[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts.
syzkaller login: [   68.412004][   T37] audit: type=1400 audit(1626362702.677:8): avc:  denied  { execmem } for  pid=8450 comm="syz-executor270" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   69.629445][ T8451] chnl_net:caif_netlink_parms(): no params data found
[   69.667658][ T8451] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.675261][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.683549][ T8451] device bridge_slave_0 entered promiscuous mode
[   69.692539][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.699871][ T8451] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.707443][ T8451] device bridge_slave_1 entered promiscuous mode
[   69.725157][ T8451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.735903][ T8451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.754805][ T8451] team0: Port device team_slave_0 added
[   69.761759][ T8451] team0: Port device team_slave_1 added
[   69.777164][ T8451] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.784201][ T8451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.810912][ T8451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.822783][ T8451] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.829987][ T8451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.856069][ T8451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.879873][ T8451] device hsr_slave_0 entered promiscuous mode
[   69.886344][ T8451] device hsr_slave_1 entered promiscuous mode
[   69.965470][ T8451] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.974101][ T8451] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.983765][ T8451] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.994873][ T8451] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.013642][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.020768][ T8451] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.028139][ T8451] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.035221][ T8451] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.070065][ T8451] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.082164][ T4823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.090811][ T4823] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.099247][ T4823] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.106893][ T4823] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   70.118644][ T8451] 8021q: adding VLAN 0 to HW filter on device team0
[   70.129753][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.138785][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.145869][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.169948][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.178421][ T4860] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.185480][ T4860] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.193816][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.203635][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.212067][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.222162][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.231779][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.242240][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.257485][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   70.265823][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   70.277278][ T8451] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.295628][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.314327][ T8451] device veth0_vlan entered promiscuous mode
[   70.321407][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   70.330262][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   70.338322][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   70.352157][ T8451] device veth1_vlan entered promiscuous mode
[   70.370723][ T4823] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   70.378862][ T4823] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   70.386817][ T4823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   70.398756][ T8451] device veth0_macvtap entered promiscuous mode
[   70.407618][ T8451] device veth1_macvtap entered promiscuous mode
[   70.423761][ T8451] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.431076][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   70.440879][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   70.452192][ T8451] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.459999][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   70.471659][ T8451] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.480692][ T8451] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.489796][ T8451] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.499698][ T8451] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.555170][    T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.569872][    T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.577874][ T8680] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
executing program
[   70.618474][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.626423][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.634844][ T8682] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   70.917723][ T8682] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   70.978950][ T3252] ieee802154 phy0 wpan0: encryption failed: -22
[   70.985233][ T3252] ieee802154 phy1 wpan1: encryption failed: -22
[   71.288055][ T8682] usb 1-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[   71.296938][ T8682] usb 1-1: config 255 has 1 interface, different from the descriptor's value: 255
[   71.307751][ T8682] usb 1-1: config 255 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   71.320607][ T8682] usb 1-1: New USB device found, idVendor=2040, idProduct=6513, bcdDevice=7f.4f
[   71.330197][ T8682] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.380862][ T8682] em28xx 1-1:255.0: New device   @ 480 Mbps (2040:6513, interface 0, class 0)
[   71.390282][ T8682] em28xx 1-1:255.0: Video interface 0 found: isoc
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
[   71.538767][ T8680] Bluetooth: hci0: command 0x0409 tx timeout
[   71.627793][ T8682] em28xx 1-1:255.0: unknown em28xx chip ID (0)
[   71.690536][ T1075] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.887782][ T8682] em28xx 1-1:255.0: reading from i2c device at 0xa0 failed (error=-5)
[   71.896126][ T8682] em28xx 1-1:255.0: board has no eeprom
[   72.007685][ T8682] em28xx 1-1:255.0: Identified as Hauppauge WinTV HVR 950 (card=16)
[   72.015849][ T8682] em28xx 1-1:255.0: analog set to isoc mode.
[   72.023375][   T20] em28xx 1-1:255.0: Registering V4L2 extension
[   72.067637][   T20] em28xx 1-1:255.0: reading from i2c device at 0xb8 failed (error=-5)
[   72.087718][   T20] em28xx 1-1:255.0: reading from i2c device at 0xba failed (error=-5)
[   72.127690][   T20] em28xx 1-1:255.0: reading from i2c device at 0x84 failed (error=-5)
[   72.147854][   T20] em28xx 1-1:255.0: reading from i2c device at 0x86 failed (error=-5)
[   72.167986][   T20] em28xx 1-1:255.0: reading from i2c device at 0x94 failed (error=-5)
[   72.197688][   T20] em28xx 1-1:255.0: reading from i2c device at 0x96 failed (error=-5)
[   72.227641][   T20] em28xx 1-1:255.0: reading from i2c device at 0xc0 failed (error=-5)
[   72.247602][   T20] em28xx 1-1:255.0: reading from i2c device at 0xc2 failed (error=-5)
[   72.267710][   T20] em28xx 1-1:255.0: reading from i2c device at 0xc4 failed (error=-5)
[   72.297610][   T20] em28xx 1-1:255.0: reading from i2c device at 0xc6 failed (error=-5)
[   72.317665][   T20] em28xx 1-1:255.0: reading from i2c device at 0xc8 failed (error=-5)
[   72.337702][   T20] em28xx 1-1:255.0: Config register raw data: 0xfffffffb
[   72.357636][   T20] em28xx 1-1:255.0: AC97 chip type couldn't be determined
[   72.364816][   T20] em28xx 1-1:255.0: No AC97 audio processor
[   73.010730][   T20] usb 1-1: Decoder not found
[   73.015362][   T20] em28xx 1-1:255.0: failed to create media graph
[   73.033549][   T20] em28xx 1-1:255.0: V4L2 device video71 deregistered
[   73.048296][   T20] em28xx 1-1:255.0: Binding DVB extension
[   73.048323][ T8730] ==================================================================
[   73.054050][   T20] em28xx 1-1:255.0: no endpoint for DVB mode and transfer type 0
[   73.062086][ T8730] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0
[   73.062139][ T8730] Read of size 8 at addr ffff88803f0488b8 by task v4l_id/8730
[   73.062157][ T8730] 
[   73.062165][ T8730] CPU: 0 PID: 8730 Comm: v4l_id Tainted: G        W         5.14.0-rc1-syzkaller #0
[   73.062187][ T8730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.062200][ T8730] Call Trace:
[   73.062209][ T8730]  dump_stack_lvl+0xcd/0x134
[   73.062259][ T8730]  print_address_description.constprop.0.cold+0x6c/0x2d6
[   73.070918][   T20] em28xx 1-1:255.0: failed to pre-allocate USB transfer buffers for DVB.
[   73.076981][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.084881][   T20] em28xx 1-1:255.0: Registering input extension
[   73.086731][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.145048][ T8730]  kasan_report.cold+0x83/0xdf
[   73.149910][ T8730]  ? kmem_cache_alloc_trace+0x160/0x480
[   73.155446][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.160153][ T8730]  v4l2_fh_init+0x279/0x2c0
[   73.164641][ T8730]  v4l2_fh_open+0x88/0xc0
[   73.168955][ T8730]  em28xx_v4l2_open+0x11c/0x570
[   73.173791][ T8730]  v4l2_open+0x21c/0x3f0
[   73.178022][ T8730]  ? v4l2_release+0x3b0/0x3b0
[   73.182698][ T8730]  chrdev_open+0x266/0x770
[   73.187101][ T8730]  ? cdev_device_add+0x210/0x210
[   73.192039][ T8730]  ? security_file_open+0x205/0x4f0
[   73.197242][ T8730]  do_dentry_open+0x4c8/0x11d0
[   73.201998][ T8730]  ? cdev_device_add+0x210/0x210
[   73.206919][ T8730]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   73.213161][ T8730]  ? may_open+0x1f6/0x420
[   73.217511][ T8730]  path_openat+0x1c23/0x27f0
[   73.222112][ T8730]  ? path_lookupat+0x860/0x860
[   73.226886][ T8730]  ? lock_acquire+0x442/0x510
[   73.231547][ T8730]  ? lock_release+0x720/0x720
[   73.236209][ T8730]  ? filemap_map_pages+0x803/0x1880
[   73.241430][ T8730]  ? rcu_read_lock_sched_held+0xd/0x70
[   73.246880][ T8730]  ? lock_release+0x522/0x720
[   73.251545][ T8730]  do_filp_open+0x1aa/0x400
[   73.256032][ T8730]  ? may_open_dev+0xf0/0xf0
[   73.260517][ T8730]  ? rwlock_bug.part.0+0x90/0x90
[   73.265438][ T8730]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   73.271665][ T8730]  ? _find_next_bit+0x1e3/0x260
[   73.276520][ T8730]  ? _raw_spin_unlock+0x24/0x40
[   73.281360][ T8730]  ? alloc_fd+0x2f0/0x670
[   73.285714][ T8730]  do_sys_openat2+0x16d/0x420
[   73.290389][ T8730]  ? build_open_flags+0x6f0/0x6f0
[   73.295420][ T8730]  ? lock_release+0x522/0x720
[   73.300086][ T8730]  ? __context_tracking_exit+0xb8/0xe0
[   73.305534][ T8730]  __x64_sys_open+0x119/0x1c0
[   73.310217][ T8730]  ? do_sys_open+0x140/0x140
[   73.314811][ T8730]  ? __secure_computing+0x104/0x360
[   73.320029][ T8730]  do_syscall_64+0x35/0xb0
[   73.324446][ T8730]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.330352][ T8730] RIP: 0033:0x7f52c8074840
[   73.334767][ T8730] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[   73.354395][ T8730] RSP: 002b:00007fffd9beb0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   73.362820][ T8730] RAX: ffffffffffffffda RBX: 00007fffd9beb268 RCX: 00007f52c8074840
[   73.370792][ T8730] RDX: 00007f52c8060ea0 RSI: 0000000000000000 RDI: 00007fffd9bebf1e
[   73.378752][ T8730] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   73.386720][ T8730] R10: 0000000000000002 R11: 0000000000000246 R12: 0000565100e0c8d0
[   73.394698][ T8730] R13: 00007fffd9beb260 R14: 0000000000000000 R15: 0000000000000000
[   73.402659][ T8730] 
[   73.404964][ T8730] Allocated by task 20:
[   73.409094][ T8730]  kasan_save_stack+0x1b/0x40
[   73.413770][ T8730]  __kasan_kmalloc+0x98/0xc0
[   73.418357][ T8730]  kmem_cache_alloc_trace+0x1e4/0x480
[   73.423750][ T8730]  em28xx_v4l2_init.cold+0x93/0x329d
[   73.429029][ T8730]  em28xx_init_extension+0x12f/0x1f0
[   73.434362][ T8730]  request_module_async+0x5d/0x70
[   73.439418][ T8730]  process_one_work+0x98d/0x1630
[   73.444393][ T8730]  worker_thread+0x658/0x11f0
[   73.449056][ T8730]  kthread+0x3e5/0x4d0
[   73.453118][ T8730]  ret_from_fork+0x1f/0x30
[   73.457523][ T8730] 
[   73.459836][ T8730] Freed by task 20:
[   73.463618][ T8730]  kasan_save_stack+0x1b/0x40
[   73.468297][ T8730]  kasan_set_track+0x1c/0x30
[   73.472869][ T8730]  kasan_set_free_info+0x20/0x30
[   73.477803][ T8730]  __kasan_slab_free+0xcd/0x100
[   73.482654][ T8730]  kfree+0x106/0x2c0
[   73.486545][ T8730]  kref_put.isra.0+0x6f/0xa0
[   73.491129][ T8730]  em28xx_v4l2_init.cold+0x263/0x329d
[   73.496489][ T8730]  em28xx_init_extension+0x12f/0x1f0
[   73.501764][ T8730]  request_module_async+0x5d/0x70
[   73.506780][ T8730]  process_one_work+0x98d/0x1630
[   73.511709][ T8730]  worker_thread+0x658/0x11f0
[   73.516373][ T8730]  kthread+0x3e5/0x4d0
[   73.520456][ T8730]  ret_from_fork+0x1f/0x30
[   73.524870][ T8730] 
[   73.527191][ T8730] The buggy address belongs to the object at ffff88803f048000
[   73.527191][ T8730]  which belongs to the cache kmalloc-16k of size 16384
[   73.541413][ T8730] The buggy address is located 2232 bytes inside of
[   73.541413][ T8730]  16384-byte region [ffff88803f048000, ffff88803f04c000)
[   73.554953][ T8730] The buggy address belongs to the page:
[   73.560587][ T8730] page:ffffea0000fc1200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3f048
[   73.570746][ T8730] head:ffffea0000fc1200 order:3 compound_mapcount:0 compound_pincount:0
[   73.579058][ T8730] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   73.587035][ T8730] raw: 00fff00000010200 ffffea0000fc1408 ffff888010841c50 ffff888010840b00
[   73.595639][ T8730] raw: 0000000000000000 ffff88803f048000 0000000100000001 0000000000000000
[   73.604217][ T8730] page dumped because: kasan: bad access detected
[   73.610617][ T8730] page_owner tracks the page as allocated
[   73.616314][ T8730] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 20, ts 72031107650, free_ts 62846347344
[   73.633933][ T8730]  get_page_from_freelist+0xa72/0x2f80
[   73.639396][ T8730]  __alloc_pages+0x1b2/0x500
[   73.643979][ T8730]  cache_grow_begin+0x75/0x460
[   73.648747][ T8730]  cache_alloc_refill+0x27f/0x380
[   73.653766][ T8730]  kmem_cache_alloc_trace+0x38c/0x480
[   73.659129][ T8730]  em28xx_v4l2_init.cold+0x93/0x329d
[   73.664405][ T8730]  em28xx_init_extension+0x12f/0x1f0
[   73.669685][ T8730]  request_module_async+0x5d/0x70
[   73.674701][ T8730]  process_one_work+0x98d/0x1630
[   73.679633][ T8730]  worker_thread+0x658/0x11f0
[   73.684297][ T8730]  kthread+0x3e5/0x4d0
[   73.688351][ T8730]  ret_from_fork+0x1f/0x30
[   73.692753][ T8730] page last free stack trace:
[   73.697404][ T8730]  free_pcp_prepare+0x2c5/0x780
[   73.702266][ T8730]  free_unref_page+0x19/0x690
[   73.706931][ T8730]  __put_page+0xf9/0x3f0
[   73.711164][ T8730]  skb_release_data+0x46a/0x750
[   73.716009][ T8730]  __kfree_skb+0x46/0x60
[   73.720242][ T8730]  tcp_recvmsg_locked+0x12f7/0x2320
[   73.725431][ T8730]  tcp_recvmsg+0x134/0x550
[   73.729833][ T8730]  inet_recvmsg+0x11b/0x5e0
[   73.734325][ T8730]  sock_read_iter+0x33c/0x470
[   73.739005][ T8730]  new_sync_read+0x5b7/0x6e0
[   73.743582][ T8730]  vfs_read+0x35c/0x570
[   73.747729][ T8730]  ksys_read+0x1ee/0x250
[   73.751955][ T8730]  do_syscall_64+0x35/0xb0
[   73.756376][ T8730]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.762269][ T8730] 
[   73.764572][ T8730] Memory state around the buggy address:
[   73.770200][ T8730]  ffff88803f048780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.778259][ T8730]  ffff88803f048800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.786322][ T8730] >ffff88803f048880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.794366][ T8730]                                         ^
[   73.800242][ T8730]  ffff88803f048900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.808341][ T8730]  ffff88803f048980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.816399][ T8730] ==================================================================
[   73.825946][ T8730] Kernel panic - not syncing: panic_on_warn set ...
[   73.832572][ T8730] CPU: 0 PID: 8730 Comm: v4l_id Tainted: G    B   W         5.14.0-rc1-syzkaller #0
[   73.841956][ T8730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.852020][ T8730] Call Trace:
[   73.855305][ T8730]  dump_stack_lvl+0xcd/0x134
[   73.859921][ T8730]  panic+0x306/0x73d
[   73.863826][ T8730]  ? __warn_printk+0xf3/0xf3
[   73.868422][ T8730]  ? preempt_schedule_common+0x59/0xc0
[   73.873893][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.878579][ T8730]  ? preempt_schedule_thunk+0x16/0x18
[   73.883961][ T8730]  ? trace_hardirqs_on+0x38/0x1c0
[   73.888995][ T8730]  ? trace_hardirqs_on+0x51/0x1c0
[   73.894026][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.898710][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.903397][ T8730]  end_report.cold+0x5a/0x5a
[   73.908003][ T8730]  kasan_report.cold+0x71/0xdf
[   73.912781][ T8730]  ? kmem_cache_alloc_trace+0x160/0x480
[   73.918344][ T8730]  ? v4l2_fh_init+0x279/0x2c0
[   73.923041][ T8730]  v4l2_fh_init+0x279/0x2c0
[   73.927553][ T8730]  v4l2_fh_open+0x88/0xc0
[   73.931923][ T8730]  em28xx_v4l2_open+0x11c/0x570
[   73.936790][ T8730]  v4l2_open+0x21c/0x3f0
[   73.941058][ T8730]  ? v4l2_release+0x3b0/0x3b0
[   73.945756][ T8730]  chrdev_open+0x266/0x770
[   73.950177][ T8730]  ? cdev_device_add+0x210/0x210
[   73.955148][ T8730]  ? security_file_open+0x205/0x4f0
[   73.960362][ T8730]  do_dentry_open+0x4c8/0x11d0
[   73.965143][ T8730]  ? cdev_device_add+0x210/0x210
[   73.970095][ T8730]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   73.976350][ T8730]  ? may_open+0x1f6/0x420
[   73.980706][ T8730]  path_openat+0x1c23/0x27f0
[   73.985446][ T8730]  ? path_lookupat+0x860/0x860
[   73.990226][ T8730]  ? lock_acquire+0x442/0x510
[   73.994908][ T8730]  ? lock_release+0x720/0x720
[   73.999592][ T8730]  ? filemap_map_pages+0x803/0x1880
[   74.004809][ T8730]  ? rcu_read_lock_sched_held+0xd/0x70
[   74.010276][ T8730]  ? lock_release+0x522/0x720
[   74.014953][ T8730]  do_filp_open+0x1aa/0x400
[   74.019459][ T8730]  ? may_open_dev+0xf0/0xf0
[   74.023967][ T8730]  ? rwlock_bug.part.0+0x90/0x90
[   74.028906][ T8730]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   74.035157][ T8730]  ? _find_next_bit+0x1e3/0x260
[   74.040110][ T8730]  ? _raw_spin_unlock+0x24/0x40
[   74.044997][ T8730]  ? alloc_fd+0x2f0/0x670
[   74.049333][ T8730]  do_sys_openat2+0x16d/0x420
[   74.054016][ T8730]  ? build_open_flags+0x6f0/0x6f0
[   74.059075][ T8730]  ? lock_release+0x522/0x720
[   74.063757][ T8730]  ? __context_tracking_exit+0xb8/0xe0
[   74.069223][ T8730]  __x64_sys_open+0x119/0x1c0
[   74.073910][ T8730]  ? do_sys_open+0x140/0x140
[   74.078505][ T8730]  ? __secure_computing+0x104/0x360
[   74.083710][ T8730]  do_syscall_64+0x35/0xb0
[   74.088139][ T8730]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.094068][ T8730] RIP: 0033:0x7f52c8074840
[   74.098504][ T8730] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[   74.118119][ T8730] RSP: 002b:00007fffd9beb0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   74.126550][ T8730] RAX: ffffffffffffffda RBX: 00007fffd9beb268 RCX: 00007f52c8074840
[   74.134536][ T8730] RDX: 00007f52c8060ea0 RSI: 0000000000000000 RDI: 00007fffd9bebf1e
[   74.142521][ T8730] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   74.150494][ T8730] R10: 0000000000000002 R11: 0000000000000246 R12: 0000565100e0c8d0
[   74.158470][ T8730] R13: 00007fffd9beb260 R14: 0000000000000000 R15: 0000000000000000
[   74.167370][ T8730] Kernel Offset: disabled
[   74.171688][ T8730] Rebooting in 86400 seconds..