Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.471460][ T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 34.710648][ T95] usb 1-1: Using ep0 maxpacket: 32 [ 34.830713][ T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 34.840774][ T95] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 35.010599][ T95] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 35.019663][ T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.028150][ T95] usb 1-1: Product: syz [ 35.032376][ T95] usb 1-1: Manufacturer: syz [ 35.036951][ T95] usb 1-1: SerialNumber: syz [ 35.046036][ T95] usb 1-1: config 0 descriptor?? [ 35.092784][ T95] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 35.102064][ T95] em28xx 1-1:0.0: Video interface 0 found: executing program [ 35.330526][ T95] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 35.550354][ T95] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 35.558641][ T95] em28xx 1-1:0.0: board has no eeprom [ 35.670222][ T95] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 35.678391][ T95] em28xx 1-1:0.0: analog set to bulk mode. [ 35.687663][ T95] usb 1-1: USB disconnect, device number 2 [ 35.695509][ T95] em28xx 1-1:0.0: Disconnecting em28xx [ 35.701517][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 35.736512][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 35.743498][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 35.750516][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 35.757729][ T12] usb 1-1: Decoder not found [ 35.762443][ T12] em28xx 1-1:0.0: failed to create media graph [ 35.769089][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 35.777275][ T12] em28xx 1-1:0.0: Binding DVB extension [ 35.783131][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 35.790751][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 35.799126][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 35.808043][ T95] em28xx 1-1:0.0: Closing input extension [ 35.817097][ T95] em28xx 1-1:0.0: Freeing device [ 36.180008][ T95] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 36.419893][ T95] usb 1-1: Using ep0 maxpacket: 32 [ 36.539902][ T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 36.549815][ T95] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 36.719852][ T95] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 36.728952][ T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.737008][ T95] usb 1-1: Product: syz [ 36.741287][ T95] usb 1-1: Manufacturer: syz [ 36.745885][ T95] usb 1-1: SerialNumber: syz [ 36.752733][ T95] usb 1-1: config 0 descriptor?? [ 36.801337][ T95] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 36.810597][ T95] em28xx 1-1:0.0: Video interface 0 found: executing program [ 37.049653][ T95] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 37.279509][ T95] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 37.287564][ T95] em28xx 1-1:0.0: board has no eeprom [ 37.399898][ T95] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 37.408105][ T95] em28xx 1-1:0.0: analog set to bulk mode. [ 37.416449][ T95] usb 1-1: USB disconnect, device number 3 [ 37.425751][ T95] em28xx 1-1:0.0: Disconnecting em28xx [ 37.431614][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 37.444828][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 37.451731][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 37.458758][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 37.465716][ T12] usb 1-1: Decoder not found [ 37.470427][ T12] em28xx 1-1:0.0: failed to create media graph [ 37.476605][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 37.484544][ T12] em28xx 1-1:0.0: Binding DVB extension [ 37.484751][ T381] ================================================================== [ 37.490980][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 37.498640][ T381] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 37.498656][ T381] Read of size 8 at addr ffff8881cddb88c8 by task v4l_id/381 [ 37.506260][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 37.513174][ T381] [ 37.513190][ T381] CPU: 1 PID: 381 Comm: v4l_id Not tainted 5.7.0-rc6-syzkaller #0 [ 37.513198][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.513203][ T381] Call Trace: [ 37.513221][ T381] dump_stack+0xef/0x16e [ 37.513242][ T381] print_address_description.constprop.0.cold+0xd3/0x415 [ 37.520620][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 37.528800][ T381] ? vprintk_func+0x7d/0x113 [ 37.535004][ T95] em28xx 1-1:0.0: Closing input extension [ 37.538896][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 37.586868][ T381] __kasan_report.cold+0x37/0x7d [ 37.591796][ T381] ? __kasan_kmalloc.constprop.0+0x40/0xd0 [ 37.597585][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 37.602248][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 37.607003][ T381] kasan_report+0x33/0x50 [ 37.611310][ T381] v4l2_fh_init+0x279/0x2c0 [ 37.615788][ T381] v4l2_fh_open+0x88/0xc0 [ 37.620095][ T381] em28xx_v4l2_open+0x11a/0x570 [ 37.624936][ T381] v4l2_open+0x20f/0x3d0 [ 37.629169][ T381] ? v4l2_release+0x390/0x390 [ 37.633831][ T381] chrdev_open+0x219/0x5c0 [ 37.638238][ T381] ? cdev_put.part.0+0x50/0x50 [ 37.642978][ T381] ? security_file_open+0x84/0x410 [ 37.648066][ T381] do_dentry_open+0x4ac/0x1160 [ 37.652805][ T381] ? cdev_put.part.0+0x50/0x50 [ 37.657542][ T381] ? chmod_common+0x3c0/0x3c0 [ 37.662195][ T381] ? inode_permission+0xbe/0x3a0 [ 37.667122][ T381] path_openat+0x1a0b/0x2740 [ 37.671739][ T381] ? do_sys_openat2+0x3fc/0x7d0 [ 37.676578][ T381] ? path_lookupat.isra.0+0x530/0x530 [ 37.681932][ T381] do_filp_open+0x192/0x260 [ 37.686426][ T381] ? may_open_dev+0xf0/0xf0 [ 37.690994][ T381] ? __alloc_fd+0x46d/0x600 [ 37.695470][ T381] ? do_raw_spin_lock+0x129/0x290 [ 37.700472][ T381] ? _raw_spin_unlock+0x1a/0x30 [ 37.705385][ T381] ? __alloc_fd+0x46d/0x600 [ 37.709863][ T381] do_sys_openat2+0x585/0x7d0 [ 37.714515][ T381] ? file_open_root+0x400/0x400 [ 37.719710][ T381] ? __secure_computing+0xb4/0x280 [ 37.724798][ T381] ? syscall_trace_enter+0x41d/0xcd0 [ 37.730072][ T381] do_sys_open+0xc3/0x140 [ 37.734403][ T381] ? filp_open+0x70/0x70 [ 37.738620][ T381] ? trace_hardirqs_off_caller+0x55/0x200 [ 37.744314][ T381] do_syscall_64+0xb6/0x5a0 [ 37.748795][ T381] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 37.754661][ T381] RIP: 0033:0x7f6bcd693840 [ 37.759054][ T381] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 37.778634][ T381] RSP: 002b:00007ffcdb1d05b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 37.787028][ T381] RAX: ffffffffffffffda RBX: 00007ffcdb1d0728 RCX: 00007f6bcd693840 [ 37.794991][ T381] RDX: 00007f6bcd67fea0 RSI: 0000000000000000 RDI: 00007ffcdb1d1f25 [ 37.802948][ T381] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 37.810906][ T381] R10: 0000000000000002 R11: 0000000000000246 R12: 000055891b31b8d0 [ 37.818917][ T381] R13: 00007ffcdb1d0720 R14: 0000000000000000 R15: 0000000000000000 [ 37.827030][ T381] [ 37.829360][ T381] Allocated by task 137: [ 37.833648][ T381] save_stack+0x1b/0x40 [ 37.837807][ T381] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 37.843426][ T381] kmem_cache_alloc+0xd8/0x300 [ 37.849310][ T381] getname_flags+0xd2/0x5b0 [ 37.853791][ T381] user_path_at_empty+0x2a/0x50 [ 37.858620][ T381] do_faccessat+0x248/0x7a0 [ 37.863118][ T381] do_syscall_64+0xb6/0x5a0 [ 37.867598][ T381] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 37.873894][ T381] [ 37.876198][ T381] Freed by task 137: [ 37.880089][ T381] save_stack+0x1b/0x40 [ 37.884221][ T381] __kasan_slab_free+0x117/0x160 [ 37.889838][ T381] kmem_cache_free+0x9b/0x360 [ 37.894488][ T381] putname+0xe1/0x120 [ 37.898444][ T381] filename_lookup+0x282/0x3e0 [ 37.903182][ T381] do_faccessat+0x248/0x7a0 [ 37.907661][ T381] do_syscall_64+0xb6/0x5a0 [ 37.912141][ T381] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 37.918103][ T381] [ 37.920410][ T381] The buggy address belongs to the object at ffff8881cddb8000 [ 37.920410][ T381] which belongs to the cache names_cache of size 4096 [ 37.934524][ T381] The buggy address is located 2248 bytes inside of [ 37.934524][ T381] 4096-byte region [ffff8881cddb8000, ffff8881cddb9000) [ 37.947939][ T381] The buggy address belongs to the page: [ 37.953556][ T381] page:ffffea0007376e00 refcount:1 mapcount:0 mapping:00000000b8cf32e4 index:0x0 head:ffffea0007376e00 order:3 compound_mapcount:0 compound_pincount:0 [ 37.968725][ T381] flags: 0x200000000010200(slab|head) [ 37.974091][ T381] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da11e000 [ 37.982654][ T381] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 37.991208][ T381] page dumped because: kasan: bad access detected [ 37.997603][ T381] [ 37.999939][ T381] Memory state around the buggy address: [ 38.005560][ T381] ffff8881cddb8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.013611][ T381] ffff8881cddb8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.021648][ T381] >ffff8881cddb8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.029679][ T381] ^ [ 38.036066][ T381] ffff8881cddb8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.044101][ T381] ffff8881cddb8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.052146][ T381] ================================================================== [ 38.060195][ T381] Disabling lock debugging due to kernel taint [ 38.066526][ T381] Kernel panic - not syncing: panic_on_warn set ... [ 38.073114][ T381] CPU: 1 PID: 381 Comm: v4l_id Tainted: G B 5.7.0-rc6-syzkaller #0 [ 38.082296][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.092360][ T381] Call Trace: [ 38.095629][ T381] dump_stack+0xef/0x16e [ 38.099864][ T381] panic+0x2aa/0x6e1 [ 38.103735][ T381] ? add_taint.cold+0x16/0x16 [ 38.108405][ T381] ? retint_kernel+0x10/0x10 [ 38.113398][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 38.118052][ T381] ? trace_hardirqs_on+0x55/0x200 [ 38.123050][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 38.127717][ T381] end_report+0x4d/0x53 [ 38.131860][ T381] __kasan_report.cold+0x72/0x7d [ 38.136796][ T381] ? __kasan_kmalloc.constprop.0+0x40/0xd0 [ 38.142579][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 38.147251][ T381] ? v4l2_fh_init+0x279/0x2c0 [ 38.151916][ T381] kasan_report+0x33/0x50 [ 38.156232][ T381] v4l2_fh_init+0x279/0x2c0 [ 38.160737][ T381] v4l2_fh_open+0x88/0xc0 [ 38.165041][ T381] em28xx_v4l2_open+0x11a/0x570 [ 38.169937][ T381] v4l2_open+0x20f/0x3d0 [ 38.174170][ T381] ? v4l2_release+0x390/0x390 [ 38.178844][ T381] chrdev_open+0x219/0x5c0 [ 38.183239][ T381] ? cdev_put.part.0+0x50/0x50 [ 38.187981][ T381] ? security_file_open+0x84/0x410 [ 38.193090][ T381] do_dentry_open+0x4ac/0x1160 [ 38.197831][ T381] ? cdev_put.part.0+0x50/0x50 [ 38.202569][ T381] ? chmod_common+0x3c0/0x3c0 [ 38.207219][ T381] ? inode_permission+0xbe/0x3a0 [ 38.212132][ T381] path_openat+0x1a0b/0x2740 [ 38.216700][ T381] ? do_sys_openat2+0x3fc/0x7d0 [ 38.221545][ T381] ? path_lookupat.isra.0+0x530/0x530 [ 38.226911][ T381] do_filp_open+0x192/0x260 [ 38.231389][ T381] ? may_open_dev+0xf0/0xf0 [ 38.235866][ T381] ? __alloc_fd+0x46d/0x600 [ 38.240344][ T381] ? do_raw_spin_lock+0x129/0x290 [ 38.245344][ T381] ? _raw_spin_unlock+0x1a/0x30 [ 38.250169][ T381] ? __alloc_fd+0x46d/0x600 [ 38.254665][ T381] do_sys_openat2+0x585/0x7d0 [ 38.259328][ T381] ? file_open_root+0x400/0x400 [ 38.264158][ T381] ? __secure_computing+0xb4/0x280 [ 38.269254][ T381] ? syscall_trace_enter+0x41d/0xcd0 [ 38.274514][ T381] do_sys_open+0xc3/0x140 [ 38.278829][ T381] ? filp_open+0x70/0x70 [ 38.283049][ T381] ? trace_hardirqs_off_caller+0x55/0x200 [ 38.288742][ T381] do_syscall_64+0xb6/0x5a0 [ 38.293222][ T381] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 38.299195][ T381] RIP: 0033:0x7f6bcd693840 [ 38.303854][ T381] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 38.323454][ T381] RSP: 002b:00007ffcdb1d05b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 38.331856][ T381] RAX: ffffffffffffffda RBX: 00007ffcdb1d0728 RCX: 00007f6bcd693840 [ 38.341291][ T381] RDX: 00007f6bcd67fea0 RSI: 0000000000000000 RDI: 00007ffcdb1d1f25 [ 38.349240][ T381] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 38.357217][ T381] R10: 0000000000000002 R11: 0000000000000246 R12: 000055891b31b8d0 [ 38.365181][ T381] R13: 00007ffcdb1d0720 R14: 0000000000000000 R15: 0000000000000000 [ 38.373180][ T381] Kernel Offset: disabled [ 38.377493][ T381] Rebooting in 86400 seconds..