[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 13.469811][ C1] random: crng init done [ 13.474305][ C1] random: 7 urandom warning(s) missed due to ratelimiting Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.173221][ T94] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 40.273429][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 40.403133][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 40.583057][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 40.592263][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.600487][ T94] usb 1-1: Product: syz [ 40.604753][ T94] usb 1-1: Manufacturer: syz [ 40.609425][ T94] usb 1-1: SerialNumber: syz [ 40.616469][ T94] usb 1-1: config 0 descriptor?? [ 40.655084][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 40.664643][ T94] em28xx 1-1:0.0: Video interface 0 found: executing program [ 40.902917][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 41.122815][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 41.130939][ T94] em28xx 1-1:0.0: board has no eeprom [ 41.242740][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 41.251286][ T94] em28xx 1-1:0.0: analog set to bulk mode. [ 41.261757][ T94] usb 1-1: USB disconnect, device number 2 [ 41.270927][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 41.277856][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 41.320565][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 41.327620][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 41.334790][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 41.341934][ T12] usb 1-1: Decoder not found [ 41.346671][ T12] em28xx 1-1:0.0: failed to create media graph [ 41.352983][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 41.360489][ T12] em28xx 1-1:0.0: Binding DVB extension [ 41.366333][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 41.373978][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 41.382263][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 41.390928][ T94] em28xx 1-1:0.0: Closing input extension [ 41.399796][ T94] em28xx 1-1:0.0: Freeing device [ 41.752543][ T94] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 41.842597][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 41.962509][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 42.132416][ T94] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 42.141477][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.149510][ T94] usb 1-1: Product: syz [ 42.153753][ T94] usb 1-1: Manufacturer: syz [ 42.158343][ T94] usb 1-1: SerialNumber: syz [ 42.167060][ T94] usb 1-1: config 0 descriptor?? [ 42.204268][ T94] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 42.213572][ T94] em28xx 1-1:0.0: Video interface 0 found: executing program [ 42.442262][ T94] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 42.662183][ T94] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 42.670211][ T94] em28xx 1-1:0.0: board has no eeprom [ 42.782095][ T94] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 42.790527][ T94] em28xx 1-1:0.0: analog set to bulk mode. [ 42.800291][ T94] usb 1-1: USB disconnect, device number 3 [ 42.810426][ T94] em28xx 1-1:0.0: Disconnecting em28xx [ 42.816597][ T12] em28xx 1-1:0.0: Registering V4L2 extension [ 42.830039][ T12] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 42.837124][ T12] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 42.844220][ T12] em28xx 1-1:0.0: No AC97 audio processor [ 42.850759][ T12] usb 1-1: Decoder not found [ 42.855465][ T12] em28xx 1-1:0.0: failed to create media graph [ 42.861665][ T12] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 42.869447][ T12] em28xx 1-1:0.0: Binding DVB extension [ 42.869593][ T378] ================================================================== [ 42.876322][ T12] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 42.883188][ T378] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 42.883201][ T378] Read of size 8 at addr ffff8881ccb9c8c8 by task v4l_id/378 [ 42.883205][ T378] [ 42.883219][ T378] CPU: 1 PID: 378 Comm: v4l_id Not tainted 5.7.0-rc1-syzkaller #0 [ 42.883225][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.883230][ T378] Call Trace: [ 42.883248][ T378] dump_stack+0xef/0x16e [ 42.883264][ T378] print_address_description.constprop.0.cold+0xd3/0x314 [ 42.883274][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 42.883286][ T378] __kasan_report.cold+0x37/0x92 [ 42.883308][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 42.883318][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 42.883334][ T378] kasan_report+0x33/0x50 [ 42.890873][ T12] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 42.898149][ T378] v4l2_fh_init+0x279/0x2c0 [ 42.898161][ T378] v4l2_fh_open+0x88/0xc0 [ 42.898173][ T378] em28xx_v4l2_open+0x11a/0x570 [ 42.898186][ T378] v4l2_open+0x20f/0x3d0 [ 42.898197][ T378] ? v4l2_release+0x390/0x390 [ 42.898213][ T378] chrdev_open+0x219/0x5c0 [ 42.905626][ T12] em28xx 1-1:0.0: Remote control support is not available for this card. [ 42.907908][ T378] ? cdev_put.part.0+0x50/0x50 [ 42.922141][ T94] em28xx 1-1:0.0: Closing input extension [ 42.925779][ T378] ? security_file_open+0x84/0x410 [ 43.023261][ T378] do_dentry_open+0x4ac/0x1160 [ 43.028030][ T378] ? cdev_put.part.0+0x50/0x50 [ 43.032798][ T378] ? chmod_common+0x3c0/0x3c0 [ 43.037456][ T378] ? inode_permission+0xbe/0x3a0 [ 43.042372][ T378] path_openat+0x1a0b/0x2740 [ 43.046944][ T378] ? do_sys_openat2+0x3fc/0x7d0 [ 43.051774][ T378] ? path_lookupat.isra.0+0x530/0x530 [ 43.057138][ T378] do_filp_open+0x192/0x260 [ 43.061621][ T378] ? may_open_dev+0xf0/0xf0 [ 43.066136][ T378] ? __alloc_fd+0x46d/0x600 [ 43.070615][ T378] ? do_raw_spin_lock+0x129/0x290 [ 43.075638][ T378] ? _raw_spin_unlock+0x1a/0x30 [ 43.080465][ T378] ? __alloc_fd+0x46d/0x600 [ 43.084946][ T378] do_sys_openat2+0x585/0x7d0 [ 43.089601][ T378] ? file_open_root+0x400/0x400 [ 43.094464][ T378] ? __secure_computing+0xb4/0x280 [ 43.099583][ T378] ? syscall_trace_enter+0x41d/0xcd0 [ 43.104983][ T378] do_sys_open+0xc3/0x140 [ 43.109733][ T378] ? filp_open+0x70/0x70 [ 43.113986][ T378] ? trace_hardirqs_off_caller+0x55/0x200 [ 43.119701][ T378] do_syscall_64+0xb6/0x5a0 [ 43.124215][ T378] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.130090][ T378] RIP: 0033:0x7fbd58e8c840 [ 43.134504][ T378] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 43.154102][ T378] RSP: 002b:00007fff16bfe628 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 43.162495][ T378] RAX: ffffffffffffffda RBX: 00007fff16bfe798 RCX: 00007fbd58e8c840 [ 43.170446][ T378] RDX: 00007fbd58e78ea0 RSI: 0000000000000000 RDI: 00007fff16bfef25 [ 43.178405][ T378] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 43.186359][ T378] R10: 0000000000000002 R11: 0000000000000246 R12: 00005612a417c8d0 [ 43.194312][ T378] R13: 00007fff16bfe790 R14: 0000000000000000 R15: 0000000000000000 [ 43.202286][ T378] [ 43.204592][ T378] The buggy address belongs to the page: [ 43.210218][ T378] page:ffffea000732e700 refcount:0 mapcount:-128 mapping:0000000020516be7 index:0x0 [ 43.219573][ T378] flags: 0x200000000000000() [ 43.224145][ T378] raw: 0200000000000000 ffffea0007099908 ffffea0007312408 0000000000000000 [ 43.232708][ T378] raw: 0000000000000000 0000000000000002 00000000ffffff7f 0000000000000000 [ 43.241282][ T378] page dumped because: kasan: bad access detected [ 43.247666][ T378] [ 43.249969][ T378] Memory state around the buggy address: [ 43.255590][ T378] ffff8881ccb9c780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.263656][ T378] ffff8881ccb9c800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.271713][ T378] >ffff8881ccb9c880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.279795][ T378] ^ [ 43.286215][ T378] ffff8881ccb9c900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.294269][ T378] ffff8881ccb9c980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.302304][ T378] ================================================================== [ 43.310350][ T378] Disabling lock debugging due to kernel taint [ 43.316670][ T378] Kernel panic - not syncing: panic_on_warn set ... [ 43.323292][ T378] CPU: 1 PID: 378 Comm: v4l_id Tainted: G B 5.7.0-rc1-syzkaller #0 [ 43.332472][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.342523][ T378] Call Trace: [ 43.345810][ T378] dump_stack+0xef/0x16e [ 43.350070][ T378] panic+0x2aa/0x6e1 [ 43.353944][ T378] ? add_taint.cold+0x16/0x16 [ 43.358596][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 43.363249][ T378] ? trace_hardirqs_on+0x55/0x200 [ 43.368249][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 43.372901][ T378] end_report+0x4d/0x53 [ 43.377145][ T378] __kasan_report.cold+0x72/0x92 [ 43.382190][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 43.386846][ T378] ? v4l2_fh_init+0x279/0x2c0 [ 43.391520][ T378] kasan_report+0x33/0x50 [ 43.395841][ T378] v4l2_fh_init+0x279/0x2c0 [ 43.400324][ T378] v4l2_fh_open+0x88/0xc0 [ 43.404634][ T378] em28xx_v4l2_open+0x11a/0x570 [ 43.409484][ T378] v4l2_open+0x20f/0x3d0 [ 43.413722][ T378] ? v4l2_release+0x390/0x390 [ 43.418374][ T378] chrdev_open+0x219/0x5c0 [ 43.422785][ T378] ? cdev_put.part.0+0x50/0x50 [ 43.427552][ T378] ? security_file_open+0x84/0x410 [ 43.432641][ T378] do_dentry_open+0x4ac/0x1160 [ 43.437386][ T378] ? cdev_put.part.0+0x50/0x50 [ 43.442143][ T378] ? chmod_common+0x3c0/0x3c0 [ 43.446796][ T378] ? inode_permission+0xbe/0x3a0 [ 43.452448][ T378] path_openat+0x1a0b/0x2740 [ 43.457078][ T378] ? do_sys_openat2+0x3fc/0x7d0 [ 43.461915][ T378] ? path_lookupat.isra.0+0x530/0x530 [ 43.467264][ T378] do_filp_open+0x192/0x260 [ 43.471746][ T378] ? may_open_dev+0xf0/0xf0 [ 43.476226][ T378] ? __alloc_fd+0x46d/0x600 [ 43.480704][ T378] ? do_raw_spin_lock+0x129/0x290 [ 43.485707][ T378] ? _raw_spin_unlock+0x1a/0x30 [ 43.490536][ T378] ? __alloc_fd+0x46d/0x600 [ 43.495015][ T378] do_sys_openat2+0x585/0x7d0 [ 43.499671][ T378] ? file_open_root+0x400/0x400 [ 43.504496][ T378] ? __secure_computing+0xb4/0x280 [ 43.509584][ T378] ? syscall_trace_enter+0x41d/0xcd0 [ 43.514859][ T378] do_sys_open+0xc3/0x140 [ 43.519166][ T378] ? filp_open+0x70/0x70 [ 43.523411][ T378] ? trace_hardirqs_off_caller+0x55/0x200 [ 43.529127][ T378] do_syscall_64+0xb6/0x5a0 [ 43.533635][ T378] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.539504][ T378] RIP: 0033:0x7fbd58e8c840 [ 43.544159][ T378] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 43.563750][ T378] RSP: 002b:00007fff16bfe628 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 43.572142][ T378] RAX: ffffffffffffffda RBX: 00007fff16bfe798 RCX: 00007fbd58e8c840 [ 43.580112][ T378] RDX: 00007fbd58e78ea0 RSI: 0000000000000000 RDI: 00007fff16bfef25 [ 43.588081][ T378] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 43.596035][ T378] R10: 0000000000000002 R11: 0000000000000246 R12: 00005612a417c8d0 [ 43.603985][ T378] R13: 00007fff16bfe790 R14: 0000000000000000 R15: 0000000000000000 [ 43.612533][ T378] Kernel Offset: disabled [ 43.616852][ T378] Rebooting in 86400 seconds..