Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. syzkaller login: [ 113.938310][ T5265] IPVS: ftp: loaded support on port[0] = 21 [ 114.005583][ T5265] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.012883][ T5265] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.020704][ T5265] device bridge_slave_0 entered promiscuous mode [ 114.028234][ T5265] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.035302][ T5265] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.043000][ T5265] device bridge_slave_1 entered promiscuous mode [ 114.057390][ T5265] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.066748][ T5265] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.083066][ T5265] team0: Port device team_slave_0 added [ 114.089675][ T5265] team0: Port device team_slave_1 added [ 114.112016][ T5265] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.119191][ T5265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.126780][ T5265] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.133813][ T5265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.160859][ T5265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.172463][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 114.182470][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.190879][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.199365][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 114.210449][ T5265] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.219743][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 114.228158][ T21] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.235184][ T21] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.246921][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 114.255266][ T533] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.262318][ T533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.275271][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 114.284136][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 114.298076][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 114.307223][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 114.315759][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready executing program [ 114.355534][ T5265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.665534][ T533] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 114.925509][ T533] usb 1-1: Using ep0 maxpacket: 8 [ 115.055556][ T533] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 115.063837][ T533] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.073982][ T533] usb 1-1: config 0 has no interface number 0 [ 115.080204][ T533] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 115.090421][ T533] usb 1-1: New USB device found, idVendor=055f, idProduct=b500, bcdDevice=33.45 [ 115.099501][ T533] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.111168][ T533] usb 1-1: config 0 descriptor?? [ 115.168024][ T533] zr364xx 1-1:0.188: Zoran 364xx compatible webcam plugged [ 115.175425][ T533] zr364xx 1-1:0.188: model 055f:b500 detected [ 115.181745][ T533] usb 1-1: 320x240 mode selected [ 115.187132][ T533] zr364xx: start read pipe failed [ 115.387247][ T533] usb 1-1: Zoran 364xx controlling device video32 [ 115.396297][ T533] usb 1-1: USB disconnect, device number 2 [ 115.496071][ T5287] ================================================================== [ 115.504283][ T5287] BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 [ 115.511631][ T5287] Read of size 1 at addr 0000000000000000 by task v4l_id/5287 [ 115.519058][ T5287] [ 115.521387][ T5287] CPU: 1 PID: 5287 Comm: v4l_id Not tainted 5.1.0-rc3-319004-g43151d6 #6 [ 115.529786][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.539817][ T5287] Call Trace: [ 115.543092][ T5287] dump_stack+0xe8/0x16e [ 115.547323][ T5287] ? read_word_at_a_time+0xe/0x20 [ 115.552324][ T5287] ? read_word_at_a_time+0xe/0x20 [ 115.557328][ T5287] kasan_report.cold+0x5/0x3c [ 115.562087][ T5287] ? read_word_at_a_time+0xe/0x20 [ 115.567093][ T5287] read_word_at_a_time+0xe/0x20 [ 115.572007][ T5287] strscpy+0x8a/0x280 [ 115.575984][ T5287] zr364xx_vidioc_querycap+0xb5/0x210 [ 115.581344][ T5287] v4l_querycap+0x12b/0x340 [ 115.585831][ T5287] __video_do_ioctl+0x5bb/0xb40 [ 115.590665][ T5287] ? copy_overflow+0x30/0x30 [ 115.595237][ T5287] ? save_stack+0x89/0xa0 [ 115.599546][ T5287] ? __kasan_slab_free+0x130/0x180 [ 115.604640][ T5287] video_usercopy+0x44e/0xf00 [ 115.609304][ T5287] ? copy_overflow+0x30/0x30 [ 115.613877][ T5287] ? v4l_enumstd+0x70/0x70 [ 115.618289][ T5287] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 115.624074][ T5287] ? video_usercopy+0xf00/0xf00 [ 115.628904][ T5287] v4l2_ioctl+0x14e/0x1a0 [ 115.633219][ T5287] ? video_devdata+0xa0/0xa0 [ 115.637792][ T5287] do_vfs_ioctl+0xced/0x12f0 [ 115.642377][ T5287] ? ioctl_preallocate+0x200/0x200 [ 115.647472][ T5287] ? putname+0xe6/0x120 [ 115.651610][ T5287] ? rcu_read_lock_sched_held+0x10f/0x130 [ 115.657304][ T5287] ? putname+0xe6/0x120 [ 115.661439][ T5287] ? kmem_cache_free+0x25c/0x2b0 [ 115.666360][ T5287] ? putname+0xe6/0x120 [ 115.670498][ T5287] ? do_sys_open+0x2ec/0x590 [ 115.675159][ T5287] ksys_ioctl+0xa0/0xc0 [ 115.679299][ T5287] __x64_sys_ioctl+0x74/0xb0 [ 115.683873][ T5287] ? lockdep_hardirqs_on+0x37e/0x580 [ 115.689139][ T5287] do_syscall_64+0xcf/0x4f0 [ 115.693638][ T5287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.699512][ T5287] RIP: 0033:0x7f3b56d8b347 [ 115.703908][ T5287] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 115.723671][ T5287] RSP: 002b:00007ffe005d5d68 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 115.732063][ T5287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3b56d8b347 [ 115.740015][ T5287] RDX: 00007ffe005d5d70 RSI: 0000000080685600 RDI: 0000000000000003 [ 115.747966][ T5287] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 115.755925][ T5287] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000400884 [ 115.763881][ T5287] R13: 00007ffe005d5ec0 R14: 0000000000000000 R15: 0000000000000000 [ 115.771839][ T5287] ================================================================== [ 115.779875][ T5287] Disabling lock debugging due to kernel taint [ 115.786097][ T5287] Kernel panic - not syncing: panic_on_warn set ... [ 115.792682][ T5287] CPU: 1 PID: 5287 Comm: v4l_id Tainted: G B 5.1.0-rc3-319004-g43151d6 #6 [ 115.802468][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.812501][ T5287] Call Trace: [ 115.815774][ T5287] dump_stack+0xe8/0x16e [ 115.819997][ T5287] panic+0x29d/0x5f2 [ 115.823870][ T5287] ? __warn_printk+0xf8/0xf8 [ 115.828442][ T5287] ? retint_kernel+0x10/0x10 [ 115.833010][ T5287] ? trace_hardirqs_on+0x55/0x1c0 [ 115.838012][ T5287] ? read_word_at_a_time+0xe/0x20 [ 115.843028][ T5287] end_report+0x48/0x4e [ 115.847164][ T5287] ? read_word_at_a_time+0xe/0x20 [ 115.852171][ T5287] kasan_report.cold+0xd/0x3c [ 115.856827][ T5287] ? read_word_at_a_time+0xe/0x20 [ 115.861827][ T5287] read_word_at_a_time+0xe/0x20 [ 115.866656][ T5287] strscpy+0x8a/0x280 [ 115.870618][ T5287] zr364xx_vidioc_querycap+0xb5/0x210 [ 115.875967][ T5287] v4l_querycap+0x12b/0x340 [ 115.880448][ T5287] __video_do_ioctl+0x5bb/0xb40 [ 115.885278][ T5287] ? copy_overflow+0x30/0x30 [ 115.889844][ T5287] ? save_stack+0x89/0xa0 [ 115.894153][ T5287] ? __kasan_slab_free+0x130/0x180 [ 115.899245][ T5287] video_usercopy+0x44e/0xf00 [ 115.903898][ T5287] ? copy_overflow+0x30/0x30 [ 115.908473][ T5287] ? v4l_enumstd+0x70/0x70 [ 115.912889][ T5287] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 115.918683][ T5287] ? video_usercopy+0xf00/0xf00 [ 115.923509][ T5287] v4l2_ioctl+0x14e/0x1a0 [ 115.927814][ T5287] ? video_devdata+0xa0/0xa0 [ 115.932383][ T5287] do_vfs_ioctl+0xced/0x12f0 [ 115.936965][ T5287] ? ioctl_preallocate+0x200/0x200 [ 115.942056][ T5287] ? putname+0xe6/0x120 [ 115.946188][ T5287] ? rcu_read_lock_sched_held+0x10f/0x130 [ 115.951891][ T5287] ? putname+0xe6/0x120 [ 115.956030][ T5287] ? kmem_cache_free+0x25c/0x2b0 [ 115.960944][ T5287] ? putname+0xe6/0x120 [ 115.965079][ T5287] ? do_sys_open+0x2ec/0x590 [ 115.969648][ T5287] ksys_ioctl+0xa0/0xc0 [ 115.973783][ T5287] __x64_sys_ioctl+0x74/0xb0 [ 115.978348][ T5287] ? lockdep_hardirqs_on+0x37e/0x580 [ 115.983630][ T5287] do_syscall_64+0xcf/0x4f0 [ 115.988128][ T5287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.993998][ T5287] RIP: 0033:0x7f3b56d8b347 [ 115.998393][ T5287] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 116.017975][ T5287] RSP: 002b:00007ffe005d5d68 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 116.026374][ T5287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3b56d8b347 [ 116.034322][ T5287] RDX: 00007ffe005d5d70 RSI: 0000000080685600 RDI: 0000000000000003 [ 116.042283][ T5287] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 116.050232][ T5287] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000400884 [ 116.058181][ T5287] R13: 00007ffe005d5ec0 R14: 0000000000000000 R15: 0000000000000000 [ 116.067291][ T5287] Kernel Offset: disabled [ 116.071628][ T5287] Rebooting in 86400 seconds..