[info] Using makefile-style concurrent boot in runlevel 2. [ 14.055773][ C1] random: crng init done [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.565275][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.655387][ T17] usb 1-1: Using ep0 maxpacket: 32 [ 35.775806][ T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 35.945450][ T17] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 35.954489][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.962503][ T17] usb 1-1: Product: syz [ 35.966689][ T17] usb 1-1: Manufacturer: syz [ 35.971291][ T17] usb 1-1: SerialNumber: syz [ 35.977468][ T17] usb 1-1: config 0 descriptor?? [ 36.016863][ T17] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 36.026152][ T17] em28xx 1-1:0.0: Video interface 0 found: executing program [ 36.265292][ T17] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 36.485294][ T17] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 36.493386][ T17] em28xx 1-1:0.0: board has no eeprom [ 36.605675][ T17] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 36.613881][ T17] em28xx 1-1:0.0: analog set to bulk mode. [ 36.621957][ T17] usb 1-1: USB disconnect, device number 2 [ 36.631767][ T17] em28xx 1-1:0.0: Disconnecting em28xx [ 36.637536][ T1786] em28xx 1-1:0.0: Registering V4L2 extension [ 36.652180][ T1786] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 36.659147][ T1786] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 36.666169][ T1786] em28xx 1-1:0.0: No AC97 audio processor [ 36.673004][ T1786] usb 1-1: Decoder not found [ 36.677656][ T1786] em28xx 1-1:0.0: failed to create media graph [ 36.683842][ T1786] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 36.691414][ T1786] em28xx 1-1:0.0: Binding DVB extension [ 36.697071][ T1786] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 36.704610][ T1786] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 36.712923][ T1786] em28xx 1-1:0.0: Remote control support is not available for this card. [ 36.721468][ T17] em28xx 1-1:0.0: Closing input extension [ 36.729421][ T17] em28xx 1-1:0.0: Freeing device [ 37.105257][ T17] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 37.195344][ T17] usb 1-1: Using ep0 maxpacket: 32 [ 37.315812][ T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 37.485375][ T17] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 37.494435][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.502450][ T17] usb 1-1: Product: syz [ 37.506736][ T17] usb 1-1: Manufacturer: syz [ 37.511313][ T17] usb 1-1: SerialNumber: syz [ 37.517264][ T17] usb 1-1: config 0 descriptor?? [ 37.556578][ T17] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 37.565848][ T17] em28xx 1-1:0.0: Video interface 0 found: executing program [ 37.795432][ T17] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 38.015265][ T17] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 38.023269][ T17] em28xx 1-1:0.0: board has no eeprom [ 38.135774][ T17] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 38.143945][ T17] em28xx 1-1:0.0: analog set to bulk mode. [ 38.151798][ T17] usb 1-1: USB disconnect, device number 3 [ 38.160076][ T17] em28xx 1-1:0.0: Disconnecting em28xx [ 38.165705][ T1786] em28xx 1-1:0.0: Registering V4L2 extension [ 38.180733][ T1786] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 38.187664][ T1786] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 38.194586][ T1786] em28xx 1-1:0.0: No AC97 audio processor [ 38.201127][ T1786] usb 1-1: Decoder not found [ 38.205797][ T1786] em28xx 1-1:0.0: failed to create media graph [ 38.211995][ T1786] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 38.219215][ T1786] em28xx 1-1:0.0: Binding DVB extension [ 38.224764][ T1786] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 38.232362][ T1786] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 38.240786][ T1786] em28xx 1-1:0.0: Remote control support is not available for this card. [ 38.249262][ T17] em28xx 1-1:0.0: Closing input extension [ 38.255885][ T17] em28xx 1-1:0.0: Freeing device [ 38.605260][ T17] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 38.695306][ T17] usb 1-1: Using ep0 maxpacket: 32 [ 38.815808][ T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 38.985292][ T17] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 38.994391][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.002409][ T17] usb 1-1: Product: syz [ 39.006583][ T17] usb 1-1: Manufacturer: syz [ 39.011158][ T17] usb 1-1: SerialNumber: syz [ 39.017160][ T17] usb 1-1: config 0 descriptor?? [ 39.056691][ T17] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 39.065963][ T17] em28xx 1-1:0.0: Video interface 0 found: executing program [ 39.295441][ T17] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 39.515273][ T17] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 39.523289][ T17] em28xx 1-1:0.0: board has no eeprom [ 39.635650][ T17] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 39.643852][ T17] em28xx 1-1:0.0: analog set to bulk mode. [ 39.650357][ T1786] em28xx 1-1:0.0: Registering V4L2 extension [ 39.665673][ T17] usb 1-1: USB disconnect, device number 4 [ 39.672082][ T17] em28xx 1-1:0.0: Disconnecting em28xx [ 39.677718][ T1786] em28xx 1-1:0.0: reading from i2c device at 0xb8 failed (error=-5) [ 39.690170][ T1786] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 39.697082][ T1786] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 39.704082][ T1786] em28xx 1-1:0.0: No AC97 audio processor [ 39.710605][ T1786] usb 1-1: Decoder not found [ 39.715286][ T1786] em28xx 1-1:0.0: failed to create media graph [ 39.721463][ T1786] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 39.728614][ T1786] em28xx 1-1:0.0: Binding DVB extension [ 39.734174][ T1786] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 39.741778][ T1786] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 39.750144][ T1786] em28xx 1-1:0.0: Remote control support is not available for this card. [ 39.758636][ T17] em28xx 1-1:0.0: Closing input extension [ 39.765453][ T17] em28xx 1-1:0.0: Freeing device [ 40.115258][ T17] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 40.205302][ T17] usb 1-1: Using ep0 maxpacket: 32 [ 40.325752][ T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 40.495334][ T17] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 40.504389][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.512430][ T17] usb 1-1: Product: syz [ 40.516610][ T17] usb 1-1: Manufacturer: syz [ 40.521198][ T17] usb 1-1: SerialNumber: syz [ 40.527075][ T17] usb 1-1: config 0 descriptor?? [ 40.566538][ T17] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 40.575879][ T17] em28xx 1-1:0.0: Video interface 0 found: executing program [ 40.805448][ T17] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 41.025256][ T17] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 41.033290][ T17] em28xx 1-1:0.0: board has no eeprom [ 41.146001][ T17] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 41.154196][ T17] em28xx 1-1:0.0: analog set to bulk mode. [ 41.160645][ T1786] em28xx 1-1:0.0: Registering V4L2 extension [ 41.168540][ T17] usb 1-1: USB disconnect, device number 5 [ 41.174930][ T17] em28xx 1-1:0.0: Disconnecting em28xx [ 41.192996][ T1786] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 41.199881][ T1786] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 41.206850][ T1786] em28xx 1-1:0.0: No AC97 audio processor [ 41.213276][ T1786] usb 1-1: Decoder not found [ 41.217984][ T1786] em28xx 1-1:0.0: failed to create media graph [ 41.224150][ T1786] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 41.231378][ T1786] em28xx 1-1:0.0: Binding DVB extension [ 41.237056][ T1786] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 41.244621][ T1786] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 41.253028][ T1786] em28xx 1-1:0.0: Remote control support is not available for this card. [ 41.261689][ T17] em28xx 1-1:0.0: Closing input extension [ 41.268522][ T17] em28xx 1-1:0.0: Freeing device [ 41.625227][ T17] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 41.715305][ T17] usb 1-1: Using ep0 maxpacket: 32 [ 41.835317][ T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 42.005343][ T17] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 42.014513][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.022572][ T17] usb 1-1: Product: syz [ 42.026775][ T17] usb 1-1: Manufacturer: syz [ 42.031388][ T17] usb 1-1: SerialNumber: syz [ 42.037602][ T17] usb 1-1: config 0 descriptor?? [ 42.077064][ T17] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 42.086301][ T17] em28xx 1-1:0.0: Video interface 0 found: executing program [ 42.335726][ T17] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 42.555264][ T17] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 42.563284][ T17] em28xx 1-1:0.0: board has no eeprom [ 42.675249][ T17] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 42.683442][ T17] em28xx 1-1:0.0: analog set to bulk mode. [ 42.689681][ T1786] em28xx 1-1:0.0: Registering V4L2 extension [ 42.697179][ T17] usb 1-1: USB disconnect, device number 6 [ 42.703567][ T17] em28xx 1-1:0.0: Disconnecting em28xx [ 42.720665][ T1786] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 42.727550][ T1786] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 42.734474][ T1786] em28xx 1-1:0.0: No AC97 audio processor [ 42.741379][ T1786] usb 1-1: Decoder not found [ 42.746037][ T1786] em28xx 1-1:0.0: failed to create media graph [ 42.752193][ T1786] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 42.759717][ T1786] em28xx 1-1:0.0: Binding DVB extension [ 42.765337][ T1786] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 42.772880][ T1786] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 42.781361][ T1786] em28xx 1-1:0.0: Remote control support is not available for this card. [ 42.789844][ T17] em28xx 1-1:0.0: Closing input extension [ 42.796512][ T17] em28xx 1-1:0.0: Freeing device [ 43.145759][ T17] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 43.235334][ T17] usb 1-1: Using ep0 maxpacket: 32 [ 43.355304][ T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 43.525310][ T17] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 43.534359][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.542408][ T17] usb 1-1: Product: syz [ 43.546634][ T17] usb 1-1: Manufacturer: syz [ 43.551239][ T17] usb 1-1: SerialNumber: syz [ 43.557512][ T17] usb 1-1: config 0 descriptor?? [ 43.606491][ T17] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 43.615728][ T17] em28xx 1-1:0.0: Video interface 0 found: executing program [ 43.845398][ T17] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 44.075255][ T17] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 44.083277][ T17] em28xx 1-1:0.0: board has no eeprom [ 44.195240][ T17] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 44.203513][ T17] em28xx 1-1:0.0: analog set to bulk mode. [ 44.209752][ T1786] em28xx 1-1:0.0: Registering V4L2 extension [ 44.217742][ T17] usb 1-1: USB disconnect, device number 7 [ 44.232552][ T1786] em28xx 1-1:0.0: reading from i2c device at 0xb8 failed (error=-19) [ 44.241008][ T17] em28xx 1-1:0.0: Disconnecting em28xx [ 44.251244][ T1786] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 44.258224][ T1786] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 44.265148][ T1786] em28xx 1-1:0.0: No AC97 audio processor [ 44.271566][ T1786] usb 1-1: Decoder not found [ 44.276252][ T1786] em28xx 1-1:0.0: failed to create media graph [ 44.282417][ T1786] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 44.289876][ T1786] em28xx 1-1:0.0: Binding DVB extension [ 44.290023][ T1829] ================================================================== [ 44.295548][ T1786] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 44.303559][ T1829] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 44.303576][ T1829] Read of size 8 at addr ffff8881cdbf4870 by task v4l_id/1829 [ 44.311160][ T1786] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 44.318089][ T1829] [ 44.318104][ T1829] CPU: 0 PID: 1829 Comm: v4l_id Not tainted 5.6.0-rc3-syzkaller #0 [ 44.318111][ T1829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.318115][ T1829] Call Trace: [ 44.318130][ T1829] dump_stack+0xef/0x16e [ 44.318141][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.318161][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.325640][ T1786] em28xx 1-1:0.0: Remote control support is not available for this card. [ 44.333817][ T1829] print_address_description.constprop.0.cold+0xd3/0x314 [ 44.333833][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.336242][ T17] em28xx 1-1:0.0: Closing input extension [ 44.344017][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.344038][ T1829] __kasan_report.cold+0x37/0x77 [ 44.406219][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.410874][ T1829] kasan_report+0xe/0x20 [ 44.415101][ T1829] v4l2_fh_init+0x279/0x2c0 [ 44.419580][ T1829] v4l2_fh_open+0x88/0xc0 [ 44.423884][ T1829] em28xx_v4l2_open+0x11a/0x570 [ 44.428712][ T1829] v4l2_open+0x20f/0x3d0 [ 44.432950][ T1829] ? v4l2_release+0x390/0x390 [ 44.437603][ T1829] chrdev_open+0x219/0x5c0 [ 44.441999][ T1829] ? cdev_put.part.0+0x50/0x50 [ 44.446745][ T1829] do_dentry_open+0x494/0x1120 [ 44.451517][ T1829] ? cdev_put.part.0+0x50/0x50 [ 44.456261][ T1829] ? chmod_common+0x3c0/0x3c0 [ 44.460914][ T1829] ? inode_permission+0xbe/0x3a0 [ 44.465877][ T1829] path_openat+0x1222/0x32a0 [ 44.470449][ T1829] ? path_mountpoint.isra.0+0x370/0x370 [ 44.475975][ T1829] ? __lock_acquire+0x145e/0x3b60 [ 44.481036][ T1829] do_filp_open+0x192/0x260 [ 44.485519][ T1829] ? may_open_dev+0xf0/0xf0 [ 44.489998][ T1829] ? __alloc_fd+0x46d/0x600 [ 44.494516][ T1829] ? do_raw_spin_lock+0x129/0x290 [ 44.499553][ T1829] ? _raw_spin_unlock+0x1a/0x30 [ 44.504396][ T1829] ? __alloc_fd+0x46d/0x600 [ 44.508913][ T1829] do_sys_openat2+0x54c/0x740 [ 44.513567][ T1829] ? file_open_root+0x3d0/0x3d0 [ 44.518437][ T1829] ? up_read+0x1ab/0x750 [ 44.522656][ T1829] do_sys_open+0xc3/0x140 [ 44.526963][ T1829] ? filp_open+0x70/0x70 [ 44.531187][ T1829] ? trace_hardirqs_off_caller+0x55/0x200 [ 44.536885][ T1829] do_syscall_64+0xb6/0x5a0 [ 44.541367][ T1829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.547238][ T1829] RIP: 0033:0x7fdb2fb5a120 [ 44.551657][ T1829] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 44.571240][ T1829] RSP: 002b:00007ffd41797038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 44.579693][ T1829] RAX: ffffffffffffffda RBX: 00007ffd41797198 RCX: 00007fdb2fb5a120 [ 44.587649][ T1829] RDX: 00007fdb2fe0f138 RSI: 0000000000000000 RDI: 00007ffd41797f1f [ 44.595599][ T1829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 44.603551][ T1829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 44.611502][ T1829] R13: 00007ffd41797190 R14: 0000000000000000 R15: 0000000000000000 [ 44.619452][ T1829] [ 44.621763][ T1829] Allocated by task 1786: [ 44.626078][ T1829] save_stack+0x1b/0x80 [ 44.630211][ T1829] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 44.635829][ T1829] em28xx_v4l2_init.cold+0x93/0x33eb [ 44.641105][ T1829] em28xx_init_extension+0x12f/0x1f0 [ 44.646372][ T1829] request_module_async+0x5d/0x70 [ 44.651380][ T1829] process_one_work+0x94b/0x1620 [ 44.656297][ T1829] worker_thread+0x96/0xe20 [ 44.660778][ T1829] kthread+0x318/0x420 [ 44.664834][ T1829] ret_from_fork+0x24/0x30 [ 44.669221][ T1829] [ 44.671525][ T1829] Freed by task 1786: [ 44.675484][ T1829] save_stack+0x1b/0x80 [ 44.679635][ T1829] __kasan_slab_free+0x117/0x160 [ 44.684564][ T1829] kfree+0xd5/0x300 [ 44.688366][ T1829] em28xx_v4l2_init.cold+0x2d4/0x33eb [ 44.693725][ T1829] em28xx_init_extension+0x12f/0x1f0 [ 44.698991][ T1829] request_module_async+0x5d/0x70 [ 44.703996][ T1829] process_one_work+0x94b/0x1620 [ 44.708913][ T1829] worker_thread+0x96/0xe20 [ 44.713423][ T1829] kthread+0x318/0x420 [ 44.717470][ T1829] ret_from_fork+0x24/0x30 [ 44.721887][ T1829] [ 44.724194][ T1829] The buggy address belongs to the object at ffff8881cdbf4000 [ 44.724194][ T1829] which belongs to the cache kmalloc-8k of size 8192 [ 44.738221][ T1829] The buggy address is located 2160 bytes inside of [ 44.738221][ T1829] 8192-byte region [ffff8881cdbf4000, ffff8881cdbf6000) [ 44.751640][ T1829] The buggy address belongs to the page: [ 44.757291][ T1829] page:ffffea000736fc00 refcount:1 mapcount:0 mapping:ffff8881da00c500 index:0x0 compound_mapcount: 0 [ 44.768217][ T1829] flags: 0x200000000010200(slab|head) [ 44.773566][ T1829] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c500 [ 44.782125][ T1829] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 44.790694][ T1829] page dumped because: kasan: bad access detected [ 44.797078][ T1829] [ 44.799379][ T1829] Memory state around the buggy address: [ 44.804983][ T1829] ffff8881cdbf4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.813032][ T1829] ffff8881cdbf4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.821069][ T1829] >ffff8881cdbf4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.829115][ T1829] ^ [ 44.836805][ T1829] ffff8881cdbf4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.844840][ T1829] ffff8881cdbf4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.852870][ T1829] ================================================================== [ 44.860903][ T1829] Disabling lock debugging due to kernel taint [ 44.867231][ T1829] Kernel panic - not syncing: panic_on_warn set ... [ 44.873821][ T1829] CPU: 0 PID: 1829 Comm: v4l_id Tainted: G B 5.6.0-rc3-syzkaller #0 [ 44.883074][ T1829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.893142][ T1829] Call Trace: [ 44.896451][ T1829] dump_stack+0xef/0x16e [ 44.900681][ T1829] panic+0x2aa/0x6e1 [ 44.904558][ T1829] ? add_taint.cold+0x16/0x16 [ 44.909246][ T1829] ? retint_kernel+0x10/0x10 [ 44.913842][ T1829] ? trace_hardirqs_on+0x55/0x200 [ 44.918886][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.923545][ T1829] end_report+0x43/0x49 [ 44.927677][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.932330][ T1829] __kasan_report.cold+0x55/0x77 [ 44.937246][ T1829] ? v4l2_fh_init+0x279/0x2c0 [ 44.941906][ T1829] kasan_report+0xe/0x20 [ 44.946126][ T1829] v4l2_fh_init+0x279/0x2c0 [ 44.950606][ T1829] v4l2_fh_open+0x88/0xc0 [ 44.954914][ T1829] em28xx_v4l2_open+0x11a/0x570 [ 44.959742][ T1829] v4l2_open+0x20f/0x3d0 [ 44.963961][ T1829] ? v4l2_release+0x390/0x390 [ 44.968621][ T1829] chrdev_open+0x219/0x5c0 [ 44.973031][ T1829] ? cdev_put.part.0+0x50/0x50 [ 44.977786][ T1829] do_dentry_open+0x494/0x1120 [ 44.982580][ T1829] ? cdev_put.part.0+0x50/0x50 [ 44.987323][ T1829] ? chmod_common+0x3c0/0x3c0 [ 44.991991][ T1829] ? inode_permission+0xbe/0x3a0 [ 44.996933][ T1829] path_openat+0x1222/0x32a0 [ 45.001500][ T1829] ? path_mountpoint.isra.0+0x370/0x370 [ 45.007020][ T1829] ? __lock_acquire+0x145e/0x3b60 [ 45.012022][ T1829] do_filp_open+0x192/0x260 [ 45.016506][ T1829] ? may_open_dev+0xf0/0xf0 [ 45.021004][ T1829] ? __alloc_fd+0x46d/0x600 [ 45.025497][ T1829] ? do_raw_spin_lock+0x129/0x290 [ 45.030508][ T1829] ? _raw_spin_unlock+0x1a/0x30 [ 45.035430][ T1829] ? __alloc_fd+0x46d/0x600 [ 45.039925][ T1829] do_sys_openat2+0x54c/0x740 [ 45.044577][ T1829] ? file_open_root+0x3d0/0x3d0 [ 45.049401][ T1829] ? up_read+0x1ab/0x750 [ 45.053617][ T1829] do_sys_open+0xc3/0x140 [ 45.057920][ T1829] ? filp_open+0x70/0x70 [ 45.062140][ T1829] ? trace_hardirqs_off_caller+0x55/0x200 [ 45.067923][ T1829] do_syscall_64+0xb6/0x5a0 [ 45.072418][ T1829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.078283][ T1829] RIP: 0033:0x7fdb2fb5a120 [ 45.082676][ T1829] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 45.102252][ T1829] RSP: 002b:00007ffd41797038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 45.110652][ T1829] RAX: ffffffffffffffda RBX: 00007ffd41797198 RCX: 00007fdb2fb5a120 [ 45.118606][ T1829] RDX: 00007fdb2fe0f138 RSI: 0000000000000000 RDI: 00007ffd41797f1f [ 45.126553][ T1829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 45.134499][ T1829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 45.142450][ T1829] R13: 00007ffd41797190 R14: 0000000000000000 R15: 0000000000000000 [ 45.150824][ T1829] Kernel Offset: disabled [ 45.155135][ T1829] Rebooting in 86400 seconds..