Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 88.934732][ T36] audit: type=1400 audit(1627552635.246:8): avc: denied { execmem } for pid=8453 comm="syz-executor153" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 89.219517][ T3160] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 89.249566][ T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 89.259652][ T4844] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 89.262240][ T5] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 89.267815][ T2950] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 89.282874][ T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 89.469486][ T3160] usb 6-1: Using ep0 maxpacket: 32 [ 89.489590][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 89.510729][ T5] usb 4-1: Using ep0 maxpacket: 32 [ 89.559454][ T4844] usb 1-1: Using ep0 maxpacket: 32 [ 89.564927][ T20] usb 2-1: Using ep0 maxpacket: 32 [ 89.570179][ T2950] usb 5-1: Using ep0 maxpacket: 32 [ 89.589672][ T3160] usb 6-1: config 0 has an invalid interface number: 192 but max is 0 [ 89.598644][ T3160] usb 6-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 89.609796][ T7] usb 3-1: config 0 has an invalid interface number: 192 but max is 0 [ 89.618233][ T3160] usb 6-1: config 0 has no interface number 0 [ 89.624669][ T7] usb 3-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 89.635080][ T5] usb 4-1: config 0 has an invalid interface number: 192 but max is 0 [ 89.643628][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 89.654661][ T5] usb 4-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 89.664954][ T7] usb 3-1: config 0 has no interface number 0 [ 89.671746][ T3160] usb 6-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 89.684093][ T7] usb 3-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 89.695383][ T5] usb 4-1: config 0 has no interface number 0 [ 89.702234][ T5] usb 4-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 89.709717][ T20] usb 2-1: config 0 has an invalid interface number: 192 but max is 0 [ 89.713825][ T3160] usb 6-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 89.721659][ T4844] usb 1-1: config 0 has an invalid interface number: 192 but max is 0 [ 89.734992][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 89.741066][ T2950] usb 5-1: config 0 has an invalid interface number: 192 but max is 0 [ 89.752431][ T5] usb 4-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 89.764936][ T20] usb 2-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 89.771728][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 89.783275][ T2950] usb 5-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 89.793215][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 89.814702][ T5] usb 4-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 89.816684][ T4844] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 89.826244][ T5] usb 4-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 89.837787][ T20] usb 2-1: config 0 has no interface number 0 [ 89.847377][ T7] usb 3-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 89.855077][ T4844] usb 1-1: config 0 has no interface number 0 [ 89.870811][ T3160] usb 6-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 89.872564][ T2950] usb 5-1: config 0 has no interface number 0 [ 89.888457][ T3160] usb 6-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 89.890443][ T20] usb 2-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 89.900078][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 89.912962][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 89.921891][ T5] usb 4-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 89.934759][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 89.943783][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 89.957875][ T20] usb 2-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 89.965401][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 89.978656][ T2950] usb 5-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 89.988531][ T5] usb 4-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 90.002216][ T4844] usb 1-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 90.023949][ T3160] usb 6-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 90.025535][ T20] usb 2-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 90.046012][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 90.047843][ T2950] usb 5-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 90.056966][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 90.070268][ T4844] usb 1-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 90.079256][ T5] usb 4-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 90.092897][ T20] usb 2-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 90.101863][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.114733][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 90.123569][ T7] usb 3-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 90.136752][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 90.144928][ T5] usb 4-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 90.158155][ T20] usb 2-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 90.177296][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 90.179507][ T2950] usb 5-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 90.200094][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 90.202307][ T4844] usb 1-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 90.222280][ T7] usb 3-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 90.225648][ T20] usb 2-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 90.233670][ T5] usb 4-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 90.246924][ T2950] usb 5-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 90.255904][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.277124][ T4844] usb 1-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 90.297495][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.299499][ T20] usb 2-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 90.308805][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 90.321483][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 90.330513][ T5] usb 4-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.343642][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 90.352334][ T3160] usb 6-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 90.365346][ T20] usb 2-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 90.376989][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 90.389458][ T4844] usb 1-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 90.398241][ T5] usb 4-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 90.410200][ T2950] usb 5-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 90.419505][ T3160] usb 6-1: config 0 interface 192 has no altsetting 0 [ 90.419613][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.447960][ T20] usb 2-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 90.447994][ T20] usb 2-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.448022][ T20] usb 2-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 90.448053][ T20] usb 2-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 90.448077][ T20] usb 2-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.459142][ T5] usb 4-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 90.476056][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 90.515906][ T5] usb 4-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.528307][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 90.547962][ T7] usb 3-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 90.548001][ T7] usb 3-1: config 0 interface 192 has no altsetting 0 [ 90.548101][ T5] usb 4-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 90.565702][ T20] usb 2-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 90.569747][ T5] usb 4-1: config 0 interface 192 has no altsetting 0 [ 90.585064][ T20] usb 2-1: config 0 interface 192 has no altsetting 0 [ 90.610556][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.622747][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 90.634639][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.639669][ T3160] usb 6-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 90.647085][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 90.666294][ T3160] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.667501][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 90.676506][ T3160] usb 6-1: Product: syz [ 90.685907][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 90.692798][ T3160] usb 6-1: Manufacturer: syz [ 90.701997][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.708515][ T3160] usb 6-1: SerialNumber: syz [ 90.718588][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 90.718618][ T4844] usb 1-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 90.734037][ T7] usb 3-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 90.734068][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.734089][ T7] usb 3-1: Product: syz [ 90.734105][ T7] usb 3-1: Manufacturer: syz [ 90.734122][ T7] usb 3-1: SerialNumber: syz [ 90.752336][ T7] usb 3-1: config 0 descriptor?? [ 90.759034][ T2950] usb 5-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 90.764891][ T5] usb 4-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 90.779451][ T2950] usb 5-1: config 0 interface 192 has no altsetting 0 [ 90.798789][ T3160] usb 6-1: config 0 descriptor?? [ 90.820853][ T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.831583][ T5] usb 4-1: Product: syz [ 90.835956][ T5] usb 4-1: Manufacturer: syz [ 90.841135][ T5] usb 4-1: SerialNumber: syz [ 90.854743][ T8461] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 90.859549][ T20] usb 2-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 90.863073][ T8466] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 90.881348][ T5] usb 4-1: config 0 descriptor?? [ 90.887003][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.911255][ T8467] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 90.912327][ T20] usb 2-1: Product: syz [ 90.929664][ T4844] usb 1-1: config 0 interface 192 has no altsetting 0 [ 90.943741][ T20] usb 2-1: Manufacturer: syz [ 90.954335][ T20] usb 2-1: SerialNumber: syz [ 90.979102][ T20] usb 2-1: config 0 descriptor?? [ 91.020211][ T8465] raw-gadget gadget: fail, usb_ep_enable returned -22 executing program executing program [ 91.129611][ T2950] usb 5-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 91.138914][ T2950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.142928][ T3160] em28xx 6-1:0.192: New device syz syz @ 480 Mbps (eb1a:5051, interface 192, class 192) [ 91.158910][ T2950] usb 5-1: Product: syz [ 91.160102][ T7] em28xx 3-1:0.192: New device syz syz @ 480 Mbps (eb1a:5051, interface 192, class 192) executing program [ 91.164166][ T4844] usb 1-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 91.191482][ T5] em28xx 4-1:0.192: New device syz syz @ 480 Mbps (eb1a:5051, interface 192, class 192) [ 91.208333][ T7] em28xx 3-1:0.192: Video interface 192 found: [ 91.209321][ T2950] usb 5-1: Manufacturer: syz [ 91.219629][ T3160] em28xx 6-1:0.192: Video interface 192 found: executing program [ 91.233613][ T5] em28xx 4-1:0.192: Video interface 192 found: [ 91.252580][ T2950] usb 5-1: SerialNumber: syz [ 91.258675][ T4844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.281826][ T20] em28xx 2-1:0.192: New device syz syz @ 480 Mbps (eb1a:5051, interface 192, class 192) [ 91.310891][ T2950] usb 5-1: config 0 descriptor?? [ 91.324569][ T20] em28xx 2-1:0.192: Video interface 192 found: [ 91.334108][ T8462] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 91.335736][ T4844] usb 1-1: Product: syz [ 91.369405][ T7] em28xx 3-1:0.192: unknown em28xx chip ID (0) [ 91.379449][ T3160] em28xx 6-1:0.192: unknown em28xx chip ID (0) [ 91.388788][ T4844] usb 1-1: Manufacturer: syz [ 91.389667][ T5] em28xx 4-1:0.192: unknown em28xx chip ID (0) [ 91.394119][ T4844] usb 1-1: SerialNumber: syz [ 91.440098][ T4844] usb 1-1: config 0 descriptor?? [ 91.470248][ T8460] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 91.520224][ T20] em28xx 2-1:0.192: unknown em28xx chip ID (0) [ 91.520691][ T7] em28xx 3-1:0.192: reading from i2c device at 0xa0 failed (error=-5) [ 91.549456][ T5] em28xx 4-1:0.192: reading from i2c device at 0xa0 failed (error=-5) [ 91.557850][ T3160] em28xx 6-1:0.192: reading from i2c device at 0xa0 failed (error=-5) executing program [ 91.570052][ T3160] em28xx 6-1:0.192: board has no eeprom [ 91.577126][ T5] em28xx 4-1:0.192: board has no eeprom [ 91.604605][ T7] em28xx 3-1:0.192: board has no eeprom [ 91.622217][ T2950] em28xx 5-1:0.192: New device syz syz @ 480 Mbps (eb1a:5051, interface 192, class 192) [ 91.659423][ T20] em28xx 2-1:0.192: reading from i2c device at 0xa0 failed (error=-5) [ 91.667908][ T20] em28xx 2-1:0.192: board has no eeprom [ 91.686360][ T2950] em28xx 5-1:0.192: Video interface 192 found: [ 91.699288][ T3160] em28xx 6-1:0.192: Identified as EM2860/TVP5150 Reference Design (card=29) [ 91.709287][ T5] em28xx 4-1:0.192: Identified as EM2860/TVP5150 Reference Design (card=29) executing program [ 91.729279][ T7] em28xx 3-1:0.192: Identified as EM2860/TVP5150 Reference Design (card=29) [ 91.738310][ T7] em28xx 3-1:0.192: analog set to bulk mode. [ 91.751375][ T4844] em28xx 1-1:0.192: New device syz syz @ 480 Mbps (eb1a:5051, interface 192, class 192) [ 91.757909][ T3160] em28xx 6-1:0.192: analog set to bulk mode. [ 91.772412][ T5] em28xx 4-1:0.192: analog set to bulk mode. [ 91.804894][ T4844] em28xx 1-1:0.192: Video interface 192 found: [ 91.859485][ T20] em28xx 2-1:0.192: Identified as EM2860/TVP5150 Reference Design (card=29) [ 91.861355][ T3160] usb 6-1: USB disconnect, device number 2 [ 91.869016][ T20] em28xx 2-1:0.192: analog set to bulk mode. [ 91.889869][ T5] usb 4-1: USB disconnect, device number 2 [ 91.899461][ T2950] em28xx 5-1:0.192: unknown em28xx chip ID (0) [ 91.900036][ T7] usb 3-1: USB disconnect, device number 2 [ 91.927671][ T8478] em28xx 2-1:0.192: Registering V4L2 extension [ 91.949518][ T4844] em28xx 1-1:0.192: unknown em28xx chip ID (0) [ 91.953458][ T7] em28xx 3-1:0.192: Disconnecting em28xx [ 92.001429][ T3160] em28xx 6-1:0.192: Disconnecting em28xx [ 92.009409][ T20] usb 2-1: USB disconnect, device number 2 [ 92.011389][ T5] em28xx 4-1:0.192: Disconnecting em28xx [ 92.017977][ T20] em28xx 2-1:0.192: Disconnecting em28xx [ 92.069613][ T2950] em28xx 5-1:0.192: reading from i2c device at 0xa0 failed (error=-5) [ 92.078279][ T2950] em28xx 5-1:0.192: board has no eeprom [ 92.084638][ T4844] em28xx 1-1:0.192: reading from i2c device at 0xa0 failed (error=-5) [ 92.095616][ T4844] em28xx 1-1:0.192: board has no eeprom [ 92.110826][ T8478] em28xx 2-1:0.192: Config register raw data: 0xffffffed [ 92.118128][ T8478] em28xx 2-1:0.192: AC97 chip type couldn't be determined [ 92.141586][ T8478] em28xx 2-1:0.192: No AC97 audio processor [ 92.156046][ T8478] usb 2-1: Decoder not found [ 92.167805][ T8478] em28xx 2-1:0.192: failed to create media graph [ 92.182483][ T8478] em28xx 2-1:0.192: V4L2 device video71 deregistered [ 92.201318][ T8478] em28xx 2-1:0.192: Remote control support is not available for this card. [ 92.218472][ T8476] em28xx 6-1:0.192: Registering V4L2 extension [ 92.239334][ T2950] em28xx 5-1:0.192: Identified as EM2860/TVP5150 Reference Design (card=29) [ 92.249113][ T4844] em28xx 1-1:0.192: Identified as EM2860/TVP5150 Reference Design (card=29) [ 92.266588][ T4844] em28xx 1-1:0.192: analog set to bulk mode. [ 92.275397][ T2950] em28xx 5-1:0.192: analog set to bulk mode. [ 92.286045][ T8476] em28xx 6-1:0.192: Config register raw data: 0xffffffed [ 92.300099][ T8476] em28xx 6-1:0.192: AC97 chip type couldn't be determined [ 92.324242][ T4844] usb 1-1: USB disconnect, device number 2 [ 92.333394][ T8476] em28xx 6-1:0.192: No AC97 audio processor [ 92.335386][ T2950] usb 5-1: USB disconnect, device number 2 [ 92.358487][ T2950] em28xx 5-1:0.192: Disconnecting em28xx [ 92.366778][ T8476] usb 6-1: Decoder not found [ 92.369779][ T4844] em28xx 1-1:0.192: Disconnecting em28xx [ 92.385301][ T8476] em28xx 6-1:0.192: failed to create media graph [ 92.392061][ T8476] em28xx 6-1:0.192: V4L2 device video71 deregistered [ 92.403018][ T8476] em28xx 6-1:0.192: Remote control support is not available for this card. [ 92.424736][ T8551] em28xx 4-1:0.192: Registering V4L2 extension [ 92.458701][ T8551] em28xx 4-1:0.192: Config register raw data: 0xffffffed [ 92.477665][ T8551] em28xx 4-1:0.192: AC97 chip type couldn't be determined [ 92.486957][ T8551] em28xx 4-1:0.192: No AC97 audio processor [ 92.523744][ T8551] usb 4-1: Decoder not found [ 92.529583][ T8551] em28xx 4-1:0.192: failed to create media graph [ 92.536327][ T8551] em28xx 4-1:0.192: V4L2 device video71 deregistered [ 92.545273][ T8551] em28xx 4-1:0.192: Remote control support is not available for this card. [ 92.555870][ T8473] em28xx 3-1:0.192: Registering V4L2 extension [ 92.578497][ T8473] em28xx 3-1:0.192: Config register raw data: 0xffffffed [ 92.586029][ T8473] em28xx 3-1:0.192: AC97 chip type couldn't be determined [ 92.594564][ T8473] em28xx 3-1:0.192: No AC97 audio processor [ 92.603488][ T8473] usb 3-1: Decoder not found [ 92.610187][ T8473] em28xx 3-1:0.192: failed to create media graph [ 92.616872][ T8473] em28xx 3-1:0.192: V4L2 device video71 deregistered [ 92.625888][ T8473] em28xx 3-1:0.192: Remote control support is not available for this card. [ 92.635235][ T7] em28xx 3-1:0.192: Closing input extension [ 92.642210][ T20] em28xx 2-1:0.192: Closing input extension [ 92.648910][ T8478] em28xx 1-1:0.192: Registering V4L2 extension [ 92.675862][ T20] em28xx 2-1:0.192: Freeing device [ 92.679078][ T7] em28xx 3-1:0.192: Freeing device [ 92.722940][ T8478] em28xx 1-1:0.192: Config register raw data: 0xffffffed [ 92.736922][ T8478] em28xx 1-1:0.192: AC97 chip type couldn't be determined [ 92.750364][ T8478] em28xx 1-1:0.192: No AC97 audio processor [ 92.759644][ T8478] usb 1-1: Decoder not found [ 92.774075][ T8478] em28xx 1-1:0.192: failed to create media graph [ 92.781485][ T8478] em28xx 1-1:0.192: V4L2 device video71 deregistered [ 92.790702][ T8601] ================================================================== [ 92.798932][ T8601] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0 [ 92.806352][ T8601] Read of size 8 at addr ffff88803fae88b8 by task v4l_id/8601 [ 92.813990][ T8601] [ 92.816407][ T8601] CPU: 1 PID: 8601 Comm: v4l_id Not tainted 5.14.0-rc3-syzkaller #0 [ 92.824377][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 92.834433][ T8601] Call Trace: [ 92.838090][ T8601] dump_stack_lvl+0xcd/0x134 [ 92.842700][ T8601] print_address_description.constprop.0.cold+0x6c/0x2d6 [ 92.850430][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 92.855313][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 92.859998][ T8601] kasan_report.cold+0x83/0xdf [ 92.864927][ T8601] ? kmem_cache_alloc_trace+0x1c0/0x480 [ 92.870679][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 92.875765][ T8601] v4l2_fh_init+0x279/0x2c0 [ 92.880362][ T8601] v4l2_fh_open+0x88/0xc0 [ 92.884836][ T8601] em28xx_v4l2_open+0x11c/0x570 [ 92.889804][ T8601] v4l2_open+0x21c/0x3f0 [ 92.894235][ T8601] ? v4l2_release+0x3b0/0x3b0 [ 92.899368][ T8601] chrdev_open+0x266/0x770 [ 92.904035][ T8601] ? cdev_device_add+0x210/0x210 [ 92.909345][ T8601] ? security_file_open+0x205/0x4f0 [ 92.914547][ T8601] do_dentry_open+0x4c8/0x11d0 [ 92.919529][ T8601] ? cdev_device_add+0x210/0x210 [ 92.924602][ T8601] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 92.931152][ T8601] ? may_open+0x1f6/0x420 [ 92.935605][ T8601] path_openat+0x1c23/0x27f0 [ 92.940350][ T8601] ? path_lookupat+0x860/0x860 [ 92.945262][ T8601] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 92.951515][ T8601] do_filp_open+0x1aa/0x400 [ 92.956745][ T8601] ? may_open_dev+0xf0/0xf0 [ 92.961248][ T8601] ? rwlock_bug.part.0+0x90/0x90 [ 92.966366][ T8601] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 92.972733][ T8601] ? _find_next_bit+0x1e3/0x260 [ 92.977909][ T8601] ? _raw_spin_unlock+0x24/0x40 [ 92.982775][ T8601] ? alloc_fd+0x2f0/0x670 [ 92.987137][ T8601] do_sys_openat2+0x16d/0x420 [ 92.991840][ T8601] ? build_open_flags+0x6f0/0x6f0 [ 92.997122][ T8601] ? __context_tracking_exit+0xb8/0xe0 [ 93.002761][ T8601] __x64_sys_open+0x119/0x1c0 [ 93.007441][ T8601] ? do_sys_open+0x140/0x140 [ 93.012056][ T8601] ? __secure_computing+0x104/0x360 [ 93.017296][ T8601] do_syscall_64+0x35/0xb0 [ 93.022061][ T8601] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 93.027968][ T8601] RIP: 0033:0x7f3821706840 [ 93.032402][ T8601] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 93.052641][ T8601] RSP: 002b:00007ffe30e806c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 93.061294][ T8601] RAX: ffffffffffffffda RBX: 00007ffe30e80838 RCX: 00007f3821706840 [ 93.069234][ T7] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 93.069366][ T8601] RDX: 00007f38216f2ea0 RSI: 0000000000000000 RDI: 00007ffe30e81f1e [ 93.085095][ T8601] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 93.093082][ T8601] R10: 0000000000000002 R11: 0000000000000246 R12: 00005578438148d0 [ 93.102721][ T8601] R13: 00007ffe30e80830 R14: 0000000000000000 R15: 0000000000000000 [ 93.110743][ T8601] [ 93.113076][ T8601] Allocated by task 8478: [ 93.117496][ T8601] kasan_save_stack+0x1b/0x40 [ 93.122731][ T8601] __kasan_kmalloc+0x98/0xc0 [ 93.127322][ T8601] kmem_cache_alloc_trace+0x1e4/0x480 [ 93.132696][ T8601] em28xx_v4l2_init.cold+0x93/0x329d [ 93.137996][ T8601] em28xx_init_extension+0x12f/0x1f0 [ 93.143287][ T8601] request_module_async+0x5d/0x70 [ 93.148317][ T8601] process_one_work+0x98d/0x1630 [ 93.153249][ T8601] worker_thread+0x658/0x11f0 [ 93.157916][ T8601] kthread+0x3e5/0x4d0 [ 93.161974][ T8601] ret_from_fork+0x1f/0x30 [ 93.166405][ T8601] [ 93.168907][ T8601] Freed by task 8478: [ 93.172881][ T8601] kasan_save_stack+0x1b/0x40 [ 93.178086][ T8601] kasan_set_track+0x1c/0x30 [ 93.182681][ T8601] kasan_set_free_info+0x20/0x30 [ 93.187618][ T8601] __kasan_slab_free+0xcd/0x100 [ 93.192474][ T8601] kfree+0x106/0x2c0 [ 93.196559][ T8601] kref_put.isra.0+0x6f/0xa0 [ 93.201406][ T8601] em28xx_v4l2_init.cold+0x263/0x329d [ 93.207078][ T8601] em28xx_init_extension+0x12f/0x1f0 [ 93.212685][ T8601] request_module_async+0x5d/0x70 [ 93.217937][ T8601] process_one_work+0x98d/0x1630 [ 93.223165][ T8601] worker_thread+0x658/0x11f0 [ 93.228096][ T8601] kthread+0x3e5/0x4d0 [ 93.232251][ T8601] ret_from_fork+0x1f/0x30 [ 93.236711][ T8601] [ 93.239031][ T8601] The buggy address belongs to the object at ffff88803fae8000 [ 93.239031][ T8601] which belongs to the cache kmalloc-16k of size 16384 [ 93.253580][ T8601] The buggy address is located 2232 bytes inside of [ 93.253580][ T8601] 16384-byte region [ffff88803fae8000, ffff88803faec000) [ 93.267113][ T8601] The buggy address belongs to the page: [ 93.272746][ T8601] page:ffffea0000feba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3fae8 [ 93.282897][ T8601] head:ffffea0000feba00 order:3 compound_mapcount:0 compound_pincount:0 [ 93.291222][ T8601] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 93.299619][ T8601] raw: 00fff00000010200 ffffea0000f4d408 ffff888010841c50 ffff888010840b00 [ 93.308327][ T8601] raw: 0000000000000000 ffff88803fae8000 0000000100000001 0000000000000000 [ 93.309356][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 93.317341][ T8601] page dumped because: kasan: bad access detected [ 93.329038][ T8601] page_owner tracks the page as allocated [ 93.334752][ T8601] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 8478, ts 92658518419, free_ts 82645319032 [ 93.353643][ T8601] get_page_from_freelist+0xa72/0x2f80 [ 93.359990][ T8601] __alloc_pages+0x1b2/0x500 [ 93.365188][ T8601] cache_grow_begin+0x75/0x460 [ 93.370057][ T8601] cache_alloc_refill+0x27f/0x380 [ 93.375184][ T8601] kmem_cache_alloc_trace+0x38c/0x480 [ 93.380552][ T8601] em28xx_v4l2_init.cold+0x93/0x329d [ 93.385849][ T8601] em28xx_init_extension+0x12f/0x1f0 [ 93.391134][ T8601] request_module_async+0x5d/0x70 [ 93.396153][ T8601] process_one_work+0x98d/0x1630 [ 93.401321][ T8601] worker_thread+0x658/0x11f0 [ 93.406109][ T8601] kthread+0x3e5/0x4d0 [ 93.410887][ T8601] ret_from_fork+0x1f/0x30 [ 93.415408][ T8601] page last free stack trace: [ 93.420393][ T8601] free_pcp_prepare+0x2c5/0x780 [ 93.425333][ T8601] free_unref_page+0x19/0x690 [ 93.430173][ T8601] __put_page+0xf9/0x3f0 [ 93.434417][ T8601] page_to_skb+0x977/0xc60 [ 93.439070][ T8601] receive_buf+0x335b/0x6310 [ 93.439429][ T7] usb 3-1: config 0 has an invalid interface number: 192 but max is 0 [ 93.443851][ T8601] virtnet_poll+0x5bf/0x11c0 [ 93.443880][ T8601] __napi_poll+0xaf/0x440 [ 93.443901][ T8601] net_rx_action+0x801/0xb40 [ 93.443921][ T8601] __do_softirq+0x29b/0x9c2 [ 93.443945][ T8601] __irq_exit_rcu+0x16e/0x1c0 [ 93.452672][ T7] usb 3-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 93.457703][ T8601] irq_exit_rcu+0x5/0x20 [ 93.457729][ T8601] common_interrupt+0xa4/0xd0 [ 93.457757][ T8601] asm_common_interrupt+0x1e/0x40 [ 93.457781][ T8601] acpi_idle_do_entry+0x1c6/0x250 [ 93.457801][ T8601] acpi_idle_enter+0x361/0x500 [ 93.475538][ T7] usb 3-1: config 0 has no interface number 0 [ 93.477147][ T8601] cpuidle_enter_state+0x1b1/0xc80 [ 93.477184][ T8601] [ 93.477189][ T8601] Memory state around the buggy address: [ 93.477203][ T8601] ffff88803fae8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.477219][ T8601] ffff88803fae8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.477235][ T8601] >ffff88803fae8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.497617][ T7] usb 3-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 93.501760][ T8601] ^ [ 93.501776][ T8601] ffff88803fae8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.501792][ T8601] ffff88803fae8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.501806][ T8601] ================================================================== [ 93.501814][ T8601] Disabling lock debugging due to kernel taint [ 93.513010][ T8478] em28xx 1-1:0.192: Remote control support is not available for this card. [ 93.521023][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 93.539620][ T8550] em28xx 5-1:0.192: Registering V4L2 extension [ 93.550600][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 93.573947][ T8550] em28xx 5-1:0.192: Config register raw data: 0xffffffed [ 93.583674][ T7] usb 3-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x80, skipping [ 93.589921][ T8550] em28xx 5-1:0.192: AC97 chip type couldn't be determined [ 93.598963][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 93.604261][ T8550] em28xx 5-1:0.192: No AC97 audio processor [ 93.614288][ T7] usb 3-1: config 0 interface 192 altsetting 8 endpoint 0x82 has invalid maxpacket 1587, setting to 64 [ 93.625087][ T8601] Kernel panic - not syncing: panic_on_warn set ... [ 93.631601][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 93.641586][ T8601] CPU: 1 PID: 8601 Comm: v4l_id Tainted: G B 5.14.0-rc3-syzkaller #0 [ 93.641611][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.641623][ T8601] Call Trace: [ 93.641631][ T8601] dump_stack_lvl+0xcd/0x134 [ 93.641656][ T8601] panic+0x306/0x73d [ 93.641673][ T8601] ? __warn_printk+0xf3/0xf3 [ 93.641689][ T8601] ? preempt_schedule_common+0x59/0xc0 [ 93.651482][ T7] usb 3-1: config 0 interface 192 altsetting 8 bulk endpoint 0xE has invalid maxpacket 64 [ 93.659464][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 93.659493][ T8601] ? preempt_schedule_thunk+0x16/0x18 [ 93.659517][ T8601] ? trace_hardirqs_on+0x38/0x1c0 [ 93.659538][ T8601] ? trace_hardirqs_on+0x51/0x1c0 [ 93.672696][ T7] usb 3-1: config 0 interface 192 altsetting 8 has an invalid endpoint with address 0x0, skipping [ 93.684039][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 93.684072][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 93.684092][ T8601] end_report.cold+0x5a/0x5a [ 93.684118][ T8601] kasan_report.cold+0x71/0xdf [ 93.684148][ T8601] ? kmem_cache_alloc_trace+0x1c0/0x480 [ 93.684168][ T8601] ? v4l2_fh_init+0x279/0x2c0 [ 93.692659][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 93.701626][ T8601] v4l2_fh_init+0x279/0x2c0 [ 93.701662][ T8601] v4l2_fh_open+0x88/0xc0 [ 93.701682][ T8601] em28xx_v4l2_open+0x11c/0x570 [ 93.701703][ T8601] v4l2_open+0x21c/0x3f0 [ 93.701725][ T8601] ? v4l2_release+0x3b0/0x3b0 [ 93.701747][ T8601] chrdev_open+0x266/0x770 [ 93.712414][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 93.720598][ T8601] ? cdev_device_add+0x210/0x210 [ 93.720627][ T8601] ? security_file_open+0x205/0x4f0 [ 93.720654][ T8601] do_dentry_open+0x4c8/0x11d0 [ 93.720672][ T8601] ? cdev_device_add+0x210/0x210 [ 93.720691][ T8601] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 93.732297][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0xE, skipping [ 93.740216][ T8601] ? may_open+0x1f6/0x420 [ 93.740247][ T8601] path_openat+0x1c23/0x27f0 [ 93.740271][ T8601] ? path_lookupat+0x860/0x860 [ 93.740294][ T8601] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 93.745526][ T7] usb 3-1: config 0 interface 192 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 93.748244][ T8601] do_filp_open+0x1aa/0x400 [ 93.748270][ T8601] ? may_open_dev+0xf0/0xf0 [ 93.753421][ T7] usb 3-1: config 0 interface 192 altsetting 8 has 17 endpoint descriptors, different from the interface descriptor's value: 16 [ 93.756818][ T8601] ? rwlock_bug.part.0+0x90/0x90 [ 93.756845][ T8601] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 93.763739][ T7] usb 3-1: config 0 interface 192 has no altsetting 0 [ 93.772342][ T8601] ? _find_next_bit+0x1e3/0x260 [ 93.772375][ T8601] ? _raw_spin_unlock+0x24/0x40 [ 93.772394][ T8601] ? alloc_fd+0x2f0/0x670 [ 93.772414][ T8601] do_sys_openat2+0x16d/0x420 [ 93.929317][ T7] usb 3-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=14.94 [ 93.930074][ T8601] ? build_open_flags+0x6f0/0x6f0 [ 93.930102][ T8601] ? __context_tracking_exit+0xb8/0xe0 [ 93.934988][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.940863][ T8601] __x64_sys_open+0x119/0x1c0 [ 93.940889][ T8601] ? do_sys_open+0x140/0x140 [ 93.940908][ T8601] ? __secure_computing+0x104/0x360 [ 93.940929][ T8601] do_syscall_64+0x35/0xb0 [ 93.940952][ T8601] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 93.956246][ T7] usb 3-1: Product: syz [ 93.956270][ T8601] RIP: 0033:0x7f3821706840 [ 93.961802][ T7] usb 3-1: Manufacturer: syz [ 93.973923][ T8601] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 93.973944][ T8601] RSP: 002b:00007ffe30e806c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 93.973966][ T8601] RAX: ffffffffffffffda RBX: 00007ffe30e80838 RCX: 00007f3821706840 [ 93.973980][ T8601] RDX: 00007f38216f2ea0 RSI: 0000000000000000 RDI: 00007ffe30e81f1e [ 93.973992][ T8601] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 93.974003][ T8601] R10: 0000000000000002 R11: 0000000000000246 R12: 00005578438148d0 [ 93.981899][ T7] usb 3-1: SerialNumber: syz [ 93.985723][ T8601] R13: 00007ffe30e80830 R14: 0000000000000000 R15: 0000000000000000 [ 93.987453][ T8601] Kernel Offset: disabled [ 94.157663][ T8601] Rebooting in 86400 seconds..