[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [   15.545596][    C1] random: crng init done
[   15.550146][    C1] random: 7 urandom warning(s) missed due to ratelimiting
Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts.
executing program
[   32.450931][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   32.690771][   T12] usb 1-1: Using ep0 maxpacket: 32
[   32.820846][   T12] usb 1-1: config 0 has an invalid interface number: 254 but max is 0
[   32.829124][   T12] usb 1-1: config 0 has no interface number 0
[   32.835528][   T12] usb 1-1: config 0 interface 254 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   33.000764][   T12] usb 1-1: New USB device found, idVendor=eb1a, idProduct=e303, bcdDevice=29.3d
[   33.009800][   T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   33.017961][   T12] usb 1-1: Product: syz
[   33.022201][   T12] usb 1-1: Manufacturer: syz
[   33.026922][   T12] usb 1-1: SerialNumber: syz
[   33.033772][   T12] usb 1-1: config 0 descriptor??
executing program
[   33.312591][   T12] em28xx 1-1:0.254: New device syz syz @ 480 Mbps (eb1a:e303, interface 254, class 254)
[   33.322450][   T12] em28xx 1-1:0.254: Video interface 254 found:
[   33.451024][   T12] em28xx 1-1:0.254: unknown em28xx chip ID (0)
[   33.770377][   T12] em28xx 1-1:0.254: reading from i2c device at 0xa0 failed (error=-5)
[   33.778696][   T12] em28xx 1-1:0.254: board has no eeprom
[   33.890722][   T12] em28xx 1-1:0.254: Identified as Kaiomy TVnPC U2 (card=63)
[   33.898042][   T12] em28xx 1-1:0.254: analog set to bulk mode.
[   33.907032][   T95] em28xx 1-1:0.254: Registering V4L2 extension
[   33.916992][   T12] usb 1-1: USB disconnect, device number 2
[   33.925809][   T95] em28xx 1-1:0.254: reading from i2c device at 0xb8 failed (error=-19)
[   33.935776][   T12] em28xx 1-1:0.254: Disconnecting em28xx
[   33.952749][   T95] i2c i2c-0: Invalid 7-bit I2C address 0x00
[   33.969581][   T95] tuner: 0-0061: Tuner -1 found with type(s) Radio TV.
[   33.979736][   T95] xc2028 0-0061: creating new instance
[   33.985509][   T95] xc2028 0-0061: type set to XCeive xc2028/xc3028 tuner
[   33.992700][   T95] em28xx 1-1:0.254: Config register raw data: 0xffffffed
[   33.999722][   T95] em28xx 1-1:0.254: AC97 chip type couldn't be determined
[   34.006900][   T95] em28xx 1-1:0.254: No AC97 audio processor
[   34.015082][   T95] em28xx 1-1:0.254: Registered radio device as radio0
[   34.022950][  T354] em28xx 1-1:0.254: Direct firmware load for xc3028-v27.fw failed with error -2
[   34.032945][   T95] usb 1-1: Decoder not found
[   34.037567][   T95] em28xx 1-1:0.254: failed to create media graph
[   34.045655][  T354] xc2028 0-0061: Could not load firmware xc3028-v27.fw.
[   34.053281][   T95] em28xx 1-1:0.254: V4L2 device radio0 deregistered
[   34.062269][   T95] em28xx 1-1:0.254: V4L2 device video0 deregistered
[   34.070234][   T95] xc2028 0-0061: destroying instance
[   34.076475][   T95] em28xx 1-1:0.254: Registering input extension
[   34.078675][  T359] ==================================================================
[   34.083390][   T12] em28xx 1-1:0.254: Closing input extension
[   34.090995][  T359] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0
[   34.091007][  T359] Read of size 8 at addr ffff8881ccfbc8c8 by task v4l_id/359
[   34.091010][  T359] 
[   34.091024][  T359] CPU: 1 PID: 359 Comm: v4l_id Not tainted 5.7.0-rc6-syzkaller #0
[   34.091032][  T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.091042][  T359] Call Trace:
[   34.091060][  T359]  dump_stack+0xef/0x16e
[   34.142370][  T359]  print_address_description.constprop.0.cold+0xd3/0x415
[   34.150492][  T359]  ? vprintk_func+0x7d/0x113
[   34.155172][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.159851][  T359]  __kasan_report.cold+0x37/0x7d
[   34.164877][  T359]  ? __kasan_kmalloc.constprop.0+0x50/0xd0
[   34.170684][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.175473][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.180155][  T359]  kasan_report+0x33/0x50
[   34.184610][  T359]  v4l2_fh_init+0x279/0x2c0
[   34.189198][  T359]  v4l2_fh_open+0x88/0xc0
[   34.193521][  T359]  em28xx_v4l2_open+0x11a/0x570
[   34.198458][  T359]  v4l2_open+0x20f/0x3d0
[   34.202704][  T359]  ? v4l2_release+0x390/0x390
[   34.207370][  T359]  chrdev_open+0x219/0x5c0
[   34.211781][  T359]  ? cdev_put.part.0+0x50/0x50
[   34.216556][  T359]  ? security_file_open+0x84/0x410
[   34.221661][  T359]  do_dentry_open+0x4ac/0x1160
[   34.226402][  T359]  ? cdev_put.part.0+0x50/0x50
[   34.231166][  T359]  ? chmod_common+0x3c0/0x3c0
[   34.235833][  T359]  ? inode_permission+0xbe/0x3a0
[   34.240753][  T359]  path_openat+0x1a0b/0x2740
[   34.245850][  T359]  ? do_sys_openat2+0x3fc/0x7d0
[   34.250688][  T359]  ? path_lookupat.isra.0+0x530/0x530
[   34.256051][  T359]  do_filp_open+0x192/0x260
[   34.260536][  T359]  ? may_open_dev+0xf0/0xf0
[   34.265035][  T359]  ? __alloc_fd+0x46d/0x600
[   34.269545][  T359]  ? do_raw_spin_lock+0x129/0x290
[   34.274551][  T359]  ? _raw_spin_unlock+0x1a/0x30
[   34.279402][  T359]  ? __alloc_fd+0x46d/0x600
[   34.283887][  T359]  do_sys_openat2+0x585/0x7d0
[   34.288550][  T359]  ? file_open_root+0x400/0x400
[   34.293389][  T359]  ? __secure_computing+0xb4/0x280
[   34.298506][  T359]  ? syscall_trace_enter+0x41d/0xcd0
[   34.303793][  T359]  do_sys_open+0xc3/0x140
[   34.308098][  T359]  ? filp_open+0x70/0x70
[   34.313013][  T359]  ? trace_hardirqs_off_caller+0x55/0x200
[   34.318728][  T359]  do_syscall_64+0xb6/0x5a0
[   34.323234][  T359]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   34.329109][  T359] RIP: 0033:0x7fb15c4e5840
[   34.333531][  T359] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[   34.353161][  T359] RSP: 002b:00007ffdbae4aab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   34.361556][  T359] RAX: ffffffffffffffda RBX: 00007ffdbae4ac28 RCX: 00007fb15c4e5840
[   34.369517][  T359] RDX: 00007fb15c4d1ea0 RSI: 0000000000000000 RDI: 00007ffdbae4af23
[   34.377485][  T359] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   34.385449][  T359] R10: 0000000000000002 R11: 0000000000000246 R12: 000055dc251768d0
[   34.393404][  T359] R13: 00007ffdbae4ac20 R14: 0000000000000000 R15: 0000000000000000
[   34.401365][  T359] 
[   34.403676][  T359] The buggy address belongs to the page:
[   34.409292][  T359] page:ffffea000733ef00 refcount:0 mapcount:0 mapping:0000000065fa910b index:0x0
[   34.418395][  T359] flags: 0x200000000000000()
[   34.422974][  T359] raw: 0200000000000000 ffffea000733ef48 ffffea00071e9cc8 0000000000000000
[   34.431556][  T359] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   34.440141][  T359] page dumped because: kasan: bad access detected
[   34.446612][  T359] 
[   34.448916][  T359] Memory state around the buggy address:
[   34.454521][  T359]  ffff8881ccfbc780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.462636][  T359]  ffff8881ccfbc800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.470698][  T359] >ffff8881ccfbc880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.478747][  T359]                                               ^
[   34.485243][  T359]  ffff8881ccfbc900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.493283][  T359]  ffff8881ccfbc980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.501335][  T359] ==================================================================
[   34.509367][  T359] Disabling lock debugging due to kernel taint
[   34.515570][  T359] Kernel panic - not syncing: panic_on_warn set ...
[   34.522167][  T359] CPU: 1 PID: 359 Comm: v4l_id Tainted: G    B             5.7.0-rc6-syzkaller #0
[   34.531351][  T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.541405][  T359] Call Trace:
[   34.544682][  T359]  dump_stack+0xef/0x16e
[   34.548959][  T359]  panic+0x2aa/0x6e1
[   34.552876][  T359]  ? add_taint.cold+0x16/0x16
[   34.557541][  T359]  ? retint_kernel+0x10/0x10
[   34.562142][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.566794][  T359]  ? trace_hardirqs_on+0x55/0x200
[   34.571791][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.576447][  T359]  end_report+0x4d/0x53
[   34.580601][  T359]  __kasan_report.cold+0x72/0x7d
[   34.585514][  T359]  ? __kasan_kmalloc.constprop.0+0x50/0xd0
[   34.591313][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.595977][  T359]  ? v4l2_fh_init+0x279/0x2c0
[   34.600642][  T359]  kasan_report+0x33/0x50
[   34.604950][  T359]  v4l2_fh_init+0x279/0x2c0
[   34.609440][  T359]  v4l2_fh_open+0x88/0xc0
[   34.613743][  T359]  em28xx_v4l2_open+0x11a/0x570
[   34.618564][  T359]  v4l2_open+0x20f/0x3d0
[   34.622781][  T359]  ? v4l2_release+0x390/0x390
[   34.628385][  T359]  chrdev_open+0x219/0x5c0
[   34.632773][  T359]  ? cdev_put.part.0+0x50/0x50
[   34.637509][  T359]  ? security_file_open+0x84/0x410
[   34.642597][  T359]  do_dentry_open+0x4ac/0x1160
[   34.647359][  T359]  ? cdev_put.part.0+0x50/0x50
[   34.652112][  T359]  ? chmod_common+0x3c0/0x3c0
[   34.656767][  T359]  ? inode_permission+0xbe/0x3a0
[   34.661688][  T359]  path_openat+0x1a0b/0x2740
[   34.666256][  T359]  ? do_sys_openat2+0x3fc/0x7d0
[   34.671093][  T359]  ? path_lookupat.isra.0+0x530/0x530
[   34.676457][  T359]  do_filp_open+0x192/0x260
[   34.680945][  T359]  ? may_open_dev+0xf0/0xf0
[   34.685424][  T359]  ? __alloc_fd+0x46d/0x600
[   34.689899][  T359]  ? do_raw_spin_lock+0x129/0x290
[   34.694900][  T359]  ? _raw_spin_unlock+0x1a/0x30
[   34.699742][  T359]  ? __alloc_fd+0x46d/0x600
[   34.704231][  T359]  do_sys_openat2+0x585/0x7d0
[   34.708878][  T359]  ? file_open_root+0x400/0x400
[   34.713698][  T359]  ? __secure_computing+0xb4/0x280
[   34.719215][  T359]  ? syscall_trace_enter+0x41d/0xcd0
[   34.724486][  T359]  do_sys_open+0xc3/0x140
[   34.728789][  T359]  ? filp_open+0x70/0x70
[   34.733004][  T359]  ? trace_hardirqs_off_caller+0x55/0x200
[   34.738696][  T359]  do_syscall_64+0xb6/0x5a0
[   34.743176][  T359]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   34.749063][  T359] RIP: 0033:0x7fb15c4e5840
[   34.753455][  T359] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[   34.773052][  T359] RSP: 002b:00007ffdbae4aab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   34.781445][  T359] RAX: ffffffffffffffda RBX: 00007ffdbae4ac28 RCX: 00007fb15c4e5840
[   34.789395][  T359] RDX: 00007fb15c4d1ea0 RSI: 0000000000000000 RDI: 00007ffdbae4af23
[   34.797406][  T359] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   34.805459][  T359] R10: 0000000000000002 R11: 0000000000000246 R12: 000055dc251768d0
[   34.813420][  T359] R13: 00007ffdbae4ac20 R14: 0000000000000000 R15: 0000000000000000
[   34.822117][  T359] Kernel Offset: disabled
[   34.826526][  T359] Rebooting in 86400 seconds..