Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. executing program [ 32.743170][ T157] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.982500][ T157] usb 1-1: Using ep0 maxpacket: 32 [ 33.102538][ T157] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 33.112379][ T157] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 33.282419][ T157] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 33.291520][ T157] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.299599][ T157] usb 1-1: Product: syz [ 33.303830][ T157] usb 1-1: Manufacturer: syz [ 33.308400][ T157] usb 1-1: SerialNumber: syz [ 33.317215][ T157] usb 1-1: config 0 descriptor?? [ 33.364413][ T157] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 33.373747][ T157] em28xx 1-1:0.0: Video interface 0 found: executing program [ 33.622162][ T157] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 33.862044][ T157] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 33.870144][ T157] em28xx 1-1:0.0: board has no eeprom [ 33.981866][ T157] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 33.990057][ T157] em28xx 1-1:0.0: analog set to bulk mode. [ 33.999610][ T157] usb 1-1: USB disconnect, device number 2 [ 34.007582][ T157] em28xx 1-1:0.0: Disconnecting em28xx [ 34.013827][ T95] em28xx 1-1:0.0: Registering V4L2 extension [ 34.059259][ T95] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 34.066265][ T95] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 34.073264][ T95] em28xx 1-1:0.0: No AC97 audio processor [ 34.080343][ T95] usb 1-1: Decoder not found [ 34.085059][ T95] em28xx 1-1:0.0: failed to create media graph [ 34.091235][ T95] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 34.099137][ T95] em28xx 1-1:0.0: Binding DVB extension [ 34.104825][ T95] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 34.112502][ T95] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 34.120772][ T95] em28xx 1-1:0.0: Remote control support is not available for this card. [ 34.129545][ T157] em28xx 1-1:0.0: Closing input extension [ 34.137779][ T157] em28xx 1-1:0.0: Freeing device [ 34.491666][ T157] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 34.731501][ T157] usb 1-1: Using ep0 maxpacket: 32 [ 34.861543][ T157] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 34.871299][ T157] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 35.051386][ T157] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 35.060465][ T157] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.068516][ T157] usb 1-1: Product: syz [ 35.072731][ T157] usb 1-1: Manufacturer: syz [ 35.077302][ T157] usb 1-1: SerialNumber: syz [ 35.084386][ T157] usb 1-1: config 0 descriptor?? [ 35.122859][ T157] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 35.132105][ T157] em28xx 1-1:0.0: Video interface 0 found: executing program [ 35.361312][ T157] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 35.581120][ T157] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 35.589121][ T157] em28xx 1-1:0.0: board has no eeprom [ 35.701013][ T157] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 35.709182][ T157] em28xx 1-1:0.0: analog set to bulk mode. [ 35.717538][ T157] usb 1-1: USB disconnect, device number 3 [ 35.724097][ T157] em28xx 1-1:0.0: Disconnecting em28xx [ 35.729619][ T95] em28xx 1-1:0.0: Registering V4L2 extension [ 35.744379][ T95] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 35.751318][ T95] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 35.758345][ T95] em28xx 1-1:0.0: No AC97 audio processor [ 35.766032][ T95] usb 1-1: Decoder not found [ 35.770648][ T95] em28xx 1-1:0.0: failed to create media graph [ 35.778869][ T95] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 35.786697][ T95] em28xx 1-1:0.0: Binding DVB extension [ 35.786847][ T371] ================================================================== [ 35.793149][ T95] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 35.800358][ T371] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 35.807967][ T95] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 35.814915][ T371] Read of size 8 at addr ffff8881cc8c48c8 by task v4l_id/371 [ 35.814919][ T371] [ 35.814933][ T371] CPU: 1 PID: 371 Comm: v4l_id Not tainted 5.7.0-rc6-syzkaller #0 [ 35.814941][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.814945][ T371] Call Trace: [ 35.814965][ T371] dump_stack+0xef/0x16e [ 35.814984][ T371] print_address_description.constprop.0.cold+0xd3/0x415 [ 35.823265][ T95] em28xx 1-1:0.0: Remote control support is not available for this card. [ 35.830577][ T371] ? vprintk_func+0x7d/0x113 [ 35.836555][ T157] em28xx 1-1:0.0: Closing input extension [ 35.840667][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 35.888590][ T371] __kasan_report.cold+0x37/0x7d [ 35.893508][ T371] ? __kasan_kmalloc.constprop.0+0x50/0xd0 [ 35.899290][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 35.903957][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 35.908608][ T371] kasan_report+0x33/0x50 [ 35.912912][ T371] v4l2_fh_init+0x279/0x2c0 [ 35.917390][ T371] v4l2_fh_open+0x88/0xc0 [ 35.921694][ T371] em28xx_v4l2_open+0x11a/0x570 [ 35.926519][ T371] v4l2_open+0x20f/0x3d0 [ 35.930734][ T371] ? v4l2_release+0x390/0x390 [ 35.935401][ T371] chrdev_open+0x219/0x5c0 [ 35.939789][ T371] ? cdev_put.part.0+0x50/0x50 [ 35.944528][ T371] ? security_file_open+0x84/0x410 [ 35.949754][ T371] do_dentry_open+0x4ac/0x1160 [ 35.954541][ T371] ? cdev_put.part.0+0x50/0x50 [ 35.959283][ T371] ? chmod_common+0x3c0/0x3c0 [ 35.964287][ T371] ? inode_permission+0xbe/0x3a0 [ 35.969219][ T371] path_openat+0x1a0b/0x2740 [ 35.973802][ T371] ? do_sys_openat2+0x3fc/0x7d0 [ 35.978673][ T371] ? path_lookupat.isra.0+0x530/0x530 [ 35.984024][ T371] do_filp_open+0x192/0x260 [ 35.988509][ T371] ? may_open_dev+0xf0/0xf0 [ 35.992991][ T371] ? __alloc_fd+0x46d/0x600 [ 35.997471][ T371] ? do_raw_spin_lock+0x129/0x290 [ 36.002476][ T371] ? _raw_spin_unlock+0x1a/0x30 [ 36.007302][ T371] ? __alloc_fd+0x46d/0x600 [ 36.011793][ T371] do_sys_openat2+0x585/0x7d0 [ 36.016463][ T371] ? file_open_root+0x400/0x400 [ 36.021287][ T371] ? __secure_computing+0xb4/0x280 [ 36.026388][ T371] ? syscall_trace_enter+0x41d/0xcd0 [ 36.031647][ T371] do_sys_open+0xc3/0x140 [ 36.035950][ T371] ? filp_open+0x70/0x70 [ 36.040164][ T371] ? trace_hardirqs_off_caller+0x55/0x200 [ 36.045871][ T371] do_syscall_64+0xb6/0x5a0 [ 36.050348][ T371] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 36.056228][ T371] RIP: 0033:0x7f279376a840 [ 36.060622][ T371] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 36.080199][ T371] RSP: 002b:00007ffc4aab4508 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 36.088583][ T371] RAX: ffffffffffffffda RBX: 00007ffc4aab4678 RCX: 00007f279376a840 [ 36.096530][ T371] RDX: 00007f2793756ea0 RSI: 0000000000000000 RDI: 00007ffc4aab5f25 [ 36.104475][ T371] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 36.112428][ T371] R10: 0000000000000002 R11: 0000000000000246 R12: 0000555e2707d8d0 [ 36.120378][ T371] R13: 00007ffc4aab4670 R14: 0000000000000000 R15: 0000000000000000 [ 36.128364][ T371] [ 36.130682][ T371] The buggy address belongs to the page: [ 36.136316][ T371] page:ffffea0007323100 refcount:0 mapcount:-128 mapping:00000000a52fb1d5 index:0x0 [ 36.145655][ T371] flags: 0x200000000000000() [ 36.151113][ T371] raw: 0200000000000000 ffffea000732fd08 ffff88821fffabd0 0000000000000000 [ 36.159685][ T371] raw: 0000000000000000 0000000000000002 00000000ffffff7f 0000000000000000 [ 36.168239][ T371] page dumped because: kasan: bad access detected [ 36.174620][ T371] [ 36.176921][ T371] Memory state around the buggy address: [ 36.182559][ T371] ffff8881cc8c4780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.190765][ T371] ffff8881cc8c4800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.198801][ T371] >ffff8881cc8c4880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.206832][ T371] ^ [ 36.213233][ T371] ffff8881cc8c4900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.221265][ T371] ffff8881cc8c4980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.229306][ T371] ================================================================== [ 36.237334][ T371] Disabling lock debugging due to kernel taint [ 36.243521][ T371] Kernel panic - not syncing: panic_on_warn set ... [ 36.250102][ T371] CPU: 1 PID: 371 Comm: v4l_id Tainted: G B 5.7.0-rc6-syzkaller #0 [ 36.259276][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.269320][ T371] Call Trace: [ 36.272586][ T371] dump_stack+0xef/0x16e [ 36.276803][ T371] panic+0x2aa/0x6e1 [ 36.280670][ T371] ? add_taint.cold+0x16/0x16 [ 36.285318][ T371] ? retint_kernel+0x10/0x10 [ 36.289887][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 36.294553][ T371] ? trace_hardirqs_on+0x55/0x200 [ 36.299556][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 36.304215][ T371] end_report+0x4d/0x53 [ 36.308346][ T371] __kasan_report.cold+0x72/0x7d [ 36.313275][ T371] ? __kasan_kmalloc.constprop.0+0x50/0xd0 [ 36.319091][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 36.323743][ T371] ? v4l2_fh_init+0x279/0x2c0 [ 36.328392][ T371] kasan_report+0x33/0x50 [ 36.332709][ T371] v4l2_fh_init+0x279/0x2c0 [ 36.337186][ T371] v4l2_fh_open+0x88/0xc0 [ 36.341504][ T371] em28xx_v4l2_open+0x11a/0x570 [ 36.346327][ T371] v4l2_open+0x20f/0x3d0 [ 36.350540][ T371] ? v4l2_release+0x390/0x390 [ 36.355198][ T371] chrdev_open+0x219/0x5c0 [ 36.359586][ T371] ? cdev_put.part.0+0x50/0x50 [ 36.364330][ T371] ? security_file_open+0x84/0x410 [ 36.369420][ T371] do_dentry_open+0x4ac/0x1160 [ 36.374174][ T371] ? cdev_put.part.0+0x50/0x50 [ 36.378941][ T371] ? chmod_common+0x3c0/0x3c0 [ 36.383587][ T371] ? inode_permission+0xbe/0x3a0 [ 36.388495][ T371] path_openat+0x1a0b/0x2740 [ 36.393056][ T371] ? do_sys_openat2+0x3fc/0x7d0 [ 36.397883][ T371] ? path_lookupat.isra.0+0x530/0x530 [ 36.403225][ T371] do_filp_open+0x192/0x260 [ 36.407707][ T371] ? may_open_dev+0xf0/0xf0 [ 36.412192][ T371] ? __alloc_fd+0x46d/0x600 [ 36.416666][ T371] ? do_raw_spin_lock+0x129/0x290 [ 36.421661][ T371] ? _raw_spin_unlock+0x1a/0x30 [ 36.426497][ T371] ? __alloc_fd+0x46d/0x600 [ 36.430971][ T371] do_sys_openat2+0x585/0x7d0 [ 36.435626][ T371] ? file_open_root+0x400/0x400 [ 36.440448][ T371] ? __secure_computing+0xb4/0x280 [ 36.445555][ T371] ? syscall_trace_enter+0x41d/0xcd0 [ 36.450823][ T371] do_sys_open+0xc3/0x140 [ 36.455141][ T371] ? filp_open+0x70/0x70 [ 36.459356][ T371] ? trace_hardirqs_off_caller+0x55/0x200 [ 36.465059][ T371] do_syscall_64+0xb6/0x5a0 [ 36.469553][ T371] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 36.475419][ T371] RIP: 0033:0x7f279376a840 [ 36.479833][ T371] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 36.499408][ T371] RSP: 002b:00007ffc4aab4508 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 36.507789][ T371] RAX: ffffffffffffffda RBX: 00007ffc4aab4678 RCX: 00007f279376a840 [ 36.515750][ T371] RDX: 00007f2793756ea0 RSI: 0000000000000000 RDI: 00007ffc4aab5f25 [ 36.523695][ T371] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 36.531639][ T371] R10: 0000000000000002 R11: 0000000000000246 R12: 0000555e2707d8d0 [ 36.539599][ T371] R13: 00007ffc4aab4670 R14: 0000000000000000 R15: 0000000000000000 [ 36.548191][ T371] Kernel Offset: disabled [ 36.552521][ T371] Rebooting in 86400 seconds..