Warning: Permanently added '10.128.1.164' (ED25519) to the list of known hosts.
2026/04/23 19:33:20 parsed 1 programs
[ 54.515977][ T29] audit: type=1400 audit(1776972800.014:62): avc: denied { node_bind } for pid=2970 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 54.537003][ T29] audit: type=1400 audit(1776972800.014:63): avc: denied { module_request } for pid=2970 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 57.741454][ T29] audit: type=1400 audit(1776972803.234:64): avc: denied { mounton } for pid=2980 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 57.765730][ T29] audit: type=1400 audit(1776972803.264:65): avc: denied { mount } for pid=2980 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 57.780341][ T2980] cgroup: Unknown subsys name 'net'
[ 57.795554][ T29] audit: type=1400 audit(1776972803.294:66): avc: denied { unmount } for pid=2980 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 57.906757][ T2980] cgroup: Unknown subsys name 'cpuset'
[ 57.916614][ T2980] cgroup: Unknown subsys name 'rlimit'
[ 58.086398][ T29] audit: type=1400 audit(1776972803.584:67): avc: denied { setattr } for pid=2980 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 58.109834][ T29] audit: type=1400 audit(1776972803.584:68): avc: denied { create } for pid=2980 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 58.130487][ T29] audit: type=1400 audit(1776972803.584:69): avc: denied { write } for pid=2980 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 58.151063][ T29] audit: type=1400 audit(1776972803.584:70): avc: denied { read } for pid=2980 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 58.184841][ T29] audit: type=1400 audit(1776972803.684:71): avc: denied { sys_module } for pid=2980 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 58.310619][ T2984] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 58.373986][ T2980] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 59.976563][ T29] kauditd_printk_skb: 8 callbacks suppressed
[ 59.976603][ T29] audit: type=1400 audit(1776972805.474:80): avc: denied { execmem } for pid=2986 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 60.011771][ T29] audit: type=1400 audit(1776972805.504:81): avc: denied { read } for pid=2987 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 60.033600][ T29] audit: type=1400 audit(1776972805.504:82): avc: denied { open } for pid=2987 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 60.057280][ T29] audit: type=1400 audit(1776972805.504:83): avc: denied { mounton } for pid=2987 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 60.094965][ T29] audit: type=1400 audit(1776972805.594:84): avc: denied { mounton } for pid=2987 comm="syz-executor" path="/root/syzkaller.diqu2s/syz-tmp" dev="sda1" ino=2030 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 60.119889][ T29] audit: type=1400 audit(1776972805.594:85): avc: denied { mount } for pid=2987 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 60.142094][ T29] audit: type=1400 audit(1776972805.594:86): avc: denied { mounton } for pid=2987 comm="syz-executor" path="/root/syzkaller.diqu2s/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 60.167426][ T29] audit: type=1400 audit(1776972805.604:87): avc: denied { mount } for pid=2987 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 60.189574][ T29] audit: type=1400 audit(1776972805.604:88): avc: denied { mounton } for pid=2987 comm="syz-executor" path="/root/syzkaller.diqu2s/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 60.216264][ T29] audit: type=1400 audit(1776972805.604:89): avc: denied { mounton } for pid=2987 comm="syz-executor" path="/root/syzkaller.diqu2s/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=534 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 60.288223][ T2987] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 74.635007][ T29] kauditd_printk_skb: 8 callbacks suppressed
[ 74.635031][ T29] audit: type=1400 audit(1776972820.134:98): avc: denied { create } for pid=3464 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 75.022760][ T29] audit: type=1401 audit(1776972820.514:99): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 75.751458][ T29] audit: type=1400 audit(1776972821.244:100): avc: denied { create } for pid=3489 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 75.773052][ T29] audit: type=1400 audit(1776972821.274:101): avc: denied { sys_admin } for pid=3489 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 75.836075][ T29] audit: type=1400 audit(1776972821.334:102): avc: denied { sys_chroot } for pid=3490 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 76.421937][ T29] audit: type=1400 audit(1776972821.914:103): avc: denied { create } for pid=3502 comm="syz-executor" name="tun" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[ 76.453266][ T29] audit: type=1400 audit(1776972821.914:104): avc: denied { setattr } for pid=3502 comm="syz-executor" name="tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[ 76.503794][ T29] audit: type=1400 audit(1776972821.914:105): avc: denied { read write } for pid=3502 comm="syz-executor" name="tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[ 76.530473][ T29] audit: type=1400 audit(1776972821.914:106): avc: denied { open } for pid=3502 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
2026/04/23 19:33:43 executed programs: 0
2026/04/23 19:33:56 executed programs: 2
[ 91.242779][ T29] audit: type=1400 audit(1776972836.734:107): avc: denied { read write } for pid=3966 comm="syz.3.17" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 91.290602][ T29] audit: type=1400 audit(1776972836.734:108): avc: denied { open } for pid=3966 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 91.317651][ T29] audit: type=1400 audit(1776972836.744:109): avc: denied { ioctl } for pid=3966 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 91.503657][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 91.667433][ T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 91.676778][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 91.685323][ T10] usb 4-1: Product: syz
[ 91.689506][ T10] usb 4-1: Manufacturer: syz
[ 91.694217][ T10] usb 4-1: SerialNumber: syz
[ 91.709594][ T10] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 91.738291][ T29] audit: type=1400 audit(1776972837.234:110): avc: denied { firmware_load } for pid=38 comm="kworker/0:2" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[ 91.775949][ T38] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 92.005294][ T10] usb 4-1: USB disconnect, device number 2
[ 92.853420][ T38] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 92.861139][ T38] ath9k_htc: Failed to initialize the device
[ 92.868954][ T10] usb 4-1: ath9k_htc: USB layer deinitialized
[ 93.174125][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 93.347285][ T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[ 93.356474][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 93.364596][ T10] usb 4-1: Product: syz
[ 93.368922][ T10] usb 4-1: Manufacturer: syz
[ 93.373642][ T10] usb 4-1: SerialNumber: syz
[ 93.514237][ T10] usb 4-1: reset high-speed USB device number 3 using dummy_hcd
[ 94.203305][ T10] usb 4-1: device descriptor read/64, error -71
[ 94.479836][ T3510] usb 4-1: driver API: 1.9.9 2016-02-15 [1-1]
[ 94.486333][ T3510] usb 4-1: firmware API: 1.9.6 2012-07-07
[ 94.699720][ C0] usb 4-1: received invalid command response:got 60, instead of 0
[ 94.707772][ C0] usb 4-1: restart device (9)
[ 94.713990][ C0] usb 4-1: received invalid command response:got -2, instead of 4
[ 94.914397][ C0] usb 4-1: received invalid command response:got 60, instead of 4
[ 94.922790][ T3510] ieee80211 phy1: wrong echo 4a110123 != 0
[ 94.929024][ C0] usb 4-1: received invalid command response:got 43, instead of 4
[ 94.937011][ T3510] usb 4-1: firmware upload failed (-22).
[ 95.130272][ C0] usb 4-1: submit cmd cb failed (-71).
[ 95.130595][ T2820] usb 4-1: USB disconnect, device number 3
[ 95.140241][ C0] device 4-1 is not registered
[ 95.903293][ T3510] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 96.056792][ T3510] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 96.066084][ T3510] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 96.074164][ T3510] usb 4-1: Product: syz
[ 96.078372][ T3510] usb 4-1: Manufacturer: syz
[ 96.082981][ T3510] usb 4-1: SerialNumber: syz
[ 96.095917][ T3510] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 96.111642][ T10] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 96.313789][ T2820] usb 4-1: USB disconnect, device number 4
[ 97.183467][ T10] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 97.191074][ T10] ath9k_htc: Failed to initialize the device
[ 97.197889][ T2820] usb 4-1: ath9k_htc: USB layer deinitialized
[ 97.493337][ T2820] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 97.646853][ T2820] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[ 97.656015][ T2820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 97.664098][ T2820] usb 4-1: Product: syz
[ 97.668300][ T2820] usb 4-1: Manufacturer: syz
[ 97.672909][ T2820] usb 4-1: SerialNumber: syz
[ 97.813393][ T2820] usb 4-1: reset high-speed USB device number 5 using dummy_hcd
[ 98.513392][ T2820] usb 4-1: device descriptor read/64, error -71
[ 98.777292][ T28] usb 4-1: driver API: 1.9.9 2016-02-15 [1-1]
[ 98.789284][ T28] usb 4-1: firmware API: 1.9.6 2012-07-07
[ 99.001578][ C1] usb 4-1: received invalid command response:got 60, instead of 0
[ 99.009441][ C1] usb 4-1: restart device (9)
[ 99.014580][ C1] usb 4-1: received invalid command response:got -2, instead of 4
[ 99.022516][ T28] ieee80211 phy3: wrong echo 4a110123 != 0
[ 99.028453][ T28] usb 4-1: firmware upload failed (-22).
[ 99.224276][ C1] usb 4-1: received invalid command response:got 60, instead of 4
[ 99.232607][ C1] usb 4-1: received invalid command response:got 43, instead of 4
[ 99.433723][ T10] usb 4-1: USB disconnect, device number 5
[ 99.434886][ C1] usb 4-1: submit cmd cb failed (-71).
2026/04/23 19:34:05 executed programs: 4
[ 100.203287][ T28] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 100.356368][ T28] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 100.365511][ T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 100.373618][ T28] usb 4-1: Product: syz
[ 100.377827][ T28] usb 4-1: Manufacturer: syz
[ 100.382446][ T28] usb 4-1: SerialNumber: syz
[ 100.393363][ T28] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 100.409199][ T3972] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 100.612569][ T10] usb 4-1: USB disconnect, device number 6
[ 101.493305][ T3972] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 101.500440][ T3972] ath9k_htc: Failed to initialize the device
[ 101.507151][ T10] usb 4-1: ath9k_htc: USB layer deinitialized
[ 101.803356][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 101.957070][ T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[ 101.966247][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 101.974343][ T10] usb 4-1: Product: syz
[ 101.978544][ T10] usb 4-1: Manufacturer: syz
[ 101.983146][ T10] usb 4-1: SerialNumber: syz
[ 102.123349][ T10] usb 4-1: reset high-speed USB device number 7 using dummy_hcd
[ 102.813380][ T10] usb 4-1: device descriptor read/64, error -71
[ 103.078200][ T3510] usb 4-1: driver API: 1.9.9 2016-02-15 [1-1]
[ 103.090054][ T3510] usb 4-1: firmware API: 1.9.6 2012-07-07
[ 103.301451][ C0] usb 4-1: received invalid command response:got 60, instead of 0
[ 103.309329][ C0] usb 4-1: restart device (9)
[ 103.314628][ C0] usb 4-1: received invalid command response:got -2, instead of 0
[ 103.515047][ C0] usb 4-1: received invalid command response:got 60, instead of 4
[ 103.522930][ C0] ==================================================================
[ 103.530999][ C0] BUG: KASAN: stack-out-of-bounds in carl9170_handle_command_response+0x21f/0xc50
[ 103.540235][ C0] Write of size 60 at addr ffffc9000202fa38 by task swapper/0/0
[ 103.547967][ C0]
[ 103.550341][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full)
[ 103.550369][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 103.550390][ C0] Call Trace:
[ 103.550399][ C0]
[ 103.550411][ C0] dump_stack_lvl+0x100/0x190
[ 103.550450][ C0] print_report+0x13d/0x4b0
[ 103.550484][ C0] ? __lock_acquire+0x4a5/0x2630
[ 103.550513][ C0] ? carl9170_handle_command_response+0x21f/0xc50
[ 103.550543][ C0] kasan_report+0xdf/0x1d0
[ 103.550583][ C0] ? carl9170_handle_command_response+0x21f/0xc50
[ 103.550616][ C0] kasan_check_range+0x10f/0x1e0
[ 103.550640][ C0] __asan_memcpy+0x3c/0x60
[ 103.550667][ C0] carl9170_handle_command_response+0x21f/0xc50
[ 103.550698][ C0] carl9170_usb_rx_irq_complete+0xfc/0x1b0
[ 103.550734][ C0] __usb_hcd_giveback_urb+0x38d/0x610
[ 103.550759][ C0] usb_hcd_giveback_urb+0x3ca/0x4a0
[ 103.550783][ C0] dummy_timer+0xda1/0x36c0
[ 103.550823][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 103.550860][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 103.550883][ C0] ? rcu_is_watching+0x12/0xc0
[ 103.550916][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 103.550950][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 103.550973][ C0] __hrtimer_run_queues+0x470/0xa00
[ 103.551013][ C0] hrtimer_run_softirq+0x17d/0x2c0
[ 103.551053][ C0] handle_softirqs+0x1dd/0x9e0
[ 103.551106][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 103.551143][ C0] ? _raw_spin_unlock+0x28/0x50
[ 103.551172][ C0] ? __hrtimer_rearm_deferred+0x9b/0x740
[ 103.551207][ C0] __irq_exit_rcu+0x160/0x210
[ 103.551243][ C0] irq_exit_rcu+0x9/0x30
[ 103.551279][ C0] sysvec_apic_timer_interrupt+0x8f/0xb0
[ 103.551315][ C0]
[ 103.551322][ C0]
[ 103.551330][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 103.551360][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 103.551396][ C0] Code: d4 b4 01 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 9d 15 00 fb f4 7c f2 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 103.551422][ C0] RSP: 0018:ffffffff89407e10 EFLAGS: 00000246
[ 103.551440][ C0] RAX: 00000000000bd6f9 RBX: ffffffff8942ca40 RCX: ffffffff8770e3f5
[ 103.551456][ C0] RDX: 0000000000000000 RSI: ffffffff890d1d42 RDI: ffffffff87b03fe0
[ 103.551471][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed103eac673d
[ 103.551486][ C0] R10: ffff8881f56339eb R11: 0000000000000000 R12: 0000000000000000
[ 103.551500][ C0] R13: fffffbfff1285948 R14: 0000000000000000 R15: ffffffff8af1a1d0
[ 103.551519][ C0] ? ct_kernel_exit+0x125/0x180
[ 103.551559][ C0] default_idle+0x9/0x10
[ 103.551581][ C0] default_idle_call+0x6c/0xb0
[ 103.551604][ C0] do_idle+0x464/0x590
[ 103.551629][ C0] ? __pfx_do_idle+0x10/0x10
[ 103.551657][ C0] cpu_startup_entry+0x4f/0x60
[ 103.551682][ C0] rest_init+0x251/0x260
[ 103.551707][ C0] ? __pfx_x86_late_time_init+0x10/0x10
[ 103.551739][ C0] start_kernel+0x47f/0x480
[ 103.551768][ C0] x86_64_start_reservations+0x24/0x30
[ 103.551801][ C0] x86_64_start_kernel+0x12b/0x130
[ 103.551842][ C0] common_startup_64+0x13e/0x148
[ 103.551871][ C0]
[ 103.551878][ C0]
[ 103.861874][ C0] The buggy address belongs to a vmalloc virtual mapping
[ 103.868912][ C0] The buggy address belongs to the physical page:
[ 103.875323][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11661f
[ 103.884187][ C0] flags: 0x200000000000000(node=0|zone=2)
[ 103.889931][ C0] raw: 0200000000000000 0000000000000000 ffffea00045987c8 0000000000000000
[ 103.898540][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 103.907141][ C0] page dumped because: kasan: bad access detected
[ 103.913585][ C0] page_owner tracks the page as allocated
[ 103.919306][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 32, tgid 32 (kworker/u8:1), ts 76195016044, free_ts 75864159012
[ 103.938627][ C0] post_alloc_hook+0x153/0x170
[ 103.943421][ C0] get_page_from_freelist+0xf34/0x3a90
[ 103.948909][ C0] __alloc_frozen_pages_noprof+0x273/0x28a0
[ 103.954831][ C0] alloc_pages_mpol+0xe8/0x410
[ 103.959624][ C0] alloc_pages_noprof+0x1a/0x160
[ 103.964583][ C0] __vmalloc_node_range_noprof+0xf9a/0x1630
[ 103.970512][ C0] __vmalloc_node_noprof+0xad/0xf0
[ 103.975659][ C0] copy_process+0x7fb/0x7d20
[ 103.980265][ C0] kernel_clone+0x12e/0x9c0
[ 103.984784][ C0] user_mode_thread+0xcc/0x110
[ 103.989578][ C0] call_usermodehelper_exec_work+0x6b/0x180
[ 103.995502][ C0] process_one_work+0xa0e/0x1980
[ 104.000462][ C0] worker_thread+0x5ef/0xe50
[ 104.005074][ C0] kthread+0x370/0x450
[ 104.009156][ C0] ret_from_fork+0x69a/0xc80
[ 104.013769][ C0] ret_from_fork_asm+0x1a/0x30
[ 104.018551][ C0] page last free pid 3491 tgid 3491 stack trace:
[ 104.024881][ C0] __free_frozen_pages+0x692/0xf10
[ 104.030045][ C0] qlist_free_all+0x47/0xf0
[ 104.034617][ C0] kasan_quarantine_reduce+0x1a0/0x1f0
[ 104.040094][ C0] __kasan_slab_alloc+0x4e/0x70
[ 104.044967][ C0] __kmalloc_node_noprof+0x2bf/0x810
[ 104.050260][ C0] alloc_slab_obj_exts+0xae/0x270
[ 104.055329][ C0] new_slab+0x4db/0x6b0
[ 104.059510][ C0] refill_objects+0x277/0x420
[ 104.064210][ C0] __pcs_replace_empty_main+0x375/0x650
[ 104.069766][ C0] kmem_cache_alloc_noprof+0x520/0x6a0
[ 104.075247][ C0] __anon_vma_prepare+0xae/0x5e0
[ 104.080249][ C0] __vmf_anon_prepare+0x11f/0x250
[ 104.085305][ C0] __handle_mm_fault+0x82c/0x2780
[ 104.090362][ C0] handle_mm_fault+0x36d/0xa20
[ 104.095155][ C0] do_user_addr_fault+0x5ae/0x11d0
[ 104.100298][ C0] exc_page_fault+0x66/0xc0
[ 104.104828][ C0]
[ 104.107157][ C0] Memory state around the buggy address:
[ 104.112795][ C0] ffffc9000202f900: f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00
[ 104.120869][ C0] ffffc9000202f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.128941][ C0] >ffffc9000202fa00: 00 f1 f1 f1 f1 f1 f1 04 f2 04 f3 f3 f3 00 00 00
[ 104.137012][ C0] ^
[ 104.142912][ C0] ffffc9000202fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.151006][ C0] ffffc9000202fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.159189][ C0] ==================================================================
[ 104.167268][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.174475][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full)
[ 104.183430][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 104.193507][ C0] Call Trace:
[ 104.196801][ C0]
[ 104.199672][ C0] dump_stack_lvl+0x100/0x190
[ 104.204378][ C0] vpanic+0x552/0x970
[ 104.208380][ C0] ? __pfx_vpanic+0x10/0x10
[ 104.212901][ C0] ? __pfx_vprintk_emit+0x10/0x10
[ 104.217957][ C0] ? carl9170_handle_command_response+0x21f/0xc50
[ 104.224404][ C0] panic+0xd1/0xe0
[ 104.228142][ C0] ? __pfx_panic+0x10/0x10
[ 104.232573][ C0] ? end_report.part.0+0x23/0x90
[ 104.237558][ C0] ? rcu_is_watching+0x12/0xc0
[ 104.242346][ C0] ? end_report.part.0+0x23/0x90
[ 104.247394][ C0] ? check_panic_on_warn+0x1f/0x90
[ 104.252535][ C0] check_panic_on_warn.cold+0x19/0x34
[ 104.257959][ C0] end_report.part.0+0x3a/0x90
[ 104.262766][ C0] kasan_report.cold+0xe/0x18
[ 104.267498][ C0] ? carl9170_handle_command_response+0x21f/0xc50
[ 104.273957][ C0] kasan_check_range+0x10f/0x1e0
[ 104.278920][ C0] __asan_memcpy+0x3c/0x60
[ 104.283407][ C0] carl9170_handle_command_response+0x21f/0xc50
[ 104.289705][ C0] carl9170_usb_rx_irq_complete+0xfc/0x1b0
[ 104.295576][ C0] __usb_hcd_giveback_urb+0x38d/0x610
[ 104.300976][ C0] usb_hcd_giveback_urb+0x3ca/0x4a0
[ 104.306297][ C0] dummy_timer+0xda1/0x36c0
[ 104.310846][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 104.316705][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 104.321683][ C0] ? rcu_is_watching+0x12/0xc0
[ 104.326472][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 104.332310][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 104.337270][ C0] __hrtimer_run_queues+0x470/0xa00
[ 104.342503][ C0] hrtimer_run_softirq+0x17d/0x2c0
[ 104.347646][ C0] handle_softirqs+0x1dd/0x9e0
[ 104.352445][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 104.357765][ C0] ? _raw_spin_unlock+0x28/0x50
[ 104.362637][ C0] ? __hrtimer_rearm_deferred+0x9b/0x740
[ 104.368295][ C0] __irq_exit_rcu+0x160/0x210
[ 104.373000][ C0] irq_exit_rcu+0x9/0x30
[ 104.377267][ C0] sysvec_apic_timer_interrupt+0x8f/0xb0
[ 104.382942][ C0]
[ 104.385888][ C0]
[ 104.388832][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 104.394836][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 104.400537][ C0] Code: d4 b4 01 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 9d 15 00 fb f4 7c f2 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 104.420170][ C0] RSP: 0018:ffffffff89407e10 EFLAGS: 00000246
[ 104.426266][ C0] RAX: 00000000000bd6f9 RBX: ffffffff8942ca40 RCX: ffffffff8770e3f5
[ 104.434248][ C0] RDX: 0000000000000000 RSI: ffffffff890d1d42 RDI: ffffffff87b03fe0
[ 104.442246][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed103eac673d
[ 104.450230][ C0] R10: ffff8881f56339eb R11: 0000000000000000 R12: 0000000000000000
[ 104.458222][ C0] R13: fffffbfff1285948 R14: 0000000000000000 R15: ffffffff8af1a1d0
[ 104.466223][ C0] ? ct_kernel_exit+0x125/0x180
[ 104.471113][ C0] default_idle+0x9/0x10
[ 104.475389][ C0] default_idle_call+0x6c/0xb0
[ 104.480200][ C0] do_idle+0x464/0x590
[ 104.484291][ C0] ? __pfx_do_idle+0x10/0x10
[ 104.488909][ C0] cpu_startup_entry+0x4f/0x60
[ 104.493705][ C0] rest_init+0x251/0x260
[ 104.497972][ C0] ? __pfx_x86_late_time_init+0x10/0x10
[ 104.503550][ C0] start_kernel+0x47f/0x480
[ 104.508086][ C0] x86_64_start_reservations+0x24/0x30
[ 104.513570][ C0] x86_64_start_kernel+0x12b/0x130
[ 104.518822][ C0] common_startup_64+0x13e/0x148
[ 104.523798][ C0]
[ 104.527499][ C0] Kernel Offset: disabled
[ 104.531844][ C0] Rebooting in 86400 seconds..