[info] Using makefile-style concurrent boot in runlevel 2. [ 13.734857][ C1] random: crng init done [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.888266][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.978535][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 24.098335][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 24.268326][ T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 24.277411][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.285889][ T12] usb 1-1: Product: syz [ 24.290206][ T12] usb 1-1: Manufacturer: syz [ 24.294799][ T12] usb 1-1: SerialNumber: syz [ 24.301450][ T12] usb 1-1: config 0 descriptor?? [ 24.359983][ T12] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 24.370225][ T12] em28xx 1-1:0.0: Video interface 0 found: executing program [ 24.598529][ T12] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 24.818318][ T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 24.826475][ T12] em28xx 1-1:0.0: board has no eeprom [ 24.938212][ T12] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 24.946665][ T12] em28xx 1-1:0.0: analog set to bulk mode. [ 24.953366][ T103] em28xx 1-1:0.0: Registering V4L2 extension [ 24.961746][ T12] usb 1-1: USB disconnect, device number 2 [ 24.971368][ T12] em28xx 1-1:0.0: Disconnecting em28xx [ 24.986135][ T103] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 24.993607][ T103] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 25.002198][ T103] em28xx 1-1:0.0: No AC97 audio processor [ 25.009474][ T103] usb 1-1: Decoder not found [ 25.014247][ T103] em28xx 1-1:0.0: failed to create media graph [ 25.020781][ T103] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 25.030011][ T103] em28xx 1-1:0.0: Binding DVB extension [ 25.035601][ T103] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 25.043366][ T103] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 25.051679][ T103] em28xx 1-1:0.0: Remote control support is not available for this card. [ 25.060645][ T12] em28xx 1-1:0.0: Closing input extension [ 25.070130][ T12] em28xx 1-1:0.0: Freeing device [ 25.428256][ T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 25.518335][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 25.638341][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 25.808336][ T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 25.817489][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.825550][ T12] usb 1-1: Product: syz [ 25.829749][ T12] usb 1-1: Manufacturer: syz [ 25.834326][ T12] usb 1-1: SerialNumber: syz [ 25.840222][ T12] usb 1-1: config 0 descriptor?? [ 25.879640][ T12] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 25.889037][ T12] em28xx 1-1:0.0: Video interface 0 found: executing program [ 26.128322][ T12] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 26.358274][ T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 26.366356][ T12] em28xx 1-1:0.0: board has no eeprom [ 26.478225][ T12] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 26.486446][ T12] em28xx 1-1:0.0: analog set to bulk mode. [ 26.493068][ T103] em28xx 1-1:0.0: Registering V4L2 extension [ 26.501037][ T12] usb 1-1: USB disconnect, device number 3 [ 26.507435][ T12] em28xx 1-1:0.0: Disconnecting em28xx [ 26.524052][ T103] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 26.531166][ T103] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 26.538117][ T103] em28xx 1-1:0.0: No AC97 audio processor [ 26.545023][ T103] usb 1-1: Decoder not found [ 26.549805][ T103] em28xx 1-1:0.0: failed to create media graph [ 26.555997][ T103] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 26.563170][ T103] em28xx 1-1:0.0: Binding DVB extension [ 26.568867][ T103] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 26.576519][ T103] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 26.585098][ T103] em28xx 1-1:0.0: Remote control support is not available for this card. [ 26.593609][ T12] em28xx 1-1:0.0: Closing input extension [ 26.600274][ T12] em28xx 1-1:0.0: Freeing device [ 26.948259][ T12] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 27.038340][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 27.158312][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 27.328343][ T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 27.337715][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.345772][ T12] usb 1-1: Product: syz [ 27.349986][ T12] usb 1-1: Manufacturer: syz [ 27.354594][ T12] usb 1-1: SerialNumber: syz [ 27.361291][ T12] usb 1-1: config 0 descriptor?? [ 27.399648][ T12] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 27.409055][ T12] em28xx 1-1:0.0: Video interface 0 found: executing program [ 27.648371][ T12] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 27.868283][ T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 27.876313][ T12] em28xx 1-1:0.0: board has no eeprom [ 27.988255][ T12] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 27.996461][ T12] em28xx 1-1:0.0: analog set to bulk mode. [ 28.004267][ T12] usb 1-1: USB disconnect, device number 4 [ 28.010728][ T12] em28xx 1-1:0.0: Disconnecting em28xx [ 28.016386][ T103] em28xx 1-1:0.0: Registering V4L2 extension [ 28.030841][ T103] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 28.037700][ T103] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 28.044714][ T103] em28xx 1-1:0.0: No AC97 audio processor [ 28.051022][ T103] usb 1-1: Decoder not found [ 28.055614][ T103] em28xx 1-1:0.0: failed to create media graph [ 28.061832][ T103] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 28.069008][ T103] em28xx 1-1:0.0: Binding DVB extension [ 28.074574][ T103] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 28.082235][ T103] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 28.090531][ T103] em28xx 1-1:0.0: Remote control support is not available for this card. [ 28.099022][ T12] em28xx 1-1:0.0: Closing input extension [ 28.105726][ T12] em28xx 1-1:0.0: Freeing device [ 28.458249][ T12] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 28.548343][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 28.668357][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 28.838334][ T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 28.847531][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.855640][ T12] usb 1-1: Product: syz [ 28.859866][ T12] usb 1-1: Manufacturer: syz [ 28.864443][ T12] usb 1-1: SerialNumber: syz [ 28.870331][ T12] usb 1-1: config 0 descriptor?? [ 28.909546][ T12] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 28.918994][ T12] em28xx 1-1:0.0: Video interface 0 found: executing program [ 29.148363][ T12] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 29.368291][ T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 29.376307][ T12] em28xx 1-1:0.0: board has no eeprom [ 29.488246][ T12] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 29.496684][ T12] em28xx 1-1:0.0: analog set to bulk mode. [ 29.503118][ T103] em28xx 1-1:0.0: Registering V4L2 extension [ 29.511084][ T12] usb 1-1: USB disconnect, device number 5 [ 29.519944][ T103] em28xx 1-1:0.0: reading from i2c device at 0xb8 failed (error=-19) [ 29.529940][ T12] em28xx 1-1:0.0: Disconnecting em28xx [ 29.541752][ T103] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 29.548777][ T103] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 29.555752][ T103] em28xx 1-1:0.0: No AC97 audio processor [ 29.562252][ T103] usb 1-1: Decoder not found [ 29.566993][ T103] em28xx 1-1:0.0: failed to create media graph [ 29.573259][ T103] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 29.580383][ T103] em28xx 1-1:0.0: Binding DVB extension [ 29.585989][ T103] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 29.593599][ T103] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 29.601992][ T103] em28xx 1-1:0.0: Remote control support is not available for this card. [ 29.610518][ T12] em28xx 1-1:0.0: Closing input extension [ 29.617109][ T12] em28xx 1-1:0.0: Freeing device [ 29.968252][ T12] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 30.058313][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 30.178354][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 30.348334][ T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 30.357481][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.365525][ T12] usb 1-1: Product: syz [ 30.369928][ T12] usb 1-1: Manufacturer: syz [ 30.374599][ T12] usb 1-1: SerialNumber: syz [ 30.380565][ T12] usb 1-1: config 0 descriptor?? [ 30.419560][ T12] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 30.428899][ T12] em28xx 1-1:0.0: Video interface 0 found: executing program [ 30.678307][ T12] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 30.898307][ T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 30.906343][ T12] em28xx 1-1:0.0: board has no eeprom [ 31.018255][ T12] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 31.026593][ T12] em28xx 1-1:0.0: analog set to bulk mode. [ 31.034134][ T12] usb 1-1: USB disconnect, device number 6 [ 31.040649][ T12] em28xx 1-1:0.0: Disconnecting em28xx [ 31.046338][ T103] em28xx 1-1:0.0: Registering V4L2 extension [ 31.060633][ T103] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 31.067946][ T103] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 31.075122][ T103] em28xx 1-1:0.0: No AC97 audio processor [ 31.082210][ T103] usb 1-1: Decoder not found [ 31.087178][ T103] em28xx 1-1:0.0: failed to create media graph [ 31.093391][ T103] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 31.100524][ T103] em28xx 1-1:0.0: Binding DVB extension [ 31.106080][ T103] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 31.113867][ T103] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 31.122314][ T103] em28xx 1-1:0.0: Remote control support is not available for this card. [ 31.130799][ T12] em28xx 1-1:0.0: Closing input extension [ 31.137358][ T12] em28xx 1-1:0.0: Freeing device [ 31.488261][ T12] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 31.578381][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 31.698356][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 31.868324][ T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26 [ 31.877601][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.886881][ T12] usb 1-1: Product: syz [ 31.891075][ T12] usb 1-1: Manufacturer: syz [ 31.895820][ T12] usb 1-1: SerialNumber: syz [ 31.901666][ T12] usb 1-1: config 0 descriptor?? [ 31.939540][ T12] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 31.948822][ T12] em28xx 1-1:0.0: Video interface 0 found: executing program [ 32.178441][ T12] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 32.398266][ T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 32.406298][ T12] em28xx 1-1:0.0: board has no eeprom [ 32.518230][ T12] em28xx 1-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 32.526522][ T12] em28xx 1-1:0.0: analog set to bulk mode. [ 32.532878][ T103] em28xx 1-1:0.0: Registering V4L2 extension [ 32.540326][ T12] usb 1-1: USB disconnect, device number 7 [ 32.553843][ T103] em28xx 1-1:0.0: reading from i2c device at 0xb8 failed (error=-19) [ 32.562413][ T12] em28xx 1-1:0.0: Disconnecting em28xx [ 32.571953][ T103] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 32.579035][ T103] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 32.585946][ T103] em28xx 1-1:0.0: No AC97 audio processor [ 32.592834][ T103] usb 1-1: Decoder not found [ 32.597476][ T103] em28xx 1-1:0.0: failed to create media graph [ 32.603903][ T103] em28xx 1-1:0.0: V4L2 device video0 deregistered [ 32.611227][ T103] em28xx 1-1:0.0: Binding DVB extension [ 32.611372][ T1833] ================================================================== [ 32.616856][ T103] em28xx 1-1:0.0: no endpoint for DVB mode and transfer type 0 [ 32.624885][ T1833] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 32.624896][ T1833] Read of size 8 at addr ffff8881cd0b0870 by task v4l_id/1833 [ 32.624899][ T1833] [ 32.624912][ T1833] CPU: 1 PID: 1833 Comm: v4l_id Not tainted 5.6.0-rc3-syzkaller #0 [ 32.624919][ T1833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.624924][ T1833] Call Trace: [ 32.624938][ T1833] dump_stack+0xef/0x16e [ 32.624948][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 32.624958][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 32.624973][ T1833] print_address_description.constprop.0.cold+0xd3/0x314 [ 32.624988][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 32.632544][ T103] em28xx 1-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 32.639527][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 32.639541][ T1833] __kasan_report.cold+0x37/0x77 [ 32.639553][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 32.639565][ T1833] kasan_report+0xe/0x20 [ 32.639581][ T1833] v4l2_fh_init+0x279/0x2c0 [ 32.647051][ T103] em28xx 1-1:0.0: Remote control support is not available for this card. [ 32.649359][ T1833] v4l2_fh_open+0x88/0xc0 [ 32.649374][ T1833] em28xx_v4l2_open+0x11a/0x570 [ 32.649385][ T1833] v4l2_open+0x20f/0x3d0 [ 32.649396][ T1833] ? v4l2_release+0x390/0x390 [ 32.649406][ T1833] chrdev_open+0x219/0x5c0 [ 32.649421][ T1833] ? cdev_put.part.0+0x50/0x50 [ 32.657804][ T12] em28xx 1-1:0.0: Closing input extension [ 32.667981][ T1833] do_dentry_open+0x494/0x1120 [ 32.667995][ T1833] ? cdev_put.part.0+0x50/0x50 [ 32.668007][ T1833] ? chmod_common+0x3c0/0x3c0 [ 32.668020][ T1833] ? inode_permission+0xbe/0x3a0 [ 32.668031][ T1833] path_openat+0x1222/0x32a0 [ 32.668043][ T1833] ? path_mountpoint.isra.0+0x370/0x370 [ 32.668060][ T1833] ? __lock_acquire+0x145e/0x3b60 [ 32.803323][ T1833] do_filp_open+0x192/0x260 [ 32.807808][ T1833] ? may_open_dev+0xf0/0xf0 [ 32.812286][ T1833] ? __alloc_fd+0x46d/0x600 [ 32.816878][ T1833] ? do_raw_spin_lock+0x129/0x290 [ 32.821951][ T1833] ? _raw_spin_unlock+0x1a/0x30 [ 32.826975][ T1833] ? __alloc_fd+0x46d/0x600 [ 32.831589][ T1833] do_sys_openat2+0x54c/0x740 [ 32.836254][ T1833] ? file_open_root+0x3d0/0x3d0 [ 32.841140][ T1833] ? up_read+0x1ab/0x750 [ 32.845365][ T1833] do_sys_open+0xc3/0x140 [ 32.849723][ T1833] ? filp_open+0x70/0x70 [ 32.853947][ T1833] ? trace_hardirqs_off_caller+0x55/0x200 [ 32.859646][ T1833] do_syscall_64+0xb6/0x5a0 [ 32.864240][ T1833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.870110][ T1833] RIP: 0033:0x7eff434ca120 [ 32.874574][ T1833] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 32.894167][ T1833] RSP: 002b:00007fffb1be1d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 32.902565][ T1833] RAX: ffffffffffffffda RBX: 00007fffb1be1ed8 RCX: 00007eff434ca120 [ 32.910544][ T1833] RDX: 00007eff4377f138 RSI: 0000000000000000 RDI: 00007fffb1be2f1f [ 32.918669][ T1833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 32.926641][ T1833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 32.934600][ T1833] R13: 00007fffb1be1ed0 R14: 0000000000000000 R15: 0000000000000000 [ 32.942559][ T1833] [ 32.944874][ T1833] Allocated by task 103: [ 32.949141][ T1833] save_stack+0x1b/0x80 [ 32.953304][ T1833] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 32.959090][ T1833] em28xx_v4l2_init.cold+0x93/0x33eb [ 32.964403][ T1833] em28xx_init_extension+0x12f/0x1f0 [ 32.969667][ T1833] request_module_async+0x5d/0x70 [ 32.974667][ T1833] process_one_work+0x94b/0x1620 [ 32.979580][ T1833] worker_thread+0x96/0xe20 [ 32.984072][ T1833] kthread+0x318/0x420 [ 32.988128][ T1833] ret_from_fork+0x24/0x30 [ 32.992527][ T1833] [ 32.994840][ T1833] Freed by task 103: [ 32.998720][ T1833] save_stack+0x1b/0x80 [ 33.002872][ T1833] __kasan_slab_free+0x117/0x160 [ 33.007795][ T1833] kfree+0xd5/0x300 [ 33.011604][ T1833] em28xx_v4l2_init.cold+0x2d4/0x33eb [ 33.016966][ T1833] em28xx_init_extension+0x12f/0x1f0 [ 33.022319][ T1833] request_module_async+0x5d/0x70 [ 33.027323][ T1833] process_one_work+0x94b/0x1620 [ 33.032236][ T1833] worker_thread+0x96/0xe20 [ 33.036719][ T1833] kthread+0x318/0x420 [ 33.040766][ T1833] ret_from_fork+0x24/0x30 [ 33.045154][ T1833] [ 33.047462][ T1833] The buggy address belongs to the object at ffff8881cd0b0000 [ 33.047462][ T1833] which belongs to the cache kmalloc-8k of size 8192 [ 33.061505][ T1833] The buggy address is located 2160 bytes inside of [ 33.061505][ T1833] 8192-byte region [ffff8881cd0b0000, ffff8881cd0b2000) [ 33.074926][ T1833] The buggy address belongs to the page: [ 33.080540][ T1833] page:ffffea0007342c00 refcount:1 mapcount:0 mapping:ffff8881da00c500 index:0x0 compound_mapcount: 0 [ 33.091444][ T1833] flags: 0x200000000010200(slab|head) [ 33.096796][ T1833] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c500 [ 33.105378][ T1833] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 33.114062][ T1833] page dumped because: kasan: bad access detected [ 33.120453][ T1833] [ 33.122757][ T1833] Memory state around the buggy address: [ 33.128424][ T1833] ffff8881cd0b0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.136464][ T1833] ffff8881cd0b0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.144508][ T1833] >ffff8881cd0b0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.152546][ T1833] ^ [ 33.160257][ T1833] ffff8881cd0b0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.168299][ T1833] ffff8881cd0b0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.176363][ T1833] ================================================================== [ 33.184398][ T1833] Disabling lock debugging due to kernel taint [ 33.190635][ T1833] Kernel panic - not syncing: panic_on_warn set ... [ 33.197235][ T1833] CPU: 1 PID: 1833 Comm: v4l_id Tainted: G B 5.6.0-rc3-syzkaller #0 [ 33.206501][ T1833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.216536][ T1833] Call Trace: [ 33.219817][ T1833] dump_stack+0xef/0x16e [ 33.224048][ T1833] panic+0x2aa/0x6e1 [ 33.227931][ T1833] ? add_taint.cold+0x16/0x16 [ 33.232597][ T1833] ? retint_kernel+0x10/0x10 [ 33.237163][ T1833] ? trace_hardirqs_on+0x55/0x200 [ 33.242172][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 33.246842][ T1833] end_report+0x43/0x49 [ 33.250994][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 33.255679][ T1833] __kasan_report.cold+0x55/0x77 [ 33.261040][ T1833] ? v4l2_fh_init+0x279/0x2c0 [ 33.265692][ T1833] kasan_report+0xe/0x20 [ 33.269910][ T1833] v4l2_fh_init+0x279/0x2c0 [ 33.274403][ T1833] v4l2_fh_open+0x88/0xc0 [ 33.278798][ T1833] em28xx_v4l2_open+0x11a/0x570 [ 33.283624][ T1833] v4l2_open+0x20f/0x3d0 [ 33.287845][ T1833] ? v4l2_release+0x390/0x390 [ 33.292509][ T1833] chrdev_open+0x219/0x5c0 [ 33.296898][ T1833] ? cdev_put.part.0+0x50/0x50 [ 33.301661][ T1833] do_dentry_open+0x494/0x1120 [ 33.306404][ T1833] ? cdev_put.part.0+0x50/0x50 [ 33.311141][ T1833] ? chmod_common+0x3c0/0x3c0 [ 33.315793][ T1833] ? inode_permission+0xbe/0x3a0 [ 33.320712][ T1833] path_openat+0x1222/0x32a0 [ 33.325290][ T1833] ? path_mountpoint.isra.0+0x370/0x370 [ 33.330822][ T1833] ? __lock_acquire+0x145e/0x3b60 [ 33.335832][ T1833] do_filp_open+0x192/0x260 [ 33.340326][ T1833] ? may_open_dev+0xf0/0xf0 [ 33.344818][ T1833] ? __alloc_fd+0x46d/0x600 [ 33.349319][ T1833] ? do_raw_spin_lock+0x129/0x290 [ 33.354322][ T1833] ? _raw_spin_unlock+0x1a/0x30 [ 33.359147][ T1833] ? __alloc_fd+0x46d/0x600 [ 33.363785][ T1833] do_sys_openat2+0x54c/0x740 [ 33.368449][ T1833] ? file_open_root+0x3d0/0x3d0 [ 33.373288][ T1833] ? up_read+0x1ab/0x750 [ 33.377549][ T1833] do_sys_open+0xc3/0x140 [ 33.381867][ T1833] ? filp_open+0x70/0x70 [ 33.386152][ T1833] ? trace_hardirqs_off_caller+0x55/0x200 [ 33.391866][ T1833] do_syscall_64+0xb6/0x5a0 [ 33.396364][ T1833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.402265][ T1833] RIP: 0033:0x7eff434ca120 [ 33.406667][ T1833] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 33.426343][ T1833] RSP: 002b:00007fffb1be1d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 33.434733][ T1833] RAX: ffffffffffffffda RBX: 00007fffb1be1ed8 RCX: 00007eff434ca120 [ 33.442680][ T1833] RDX: 00007eff4377f138 RSI: 0000000000000000 RDI: 00007fffb1be2f1f [ 33.450643][ T1833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 33.458610][ T1833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 33.466567][ T1833] R13: 00007fffb1be1ed0 R14: 0000000000000000 R15: 0000000000000000 [ 33.475260][ T1833] Kernel Offset: disabled [ 33.479586][ T1833] Rebooting in 86400 seconds..