[ 44.974312][ T38] audit: type=1400 audit(1647934319.988:73): avc: denied { transition } for pid=3563 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 45.009121][ T38] audit: type=1400 audit(1647934319.998:74): avc: denied { write } for pid=3563 comm="sh" path="pipe:[29027]" dev="pipefs" ino=29027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '[localhost]:58985' (ECDSA) to the list of known hosts.
[ 54.691100][ T38] audit: type=1400 audit(1647934329.708:75): avc: denied { execute } for pid=3662 comm="sh" name="syz-executor705931571" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
executing program
[ 54.718671][ T38] audit: type=1400 audit(1647934329.718:76): avc: denied { execute_no_trans } for pid=3662 comm="sh" path="/syz-executor705931571" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 54.744015][ T38] audit: type=1400 audit(1647934329.738:77): avc: denied { execmem } for pid=3662 comm="syz-executor705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 54.763927][ T38] audit: type=1400 audit(1647934329.738:78): avc: denied { read write } for pid=3662 comm="syz-executor705" name="raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 54.792334][ T38] audit: type=1400 audit(1647934329.738:79): avc: denied { open } for pid=3662 comm="syz-executor705" path="/dev/raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 54.816497][ T38] audit: type=1400 audit(1647934329.738:80): avc: denied { ioctl } for pid=3662 comm="syz-executor705" path="/dev/raw-gadget" dev="devtmpfs" ino=760 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 54.995627][ T27] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 55.355507][ T27] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 55.525761][ T27] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 55.534655][ T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 55.543036][ T27] usb 5-1: Product: syz
[ 55.547152][ T27] usb 5-1: Manufacturer: syz
[ 55.551683][ T27] usb 5-1: SerialNumber: syz
[ 55.597443][ T27] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 56.196271][ T27] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 56.206016][ T27] ------------[ cut here ]------------
[ 56.211711][ T27] usb 5-1: BOGUS urb xfer, pipe 3 != type 1
[ 56.222030][ T27] WARNING: CPU: 2 PID: 27 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0
[ 56.233233][ T27] Modules linked in:
[ 56.240222][ T27] CPU: 2 PID: 27 Comm: kworker/2:0 Not tainted 5.17.0-syzkaller-00192-geaa54b1458ca #0
[ 56.253326][ T27] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 56.262454][ T27] Workqueue: events request_firmware_work_func
[ 56.268910][ T27] RIP: 0010:usb_submit_urb+0xed2/0x18a0
[ 56.274401][ T27] Code: 7c 24 18 e8 80 ce 0e fc 48 8b 7c 24 18 e8 e6 03 08 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 c0 fc 4a 8a e8 96 31 9e 03 <0f> 0b e9 58 f8 ff ff e8 52 ce 0e fc 48 81 c5 48 06 00 00 e9 84 f7
[ 56.297106][ T27] RSP: 0018:ffffc90000767b48 EFLAGS: 00010286
[ 56.303180][ T27] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[ 56.311517][ T27] RDX: ffff888011a72200 RSI: ffffffff815f25b8 RDI: fffff520000ecf5b
[ 56.319741][ T27] RBP: ffff88801c610050 R08: 0000000000000000 R09: 0000000000000000
[ 56.327964][ T27] R10: ffffffff815ecc4e R11: 0000000000000000 R12: 0000000000000003
[ 56.336540][ T27] R13: ffff888025c80bc0 R14: 0000000000000003 R15: ffff88801278ff00
[ 56.344634][ T27] FS: 0000000000000000(0000) GS:ffff88802cc00000(0000) knlGS:0000000000000000
[ 56.353604][ T27] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.360363][ T27] CR2: 000056129e3b3740 CR3: 0000000022afc000 CR4: 0000000000150ee0
[ 56.368713][ T27] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.376846][ T27] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.384751][ T27] Call Trace:
[ 56.388130][ T27]
[ 56.391032][ T27] ath9k_hif_usb_alloc_urbs+0x7f1/0x1070
[ 56.408388][ T27] ath9k_hif_usb_firmware_cb+0x148/0x530
[ 56.413970][ T27] ? ath9k_hif_usb_alloc_urbs+0x1070/0x1070
[ 56.419991][ T27] request_firmware_work_func+0x12c/0x230
[ 56.425747][ T27] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 56.431972][ T27] process_one_work+0x9ac/0x1650
[ 56.437209][ T27] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 56.442482][ T27] ? rwlock_bug.part.0+0x90/0x90
[ 56.447419][ T27] ? _raw_spin_lock_irq+0x41/0x50
[ 56.452636][ T27] worker_thread+0x657/0x1110
[ 56.457425][ T27] ? process_one_work+0x1650/0x1650
[ 56.462545][ T27] kthread+0x2e9/0x3a0
[ 56.466646][ T27] ? kthread_complete_and_exit+0x40/0x40
[ 56.472389][ T27] ret_from_fork+0x1f/0x30
[ 56.476900][ T27]
[ 56.479918][ T27] Kernel panic - not syncing: panic_on_warn set ...
[ 56.486429][ T27] CPU: 2 PID: 27 Comm: kworker/2:0 Not tainted 5.17.0-syzkaller-00192-geaa54b1458ca #0
[ 56.495871][ T27] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 56.504771][ T27] Workqueue: events request_firmware_work_func
[ 56.510898][ T27] Call Trace:
[ 56.514180][ T27]
[ 56.517180][ T27] dump_stack_lvl+0xcd/0x134
[ 56.522013][ T27] panic+0x2b0/0x6dd
[ 56.525926][ T27] ? __warn_printk+0xf3/0xf3
[ 56.530463][ T27] ? __warn.cold+0x1d1/0x2cf
[ 56.535278][ T27] ? usb_submit_urb+0xed2/0x18a0
[ 56.540131][ T27] __warn.cold+0x1ec/0x2cf
[ 56.544573][ T27] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 56.550776][ T27] ? usb_submit_urb+0xed2/0x18a0
[ 56.555682][ T27] report_bug+0x1bd/0x210
[ 56.560065][ T27] handle_bug+0x3c/0x60
[ 56.564196][ T27] exc_invalid_op+0x14/0x40
[ 56.568629][ T27] asm_exc_invalid_op+0x12/0x20
[ 56.573349][ T27] RIP: 0010:usb_submit_urb+0xed2/0x18a0
[ 56.578798][ T27] Code: 7c 24 18 e8 80 ce 0e fc 48 8b 7c 24 18 e8 e6 03 08 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 c0 fc 4a 8a e8 96 31 9e 03 <0f> 0b e9 58 f8 ff ff e8 52 ce 0e fc 48 81 c5 48 06 00 00 e9 84 f7
[ 56.597931][ T27] RSP: 0018:ffffc90000767b48 EFLAGS: 00010286
[ 56.603959][ T27] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[ 56.611719][ T27] RDX: ffff888011a72200 RSI: ffffffff815f25b8 RDI: fffff520000ecf5b
[ 56.619545][ T27] RBP: ffff88801c610050 R08: 0000000000000000 R09: 0000000000000000
[ 56.627524][ T27] R10: ffffffff815ecc4e R11: 0000000000000000 R12: 0000000000000003
[ 56.635449][ T27] R13: ffff888025c80bc0 R14: 0000000000000003 R15: ffff88801278ff00
[ 56.643498][ T27] ? wake_up_klogd.part.0+0x8e/0xd0
[ 56.648843][ T27] ? vprintk+0x88/0x90
[ 56.653142][ T27] ? usb_submit_urb+0xed2/0x18a0
[ 56.658028][ T27] ath9k_hif_usb_alloc_urbs+0x7f1/0x1070
[ 56.663844][ T27] ath9k_hif_usb_firmware_cb+0x148/0x530
[ 56.669134][ T27] ? ath9k_hif_usb_alloc_urbs+0x1070/0x1070
[ 56.675327][ T27] request_firmware_work_func+0x12c/0x230
[ 56.680932][ T27] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 56.687275][ T27] process_one_work+0x9ac/0x1650
[ 56.692132][ T27] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 56.697389][ T27] ? rwlock_bug.part.0+0x90/0x90
[ 56.702275][ T27] ? _raw_spin_lock_irq+0x41/0x50
[ 56.707140][ T27] worker_thread+0x657/0x1110
[ 56.711760][ T27] ? process_one_work+0x1650/0x1650
[ 56.716932][ T27] kthread+0x2e9/0x3a0
[ 56.721014][ T27] ? kthread_complete_and_exit+0x40/0x40
[ 56.726553][ T27] ret_from_fork+0x1f/0x30
[ 56.730870][ T27]
[ 56.735400][ T27] Kernel Offset: disabled
[ 56.739853][ T27] Rebooting in 86400 seconds..
VM DIAGNOSIS:
07:32:11 Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffffffff8b8bd120 RCX=ffffffff8b8bd140 RDX=1ffffffff1ff99eb
RSI=0000000000000008 RDI=ffffffff8ffccf58 RBP=ffffffff8ffccea0 RSP=ffffc90000007ba0
R8 =0000000000000000 R9 =ffffffff8ffc894f R10=fffffbfff1ff9129 R11=0000000000000001
R12=ffffffff8b8bd120 R13=ffffffff8b8bc6c0 R14=0000000000000002 R15=0000000000044000
RIP=ffffffff815c5d56 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802ca00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000056376be80204 CR3=00000000196fd000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=25252525252525252525252525252525 XMM01=00000000000000000000000000ff0000
XMM02=00000000000000000000000000ff0000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=48474953206465766965636552007370 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000002f18b RBX=ffff888011924180 RCX=ffffffff894b85b1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc9000065fdf8
R8 =0000000000000001 R9 =ffff88802cb3acd3 R10=ffffed100596759a R11=0000000000000000
R12=ffffed1002324830 R13=0000000000000001 R14=ffffffff8d93f2d0 R15=0000000000000000
RIP=ffffffff894e50db RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000560259911300 CR3=0000000018eaa000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00ff000000000000000000000000ff00 XMM03=726576697264207461203732203a4449
XMM04=746e6f6373203030353578303d646d63 XMM05=000000000000000000ff000000000000
XMM06=666e6d63732030223535653020226d63 XMM07=35332e35352020205b203a6c656e7265
XMM08=2500656c6f736e6f632f7665642f000a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 2
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84418db1 RDI=ffffffff907ee2a0 RBP=ffffffff907ee260 RSP=ffffc90000767558
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff84418da2 R11=000000000000001f
R12=0000000000000000 R13=0000000000000020 R14=ffffffff907ee260 R15=dffffc0000000000
RIP=ffffffff84418dda RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 000fffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 000fffff 00000000
FS =0000 0000000000000000 000fffff 00000000
GS =0000 ffff88802cc00000 000fffff 00000000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe000008f000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000056129e3b3740 CR3=0000000022afc000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff
XMM04=000000000000000000000000000000ff XMM05=000000000000000000000000000000ff
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=0000000000025347 RBX=ffff88801192a200 RCX=ffffffff894b85b1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000003 RSP=ffffc9000067fdf8
R8 =0000000000000001 R9 =ffff88802cd3acd3 R10=ffffed10059a759a R11=0000000000000000
R12=ffffed1002325440 R13=0000000000000003 R14=ffffffff8d93f2d0 R15=0000000000000000
RIP=ffffffff894e50db RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cd00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe00000d6000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2aba6807f0 CR3=0000000021118000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000020100000560e62c4df60
XMM02=00007f69a6bcfa0000007f69a6a9e892 XMM03=0000000000000016ffffffffffffff88
XMM04=00000000000000100000000000000000 XMM05=00007fff9535578800007fff953557c0
XMM06=00000000000000010000000000000014 XMM07=00007fff953558e800007fff953557c0
XMM08=2f6e69622f006e776f64747568730000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000