[ 45.001177][ T37] audit: type=1400 audit(1646460456.236:74): avc: denied { write } for pid=3560 comm="sh" path="pipe:[29367]" dev="pipefs" ino=29367 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '[localhost]:38887' (ECDSA) to the list of known hosts.
executing program
[ 47.149607][ T37] audit: type=1400 audit(1646460458.386:75): avc: denied { execute } for pid=3600 comm="sh" name="syz-executor2892001593" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 47.180026][ T37] audit: type=1400 audit(1646460458.386:76): avc: denied { execute_no_trans } for pid=3600 comm="sh" path="/syz-executor2892001593" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 47.211352][ T37] audit: type=1400 audit(1646460458.396:77): avc: denied { execmem } for pid=3600 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 47.231448][ T37] audit: type=1400 audit(1646460458.406:78): avc: denied { read write } for pid=3600 comm="syz-executor289" name="raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 47.258934][ T37] audit: type=1400 audit(1646460458.406:79): avc: denied { open } for pid=3600 comm="syz-executor289" path="/dev/raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 47.282637][ T37] audit: type=1400 audit(1646460458.406:80): avc: denied { ioctl } for pid=3600 comm="syz-executor289" path="/dev/raw-gadget" dev="devtmpfs" ino=760 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 47.442292][ T40] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 47.822417][ T40] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 47.833555][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 47.849668][ T40] usb 5-1: config 0 descriptor??
[ 48.114440][ T169] ------------[ cut here ]------------
[ 48.120578][ T169] WARNING: CPU: 3 PID: 169 at drivers/net/wireless/ath/ath6kl/htc_pipe.c:963 ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.134030][ T169] Modules linked in:
[ 48.140237][ T169] CPU: 3 PID: 169 Comm: kworker/3:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0
[ 48.150928][ T169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 48.159772][ T169] Workqueue: events ath6kl_usb_io_comp_work
[ 48.165538][ T169] RIP: 0010:ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.172082][ T169] Code: e4 e8 b6 3b 2e 04 48 c7 44 24 38 00 00 00 00 e9 7f fa ff ff e8 63 5f 57 fc 8b 9c 24 8c 00 00 00 e9 8a f8 ff ff e8 52 5f 57 fc <0f> 0b 48 c7 c7 00 3e 3e 8a 41 bc ea ff ff ff e8 f0 46 05 04 e9 50
[ 48.192348][ T169] RSP: 0018:ffffc900027ffbb8 EFLAGS: 00010293
[ 48.198390][ T169] RAX: 0000000000000000 RBX: ffff888026800e60 RCX: 0000000000000000
[ 48.206123][ T169] RDX: ffff888017e9e100 RSI: ffffffff852083ae RDI: ffff888026800ed0
[ 48.213942][ T169] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8ffc8a1f
[ 48.221747][ T169] R10: ffffffff85255d79 R11: 0000000000000000 R12: ffff88802279e000
[ 48.229828][ T169] R13: ffff888026800e60 R14: 0000000000000000 R15: ffff88802279e920
[ 48.237788][ T169] FS: 0000000000000000(0000) GS:ffff88802cd00000(0000) knlGS:0000000000000000
[ 48.246531][ T169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 48.253302][ T169] CR2: 00007fdd20a27300 CR3: 0000000021a97000 CR4: 0000000000150ee0
[ 48.261020][ T169] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 48.268991][ T169] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 48.276893][ T169] Call Trace:
[ 48.280000][ T169]
[ 48.282989][ T169] ? skb_dequeue+0x125/0x180
[ 48.287691][ T169] ? mark_held_locks+0x9f/0xe0
[ 48.292593][ T169] ? htc_try_send.isra.0+0x2460/0x2460
[ 48.300042][ T169] ? lockdep_hardirqs_on+0x79/0x100
[ 48.306596][ T169] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 48.313628][ T40] ath6kl: Failed to submit usb control message: -71
[ 48.320503][ T40] ath6kl: unable to send the bmi data to the device: -71
[ 48.327796][ T169] ath6kl_usb_io_comp_work+0x11e/0x160
[ 48.333590][ T169] process_one_work+0x9ac/0x1650
[ 48.338902][ T169] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 48.344848][ T40] ath6kl: Unable to send get target info: -71
[ 48.351114][ T169] ? rwlock_bug.part.0+0x90/0x90
[ 48.356828][ T169] ? _raw_spin_lock_irq+0x41/0x50
[ 48.361822][ T169] worker_thread+0x657/0x1110
[ 48.366865][ T169] ? process_one_work+0x1650/0x1650
[ 48.371756][ T169] kthread+0x2e9/0x3a0
[ 48.376120][ T169] ? kthread_complete_and_exit+0x40/0x40
[ 48.382519][ T169] ret_from_fork+0x1f/0x30
[ 48.387118][ T169]
[ 48.390079][ T169] Kernel panic - not syncing: panic_on_warn set ...
[ 48.396555][ T169] CPU: 3 PID: 169 Comm: kworker/3:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0
[ 48.406844][ T169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 48.416819][ T169] Workqueue: events ath6kl_usb_io_comp_work
[ 48.422548][ T169] Call Trace:
[ 48.425725][ T169]
[ 48.428628][ T169] dump_stack_lvl+0xcd/0x134
[ 48.433286][ T169] panic+0x2b0/0x6dd
[ 48.437127][ T169] ? __warn_printk+0xf3/0xf3
[ 48.441670][ T169] ? __warn.cold+0x1d1/0x2cf
[ 48.445938][ T169] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.451674][ T169] __warn.cold+0x1ec/0x2cf
[ 48.455988][ T169] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.461780][ T169] report_bug+0x1bd/0x210
[ 48.466081][ T169] handle_bug+0x3c/0x60
[ 48.470106][ T169] exc_invalid_op+0x14/0x40
[ 48.474421][ T169] asm_exc_invalid_op+0x12/0x20
[ 48.479167][ T169] RIP: 0010:ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.485672][ T169] Code: e4 e8 b6 3b 2e 04 48 c7 44 24 38 00 00 00 00 e9 7f fa ff ff e8 63 5f 57 fc 8b 9c 24 8c 00 00 00 e9 8a f8 ff ff e8 52 5f 57 fc <0f> 0b 48 c7 c7 00 3e 3e 8a 41 bc ea ff ff ff e8 f0 46 05 04 e9 50
[ 48.505091][ T169] RSP: 0018:ffffc900027ffbb8 EFLAGS: 00010293
[ 48.511406][ T169] RAX: 0000000000000000 RBX: ffff888026800e60 RCX: 0000000000000000
[ 48.519132][ T169] RDX: ffff888017e9e100 RSI: ffffffff852083ae RDI: ffff888026800ed0
[ 48.526948][ T169] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8ffc8a1f
[ 48.534661][ T169] R10: ffffffff85255d79 R11: 0000000000000000 R12: ffff88802279e000
[ 48.542400][ T169] R13: ffff888026800e60 R14: 0000000000000000 R15: ffff88802279e920
[ 48.550360][ T169] ? ath6kl_usb_io_comp_work+0xc9/0x160
[ 48.555747][ T169] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.561544][ T169] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 48.567235][ T169] ? skb_dequeue+0x125/0x180
[ 48.571557][ T169] ? mark_held_locks+0x9f/0xe0
[ 48.576140][ T169] ? htc_try_send.isra.0+0x2460/0x2460
[ 48.581447][ T169] ? lockdep_hardirqs_on+0x79/0x100
[ 48.586384][ T169] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 48.591871][ T169] ath6kl_usb_io_comp_work+0x11e/0x160
[ 48.597072][ T169] process_one_work+0x9ac/0x1650
[ 48.601875][ T169] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 48.607078][ T169] ? rwlock_bug.part.0+0x90/0x90
[ 48.611850][ T169] ? _raw_spin_lock_irq+0x41/0x50
[ 48.616829][ T169] worker_thread+0x657/0x1110
[ 48.621355][ T169] ? process_one_work+0x1650/0x1650
[ 48.626394][ T169] kthread+0x2e9/0x3a0
[ 48.630254][ T169] ? kthread_complete_and_exit+0x40/0x40
[ 48.635708][ T169] ret_from_fork+0x1f/0x30
[ 48.640031][ T169]
[ 48.643799][ T169] Kernel Offset: disabled
[ 48.648229][ T169] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:07:39 Registers:
info registers vcpu 0
RAX=000000000002be73 RBX=ffffffff8b8bc6c0 RCX=ffffffff894be5e1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffffff8b807e40
R8 =0000000000000001 R9 =ffff88802ca3acd3 R10=ffffed100594759a R11=0000000000000000
R12=fffffbfff17178d8 R13=0000000000000000 R14=ffffffff8d93e890 R15=0000000000000000
RIP=ffffffff894eb10b RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802ca00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055fa756c4300 CR3=0000000017f0c000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=66706d74766564223d76656420227465
XMM04=746e6f6373203030353578303d646d63 XMM05=00000000000000000000000000000000
XMM06=666e6d63732030223535653020226d63 XMM07=524157205d3936315420205b5d383735
XMM08=2500656c6f736e6f632f7665642f000a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000002e66f RBX=ffff888011924180 RCX=ffffffff894be5e1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc9000065fdf8
R8 =0000000000000001 R9 =ffff88802cb3acd3 R10=ffffed100596759a R11=0000000000000000
R12=ffffed1002324830 R13=0000000000000001 R14=ffffffff8d93e890 R15=0000000000000000
RIP=ffffffff894eb10b RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005582657b4338 CR3=000000001c1a7000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffffffffffffffffffff XMM01=4b5f5455504e495f4449006b636f6c62
XMM02=ffffffffffffffffffffffffffffffff XMM03=0000000000ff000000ff00000000ff00
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=7261726f706d6574002a3f005b3f2a00 XMM09=00000000000000000000000000000000
XMM10=20202000002020202020202020202020 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 2
RAX=00000000000294ef RBX=ffff8880119261c0 RCX=ffffffff894be5e1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000002 RSP=ffffc9000066fdf8
R8 =0000000000000001 R9 =ffff88802cc3acd3 R10=ffffed100598759a R11=0000000000000000
R12=ffffed1002324c38 R13=0000000000000002 R14=ffffffff8d93e890 R15=0000000000000000
RIP=ffffffff894eb10b RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe000008f000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffe12e36e40 CR3=000000000b88e000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=25252525252525252525252525252525 XMM01=000000ff000000000000000000000000
XMM02=000000ff000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000ffffffffffffff00ffffff00
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=6564750073726f74706972637365642f XMM09=00000000000000000000000000000000
XMM10=20202000002020202020202020202020 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff8441eeb1 RDI=ffffffff907ee2e0 RBP=ffffffff907ee2a0 RSP=ffffc900027ff5d0
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff8441eea2 R11=000000000000001f
R12=0000000000000000 R13=0000000000000005 R14=0000000000000001 R15=ffffffff907ee2f0
RIP=ffffffff8441eeda RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cd00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe00000d6000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdd20a27300 CR3=0000000021a97000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a XMM01=000000000000000000000000000000ff
XMM02=000000000000000000000000000000ff XMM03=7069705f6374685f6c6b366874612033
XMM04=6c706d6f635f78725f657069705f6374 XMM05=7069705f6374682f6c6b366874612f68
XMM06=7372657669726420746120393631203a XMM07=524157205d3936315420205b5d383735
XMM08=6d64617379733a725f6d646173797300 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000