[ 45.378715][ T37] audit: type=1400 audit(1647293782.120:73): avc: denied { transition } for pid=3565 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 45.409419][ T37] audit: type=1400 audit(1647293782.120:74): avc: denied { write } for pid=3565 comm="sh" path="pipe:[29905]" dev="pipefs" ino=29905 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '[localhost]:11988' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
[ 84.243957][ T37] audit: type=1400 audit(1647293820.980:75): avc: denied { execute } for pid=3662 comm="sh" name="syz-executor2247552353" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 84.274813][ T37] audit: type=1400 audit(1647293820.980:76): avc: denied { execute_no_trans } for pid=3662 comm="sh" path="/syz-executor2247552353" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 84.302206][ T37] audit: type=1400 audit(1647293821.000:77): avc: denied { execmem } for pid=3662 comm="syz-executor224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 84.322151][ T37] audit: type=1400 audit(1647293821.000:78): avc: denied { read write } for pid=3667 comm="syz-executor224" name="raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 84.347139][ T37] audit: type=1400 audit(1647293821.000:79): avc: denied { open } for pid=3667 comm="syz-executor224" path="/dev/raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 84.371628][ T37] audit: type=1400 audit(1647293821.000:80): avc: denied { ioctl } for pid=3666 comm="syz-executor224" path="/dev/raw-gadget" dev="devtmpfs" ino=760 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 84.537167][ T32] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 84.547120][ T971] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 84.547348][ T171] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 84.556043][ T60] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 84.777481][ T32] usb 8-1: Using ep0 maxpacket: 32
[ 84.806997][ T60] usb 7-1: Using ep0 maxpacket: 32
[ 84.807090][ T171] usb 6-1: Using ep0 maxpacket: 32
[ 84.821047][ T971] usb 5-1: Using ep0 maxpacket: 32
[ 84.907349][ T32] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 84.918106][ T32] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 84.957174][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 84.957539][ T171] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 84.968102][ T971] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 84.979006][ T171] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 84.990030][ T60] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 85.017952][ T971] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 85.117269][ T32] usb 8-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26
[ 85.128762][ T32] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.137210][ T32] usb 8-1: Product: syz
[ 85.141816][ T32] usb 8-1: Manufacturer: syz
[ 85.146491][ T32] usb 8-1: SerialNumber: syz
[ 85.154884][ T32] usb 8-1: config 0 descriptor??
[ 85.187150][ T971] usb 5-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26
[ 85.198720][ T60] usb 7-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26
[ 85.211497][ T32] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0)
[ 85.217268][ T171] usb 6-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=5c.26
[ 85.221246][ T60] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.232464][ T171] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.240425][ T971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.248571][ T171] usb 6-1: Product: syz
[ 85.257012][ T32] em28xx 8-1:0.0: Video interface 0 found:
[ 85.261513][ T171] usb 6-1: Manufacturer: syz
[ 85.267318][ T971] usb 5-1: Product: syz
[ 85.267333][ T971] usb 5-1: Manufacturer: syz
[ 85.267343][ T971] usb 5-1: SerialNumber: syz
[ 85.272778][ T171] usb 6-1: SerialNumber: syz
[ 85.277199][ T171] usb 6-1: config 0 descriptor??
[ 85.281987][ T60] usb 7-1: Product: syz
[ 85.303079][ T60] usb 7-1: Manufacturer: syz
[ 85.311018][ T971] usb 5-1: config 0 descriptor??
[ 85.316290][ T60] usb 7-1: SerialNumber: syz
[ 85.322707][ T60] usb 7-1: config 0 descriptor??
[ 85.339030][ T171] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0)
[ 85.349275][ T171] em28xx 6-1:0.0: Video interface 0 found:
[ 85.350399][ T971] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0)
[ 85.364815][ T971] em28xx 5-1:0.0: Video interface 0 found:
[ 85.375697][ T60] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0)
[ 85.385902][ T60] em28xx 7-1:0.0: Video interface 0 found:
executing program
[ 85.527236][ T32] em28xx 8-1:0.0: unknown em28xx chip ID (0)
executing program
executing program
executing program
[ 85.667093][ T971] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[ 85.667093][ T171] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[ 85.697192][ T60] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 85.747120][ T32] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 85.759173][ T32] em28xx 8-1:0.0: board has no eeprom
[ 85.867253][ T32] em28xx 8-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57)
[ 85.883405][ T32] em28xx 8-1:0.0: analog set to bulk mode.
[ 85.896721][ T3676] em28xx 8-1:0.0: Registering V4L2 extension
[ 85.907274][ T971] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 85.907509][ T171] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 85.928626][ T32] usb 8-1: USB disconnect, device number 2
[ 85.932116][ T171] em28xx 6-1:0.0: board has no eeprom
[ 85.948644][ T60] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 85.959539][ T971] em28xx 5-1:0.0: board has no eeprom
[ 85.966089][ T60] em28xx 7-1:0.0: board has no eeprom
[ 85.974020][ T3676] em28xx 8-1:0.0: reading from i2c device at 0xb8 failed (error=-19)
[ 85.984859][ T3676] em28xx 8-1:0.0: reading from i2c device at 0xba failed (error=-19)
[ 85.999959][ T32] em28xx 8-1:0.0: Disconnecting em28xx
[ 86.016501][ T3676] em28xx 8-1:0.0: Config register raw data: 0xffffffed
[ 86.024684][ T3676] em28xx 8-1:0.0: AC97 chip type couldn't be determined
[ 86.033605][ T3676] em28xx 8-1:0.0: No AC97 audio processor
[ 86.037005][ T171] em28xx 6-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57)
[ 86.042641][ T3676] usb 8-1: Decoder not found
[ 86.048785][ T171] em28xx 6-1:0.0: analog set to bulk mode.
[ 86.052938][ T3676] em28xx 8-1:0.0: failed to create media graph
[ 86.065821][ T3676] em28xx 8-1:0.0: V4L2 device video71 deregistered
[ 86.069826][ T171] usb 6-1: USB disconnect, device number 2
[ 86.072658][ T971] em28xx 5-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57)
[ 86.089579][ T171] em28xx 6-1:0.0: Disconnecting em28xx
[ 86.090902][ T3676] em28xx 8-1:0.0: Binding DVB extension
[ 86.091893][ T3686] ==================================================================
[ 86.091936][ T3686] BUG: KASAN: use-after-free in v4l2_fh_init+0x279/0x2c0
[ 86.092134][ T3686] Read of size 8 at addr ffff888026b208c0 by task v4l_id/3686
[ 86.092147][ T3686]
[ 86.092162][ T3686] CPU: 2 PID: 3686 Comm: v4l_id Not tainted 5.17.0-rc8-syzkaller #0
[ 86.092216][ T3686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 86.092263][ T3686] Call Trace:
[ 86.092316][ T3686]
[ 86.092321][ T3686] dump_stack_lvl+0xcd/0x134
[ 86.092579][ T3686] print_address_description.constprop.0.cold+0x8d/0x303
[ 86.092660][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.092675][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.092689][ T3686] kasan_report.cold+0x83/0xdf
[ 86.092705][ T3686] ? kmem_cache_alloc_trace+0x1a0/0x4a0
[ 86.092828][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.092843][ T3686] v4l2_fh_init+0x279/0x2c0
[ 86.092857][ T3686] v4l2_fh_open+0x88/0xc0
[ 86.092871][ T3686] em28xx_v4l2_open+0x11c/0x570
[ 86.092957][ T3686] v4l2_open+0x21c/0x3f0
[ 86.092969][ T3686] ? v4l2_release+0x3b0/0x3b0
[ 86.092981][ T3686] chrdev_open+0x266/0x770
[ 86.093022][ T3686] ? cdev_device_add+0x220/0x220
[ 86.093037][ T3686] ? fsnotify_perm.part.0+0x22d/0x620
[ 86.093152][ T3686] do_dentry_open+0x4b9/0x1250
[ 86.093168][ T3686] ? cdev_device_add+0x220/0x220
[ 86.093183][ T3686] ? may_open+0x1f6/0x420
[ 86.093208][ T3686] path_openat+0x1c9e/0x2940
[ 86.093224][ T3686] ? lock_chain_count+0x20/0x20
[ 86.093328][ T3686] ? path_lookupat+0x860/0x860
[ 86.093342][ T3686] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 86.093359][ T3686] do_filp_open+0x1aa/0x400
[ 86.093383][ T3686] ? may_open_dev+0xf0/0xf0
[ 86.093412][ T3686] ? rwlock_bug.part.0+0x90/0x90
[ 86.093427][ T3686] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 86.093560][ T3686] ? _find_next_bit+0x1e3/0x260
[ 86.093712][ T3686] ? _raw_spin_unlock+0x24/0x40
[ 86.093863][ T3686] ? alloc_fd+0x2f0/0x670
[ 86.093883][ T3686] do_sys_openat2+0x16d/0x4d0
[ 86.093900][ T3686] ? find_held_lock+0x2d/0x110
[ 86.093914][ T3686] ? build_open_flags+0x6f0/0x6f0
[ 86.093930][ T3686] ? lock_downgrade+0x6e0/0x6e0
[ 86.093945][ T3686] __x64_sys_openat+0x13f/0x1f0
[ 86.093961][ T3686] ? __ia32_sys_open+0x1c0/0x1c0
[ 86.093977][ T3686] ? syscall_enter_from_user_mode+0x21/0x70
[ 86.093997][ T3686] do_syscall_64+0x35/0xb0
[ 86.094016][ T3686] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 86.094031][ T3686] RIP: 0033:0x7f6023f62697
[ 86.094057][ T3686] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
[ 86.094071][ T3686] RSP: 002b:00007ffd24545ce0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 86.094114][ T3686] RAX: ffffffffffffffda RBX: 000055c926e4ac40 RCX: 00007f6023f62697
[ 86.094126][ T3686] RDX: 0000000000000000 RSI: 00007ffd24546f22 RDI: 00000000ffffff9c
[ 86.094135][ T3686] RBP: 00007ffd24546f22 R08: 0000000000000000 R09: 0000000000000000
[ 86.094144][ T3686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.094153][ T3686] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 86.094163][ T3686]
[ 86.094168][ T3686]
[ 86.094179][ T3686] Allocated by task 3676:
[ 86.094220][ T3686] kasan_save_stack+0x1e/0x40
[ 86.094235][ T3686] __kasan_kmalloc+0xa6/0xd0
[ 86.094248][ T3686] kmem_cache_alloc_trace+0x1ea/0x4a0
[ 86.094261][ T3686] em28xx_v4l2_init.cold+0x93/0x32a7
[ 86.094341][ T3686] em28xx_init_extension+0x12f/0x1f0
[ 86.094354][ T3686] request_module_async+0x5d/0x70
[ 86.094366][ T3686] process_one_work+0x9ac/0x1650
[ 86.094409][ T3686] worker_thread+0x657/0x1110
[ 86.094420][ T3686] kthread+0x2e9/0x3a0
[ 86.094440][ T3686] ret_from_fork+0x1f/0x30
[ 86.094484][ T3686]
[ 86.094487][ T3686] Freed by task 3676:
[ 86.094493][ T3686] kasan_save_stack+0x1e/0x40
[ 86.094506][ T3686] kasan_set_track+0x21/0x30
[ 86.094519][ T3686] kasan_set_free_info+0x20/0x30
[ 86.094534][ T3686] ____kasan_slab_free+0xff/0x140
[ 86.094547][ T3686] kfree+0xf8/0x2b0
[ 86.094558][ T3686] kref_put.isra.0+0x6f/0xa0
[ 86.094570][ T3686] em28xx_v4l2_init.cold+0x263/0x32a7
[ 86.094583][ T3686] em28xx_init_extension+0x12f/0x1f0
[ 86.094595][ T3686] request_module_async+0x5d/0x70
[ 86.094606][ T3686] process_one_work+0x9ac/0x1650
[ 86.094618][ T3686] worker_thread+0x657/0x1110
[ 86.094629][ T3686] kthread+0x2e9/0x3a0
[ 86.094642][ T3686] ret_from_fork+0x1f/0x30
[ 86.094655][ T3686]
[ 86.094658][ T3686] The buggy address belongs to the object at ffff888026b20000
[ 86.094658][ T3686] which belongs to the cache kmalloc-16k of size 16384
[ 86.094669][ T3686] The buggy address is located 2240 bytes inside of
[ 86.094669][ T3686] 16384-byte region [ffff888026b20000, ffff888026b24000)
[ 86.094682][ T3686] The buggy address belongs to the page:
[ 86.094696][ T3686] page:ffffea00009ac800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26b20
[ 86.094721][ T3686] head:ffffea00009ac800 order:3 compound_mapcount:0 compound_pincount:0
[ 86.094732][ T3686] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 86.094782][ T3686] raw: 00fff00000010200 ffffea00009cc408 ffff888010c41c50 ffff888010c40b00
[ 86.094821][ T3686] raw: 0000000000000000 ffff888026b20000 0000000100000001 0000000000000000
[ 86.094828][ T3686] page dumped because: kasan: bad access detected
[ 86.094834][ T3686] page_owner tracks the page as allocated
[ 86.094838][ T3686] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 3676, ts 85925992685, free_ts 84024958237
[ 86.094871][ T3686] get_page_from_freelist+0xa72/0x2f50
[ 86.094921][ T3686] __alloc_pages+0x1b2/0x500
[ 86.094932][ T3686] cache_grow_begin+0x75/0x390
[ 86.094944][ T3686] cache_alloc_refill+0x27f/0x380
[ 86.094956][ T3686] kmem_cache_alloc_trace+0x380/0x4a0
[ 86.094969][ T3686] em28xx_v4l2_init.cold+0x93/0x32a7
[ 86.094982][ T3686] em28xx_init_extension+0x12f/0x1f0
[ 86.094993][ T3686] request_module_async+0x5d/0x70
[ 86.095013][ T3686] process_one_work+0x9ac/0x1650
[ 86.095024][ T3686] worker_thread+0x657/0x1110
[ 86.095035][ T3686] kthread+0x2e9/0x3a0
[ 86.095057][ T3686] ret_from_fork+0x1f/0x30
[ 86.095070][ T3686] page last free stack trace:
[ 86.095075][ T3686] free_pcp_prepare+0x374/0x870
[ 86.095095][ T3686] free_unref_page+0x19/0x690
[ 86.095106][ T3686] __put_page+0x193/0x1e0
[ 86.095130][ T3686] skb_release_data+0x49d/0x760
[ 86.095242][ T3686] __kfree_skb+0x46/0x60
[ 86.095253][ T3686] tcp_recvmsg+0x1ca/0x610
[ 86.095316][ T3686] inet_recvmsg+0x11b/0x5e0
[ 86.095343][ T3686] sock_read_iter+0x33c/0x470
[ 86.095368][ T3686] new_sync_read+0x5c2/0x6e0
[ 86.095380][ T3686] vfs_read+0x35c/0x600
[ 86.095392][ T3686] ksys_read+0x1ee/0x250
[ 86.095403][ T3686] do_syscall_64+0x35/0xb0
[ 86.095417][ T3686] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 86.095432][ T3686]
[ 86.095434][ T3686] Memory state around the buggy address:
[ 86.095441][ T3686] ffff888026b20780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.095450][ T3686] ffff888026b20800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.095459][ T3686] >ffff888026b20880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.095466][ T3686] ^
[ 86.095473][ T3686] ffff888026b20900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.095482][ T3686] ffff888026b20980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.095489][ T3686] ==================================================================
[ 86.095494][ T3686] Disabling lock debugging due to kernel taint
[ 86.095634][ T3686] Kernel panic - not syncing: panic_on_warn set ...
[ 86.095643][ T3686] CPU: 2 PID: 3686 Comm: v4l_id Tainted: G B 5.17.0-rc8-syzkaller #0
[ 86.101489][ T60] em28xx 7-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57)
[ 86.109332][ T3686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 86.109344][ T3686] Call Trace:
[ 86.109351][ T3686]
[ 86.109357][ T3686] dump_stack_lvl+0xcd/0x134
[ 86.109380][ T3686] panic+0x2b0/0x6dd
[ 86.117499][ T971] em28xx 5-1:0.0: analog set to bulk mode.
[ 86.128110][ T3686] ? __warn_printk+0xf3/0xf3
[ 86.128134][ T3686] ? preempt_schedule_common+0x59/0xc0
[ 86.128153][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.128168][ T3686] ? preempt_schedule_thunk+0x16/0x18
[ 86.128184][ T3686] ? trace_hardirqs_on+0x38/0x1c0
[ 86.130573][ T3676] em28xx 8-1:0.0: no endpoint for DVB mode and transfer type 0
[ 86.139730][ T3686] ? trace_hardirqs_on+0x51/0x1c0
[ 86.139754][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.139769][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.139782][ T3686] end_report.cold+0x63/0x6f
[ 86.148957][ T60] em28xx 7-1:0.0: analog set to bulk mode.
[ 86.152991][ T3686] kasan_report.cold+0x71/0xdf
[ 86.161709][ T971] usb 5-1: USB disconnect, device number 2
[ 86.168479][ T3686] ? kmem_cache_alloc_trace+0x1a0/0x4a0
[ 86.168503][ T3686] ? v4l2_fh_init+0x279/0x2c0
[ 86.168519][ T3686] v4l2_fh_init+0x279/0x2c0
[ 86.168533][ T3686] v4l2_fh_open+0x88/0xc0
[ 86.168546][ T3686] em28xx_v4l2_open+0x11c/0x570
[ 86.168562][ T3686] v4l2_open+0x21c/0x3f0
[ 86.175871][ T3676] em28xx 8-1:0.0: failed to pre-allocate USB transfer buffers for DVB.
[ 86.179632][ T3686] ? v4l2_release+0x3b0/0x3b0
[ 86.179652][ T3686] chrdev_open+0x266/0x770
[ 86.179670][ T3686] ? cdev_device_add+0x220/0x220
[ 86.179711][ T3686] ? fsnotify_perm.part.0+0x22d/0x620
[ 86.179731][ T3686] do_dentry_open+0x4b9/0x1250
[ 86.179747][ T3686] ? cdev_device_add+0x220/0x220
[ 86.179761][ T3686] ? may_open+0x1f6/0x420
[ 86.179774][ T3686] path_openat+0x1c9e/0x2940
[ 86.179789][ T3686] ? lock_chain_count+0x20/0x20
[ 86.179804][ T3686] ? path_lookupat+0x860/0x860
[ 86.179817][ T3686] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 86.185841][ T3676] em28xx 8-1:0.0: Remote control support is not available for this card.
[ 86.191241][ T3686] do_filp_open+0x1aa/0x400
[ 86.191263][ T3686] ? may_open_dev+0xf0/0xf0
[ 86.191278][ T3686] ? rwlock_bug.part.0+0x90/0x90
[ 86.191294][ T3686] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 86.191311][ T3686] ? _find_next_bit+0x1e3/0x260
[ 86.191327][ T3686] ? _raw_spin_unlock+0x24/0x40
[ 86.191341][ T3686] ? alloc_fd+0x2f0/0x670
[ 86.191353][ T3686] do_sys_openat2+0x16d/0x4d0
[ 86.191368][ T3686] ? find_held_lock+0x2d/0x110
[ 86.191381][ T3686] ? build_open_flags+0x6f0/0x6f0
[ 86.196428][ T32] em28xx 8-1:0.0: Closing input extension
[ 86.200790][ T3686] ? lock_downgrade+0x6e0/0x6e0
[ 86.200814][ T3686] __x64_sys_openat+0x13f/0x1f0
[ 86.200831][ T3686] ? __ia32_sys_open+0x1c0/0x1c0
[ 86.200846][ T3686] ? syscall_enter_from_user_mode+0x21/0x70
[ 86.200863][ T3686] do_syscall_64+0x35/0xb0
[ 86.200878][ T3686] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 86.205412][ T3675] em28xx 6-1:0.0: Registering V4L2 extension
[ 86.205656][ T971] em28xx 5-1:0.0: Disconnecting em28xx
[ 86.205762][ T60] usb 7-1: USB disconnect, device number 2
[ 86.205970][ T60] em28xx 7-1:0.0: Disconnecting em28xx
[ 86.210383][ T3686] RIP: 0033:0x7f6023f62697
[ 86.210398][ T3686] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
[ 86.210411][ T3686] RSP: 002b:00007ffd24545ce0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 86.210438][ T3686] RAX: ffffffffffffffda RBX: 000055c926e4ac40 RCX: 00007f6023f62697
[ 86.210452][ T3686] RDX: 0000000000000000 RSI: 00007ffd24546f22 RDI: 00000000ffffff9c
[ 86.210460][ T3686] RBP: 00007ffd24546f22 R08: 0000000000000000 R09: 0000000000000000
[ 86.210468][ T3686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.210476][ T3686] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 86.210485][ T3686]
[ 86.214992][ T3686] Kernel Offset: disabled
[ 87.287126][ T3686] Rebooting in 86400 seconds..
VM DIAGNOSIS:
21:37:03 Registers:
info registers vcpu 0
RAX=0000000000030a7e RBX=ffffffff8b8bc6c0 RCX=ffffffff894c17a1 RDX=ffffed100594759b
RSI=0000000000000001 RDI=ffffffff894ee78f RBP=0000000000000000 RSP=ffffffff8b807e40
R8 =0000000000000000 R9 =ffff88802ca3acd3 R10=ffffed100594759a R11=0000000000000000
R12=fffffbfff17178d8 R13=0000000000000000 R14=ffffffff8d93f350 R15=0000000000000000
RIP=ffffffff894ee2cb RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802ca00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055c926e4b700 CR3=000000001cb33000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00ff000000000000000000000000ff00 XMM03=54205b5d3234333339302e3638202020
XMM04=746e6f6373203030353578303d646d63 XMM05=00000000000000000000000000000000
XMM06=666e6d63732030223535653020226d63 XMM07=203a312d3520627375205d3137395420
XMM08=2500656c6f736e6f632f7665642f000a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000002fb687bc64 RBX=0000000000000001 RCX=00000000000006e0 RDX=000000000000002f
RSI=ffff88802cb272c0 RDI=00000000000498ae RBP=ffff88802cb272c0 RSP=ffffc90000db7b50
R8 =000000000000003f R9 =ffffffff8d93f357 R10=ffffffff816a7827 R11=0000000000000000
R12=00000000000498ae R13=0000000000000019 R14=ffff88802cb2a600 R15=0000000000000000
RIP=ffffffff81322d81 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555555bed300 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000559f35849e50 CR3=0000000020008000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f
XMM02=00000000000000000000ff0000000000 XMM03=00000000ff000000ff00000000000000
XMM04=00000000000000000000000000000000 XMM05=0000000000000000000000000000ff00
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff84420b6c RDI=ffffffff907ef2e0 RBP=ffffffff907ef2a0 RSP=ffffc90000d67200
R8 =0000000000000053 R9 =0000000000000000 R10=ffffffff84420b5d R11=000000000000001f
R12=0000000000000000 R13=fffffbfff20fdea7 R14=fffffbfff20fde5e R15=dffffc0000000000
RIP=ffffffff84420b92 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6023e0b840 ffffffff 00c00000
GS =0000 ffff88802cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe000008f000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000559f3582e708 CR3=000000001a8c6000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f
XMM02=00000000000000000000ff0000000000 XMM03=00000000ff000000ff00000000000000
XMM04=00000000000000000000000000000000 XMM05=0000000000000000000000000000ff00
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=ffff88801a62e0c0
RSI=ffffffff815f1812 RDI=0000000000000003 RBP=ffffc90004c1edd0 RSP=ffffc90004c1ed98
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff815f1824 R11=0000000000000000
R12=0000000000000028 R13=ffff8880236e0100 R14=0000000000000200 R15=ffffc90004c1eef0
RIP=ffffffff815f1814 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cd00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe00000d6000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffd35507c08 CR3=0000000020008000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f
XMM02=00000000000000000000ff0000000000 XMM03=00000000ff000000ff00000000000000
XMM04=00000000000000000000000000000000 XMM05=0000000000000000000000000000ff00
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000