Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 14.000644][ C1] random: crng init done [ 14.004989][ C1] random: 7 urandom warning(s) missed due to ratelimiting [ 21.958188][ T317] can: request_module (can-proto-0) failed. [ 21.968750][ T317] can: request_module (can-proto-0) failed. [ 21.978690][ T317] can: request_module (can-proto-7) failed. [ 21.989223][ T317] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. 2020/10/18 20:01:15 parsed 1 programs 2020/10/18 20:01:15 executed programs: 0 [ 29.062277][ T472] cgroup: Unknown subsys name 'perf_event' [ 29.070039][ T472] cgroup: Unknown subsys name 'net_cls' [ 29.122637][ T478] cgroup: Unknown subsys name 'perf_event' [ 29.125969][ T481] cgroup: Unknown subsys name 'perf_event' [ 29.129725][ T480] cgroup: Unknown subsys name 'perf_event' [ 29.140752][ T481] cgroup: Unknown subsys name 'net_cls' [ 29.141619][ T478] cgroup: Unknown subsys name 'net_cls' [ 29.148800][ T482] cgroup: Unknown subsys name 'perf_event' [ 29.153410][ T480] cgroup: Unknown subsys name 'net_cls' [ 29.162338][ T482] cgroup: Unknown subsys name 'net_cls' [ 29.173428][ T484] cgroup: Unknown subsys name 'perf_event' [ 29.193739][ T484] cgroup: Unknown subsys name 'net_cls' [ 36.742908][ T493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.751230][ T493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.823512][ T73] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.842592][ T493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.845335][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.850706][ T493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.865889][ T73] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.866436][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.934272][ T487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.942576][ T487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.971803][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.990506][ T493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.998656][ T493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.006179][ T489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.014278][ T489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.034212][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.060262][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.071658][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.089873][ T503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.089932][ T133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.097820][ T503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.105144][ T130] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.105785][ T133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.138863][ T130] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.276795][ T503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.284995][ T503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.302518][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.310625][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.319230][ T3173] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.327365][ T3173] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.382816][ T133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.390952][ T133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.404141][ T3173] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.423204][ T133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.431306][ T133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.443313][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.451190][ T5] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 37.507500][ T130] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 37.548614][ T21] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 37.567521][ T3173] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 37.717471][ T53] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.727390][ T5] usb 4-1: Using ep0 maxpacket: 8 [ 37.747360][ T130] usb 5-1: Using ep0 maxpacket: 8 [ 37.757461][ T3177] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 37.787409][ T21] usb 6-1: Using ep0 maxpacket: 8 [ 37.808520][ T3173] usb 2-1: Using ep0 maxpacket: 8 [ 37.867536][ T130] usb 5-1: config 0 has an invalid interface number: 86 but max is 0 [ 37.875896][ T130] usb 5-1: config 0 has no interface number 0 [ 37.883284][ T130] usb 5-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 37.893161][ T130] usb 5-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 37.897443][ T5] usb 4-1: config 0 has an invalid interface number: 86 but max is 0 [ 37.902991][ T130] usb 5-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 37.911055][ T5] usb 4-1: config 0 has no interface number 0 [ 37.920900][ T130] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 37.927509][ T5] usb 4-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 37.935964][ T130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.939922][ T21] usb 6-1: config 0 has an invalid interface number: 86 but max is 0 [ 37.946128][ T5] usb 4-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 37.954041][ T21] usb 6-1: config 0 has no interface number 0 [ 37.955642][ T21] usb 6-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 37.962284][ T5] usb 4-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 37.962314][ T5] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 37.962328][ T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.968702][ T5] usb 4-1: config 0 descriptor?? [ 37.972332][ T21] usb 6-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 38.029649][ T21] usb 6-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 38.032890][ T5] em28xx 4-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 38.039538][ T21] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 38.039555][ T21] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.039789][ T3173] usb 2-1: config 0 has an invalid interface number: 86 but max is 0 [ 38.049078][ T5] em28xx 4-1:0.86: Video interface 86 found: [ 38.057971][ T3173] usb 2-1: config 0 has no interface number 0 [ 38.059143][ T3173] usb 2-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 38.096157][ T3173] usb 2-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 38.105935][ T3173] usb 2-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 38.115814][ T3173] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 38.124887][ T3173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.132959][ T3177] usb 3-1: Using ep0 maxpacket: 8 [ 38.138042][ T53] usb 1-1: Using ep0 maxpacket: 8 [ 38.145203][ T130] usb 5-1: config 0 descriptor?? [ 38.153557][ T21] usb 6-1: config 0 descriptor?? [ 38.162528][ T3173] usb 2-1: config 0 descriptor?? [ 38.189664][ T130] em28xx 5-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 38.198923][ T130] em28xx 5-1:0.86: Video interface 86 found: [ 38.206907][ T21] em28xx 6-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 38.216041][ T21] em28xx 6-1:0.86: Video interface 86 found: [ 38.224805][ T3173] em28xx 2-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 38.234016][ T3173] em28xx 2-1:0.86: Video interface 86 found: [ 38.277351][ T53] usb 1-1: config 0 has an invalid interface number: 86 but max is 0 [ 38.285473][ T53] usb 1-1: config 0 has no interface number 0 [ 38.292610][ T3177] usb 3-1: config 0 has an invalid interface number: 86 but max is 0 [ 38.300793][ T3177] usb 3-1: config 0 has no interface number 0 [ 38.306915][ T3177] usb 3-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 38.316815][ T3177] usb 3-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 38.326647][ T3177] usb 3-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 38.336515][ T3177] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 38.345645][ T3177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.347206][ T5] em28xx 4-1:0.86: unknown em28xx chip ID (0) [ 38.354215][ T53] usb 1-1: config 0 interface 86 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 38.370215][ T53] usb 1-1: config 0 interface 86 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 38.380005][ T53] usb 1-1: config 0 interface 86 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 38.389903][ T53] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=77.fc [ 38.399003][ T53] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.411851][ T53] usb 1-1: config 0 descriptor?? [ 38.417402][ T3177] usb 3-1: config 0 descriptor?? [ 38.459499][ T3177] em28xx 3-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 38.468529][ T3177] em28xx 3-1:0.86: Video interface 86 found: [ 38.476629][ T53] em28xx 1-1:0.86: New device @ 480 Mbps (0ccd:10af, interface 86, class 86) [ 38.485994][ T53] em28xx 1-1:0.86: Video interface 86 found: [ 38.517191][ T130] em28xx 5-1:0.86: unknown em28xx chip ID (0) [ 38.523498][ T3173] em28xx 2-1:0.86: unknown em28xx chip ID (0) [ 38.529750][ T21] em28xx 6-1:0.86: unknown em28xx chip ID (0) [ 38.537367][ T5] em28xx 4-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 38.545850][ T5] em28xx 4-1:0.86: board has no eeprom [ 38.657048][ T5] em28xx 4-1:0.86: Identified as Terratec Grabby (card=67) [ 38.664901][ T5] em28xx 4-1:0.86: analog set to bulk mode. [ 38.677150][ T21] em28xx 6-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 38.683792][ T5] usb 4-1: USB disconnect, device number 2 [ 38.685295][ T21] em28xx 6-1:0.86: board has no eeprom [ 38.693325][ T5] em28xx 4-1:0.86: Disconnecting em28xx [ 38.696653][ T3173] em28xx 2-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 38.702604][ T12] em28xx 4-1:0.86: Registering V4L2 extension [ 38.710473][ T3173] em28xx 2-1:0.86: board has no eeprom [ 38.722036][ T130] em28xx 5-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 38.722771][ T12] em28xx 4-1:0.86: Config register raw data: 0xffffffed [ 38.730180][ T130] em28xx 5-1:0.86: board has no eeprom [ 38.742973][ T12] em28xx 4-1:0.86: AC97 chip type couldn't be determined [ 38.747047][ T3177] em28xx 3-1:0.86: unknown em28xx chip ID (0) [ 38.750850][ T12] em28xx 4-1:0.86: No AC97 audio processor [ 38.756864][ T53] em28xx 1-1:0.86: unknown em28xx chip ID (0) [ 38.787880][ T12] usb 4-1: Decoder not found [ 38.792652][ T12] em28xx 4-1:0.86: failed to create media graph [ 38.805582][ T12] em28xx 4-1:0.86: V4L2 device video0 deregistered [ 38.814731][ T12] em28xx 4-1:0.86: Registering snapshot button... [ 38.822871][ T12] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.86/input/input5 [ 38.840914][ T12] em28xx 4-1:0.86: Remote control support is not available for this card. [ 38.849902][ T5] em28xx 4-1:0.86: Closing input extension [ 38.855895][ T5] em28xx 4-1:0.86: Deregistering snapshot button [ 38.857000][ T130] em28xx 5-1:0.86: Identified as Terratec Grabby (card=67) [ 38.869866][ T130] em28xx 5-1:0.86: analog set to bulk mode. [ 38.876566][ T21] em28xx 6-1:0.86: Identified as Terratec Grabby (card=67) [ 38.883879][ T21] em28xx 6-1:0.86: analog set to bulk mode. [ 38.890088][ T3173] em28xx 2-1:0.86: Identified as Terratec Grabby (card=67) [ 38.897382][ T3173] em28xx 2-1:0.86: analog set to bulk mode. [ 38.909127][ T5] em28xx 4-1:0.86: Freeing device [ 38.912344][ T3197] em28xx 5-1:0.86: Registering V4L2 extension [ 38.928270][ T3177] em28xx 3-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 38.936405][ T3177] em28xx 3-1:0.86: board has no eeprom [ 38.946387][ T21] usb 6-1: USB disconnect, device number 2 [ 38.953257][ T53] em28xx 1-1:0.86: reading from i2c device at 0xa0 failed (error=-5) [ 38.961593][ T53] em28xx 1-1:0.86: board has no eeprom [ 38.971511][ T3173] usb 2-1: USB disconnect, device number 2 [ 38.987548][ T130] usb 5-1: USB disconnect, device number 2 [ 38.994298][ T130] em28xx 5-1:0.86: Disconnecting em28xx [ 39.001079][ T3173] em28xx 2-1:0.86: Disconnecting em28xx [ 39.008007][ T21] em28xx 6-1:0.86: Disconnecting em28xx [ 39.013715][ T3197] em28xx 5-1:0.86: Config register raw data: 0xffffffed [ 39.020832][ T3197] em28xx 5-1:0.86: AC97 chip type couldn't be determined [ 39.030540][ T3197] em28xx 5-1:0.86: No AC97 audio processor [ 39.038163][ T3197] usb 5-1: Decoder not found [ 39.042775][ T3197] em28xx 5-1:0.86: failed to create media graph [ 39.049410][ T3197] em28xx 5-1:0.86: V4L2 device video0 deregistered [ 39.056935][ T3197] em28xx 5-1:0.86: Registering snapshot button... [ 39.064365][ T3197] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.86/input/input6 [ 39.076518][ T3197] em28xx 5-1:0.86: Remote control support is not available for this card. [ 39.085675][ T17] em28xx 6-1:0.86: Registering V4L2 extension [ 39.098596][ T17] em28xx 6-1:0.86: Config register raw data: 0xffffffed [ 39.105574][ T17] em28xx 6-1:0.86: AC97 chip type couldn't be determined [ 39.112773][ T17] em28xx 6-1:0.86: No AC97 audio processor [ 39.119328][ T17] usb 6-1: Decoder not found [ 39.123938][ T17] em28xx 6-1:0.86: failed to create media graph [ 39.130570][ T17] em28xx 6-1:0.86: V4L2 device video0 deregistered [ 39.137387][ T53] em28xx 1-1:0.86: Identified as Terratec Grabby (card=67) [ 39.144667][ T53] em28xx 1-1:0.86: analog set to bulk mode. [ 39.150676][ T3177] em28xx 3-1:0.86: Identified as Terratec Grabby (card=67) [ 39.158070][ T3177] em28xx 3-1:0.86: analog set to bulk mode. [ 39.165296][ T17] em28xx 6-1:0.86: Registering snapshot button... [ 39.165444][ T3242] ================================================================== [ 39.174336][ T3177] usb 3-1: USB disconnect, device number 2 [ 39.180758][ T3242] BUG: KASAN: use-after-free in v4l2_open+0x62c/0x670 [ 39.180770][ T3242] Read of size 4 at addr ffff8881befa0968 by task v4l_id/3242 [ 39.180774][ T3242] [ 39.180788][ T3242] CPU: 0 PID: 3242 Comm: v4l_id Not tainted 5.9.0-syzkaller #0 [ 39.180796][ T3242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.180806][ T3242] Call Trace: [ 39.187910][ T17] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.86/input/input7 [ 39.193343][ T3242] dump_stack+0x107/0x16e [ 39.201628][ T3177] em28xx 3-1:0.86: Disconnecting em28xx [ 39.203086][ T3242] ? v4l2_open+0x62c/0x670 [ 39.218291][ T17] em28xx 6-1:0.86: Remote control support is not available for this card. [ 39.220661][ T3242] ? v4l2_open+0x62c/0x670 [ 39.223953][ T3237] em28xx 2-1:0.86: Registering V4L2 extension [ 39.234322][ T3242] print_address_description.constprop.0+0x1c/0x210 [ 39.234338][ T3242] ? wait_for_completion+0x270/0x270 [ 39.234350][ T3242] ? vprintk_func+0x93/0x133 [ 39.234363][ T3242] ? v4l2_open+0x62c/0x670 [ 39.234374][ T3242] ? v4l2_open+0x62c/0x670 [ 39.234386][ T3242] kasan_report.cold+0x37/0x7c [ 39.234404][ T3242] ? v4l2_open+0x62c/0x670 [ 39.240707][ T53] usb 1-1: USB disconnect, device number 2 [ 39.244240][ T3242] v4l2_open+0x62c/0x670 [ 39.244259][ T3242] ? v4l2_release+0x390/0x390 [ 39.249850][ T53] em28xx 1-1:0.86: Disconnecting em28xx [ 39.257134][ T3242] chrdev_open+0x266/0x770 [ 39.257148][ T3242] ? cdev_device_add+0x210/0x210 [ 39.257163][ T3242] ? security_file_open+0x205/0x4f0 [ 39.257174][ T3242] do_dentry_open+0x4b4/0x1090 [ 39.257185][ T3242] ? cdev_device_add+0x210/0x210 [ 39.257199][ T3242] ? may_open+0x1e4/0x400 [ 39.257218][ T3242] path_openat+0x190d/0x2690 [ 39.311863][ T3237] em28xx 2-1:0.86: Config register raw data: 0xffffffed [ 39.312160][ T3242] ? path_lookupat+0x830/0x830 [ 39.316885][ T3237] em28xx 2-1:0.86: AC97 chip type couldn't be determined [ 39.322356][ T3242] ? lockdep_hardirqs_on_prepare+0x4f0/0x4f0 [ 39.322373][ T3242] do_filp_open+0x17e/0x3c0 [ 39.326826][ T3237] em28xx 2-1:0.86: No AC97 audio processor [ 39.331699][ T3242] ? may_open_dev+0xf0/0xf0 [ 39.394946][ T3242] ? do_raw_spin_lock+0x120/0x260 [ 39.399966][ T3242] ? rwlock_bug.part.0+0x90/0x90 [ 39.404883][ T3242] ? _raw_spin_unlock+0x1a/0x30 [ 39.409779][ T3242] ? __alloc_fd+0x28d/0x600 [ 39.414265][ T3242] do_sys_openat2+0x16d/0x420 [ 39.418929][ T3242] ? finish_task_switch+0x11d/0x5d0 [ 39.424111][ T3242] ? finish_task_switch+0xef/0x5d0 [ 39.429218][ T3242] ? build_open_flags+0x650/0x650 [ 39.434234][ T3242] ? __schedule+0x897/0x1f80 [ 39.439670][ T3242] __x64_sys_open+0x119/0x1c0 [ 39.444341][ T3242] ? do_sys_open+0x140/0x140 [ 39.448908][ T3242] ? __secure_computing+0xb4/0x290 [ 39.454008][ T3242] do_syscall_64+0x2d/0x40 [ 39.458405][ T3242] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 39.464274][ T3242] RIP: 0033:0x7f24e191a840 [ 39.468669][ T3242] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 39.488271][ T3242] RSP: 002b:00007ffcf5492218 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 39.496679][ T3242] RAX: ffffffffffffffda RBX: 00007ffcf5492388 RCX: 00007f24e191a840 [ 39.504646][ T3242] RDX: 00007f24e1906ea0 RSI: 0000000000000000 RDI: 00007ffcf5493f24 [ 39.512699][ T3242] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 39.520658][ T3242] R10: 0000000000000002 R11: 0000000000000246 R12: 0000561b0484d8d0 [ 39.528626][ T3242] R13: 00007ffcf5492380 R14: 0000000000000000 R15: 0000000000000000 [ 39.536573][ T3242] [ 39.538881][ T3242] Allocated by task 3177: [ 39.543192][ T3242] kasan_save_stack+0x1b/0x40 [ 39.547847][ T3242] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 39.553456][ T3242] kobject_uevent_env+0x236/0x1540 [ 39.558564][ T3242] driver_bound+0x1a8/0x300 [ 39.563059][ T3242] really_probe+0x40b/0xde0 [ 39.567539][ T3242] driver_probe_device+0x26b/0x3d0 [ 39.572624][ T3242] __device_attach_driver+0x1d1/0x290 [ 39.577978][ T3242] bus_for_each_drv+0x15f/0x1e0 [ 39.582808][ T3242] __device_attach+0x228/0x4a0 [ 39.587549][ T3242] bus_probe_device+0x1e4/0x290 [ 39.592376][ T3242] device_add+0xb51/0x1c70 [ 39.596771][ T3242] usb_set_configuration+0xf05/0x18a0 [ 39.602132][ T3242] usb_generic_driver_probe+0xba/0xf2 [ 39.607489][ T3242] usb_probe_device+0xd9/0x2c0 [ 39.612252][ T3242] really_probe+0x291/0xde0 [ 39.616738][ T3242] driver_probe_device+0x26b/0x3d0 [ 39.621827][ T3242] __device_attach_driver+0x1d1/0x290 [ 39.627191][ T3242] bus_for_each_drv+0x15f/0x1e0 [ 39.632015][ T3242] __device_attach+0x228/0x4a0 [ 39.636762][ T3242] bus_probe_device+0x1e4/0x290 [ 39.641586][ T3242] device_add+0xb51/0x1c70 [ 39.645991][ T3242] usb_new_device.cold+0x71d/0xfd4 [ 39.651078][ T3242] hub_event+0x2361/0x4390 [ 39.655471][ T3242] process_one_work+0x94c/0x15f0 [ 39.660386][ T3242] worker_thread+0x64c/0x1120 [ 39.665039][ T3242] kthread+0x392/0x470 [ 39.669096][ T3242] ret_from_fork+0x1f/0x30 [ 39.673481][ T3242] [ 39.675802][ T3242] Freed by task 3177: [ 39.679769][ T3242] kasan_save_stack+0x1b/0x40 [ 39.684540][ T3242] kasan_set_track+0x1c/0x30 [ 39.689132][ T3242] kasan_set_free_info+0x1b/0x30 [ 39.694046][ T3242] __kasan_slab_free+0xf3/0x130 [ 39.698889][ T3242] slab_free_freelist_hook+0x5d/0x150 [ 39.704248][ T3242] kfree+0xbe/0x470 [ 39.708035][ T3242] kobject_uevent_env+0x2af/0x1540 [ 39.713122][ T3242] driver_bound+0x1a8/0x300 [ 39.717623][ T3242] really_probe+0x40b/0xde0 [ 39.722103][ T3242] driver_probe_device+0x26b/0x3d0 [ 39.727209][ T3242] __device_attach_driver+0x1d1/0x290 [ 39.732575][ T3242] bus_for_each_drv+0x15f/0x1e0 [ 39.737437][ T3242] __device_attach+0x228/0x4a0 [ 39.742207][ T3242] bus_probe_device+0x1e4/0x290 [ 39.747036][ T3242] device_add+0xb51/0x1c70 [ 39.751434][ T3242] usb_set_configuration+0xf05/0x18a0 [ 39.756782][ T3242] usb_generic_driver_probe+0xba/0xf2 [ 39.762150][ T3242] usb_probe_device+0xd9/0x2c0 [ 39.766896][ T3242] really_probe+0x291/0xde0 [ 39.771376][ T3242] driver_probe_device+0x26b/0x3d0 [ 39.776481][ T3242] __device_attach_driver+0x1d1/0x290 [ 39.781856][ T3242] bus_for_each_drv+0x15f/0x1e0 [ 39.786703][ T3242] __device_attach+0x228/0x4a0 [ 39.791459][ T3242] bus_probe_device+0x1e4/0x290 [ 39.796297][ T3242] device_add+0xb51/0x1c70 [ 39.800692][ T3242] usb_new_device.cold+0x71d/0xfd4 [ 39.805779][ T3242] hub_event+0x2361/0x4390 [ 39.810185][ T3242] process_one_work+0x94c/0x15f0 [ 39.815095][ T3242] worker_thread+0x64c/0x1120 [ 39.819763][ T3242] kthread+0x392/0x470 [ 39.823806][ T3242] ret_from_fork+0x1f/0x30 [ 39.828220][ T3242] [ 39.830539][ T3242] The buggy address belongs to the object at ffff8881befa0000 [ 39.830539][ T3242] which belongs to the cache kmalloc-4k of size 4096 [ 39.844619][ T3242] The buggy address is located 2408 bytes inside of [ 39.844619][ T3242] 4096-byte region [ffff8881befa0000, ffff8881befa1000) [ 39.858038][ T3242] The buggy address belongs to the page: [ 39.863764][ T3242] page:00000000ee59a58b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1befa0 [ 39.874027][ T3242] head:00000000ee59a58b order:3 compound_mapcount:0 compound_pincount:0 [ 39.882331][ T3242] flags: 0x200000000010200(slab|head) [ 39.887708][ T3242] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da042140 [ 39.896279][ T3242] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 39.904849][ T3242] page dumped because: kasan: bad access detected [ 39.911248][ T3242] [ 39.913558][ T3242] Memory state around the buggy address: [ 39.919286][ T3242] ffff8881befa0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.927357][ T3242] ffff8881befa0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.935396][ T3242] >ffff8881befa0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.943455][ T3242] ^ [ 39.950914][ T3242] ffff8881befa0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.958964][ T3242] ffff8881befa0a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.967031][ T3242] ================================================================== [ 39.975084][ T3242] Disabling lock debugging due to kernel taint [ 39.984009][ T3242] Kernel panic - not syncing: panic_on_warn set ... [ 39.990619][ T3242] CPU: 0 PID: 3242 Comm: v4l_id Tainted: G B 5.9.0-syzkaller #0 [ 39.999549][ T3242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.010122][ T3242] Call Trace: [ 40.013403][ T3242] dump_stack+0x107/0x16e [ 40.017713][ T3242] ? v4l2_open+0x540/0x670 [ 40.022106][ T3242] panic+0x2cb/0x702 [ 40.025978][ T3242] ? __warn_printk+0xf3/0xf3 [ 40.030548][ T3242] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 40.036685][ T3242] ? trace_hardirqs_on+0x55/0x200 [ 40.041697][ T3242] ? v4l2_open+0x62c/0x670 [ 40.046094][ T3242] ? v4l2_open+0x62c/0x670 [ 40.050504][ T3242] end_report+0x4d/0x53 [ 40.054696][ T3242] kasan_report.cold+0x72/0x7c [ 40.059439][ T3242] ? v4l2_open+0x62c/0x670 [ 40.063830][ T3242] v4l2_open+0x62c/0x670 [ 40.068051][ T3242] ? v4l2_release+0x390/0x390 [ 40.074196][ T3242] chrdev_open+0x266/0x770 [ 40.078603][ T3242] ? cdev_device_add+0x210/0x210 [ 40.083521][ T3242] ? security_file_open+0x205/0x4f0 [ 40.088697][ T3242] do_dentry_open+0x4b4/0x1090 [ 40.093452][ T3242] ? cdev_device_add+0x210/0x210 [ 40.098405][ T3242] ? may_open+0x1e4/0x400 [ 40.102711][ T3242] path_openat+0x190d/0x2690 [ 40.107276][ T3242] ? path_lookupat+0x830/0x830 2020/10/18 20:01:26 executed programs: 6 [ 40.112023][ T3242] ? lockdep_hardirqs_on_prepare+0x4f0/0x4f0 [ 40.118013][ T3242] do_filp_open+0x17e/0x3c0 [ 40.122502][ T3242] ? may_open_dev+0xf0/0xf0 [ 40.127003][ T3242] ? do_raw_spin_lock+0x120/0x260 [ 40.132000][ T3242] ? rwlock_bug.part.0+0x90/0x90 [ 40.136916][ T3242] ? _raw_spin_unlock+0x1a/0x30 [ 40.141758][ T3242] ? __alloc_fd+0x28d/0x600 [ 40.146257][ T3242] do_sys_openat2+0x16d/0x420 [ 40.151022][ T3242] ? finish_task_switch+0x11d/0x5d0 [ 40.156218][ T3242] ? finish_task_switch+0xef/0x5d0 [ 40.161319][ T3242] ? build_open_flags+0x650/0x650 [ 40.166947][ T3242] ? __schedule+0x897/0x1f80 [ 40.171524][ T3242] __x64_sys_open+0x119/0x1c0 [ 40.176179][ T3242] ? do_sys_open+0x140/0x140 [ 40.180801][ T3242] ? __secure_computing+0xb4/0x290 [ 40.185888][ T3242] do_syscall_64+0x2d/0x40 [ 40.190301][ T3242] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.196178][ T3242] RIP: 0033:0x7f24e191a840 [ 40.200600][ T3242] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 40.220190][ T3242] RSP: 002b:00007ffcf5492218 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 40.228617][ T3242] RAX: ffffffffffffffda RBX: 00007ffcf5492388 RCX: 00007f24e191a840 [ 40.236587][ T3242] RDX: 00007f24e1906ea0 RSI: 0000000000000000 RDI: 00007ffcf5493f24 [ 40.244544][ T3242] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 40.252505][ T3242] R10: 0000000000000002 R11: 0000000000000246 R12: 0000561b0484d8d0 [ 40.260658][ T3242] R13: 00007ffcf5492380 R14: 0000000000000000 R15: 0000000000000000 [ 40.269298][ T3242] Kernel Offset: disabled [ 40.273623][ T3242] Rebooting in 86400 seconds..