[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 17.070628][ C0] random: crng init done [ 17.075122][ C0] random: 7 urandom warning(s) missed due to ratelimiting Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program [ 24.413021][ T94] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.652622][ T94] usb 1-1: Using ep0 maxpacket: 8 [ 24.822470][ T94] usb 1-1: unable to get BOS descriptor or descriptor too short [ 24.912442][ T94] usb 1-1: config 0 has an invalid interface number: 63 but max is 0 [ 24.920756][ T94] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 24.929830][ T94] usb 1-1: config 0 has an invalid interface descriptor of length 2, skipping [ 24.938776][ T94] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 24.947712][ T94] usb 1-1: config 0 has no interface number 0 [ 24.953913][ T94] usb 1-1: config 0 interface 63 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 24.965003][ T94] usb 1-1: config 0 interface 63 altsetting 0 endpoint 0xA has invalid maxpacket 1185, setting to 64 [ 24.975933][ T94] usb 1-1: config 0 interface 63 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 24.986847][ T94] usb 1-1: config 0 interface 63 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 15 [ 25.000058][ T94] usb 1-1: New USB device found, idVendor=04bb, idProduct=0515, bcdDevice=f3.1f [ 25.009198][ T94] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.019801][ T94] usb 1-1: config 0 descriptor?? [ 25.074304][ T94] em28xx 1-1:0.63: New device @ 480 Mbps (04bb:0515, interface 63, class 63) [ 25.085089][ T94] em28xx 1-1:0.63: Video interface 63 found: executing program [ 25.331997][ T94] em28xx 1-1:0.63: unknown em28xx chip ID (0) [ 25.861349][ T94] em28xx 1-1:0.63: reading from i2c device at 0xa0 failed (error=-5) [ 25.869686][ T94] em28xx 1-1:0.63: board has no eeprom [ 25.981220][ T94] em28xx 1-1:0.63: Identified as IO-DATA GV-MVP/SZ (card=65) [ 25.988748][ T94] em28xx 1-1:0.63: analog set to bulk mode. [ 25.998549][ T94] usb 1-1: USB disconnect, device number 2 [ 26.008853][ T94] em28xx 1-1:0.63: Disconnecting em28xx [ 26.015184][ T12] em28xx 1-1:0.63: Registering V4L2 extension [ 26.050566][ T12] em28xx 1-1:0.63: Config register raw data: 0xffffffed [ 26.057689][ T12] em28xx 1-1:0.63: AC97 chip type couldn't be determined [ 26.065065][ T12] em28xx 1-1:0.63: No AC97 audio processor [ 26.072643][ T12] usb 1-1: Decoder not found [ 26.078053][ T12] em28xx 1-1:0.63: failed to create media graph [ 26.086105][ T12] em28xx 1-1:0.63: V4L2 device video0 deregistered [ 26.094418][ T12] em28xx 1-1:0.63: Remote control support is not available for this card. [ 26.103870][ T94] em28xx 1-1:0.63: Closing input extension [ 26.113665][ T94] em28xx 1-1:0.63: Freeing device [ 26.480671][ T94] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 26.720313][ T94] usb 1-1: Using ep0 maxpacket: 8 [ 26.880180][ T94] usb 1-1: unable to get BOS descriptor or descriptor too short [ 26.960215][ T94] usb 1-1: config 0 has an invalid interface number: 63 but max is 0 [ 26.968431][ T94] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 26.977211][ T94] usb 1-1: config 0 has an invalid interface descriptor of length 2, skipping [ 26.987002][ T94] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 26.995766][ T94] usb 1-1: config 0 has no interface number 0 [ 27.002459][ T94] usb 1-1: config 0 interface 63 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 27.014023][ T94] usb 1-1: config 0 interface 63 altsetting 0 endpoint 0xA has invalid maxpacket 1185, setting to 64 [ 27.024962][ T94] usb 1-1: config 0 interface 63 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 27.035886][ T94] usb 1-1: config 0 interface 63 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 15 [ 27.049016][ T94] usb 1-1: New USB device found, idVendor=04bb, idProduct=0515, bcdDevice=f3.1f [ 27.058100][ T94] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.067320][ T94] usb 1-1: config 0 descriptor?? [ 27.113887][ T94] em28xx 1-1:0.63: New device @ 480 Mbps (04bb:0515, interface 63, class 63) [ 27.124178][ T94] em28xx 1-1:0.63: Video interface 63 found: executing program [ 27.379781][ T94] em28xx 1-1:0.63: unknown em28xx chip ID (0) [ 27.889264][ T94] em28xx 1-1:0.63: reading from i2c device at 0xa0 failed (error=-5) [ 27.897755][ T94] em28xx 1-1:0.63: board has no eeprom [ 28.009064][ T94] em28xx 1-1:0.63: Identified as IO-DATA GV-MVP/SZ (card=65) [ 28.016532][ T94] em28xx 1-1:0.63: analog set to bulk mode. [ 28.030010][ T94] usb 1-1: USB disconnect, device number 3 [ 28.036747][ T94] em28xx 1-1:0.63: Disconnecting em28xx [ 28.043836][ T12] em28xx 1-1:0.63: Registering V4L2 extension [ 28.061472][ T12] em28xx 1-1:0.63: Config register raw data: 0xffffffed [ 28.068460][ T12] em28xx 1-1:0.63: AC97 chip type couldn't be determined [ 28.075571][ T12] em28xx 1-1:0.63: No AC97 audio processor [ 28.084226][ T12] usb 1-1: Decoder not found [ 28.088873][ T12] em28xx 1-1:0.63: failed to create media graph [ 28.097482][ T12] em28xx 1-1:0.63: V4L2 device video0 deregistered [ 28.105668][ T12] em28xx 1-1:0.63: Remote control support is not available for this card. [ 28.105816][ T373] ================================================================== [ 28.115291][ T94] em28xx 1-1:0.63: Closing input extension [ 28.122468][ T373] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 28.122480][ T373] Read of size 8 at addr ffff8881ccaac8c8 by task v4l_id/373 [ 28.122484][ T373] [ 28.122498][ T373] CPU: 1 PID: 373 Comm: v4l_id Not tainted 5.7.0-rc5-syzkaller #0 [ 28.122505][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.122510][ T373] Call Trace: [ 28.122527][ T373] dump_stack+0xef/0x16e [ 28.122548][ T373] print_address_description.constprop.0.cold+0xd3/0x314 [ 28.178034][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.182695][ T373] __kasan_report.cold+0x37/0x92 [ 28.187651][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.192346][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.197123][ T373] kasan_report+0x33/0x50 [ 28.201452][ T373] v4l2_fh_init+0x279/0x2c0 [ 28.205964][ T373] v4l2_fh_open+0x88/0xc0 [ 28.210285][ T373] em28xx_v4l2_open+0x11a/0x570 [ 28.215114][ T373] v4l2_open+0x20f/0x3d0 [ 28.219349][ T373] ? v4l2_release+0x390/0x390 [ 28.224023][ T373] chrdev_open+0x219/0x5c0 [ 28.228503][ T373] ? cdev_put.part.0+0x50/0x50 [ 28.233447][ T373] ? security_file_open+0x84/0x410 [ 28.238627][ T373] do_dentry_open+0x4ac/0x1160 [ 28.243407][ T373] ? cdev_put.part.0+0x50/0x50 [ 28.248161][ T373] ? chmod_common+0x3c0/0x3c0 [ 28.252941][ T373] ? inode_permission+0xbe/0x3a0 [ 28.257864][ T373] path_openat+0x1a0b/0x2740 [ 28.262530][ T373] ? do_sys_openat2+0x3fc/0x7d0 [ 28.267494][ T373] ? path_lookupat.isra.0+0x530/0x530 [ 28.272850][ T373] do_filp_open+0x192/0x260 [ 28.277375][ T373] ? may_open_dev+0xf0/0xf0 [ 28.281997][ T373] ? __alloc_fd+0x46d/0x600 [ 28.286485][ T373] ? do_raw_spin_lock+0x129/0x290 [ 28.291505][ T373] ? _raw_spin_unlock+0x1a/0x30 [ 28.296332][ T373] ? __alloc_fd+0x46d/0x600 [ 28.300880][ T373] do_sys_openat2+0x585/0x7d0 [ 28.305718][ T373] ? file_open_root+0x400/0x400 [ 28.310554][ T373] ? __secure_computing+0xb4/0x280 [ 28.315653][ T373] ? syscall_trace_enter+0x41d/0xcd0 [ 28.321191][ T373] do_sys_open+0xc3/0x140 [ 28.325869][ T373] ? filp_open+0x70/0x70 [ 28.330116][ T373] ? trace_hardirqs_off_caller+0x55/0x200 [ 28.335846][ T373] do_syscall_64+0xb6/0x5a0 [ 28.340475][ T373] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 28.346473][ T373] RIP: 0033:0x7f4c5d326840 [ 28.350899][ T373] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 28.371245][ T373] RSP: 002b:00007ffe0ca8b918 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 28.379737][ T373] RAX: ffffffffffffffda RBX: 00007ffe0ca8ba88 RCX: 00007f4c5d326840 [ 28.388073][ T373] RDX: 00007f4c5d312ea0 RSI: 0000000000000000 RDI: 00007ffe0ca8bf24 [ 28.396576][ T373] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 28.404785][ T373] R10: 0000000000000002 R11: 0000000000000246 R12: 000055789c2cb8d0 [ 28.412927][ T373] R13: 00007ffe0ca8ba80 R14: 0000000000000000 R15: 0000000000000000 [ 28.421004][ T373] [ 28.423321][ T373] The buggy address belongs to the page: [ 28.428946][ T373] page:ffffea000732ab00 refcount:0 mapcount:-128 mapping:0000000009ffd5d4 index:0x0 [ 28.439791][ T373] flags: 0x200000000000000() [ 28.444387][ T373] raw: 0200000000000000 ffffea000735ea08 ffff88821fffabd0 0000000000000000 [ 28.453055][ T373] raw: 0000000000000000 0000000000000002 00000000ffffff7f 0000000000000000 [ 28.461904][ T373] page dumped because: kasan: bad access detected [ 28.468729][ T373] [ 28.471053][ T373] Memory state around the buggy address: [ 28.477632][ T373] ffff8881ccaac780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.485871][ T373] ffff8881ccaac800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.494348][ T373] >ffff8881ccaac880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.502383][ T373] ^ [ 28.508780][ T373] ffff8881ccaac900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.516868][ T373] ffff8881ccaac980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.525082][ T373] ================================================================== [ 28.533167][ T373] Disabling lock debugging due to kernel taint [ 28.539771][ T373] Kernel panic - not syncing: panic_on_warn set ... [ 28.546370][ T373] CPU: 1 PID: 373 Comm: v4l_id Tainted: G B 5.7.0-rc5-syzkaller #0 [ 28.555556][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.565984][ T373] Call Trace: [ 28.569270][ T373] dump_stack+0xef/0x16e [ 28.573503][ T373] panic+0x2aa/0x6e1 [ 28.577397][ T373] ? add_taint.cold+0x16/0x16 [ 28.582053][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.586709][ T373] ? trace_hardirqs_on+0x55/0x200 [ 28.591907][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.596684][ T373] end_report+0x4d/0x53 [ 28.601075][ T373] __kasan_report.cold+0x72/0x92 [ 28.606008][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.610664][ T373] ? v4l2_fh_init+0x279/0x2c0 [ 28.615402][ T373] kasan_report+0x33/0x50 [ 28.619771][ T373] v4l2_fh_init+0x279/0x2c0 [ 28.624288][ T373] v4l2_fh_open+0x88/0xc0 [ 28.628606][ T373] em28xx_v4l2_open+0x11a/0x570 [ 28.633453][ T373] v4l2_open+0x20f/0x3d0 [ 28.637691][ T373] ? v4l2_release+0x390/0x390 [ 28.642372][ T373] chrdev_open+0x219/0x5c0 [ 28.646792][ T373] ? cdev_put.part.0+0x50/0x50 [ 28.651837][ T373] ? security_file_open+0x84/0x410 [ 28.656949][ T373] do_dentry_open+0x4ac/0x1160 [ 28.661708][ T373] ? cdev_put.part.0+0x50/0x50 [ 28.666603][ T373] ? chmod_common+0x3c0/0x3c0 [ 28.671726][ T373] ? inode_permission+0xbe/0x3a0 [ 28.676656][ T373] path_openat+0x1a0b/0x2740 [ 28.682797][ T373] ? do_sys_openat2+0x3fc/0x7d0 [ 28.687627][ T373] ? path_lookupat.isra.0+0x530/0x530 [ 28.692990][ T373] do_filp_open+0x192/0x260 [ 28.697508][ T373] ? may_open_dev+0xf0/0xf0 [ 28.702007][ T373] ? __alloc_fd+0x46d/0x600 [ 28.707283][ T373] ? do_raw_spin_lock+0x129/0x290 [ 28.712287][ T373] ? _raw_spin_unlock+0x1a/0x30 [ 28.717129][ T373] ? __alloc_fd+0x46d/0x600 [ 28.721898][ T373] do_sys_openat2+0x585/0x7d0 [ 28.726571][ T373] ? file_open_root+0x400/0x400 [ 28.731397][ T373] ? __secure_computing+0xb4/0x280 [ 28.736485][ T373] ? syscall_trace_enter+0x41d/0xcd0 [ 28.741745][ T373] do_sys_open+0xc3/0x140 [ 28.746064][ T373] ? filp_open+0x70/0x70 [ 28.750307][ T373] ? trace_hardirqs_off_caller+0x55/0x200 [ 28.756005][ T373] do_syscall_64+0xb6/0x5a0 [ 28.760492][ T373] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 28.766368][ T373] RIP: 0033:0x7f4c5d326840 [ 28.770819][ T373] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 28.790645][ T373] RSP: 002b:00007ffe0ca8b918 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 28.799156][ T373] RAX: ffffffffffffffda RBX: 00007ffe0ca8ba88 RCX: 00007f4c5d326840 [ 28.807409][ T373] RDX: 00007f4c5d312ea0 RSI: 0000000000000000 RDI: 00007ffe0ca8bf24 [ 28.815559][ T373] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 28.823608][ T373] R10: 0000000000000002 R11: 0000000000000246 R12: 000055789c2cb8d0 [ 28.831567][ T373] R13: 00007ffe0ca8ba80 R14: 0000000000000000 R15: 0000000000000000 [ 28.840297][ T373] Kernel Offset: disabled [ 28.844636][ T373] Rebooting in 86400 seconds..