Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.870208][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   39.230304][   T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   39.241295][   T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has wMaxPacketSize 0, skipping
[   39.251413][   T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=5006, bcdDevice=ed.9a
[   39.260453][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.269516][   T12] usb 1-1: config 0 descriptor??
[   39.312308][   T12] em28xx 1-1:0.0: New device   @ 480 Mbps (eb1a:5006, interface 0, class 0)
[   39.321146][   T12] em28xx 1-1:0.0: Video interface 0 found: isoc
executing program
[   39.550333][   T12] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[   39.680254][   T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   39.688396][   T12] em28xx 1-1:0.0: board has no eeprom
[   39.800193][   T12] em28xx 1-1:0.0: Identified as Honestech Vidbox NW03 (card=83)
[   39.807877][   T12] em28xx 1-1:0.0: analog set to isoc mode.
[   39.814537][  T102] em28xx 1-1:0.0: Registering V4L2 extension
[   39.827062][   T12] usb 1-1: USB disconnect, device number 2
[   39.833135][  T102] em28xx 1-1:0.0: reading from i2c device at 0x4a failed (error=-19)
[   39.842393][   T12] em28xx 1-1:0.0: Disconnecting em28xx
[   39.847952][  T102] em28xx 1-1:0.0: Config register raw data: 0xffffffed
[   39.854898][  T102] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[   39.861858][  T102] em28xx 1-1:0.0: No AC97 audio processor
[   39.869064][  T102] usb 1-1: Decoder not found
[   39.873733][  T102] em28xx 1-1:0.0: failed to create media graph
[   39.879921][  T102] em28xx 1-1:0.0: V4L2 device video0 deregistered
[   39.887950][  T102] em28xx 1-1:0.0: Remote control support is not available for this card.
[   39.896652][   T12] em28xx 1-1:0.0: Closing input extension
[   39.904671][   T12] em28xx 1-1:0.0: Freeing device
[   40.260257][   T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   40.620249][   T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   40.631171][   T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has wMaxPacketSize 0, skipping
[   40.641117][   T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=5006, bcdDevice=ed.9a
[   40.650159][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.658958][   T12] usb 1-1: config 0 descriptor??
[   40.701894][   T12] em28xx 1-1:0.0: New device   @ 480 Mbps (eb1a:5006, interface 0, class 0)
[   40.710664][   T12] em28xx 1-1:0.0: Video interface 0 found: isoc
executing program
[   40.940359][   T12] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[   41.070231][   T12] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   41.078279][   T12] em28xx 1-1:0.0: board has no eeprom
[   41.190187][   T12] em28xx 1-1:0.0: Identified as Honestech Vidbox NW03 (card=83)
[   41.197858][   T12] em28xx 1-1:0.0: analog set to isoc mode.
[   41.204207][  T102] em28xx 1-1:0.0: Registering V4L2 extension
[   41.211701][   T12] usb 1-1: USB disconnect, device number 3
[   41.218073][   T12] em28xx 1-1:0.0: Disconnecting em28xx
[   41.223789][  T102] em28xx 1-1:0.0: Config register raw data: 0xffffffed
[   41.230716][  T102] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[   41.237648][  T102] em28xx 1-1:0.0: No AC97 audio processor
[   41.244055][  T102] usb 1-1: Decoder not found
[   41.248684][  T102] em28xx 1-1:0.0: failed to create media graph
[   41.255053][  T102] em28xx 1-1:0.0: V4L2 device video0 deregistered
[   41.262129][  T102] em28xx 1-1:0.0: Remote control support is not available for this card.
[   41.262279][ T1726] ==================================================================
[   41.270766][   T12] em28xx 1-1:0.0: Closing input extension
[   41.278655][ T1726] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0
[   41.291344][ T1726] Read of size 8 at addr ffff8881d146c870 by task v4l_id/1726
[   41.298769][ T1726] 
[   41.301081][ T1726] CPU: 1 PID: 1726 Comm: v4l_id Not tainted 5.4.0-syzkaller #0
[   41.308594][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.318769][ T1726] Call Trace:
[   41.322040][ T1726]  dump_stack+0xef/0x16e
[   41.326256][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.330909][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.335569][ T1726]  print_address_description.constprop.0+0x36/0x50
[   41.342046][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.346698][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.351353][ T1726]  __kasan_report.cold+0x1a/0x33
[   41.356336][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.361148][ T1726]  kasan_report+0xe/0x20
[   41.365370][ T1726]  v4l2_fh_init+0x279/0x2c0
[   41.369852][ T1726]  v4l2_fh_open+0x88/0xc0
[   41.374162][ T1726]  em28xx_v4l2_open+0x11a/0x570
[   41.378993][ T1726]  v4l2_open+0x20f/0x3d0
[   41.383214][ T1726]  ? v4l2_release+0x390/0x390
[   41.387875][ T1726]  chrdev_open+0x219/0x5c0
[   41.392275][ T1726]  ? cdev_put.part.0+0x50/0x50
[   41.397017][ T1726]  do_dentry_open+0x494/0x1120
[   41.401757][ T1726]  ? cdev_put.part.0+0x50/0x50
[   41.406497][ T1726]  ? chmod_common+0x3c0/0x3c0
[   41.411165][ T1726]  ? inode_permission+0xbe/0x3a0
[   41.416095][ T1726]  path_openat+0x142b/0x4030
[   41.420663][ T1726]  ? save_stack+0x1b/0x80
[   41.424969][ T1726]  ? do_sys_open+0x294/0x580
[   41.429533][ T1726]  ? do_syscall_64+0xb7/0x5b0
[   41.434194][ T1726]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.440245][ T1726]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   41.445867][ T1726]  ? __lock_acquire+0x145e/0x3b60
[   41.450881][ T1726]  do_filp_open+0x1a1/0x280
[   41.455360][ T1726]  ? may_open_dev+0xf0/0xf0
[   41.459854][ T1726]  ? __alloc_fd+0x46d/0x600
[   41.464341][ T1726]  ? do_raw_spin_lock+0x11a/0x280
[   41.469352][ T1726]  ? do_raw_spin_unlock+0x13f/0x220
[   41.474528][ T1726]  ? _raw_spin_unlock+0x1a/0x30
[   41.479352][ T1726]  ? __alloc_fd+0x46d/0x600
[   41.483831][ T1726]  do_sys_open+0x3c0/0x580
[   41.488225][ T1726]  ? filp_open+0x70/0x70
[   41.492445][ T1726]  ? trace_hardirqs_off_caller+0x55/0x1e0
[   41.498138][ T1726]  do_syscall_64+0xb7/0x5b0
[   41.502620][ T1726]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.508500][ T1726] RIP: 0033:0x7efdb20b9120
[   41.512893][ T1726] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[   41.532541][ T1726] RSP: 002b:00007ffeabeaef18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   41.540931][ T1726] RAX: ffffffffffffffda RBX: 00007ffeabeaf078 RCX: 00007efdb20b9120
[   41.548886][ T1726] RDX: 00007efdb236e138 RSI: 0000000000000000 RDI: 00007ffeabeaff1f
[   41.556883][ T1726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   41.564881][ T1726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884
[   41.572831][ T1726] R13: 00007ffeabeaf070 R14: 0000000000000000 R15: 0000000000000000
[   41.580778][ T1726] 
[   41.583097][ T1726] Allocated by task 102:
[   41.587318][ T1726]  save_stack+0x1b/0x80
[   41.591450][ T1726]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   41.597057][ T1726]  em28xx_v4l2_init.cold+0x93/0x33eb
[   41.602335][ T1726]  em28xx_init_extension+0x12f/0x1f0
[   41.607594][ T1726]  request_module_async+0x5d/0x70
[   41.612593][ T1726]  process_one_work+0x92b/0x1530
[   41.617504][ T1726]  worker_thread+0x96/0xe20
[   41.621992][ T1726]  kthread+0x318/0x420
[   41.626050][ T1726]  ret_from_fork+0x24/0x30
[   41.630441][ T1726] 
[   41.632745][ T1726] Freed by task 102:
[   41.636770][ T1726]  save_stack+0x1b/0x80
[   41.641164][ T1726]  __kasan_slab_free+0x130/0x180
[   41.646075][ T1726]  kfree+0xdc/0x310
[   41.649910][ T1726]  em28xx_v4l2_init.cold+0x2d4/0x33eb
[   41.655489][ T1726]  em28xx_init_extension+0x12f/0x1f0
[   41.660757][ T1726]  request_module_async+0x5d/0x70
[   41.665761][ T1726]  process_one_work+0x92b/0x1530
[   41.670679][ T1726]  worker_thread+0x96/0xe20
[   41.675184][ T1726]  kthread+0x318/0x420
[   41.679231][ T1726]  ret_from_fork+0x24/0x30
[   41.683620][ T1726] 
[   41.685927][ T1726] The buggy address belongs to the object at ffff8881d146c000
[   41.685927][ T1726]  which belongs to the cache kmalloc-8k of size 8192
[   41.700042][ T1726] The buggy address is located 2160 bytes inside of
[   41.700042][ T1726]  8192-byte region [ffff8881d146c000, ffff8881d146e000)
[   41.713459][ T1726] The buggy address belongs to the page:
[   41.719068][ T1726] page:ffffea0007451a00 refcount:1 mapcount:0 mapping:ffff8881da40c500 index:0x0 compound_mapcount: 0
[   41.729996][ T1726] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da40c500
[   41.738602][ T1726] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[   41.747163][ T1726] page dumped because: kasan: bad access detected
[   41.753565][ T1726] 
[   41.755883][ T1726] Memory state around the buggy address:
[   41.761504][ T1726]  ffff8881d146c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.769542][ T1726]  ffff8881d146c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.777580][ T1726] >ffff8881d146c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.785626][ T1726]                                                              ^
[   41.793313][ T1726]  ffff8881d146c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.801349][ T1726]  ffff8881d146c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.809380][ T1726] ==================================================================
[   41.817479][ T1726] Disabling lock debugging due to kernel taint
[   41.823789][ T1726] Kernel panic - not syncing: panic_on_warn set ...
[   41.830413][ T1726] CPU: 1 PID: 1726 Comm: v4l_id Tainted: G    B             5.4.0-syzkaller #0
[   41.839319][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.849355][ T1726] Call Trace:
[   41.852627][ T1726]  dump_stack+0xef/0x16e
[   41.856866][ T1726]  panic+0x2aa/0x6e1
[   41.860754][ T1726]  ? add_taint.cold+0x16/0x16
[   41.865420][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.870077][ T1726]  ? trace_hardirqs_on+0x55/0x1e0
[   41.875099][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.879817][ T1726]  end_report+0x43/0x49
[   41.883956][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.888704][ T1726]  __kasan_report.cold+0xd/0x33
[   41.893542][ T1726]  ? v4l2_fh_init+0x279/0x2c0
[   41.898242][ T1726]  kasan_report+0xe/0x20
[   41.902462][ T1726]  v4l2_fh_init+0x279/0x2c0
[   41.906945][ T1726]  v4l2_fh_open+0x88/0xc0
[   41.911262][ T1726]  em28xx_v4l2_open+0x11a/0x570
[   41.916094][ T1726]  v4l2_open+0x20f/0x3d0
[   41.920332][ T1726]  ? v4l2_release+0x390/0x390
[   41.925001][ T1726]  chrdev_open+0x219/0x5c0
[   41.929399][ T1726]  ? cdev_put.part.0+0x50/0x50
[   41.934140][ T1726]  do_dentry_open+0x494/0x1120
[   41.938879][ T1726]  ? cdev_put.part.0+0x50/0x50
[   41.943630][ T1726]  ? chmod_common+0x3c0/0x3c0
[   41.948286][ T1726]  ? inode_permission+0xbe/0x3a0
[   41.953198][ T1726]  path_openat+0x142b/0x4030
[   41.957763][ T1726]  ? save_stack+0x1b/0x80
[   41.962131][ T1726]  ? do_sys_open+0x294/0x580
[   41.966753][ T1726]  ? do_syscall_64+0xb7/0x5b0
[   41.971712][ T1726]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.977765][ T1726]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   41.983116][ T1726]  ? __lock_acquire+0x145e/0x3b60
[   41.988118][ T1726]  do_filp_open+0x1a1/0x280
[   41.992601][ T1726]  ? may_open_dev+0xf0/0xf0
[   41.997081][ T1726]  ? __alloc_fd+0x46d/0x600
[   42.001561][ T1726]  ? do_raw_spin_lock+0x11a/0x280
[   42.006561][ T1726]  ? do_raw_spin_unlock+0x13f/0x220
[   42.011743][ T1726]  ? _raw_spin_unlock+0x1a/0x30
[   42.016576][ T1726]  ? __alloc_fd+0x46d/0x600
[   42.021056][ T1726]  do_sys_open+0x3c0/0x580
[   42.025449][ T1726]  ? filp_open+0x70/0x70
[   42.029669][ T1726]  ? trace_hardirqs_off_caller+0x55/0x1e0
[   42.035361][ T1726]  do_syscall_64+0xb7/0x5b0
[   42.039848][ T1726]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   42.045720][ T1726] RIP: 0033:0x7efdb20b9120
[   42.050113][ T1726] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[   42.069692][ T1726] RSP: 002b:00007ffeabeaef18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   42.078081][ T1726] RAX: ffffffffffffffda RBX: 00007ffeabeaf078 RCX: 00007efdb20b9120
[   42.086030][ T1726] RDX: 00007efdb236e138 RSI: 0000000000000000 RDI: 00007ffeabeaff1f
[   42.094002][ T1726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   42.101963][ T1726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884
[   42.109911][ T1726] R13: 00007ffeabeaf070 R14: 0000000000000000 R15: 0000000000000000
[   42.118509][ T1726] Kernel Offset: disabled
[   42.122831][ T1726] Rebooting in 86400 seconds..