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   65.280460][ T1734]  ? trace_hardirqs_on+0x55/0x1e0
[   65.285491][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   65.290240][ T1734]  end_report+0x43/0x49
[   65.294404][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   65.299086][ T1734]  __kasan_report.cold+0xd/0x33
[   65.303939][ T1734]  ? v4l2_fh_init+0x279/0x2c0
[   65.308641][ T1734]  kasan_report+0xe/0x20
[   65.312882][ T1734]  v4l2_fh_init+0x279/0x2c0
[   65.317371][ T1734]  v4l2_fh_open+0x88/0xc0
[   65.321683][ T1734]  em28xx_v4l2_open+0x11a/0x570
[   65.326521][ T1734]  v4l2_open+0x20f/0x3d0
[   65.330759][ T1734]  ? v4l2_release+0x390/0x390
[   65.335425][ T1734]  chrdev_open+0x219/0x5c0
[   65.339848][ T1734]  ? cdev_put.part.0+0x50/0x50
[   65.344610][ T1734]  do_dentry_open+0x494/0x1120
[   65.349381][ T1734]  ? cdev_put.part.0+0x50/0x50
[   65.354155][ T1734]  ? chmod_common+0x3c0/0x3c0
[   65.358819][ T1734]  ? inode_permission+0xbe/0x3a0
[   65.363738][ T1734]  path_openat+0x142b/0x4030
[   65.368328][ T1734]  ? save_stack+0x1b/0x80
[   65.372643][ T1734]  ? do_sys_open+0x294/0x580
[   65.377532][ T1734]  ? do_syscall_64+0xb7/0x5b0
[   65.382209][ T1734]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.388279][ T1734]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   65.393865][ T1734]  ? __lock_acquire+0x145e/0x3b60
[   65.398884][ T1734]  do_filp_open+0x1a1/0x280
[   65.403390][ T1734]  ? may_open_dev+0xf0/0xf0
[   65.407882][ T1734]  ? __alloc_fd+0x46d/0x600
[   65.412460][ T1734]  ? do_raw_spin_lock+0x11a/0x280
[   65.417950][ T1734]  ? do_raw_spin_unlock+0x13f/0x220
[   65.423161][ T1734]  ? _raw_spin_unlock+0x1a/0x30
[   65.428008][ T1734]  ? __alloc_fd+0x46d/0x600
[   65.432619][ T1734]  do_sys_open+0x3c0/0x580
[   65.437718][ T1734]  ? filp_open+0x70/0x70
[   65.441950][ T1734]  ? trace_hardirqs_off_caller+0x55/0x1e0
[   65.447655][ T1734]  do_syscall_64+0xb7/0x5b0
[   65.452147][ T1734]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.458146][ T1734] RIP: 0033:0x7fd4ab389120
[   65.462784][ T1734] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[   65.482494][ T1734] RSP: 002b:00007ffc50836ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   65.490886][ T1734] RAX: ffffffffffffffda RBX: 00007ffc50837158 RCX: 00007fd4ab389120
[   65.498839][ T1734] RDX: 00007fd4ab63e138 RSI: 0000000000000000 RDI: 00007ffc50838f1f
[   65.506789][ T1734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   65.514749][ T1734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884
[   65.522713][ T1734] R13: 00007ffc50837150 R14: 0000000000000000 R15: 0000000000000000
[   65.531534][ T1734] Kernel Offset: disabled
[   65.535860][ T1734] Rebooting in 86400 seconds..