Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.017398][ T94] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 33.107642][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 33.227445][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 33.397424][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 33.406864][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.419482][ T94] usb 1-1: Product: syz [ 33.423684][ T94] usb 1-1: Manufacturer: syz [ 33.428342][ T94] usb 1-1: SerialNumber: syz [ 33.434564][ T94] usb 1-1: config 0 descriptor?? [ 33.489133][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 33.499780][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 33.727471][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 33.947385][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 33.955857][ T94] em28xx 1-1:0.0: board has no eeprom [ 34.067332][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 34.076193][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 34.084949][ T94] usb 1-1: USB disconnect, device number 2 [ 34.092772][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 34.099011][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 34.113482][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 34.121140][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 34.128509][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 34.139819][ T12] usb 1-1: Decoder not found [ 34.144943][ T12] em28xx 1-1:0.0: failed to create media graph [ 34.151241][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 34.159699][ T12] em28xx 1-1:0.0: Binding DVB extension [ 34.165309][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 34.172929][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 34.182549][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 34.191679][ T94] em28xx 1-1:0.0: Closing input extension [ 34.199628][ T94] em28xx 1-1:0.0: Freeing device [ 34.557452][ T94] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 34.647457][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 34.767455][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 34.937649][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 34.946926][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.955083][ T94] usb 1-1: Product: syz [ 34.959717][ T94] usb 1-1: Manufacturer: syz [ 34.964483][ T94] usb 1-1: SerialNumber: syz [ 34.970324][ T94] usb 1-1: config 0 descriptor?? [ 35.009040][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 35.018507][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 35.247485][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 35.467440][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 35.475520][ T94] em28xx 1-1:0.0: board has no eeprom [ 35.587383][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 35.595572][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 35.608062][ T94] usb 1-1: USB disconnect, device number 3 [ 35.614530][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 35.620163][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 35.635204][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 35.644681][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 35.658679][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 35.665084][ T12] usb 1-1: Decoder not found [ 35.669750][ T12] em28xx 1-1:0.0: failed to create media graph [ 35.688396][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 35.695295][ T12] em28xx 1-1:0.0: Binding DVB extension [ 35.701759][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 35.709519][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 35.717844][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 35.734069][ T94] em28xx 1-1:0.0: Closing input extension [ 35.742847][ T94] em28xx 1-1:0.0: Freeing device [ 36.097340][ T94] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 36.187451][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 36.307437][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 36.477426][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 36.487542][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.495711][ T94] usb 1-1: Product: syz [ 36.500583][ T94] usb 1-1: Manufacturer: syz [ 36.505589][ T94] usb 1-1: SerialNumber: syz [ 36.511440][ T94] usb 1-1: config 0 descriptor?? [ 36.548868][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 36.558155][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 36.797414][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 37.017405][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 37.025774][ T94] em28xx 1-1:0.0: board has no eeprom [ 37.137370][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 37.145862][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 37.153693][ T94] usb 1-1: USB disconnect, device number 4 [ 37.162018][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 37.168239][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 37.181954][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 37.188859][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 37.195813][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 37.202366][ T12] usb 1-1: Decoder not found [ 37.207208][ T12] em28xx 1-1:0.0: failed to create media graph [ 37.213653][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 37.222021][ T12] em28xx 1-1:0.0: Binding DVB extension [ 37.227838][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 37.235958][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 37.244275][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 37.254854][ T94] em28xx 1-1:0.0: Closing input extension [ 37.261650][ T94] em28xx 1-1:0.0: Freeing device [ 37.617436][ T94] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 37.707438][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 37.837458][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 38.007489][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 38.017690][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.025775][ T94] usb 1-1: Product: syz [ 38.030015][ T94] usb 1-1: Manufacturer: syz [ 38.034644][ T94] usb 1-1: SerialNumber: syz [ 38.040562][ T94] usb 1-1: config 0 descriptor?? [ 38.078627][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 38.088779][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 38.317585][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 38.537418][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 38.545554][ T94] em28xx 1-1:0.0: board has no eeprom [ 38.657424][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 38.665619][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 38.672975][ T94] usb 1-1: USB disconnect, device number 5 [ 38.679451][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 38.684960][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 38.699640][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 38.707427][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 38.715636][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 38.722061][ T12] usb 1-1: Decoder not found [ 38.726673][ T12] em28xx 1-1:0.0: failed to create media graph [ 38.736922][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 38.746387][ T12] em28xx 1-1:0.0: Binding DVB extension [ 38.757360][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 38.768222][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 38.776466][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 38.786200][ T94] em28xx 1-1:0.0: Closing input extension [ 38.792976][ T94] em28xx 1-1:0.0: Freeing device [ 39.147390][ T94] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 39.237441][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 39.357415][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 39.527455][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 39.536619][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.544666][ T94] usb 1-1: Product: syz [ 39.548871][ T94] usb 1-1: Manufacturer: syz [ 39.553811][ T94] usb 1-1: SerialNumber: syz [ 39.559742][ T94] usb 1-1: config 0 descriptor?? [ 39.608649][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 39.623681][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 39.857434][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 40.077372][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 40.086487][ T94] em28xx 1-1:0.0: board has no eeprom [ 40.197336][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 40.205802][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 40.212650][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 40.220315][ T94] usb 1-1: USB disconnect, device number 6 [ 40.229319][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 40.244573][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 40.251577][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 40.258590][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 40.264909][ T12] usb 1-1: Decoder not found [ 40.269584][ T12] em28xx 1-1:0.0: failed to create media graph [ 40.275892][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 40.283291][ T12] em28xx 1-1:0.0: Binding DVB extension [ 40.288964][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 40.296549][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 40.305240][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 40.313874][ T94] em28xx 1-1:0.0: Closing input extension [ 40.322535][ T94] em28xx 1-1:0.0: Freeing device [ 40.677441][ T94] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 40.777441][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 40.897468][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 41.077423][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 41.087629][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.096407][ T94] usb 1-1: Product: syz [ 41.100602][ T94] usb 1-1: Manufacturer: syz [ 41.105189][ T94] usb 1-1: SerialNumber: syz [ 41.111034][ T94] usb 1-1: config 0 descriptor?? [ 41.158777][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 41.168129][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 41.407433][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 41.627488][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 41.635499][ T94] em28xx 1-1:0.0: board has no eeprom [ 41.747399][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 41.755613][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 41.761935][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 41.769407][ T94] usb 1-1: USB disconnect, device number 7 [ 41.778334][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 41.793104][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 41.800009][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 41.806933][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 41.813585][ T12] usb 1-1: Decoder not found [ 41.818230][ T12] em28xx 1-1:0.0: failed to create media graph [ 41.824393][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 41.831692][ T12] em28xx 1-1:0.0: Binding DVB extension [ 41.837252][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 41.844870][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 41.853147][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 41.861714][ T94] em28xx 1-1:0.0: Closing input extension [ 41.868335][ T94] em28xx 1-1:0.0: Freeing device [ 42.227381][ T94] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 42.317452][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 42.437464][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 42.607457][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 42.616508][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.624523][ T94] usb 1-1: Product: syz [ 42.628696][ T94] usb 1-1: Manufacturer: syz [ 42.633267][ T94] usb 1-1: SerialNumber: syz [ 42.639125][ T94] usb 1-1: config 0 descriptor?? [ 42.678622][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 42.688020][ T94] em28xx 1-1:0.0: Video interface 0 found: isoc executing program [ 42.917506][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 43.147371][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 43.155413][ T94] em28xx 1-1:0.0: board has no eeprom [ 43.267375][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 43.275567][ T94] em28xx 1-1:0.0: analog set to isoc mode. [ 43.281912][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 43.289323][ T94] usb 1-1: USB disconnect, device number 8 [ 43.303003][ T12] em28xx 1-1:0.0: reading from i2c device at 0xb8 failed (error=-19) [ 43.311533][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 43.321256][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 43.328237][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 43.335172][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 43.341940][ T12] usb 1-1: Decoder not found [ 43.346553][ T12] em28xx 1-1:0.0: failed to create media graph [ 43.352904][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 43.360165][ T12] em28xx 1-1:0.0: Binding DVB extension [ 43.360313][ T1842] ================================================================== [ 43.365729][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 43.373841][ T1842] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 43.373852][ T1842] Read of size 8 at addr ffff8881ccc54870 by task v4l_id/1842 [ 43.373855][ T1842] [ 43.373868][ T1842] CPU: 1 PID: 1842 Comm: v4l_id Not tainted 5.6.0-rc3-syzkaller #0 [ 43.373875][ T1842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.373879][ T1842] Call Trace: [ 43.373900][ T1842] dump_stack+0xef/0x16e [ 43.373916][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 43.381489][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 43.388471][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 43.388490][ T1842] print_address_description.constprop.0.cold+0xd3/0x314 [ 43.388501][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 43.388518][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 43.396006][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 43.398314][ T1842] __kasan_report.cold+0x37/0x77 [ 43.398328][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 43.398339][ T1842] kasan_report+0xe/0x20 [ 43.398349][ T1842] v4l2_fh_init+0x279/0x2c0 [ 43.398365][ T1842] v4l2_fh_open+0x88/0xc0 [ 43.406616][ T94] em28xx 1-1:0.0: Closing input extension [ 43.416290][ T1842] em28xx_v4l2_open+0x11a/0x570 [ 43.416304][ T1842] v4l2_open+0x20f/0x3d0 [ 43.416315][ T1842] ? v4l2_release+0x390/0x390 [ 43.416326][ T1842] chrdev_open+0x219/0x5c0 [ 43.416336][ T1842] ? cdev_put.part.0+0x50/0x50 [ 43.416356][ T1842] do_dentry_open+0x494/0x1120 [ 43.536191][ T1842] ? cdev_put.part.0+0x50/0x50 [ 43.540955][ T1842] ? chmod_common+0x3c0/0x3c0 [ 43.545786][ T1842] ? inode_permission+0xbe/0x3a0 [ 43.550730][ T1842] path_openat+0x1222/0x32a0 [ 43.555494][ T1842] ? path_mountpoint.isra.0+0x370/0x370 [ 43.561042][ T1842] ? __lock_acquire+0x145e/0x3b60 [ 43.566049][ T1842] do_filp_open+0x192/0x260 [ 43.570556][ T1842] ? may_open_dev+0xf0/0xf0 [ 43.575050][ T1842] ? __alloc_fd+0x46d/0x600 [ 43.579535][ T1842] ? do_raw_spin_lock+0x129/0x290 [ 43.584543][ T1842] ? _raw_spin_unlock+0x1a/0x30 [ 43.589377][ T1842] ? __alloc_fd+0x46d/0x600 [ 43.594033][ T1842] do_sys_openat2+0x54c/0x740 [ 43.598973][ T1842] ? file_open_root+0x3d0/0x3d0 [ 43.603815][ T1842] ? up_read+0x1ab/0x750 [ 43.608990][ T1842] do_sys_open+0xc3/0x140 [ 43.614337][ T1842] ? filp_open+0x70/0x70 [ 43.618770][ T1842] ? trace_hardirqs_off_caller+0x55/0x200 [ 43.626391][ T1842] do_syscall_64+0xb6/0x5a0 [ 43.630883][ T1842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.636762][ T1842] RIP: 0033:0x7f9d42b69120 [ 43.641161][ T1842] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 43.660785][ T1842] RSP: 002b:00007ffc65afe308 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 43.669187][ T1842] RAX: ffffffffffffffda RBX: 00007ffc65afe468 RCX: 00007f9d42b69120 [ 43.677168][ T1842] RDX: 00007f9d42e1e138 RSI: 0000000000000000 RDI: 00007ffc65afef1f [ 43.685167][ T1842] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 43.693150][ T1842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 43.701125][ T1842] R13: 00007ffc65afe460 R14: 0000000000000000 R15: 0000000000000000 [ 43.709079][ T1842] [ 43.711384][ T1842] Allocated by task 12: [ 43.715530][ T1842] save_stack+0x1b/0x80 [ 43.719669][ T1842] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 43.725290][ T1842] em28xx_v4l2_init.cold+0x93/0x33eb [ 43.730559][ T1842] em28xx_init_extension+0x12f/0x1f0 [ 43.735871][ T1842] request_module_async+0x5d/0x70 [ 43.740933][ T1842] process_one_work+0x94b/0x1620 [ 43.745844][ T1842] worker_thread+0x96/0xe20 [ 43.750387][ T1842] kthread+0x318/0x420 [ 43.754450][ T1842] ret_from_fork+0x24/0x30 [ 43.758895][ T1842] [ 43.761198][ T1842] Freed by task 12: [ 43.764994][ T1842] save_stack+0x1b/0x80 [ 43.769139][ T1842] __kasan_slab_free+0x117/0x160 [ 43.774051][ T1842] kfree+0xd5/0x300 [ 43.777837][ T1842] em28xx_v4l2_init.cold+0x2d4/0x33eb [ 43.783183][ T1842] em28xx_init_extension+0x12f/0x1f0 [ 43.788447][ T1842] request_module_async+0x5d/0x70 [ 43.793460][ T1842] process_one_work+0x94b/0x1620 [ 43.798385][ T1842] worker_thread+0x96/0xe20 [ 43.802873][ T1842] kthread+0x318/0x420 [ 43.806927][ T1842] ret_from_fork+0x24/0x30 [ 43.811313][ T1842] [ 43.813629][ T1842] The buggy address belongs to the object at ffff8881ccc54000 [ 43.813629][ T1842] which belongs to the cache kmalloc-8k of size 8192 [ 43.827722][ T1842] The buggy address is located 2160 bytes inside of [ 43.827722][ T1842] 8192-byte region [ffff8881ccc54000, ffff8881ccc56000) [ 43.841146][ T1842] The buggy address belongs to the page: [ 43.846800][ T1842] page:ffffea0007331400 refcount:1 mapcount:0 mapping:ffff8881da00c500 index:0x0 compound_mapcount: 0 [ 43.857717][ T1842] flags: 0x200000000010200(slab|head) [ 43.863082][ T1842] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c500 [ 43.871678][ T1842] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 43.880238][ T1842] page dumped because: kasan: bad access detected [ 43.886633][ T1842] [ 43.888965][ T1842] Memory state around the buggy address: [ 43.894593][ T1842] ffff8881ccc54700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.902639][ T1842] ffff8881ccc54780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.910679][ T1842] >ffff8881ccc54800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.918716][ T1842] ^ [ 43.926405][ T1842] ffff8881ccc54880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.934452][ T1842] ffff8881ccc54900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.942489][ T1842] ================================================================== [ 43.950530][ T1842] Disabling lock debugging due to kernel taint [ 43.956794][ T1842] Kernel panic - not syncing: panic_on_warn set ... [ 43.963377][ T1842] CPU: 1 PID: 1842 Comm: v4l_id Tainted: G B 5.6.0-rc3-syzkaller #0 [ 43.972629][ T1842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.982655][ T1842] Call Trace: [ 43.985921][ T1842] dump_stack+0xef/0x16e [ 43.990140][ T1842] panic+0x2aa/0x6e1 [ 43.994010][ T1842] ? add_taint.cold+0x16/0x16 [ 43.998661][ T1842] ? retint_kernel+0x10/0x10 [ 44.003230][ T1842] ? trace_hardirqs_on+0x55/0x200 [ 44.008233][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 44.012897][ T1842] end_report+0x43/0x49 [ 44.017033][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 44.021684][ T1842] __kasan_report.cold+0x55/0x77 [ 44.026600][ T1842] ? v4l2_fh_init+0x279/0x2c0 [ 44.031304][ T1842] kasan_report+0xe/0x20 [ 44.035523][ T1842] v4l2_fh_init+0x279/0x2c0 [ 44.040051][ T1842] v4l2_fh_open+0x88/0xc0 [ 44.044356][ T1842] em28xx_v4l2_open+0x11a/0x570 [ 44.049213][ T1842] v4l2_open+0x20f/0x3d0 [ 44.053431][ T1842] ? v4l2_release+0x390/0x390 [ 44.058078][ T1842] chrdev_open+0x219/0x5c0 [ 44.062468][ T1842] ? cdev_put.part.0+0x50/0x50 [ 44.067209][ T1842] do_dentry_open+0x494/0x1120 [ 44.071947][ T1842] ? cdev_put.part.0+0x50/0x50 [ 44.076719][ T1842] ? chmod_common+0x3c0/0x3c0 [ 44.081372][ T1842] ? inode_permission+0xbe/0x3a0 [ 44.086291][ T1842] path_openat+0x1222/0x32a0 [ 44.090856][ T1842] ? path_mountpoint.isra.0+0x370/0x370 [ 44.096373][ T1842] ? __lock_acquire+0x145e/0x3b60 [ 44.101371][ T1842] do_filp_open+0x192/0x260 [ 44.105855][ T1842] ? may_open_dev+0xf0/0xf0 [ 44.110338][ T1842] ? __alloc_fd+0x46d/0x600 [ 44.114819][ T1842] ? do_raw_spin_lock+0x129/0x290 [ 44.119878][ T1842] ? _raw_spin_unlock+0x1a/0x30 [ 44.124706][ T1842] ? __alloc_fd+0x46d/0x600 [ 44.129183][ T1842] do_sys_openat2+0x54c/0x740 [ 44.133840][ T1842] ? file_open_root+0x3d0/0x3d0 [ 44.138662][ T1842] ? up_read+0x1ab/0x750 [ 44.142879][ T1842] do_sys_open+0xc3/0x140 [ 44.147181][ T1842] ? filp_open+0x70/0x70 [ 44.151410][ T1842] ? trace_hardirqs_off_caller+0x55/0x200 [ 44.157107][ T1842] do_syscall_64+0xb6/0x5a0 [ 44.161611][ T1842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.167477][ T1842] RIP: 0033:0x7f9d42b69120 [ 44.171869][ T1842] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 44.191458][ T1842] RSP: 002b:00007ffc65afe308 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 44.199867][ T1842] RAX: ffffffffffffffda RBX: 00007ffc65afe468 RCX: 00007f9d42b69120 [ 44.207827][ T1842] RDX: 00007f9d42e1e138 RSI: 0000000000000000 RDI: 00007ffc65afef1f [ 44.215771][ T1842] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 44.223727][ T1842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 44.231674][ T1842] R13: 00007ffc65afe460 R14: 0000000000000000 R15: 0000000000000000 [ 44.240297][ T1842] Kernel Offset: disabled [ 44.244611][ T1842] Rebooting in 86400 seconds..