[ 52.100273][ T38] audit: type=1400 audit(1647174961.193:73): avc: denied { transition } for pid=3657 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 52.134003][ T38] audit: type=1400 audit(1647174961.203:74): avc: denied { write } for pid=3657 comm="sh" path="pipe:[1720]" dev="pipefs" ino=1720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '[localhost]:43519' (ECDSA) to the list of known hosts.
[ 54.281533][ T38] audit: type=1400 audit(1647174963.373:75): avc: denied { execute } for pid=3669 comm="sh" name="syz-executor1798376299" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
executing program
[ 54.310158][ T38] audit: type=1400 audit(1647174963.383:76): avc: denied { execute_no_trans } for pid=3669 comm="sh" path="/syz-executor1798376299" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 54.340527][ T38] audit: type=1400 audit(1647174963.413:77): avc: denied { execmem } for pid=3669 comm="syz-executor179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 54.364694][ T38] audit: type=1400 audit(1647174963.413:78): avc: denied { read write } for pid=3669 comm="syz-executor179" name="raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 54.393729][ T38] audit: type=1400 audit(1647174963.413:79): avc: denied { open } for pid=3669 comm="syz-executor179" path="/dev/raw-gadget" dev="devtmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 54.421796][ T38] audit: type=1400 audit(1647174963.413:80): avc: denied { ioctl } for pid=3669 comm="syz-executor179" path="/dev/raw-gadget" dev="devtmpfs" ino=760 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 54.584028][ T48] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 54.944309][ T48] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 54.955401][ T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 54.970821][ T48] usb 5-1: config 0 descriptor??
[ 55.236580][ T37] ------------[ cut here ]------------
[ 55.242612][ T37] WARNING: CPU: 2 PID: 37 at drivers/net/wireless/ath/ath6kl/htc_pipe.c:963 ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.258580][ T37] Modules linked in:
[ 55.267555][ T37] CPU: 2 PID: 37 Comm: kworker/2:1 Not tainted 5.17.0-rc7-syzkaller-00235-gaad611a868d1 #0
[ 55.277973][ T37] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 55.286831][ T37] Workqueue: events ath6kl_usb_io_comp_work
[ 55.293034][ T37] RIP: 0010:ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.299810][ T37] Code: e4 e8 f6 51 2e 04 48 c7 44 24 38 00 00 00 00 e9 7f fa ff ff e8 73 56 57 fc 8b 9c 24 8c 00 00 00 e9 8a f8 ff ff e8 62 56 57 fc <0f> 0b 48 c7 c7 00 47 3e 8a 41 bc ea ff ff ff e8 64 5d 05 04 e9 50
[ 55.319640][ T37] RSP: 0018:ffffc90000817bb8 EFLAGS: 00010293
[ 55.325690][ T37] RAX: 0000000000000000 RBX: ffff888027660e60 RCX: 0000000000000000
[ 55.333402][ T37] RDX: ffff888012be0180 RSI: ffffffff85209f2e RDI: ffff888027660ed0
[ 55.341325][ T37] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8ffc9a1f
[ 55.348935][ T37] R10: ffffffff852578f9 R11: 1ffffffff1efd76e R12: ffff88802649c000
[ 55.356780][ T37] R13: ffff888027660e60 R14: 0000000000000000 R15: ffff88802649c920
[ 55.364575][ T37] FS: 0000000000000000(0000) GS:ffff88802cc00000(0000) knlGS:0000000000000000
[ 55.373192][ T37] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.379801][ T37] CR2: 00007fff66142de0 CR3: 000000001f909000 CR4: 0000000000150ee0
[ 55.387586][ T37] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.395437][ T37] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.403191][ T37] Call Trace:
[ 55.406487][ T37]
[ 55.409330][ T37] ? skb_dequeue+0x125/0x180
[ 55.414009][ T37] ? mark_held_locks+0x9f/0xe0
[ 55.430450][ T37] ? htc_try_send.isra.0+0x2460/0x2460
[ 55.437073][ T48] ath6kl: Failed to submit usb control message: -71
[ 55.443611][ T48] ath6kl: unable to send the bmi data to the device: -71
[ 55.450585][ T37] ? lockdep_hardirqs_on+0x79/0x100
[ 55.455838][ T37] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 55.461485][ T37] ath6kl_usb_io_comp_work+0x11e/0x160
[ 55.467399][ T48] ath6kl: Unable to send get target info: -71
[ 55.474041][ T37] process_one_work+0x9ac/0x1650
[ 55.478939][ T37] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 55.485146][ T37] ? rwlock_bug.part.0+0x90/0x90
[ 55.489952][ T37] ? _raw_spin_lock_irq+0x41/0x50
[ 55.494934][ T37] worker_thread+0x657/0x1110
[ 55.499476][ T37] ? process_one_work+0x1650/0x1650
[ 55.504693][ T37] kthread+0x2e9/0x3a0
[ 55.508828][ T37] ? kthread_complete_and_exit+0x40/0x40
[ 55.514454][ T37] ret_from_fork+0x1f/0x30
[ 55.518892][ T37]
[ 55.521872][ T37] Kernel panic - not syncing: panic_on_warn set ...
[ 55.529432][ T37] CPU: 2 PID: 37 Comm: kworker/2:1 Not tainted 5.17.0-rc7-syzkaller-00235-gaad611a868d1 #0
[ 55.540005][ T37] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 55.549347][ T37] Workqueue: events ath6kl_usb_io_comp_work
[ 55.555139][ T37] Call Trace:
[ 55.558321][ T37]
[ 55.561186][ T37] dump_stack_lvl+0xcd/0x134
[ 55.565771][ T37] panic+0x2b0/0x6dd
[ 55.569623][ T37] ? __warn_printk+0xf3/0xf3
[ 55.574432][ T37] ? __warn.cold+0x1d1/0x2cf
[ 55.579007][ T37] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.584989][ T37] __warn.cold+0x1ec/0x2cf
[ 55.589487][ T37] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.595799][ T37] report_bug+0x1bd/0x210
[ 55.600282][ T37] handle_bug+0x3c/0x60
[ 55.604366][ T37] exc_invalid_op+0x14/0x40
[ 55.609009][ T37] asm_exc_invalid_op+0x12/0x20
[ 55.613837][ T37] RIP: 0010:ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.620341][ T37] Code: e4 e8 f6 51 2e 04 48 c7 44 24 38 00 00 00 00 e9 7f fa ff ff e8 73 56 57 fc 8b 9c 24 8c 00 00 00 e9 8a f8 ff ff e8 62 56 57 fc <0f> 0b 48 c7 c7 00 47 3e 8a 41 bc ea ff ff ff e8 64 5d 05 04 e9 50
[ 55.639515][ T37] RSP: 0018:ffffc90000817bb8 EFLAGS: 00010293
[ 55.645420][ T37] RAX: 0000000000000000 RBX: ffff888027660e60 RCX: 0000000000000000
[ 55.653199][ T37] RDX: ffff888012be0180 RSI: ffffffff85209f2e RDI: ffff888027660ed0
[ 55.660953][ T37] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8ffc9a1f
[ 55.668834][ T37] R10: ffffffff852578f9 R11: 1ffffffff1efd76e R12: ffff88802649c000
[ 55.676724][ T37] R13: ffff888027660e60 R14: 0000000000000000 R15: ffff88802649c920
[ 55.684599][ T37] ? ath6kl_usb_io_comp_work+0xc9/0x160
[ 55.690055][ T37] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.696060][ T37] ? ath6kl_htc_pipe_rx_complete+0xd7e/0x1090
[ 55.701997][ T37] ? skb_dequeue+0x125/0x180
[ 55.706440][ T37] ? mark_held_locks+0x9f/0xe0
[ 55.711061][ T37] ? htc_try_send.isra.0+0x2460/0x2460
[ 55.716370][ T37] ? lockdep_hardirqs_on+0x79/0x100
[ 55.721508][ T37] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 55.727194][ T37] ath6kl_usb_io_comp_work+0x11e/0x160
[ 55.732526][ T37] process_one_work+0x9ac/0x1650
[ 55.737439][ T37] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 55.742570][ T37] ? rwlock_bug.part.0+0x90/0x90
[ 55.747341][ T37] ? _raw_spin_lock_irq+0x41/0x50
[ 55.752147][ T37] worker_thread+0x657/0x1110
[ 55.756580][ T37] ? process_one_work+0x1650/0x1650
[ 55.761595][ T37] kthread+0x2e9/0x3a0
[ 55.765523][ T37] ? kthread_complete_and_exit+0x40/0x40
[ 55.770891][ T37] ret_from_fork+0x1f/0x30
[ 55.775199][ T37]
[ 55.779120][ T37] Kernel Offset: disabled
[ 55.783444][ T37] Rebooting in 86400 seconds..
VM DIAGNOSIS:
12:36:04 Registers:
info registers vcpu 0
RAX=000000000002c9ad RBX=ffffffff8b8bc6c0 RCX=ffffffff894c17a1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffffff8b807e40
R8 =0000000000000001 R9 =ffff88802ca3acd3 R10=ffffed100594759a R11=0000000000000000
R12=fffffbfff17178d8 R13=0000000000000000 R14=ffffffff8d93f250 R15=0000000000000000
RIP=ffffffff894ee2cb RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00000000
FS =0000 0000000000000000 ffffffff 00000000
GS =0000 ffff88802ca00000 ffffffff 00000000
LDT=0000 0000000000000000 ffffffff 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007efe150fe2d0 CR3=000000000b88e000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000046f1022f98facd54
XMM02=00000000000000000000000000000000 XMM03=00000000000000000403010201008881
XMM04=00000030000000030000000000000000 XMM05=0000006e0000005b0000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00005647eecff6680000000000000005 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000002e9ed RBX=ffff888011924180 RCX=ffffffff894c17a1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc9000065fdf8
R8 =0000000000000001 R9 =ffff88802cb3acd3 R10=ffffed100596759a R11=0000000000000000
R12=ffffed1002324830 R13=0000000000000001 R14=ffffffff8d93f250 R15=0000000000000000
RIP=ffffffff894ee2cb RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005609b22c6204 CR3=000000000b88e000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=25252525252525252525252525252525 XMM01=00000000000000000000000000ff0000
XMM02=00000000000000000000000000ff0000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=48474953206465766965636552007370 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff84420b6c RDI=ffffffff907ef2e0 RBP=ffffffff907ef2a0 RSP=ffffc90000817538
R8 =000000000000002a R9 =0000000000000000 R10=ffffffff84420b5d R11=000000000000001f
R12=0000000000000000 R13=fffffbfff20fdea7 R14=fffffbfff20fde5e R15=dffffc0000000000
RIP=ffffffff84420b92 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe000008f000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff66142de0 CR3=000000002672e000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff
XMM04=000000000000000000000000000000ff XMM05=0000000000000000000000000000ff00
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=0000000000029b4d RBX=ffff88801192a200 RCX=ffffffff894c17a1 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000003 RSP=ffffc9000067fdf8
R8 =0000000000000001 R9 =ffff88802cd3acd3 R10=ffffed10059a759a R11=0000000000000000
R12=ffffed1002325440 R13=0000000000000003 R14=ffffffff8d93f250 R15=0000000000000000
RIP=ffffffff894ee2cb RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00000000
FS =0000 0000000000000000 ffffffff 00000000
GS =0000 ffff88802cd00000 ffffffff 00000000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe00000d6000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000555ac4c88d58 CR3=000000001f909000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=66706d74766564223d76656420227465
XMM04=746e6f6373203030353578303d646d63 XMM05=00000000000000000000000000000000
XMM06=666e6d63732030223535653020226d63 XMM07=4157205d3733542020205b5d32313632
XMM08=2500656c6f736e6f632f7665642f000a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000