Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts.
2026/04/23 18:30:05 parsed 1 programs
[   44.368506][   T29] audit: type=1400 audit(1776969005.506:62): avc:  denied  { node_bind } for  pid=2968 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   44.391439][   T29] audit: type=1400 audit(1776969005.506:63): avc:  denied  { module_request } for  pid=2968 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   46.410395][   T29] audit: type=1400 audit(1776969007.546:64): avc:  denied  { mounton } for  pid=2978 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   46.436167][   T29] audit: type=1400 audit(1776969007.576:65): avc:  denied  { mount } for  pid=2978 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   46.441455][ T2978] cgroup: Unknown subsys name 'net'
[   46.468560][   T29] audit: type=1400 audit(1776969007.606:66): avc:  denied  { unmount } for  pid=2978 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   46.625175][ T2978] cgroup: Unknown subsys name 'cpuset'
[   46.636507][ T2978] cgroup: Unknown subsys name 'rlimit'
[   46.776605][   T29] audit: type=1400 audit(1776969007.916:67): avc:  denied  { setattr } for  pid=2978 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   46.802586][   T29] audit: type=1400 audit(1776969007.916:68): avc:  denied  { create } for  pid=2978 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   46.830480][   T29] audit: type=1400 audit(1776969007.916:69): avc:  denied  { write } for  pid=2978 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   46.856779][   T29] audit: type=1400 audit(1776969007.916:70): avc:  denied  { read } for  pid=2978 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   46.879597][   T29] audit: type=1400 audit(1776969007.946:71): avc:  denied  { sys_module } for  pid=2978 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   46.937092][ T2983] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   47.041438][ T2978] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   49.125905][ T2994] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   49.460249][   T29] kauditd_printk_skb: 28 callbacks suppressed
[   49.460269][   T29] audit: type=1400 audit(1776969010.596:100): avc:  denied  { create } for  pid=3022 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   49.919510][   T29] audit: type=1400 audit(1776969011.056:101): avc:  denied  { create } for  pid=3030 comm="syz-executor" name="tun" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[   49.994540][   T29] audit: type=1400 audit(1776969011.056:102): avc:  denied  { setattr } for  pid=3030 comm="syz-executor" name="tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[   50.128389][   T29] audit: type=1400 audit(1776969011.056:103): avc:  denied  { read write } for  pid=3030 comm="syz-executor" name="tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[   50.208642][   T29] audit: type=1400 audit(1776969011.086:104): avc:  denied  { open } for  pid=3030 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
2026/04/23 18:30:23 executed programs: 0
[   62.342156][ T3045] syz-executor (3045) used greatest stack depth: 23288 bytes left
2026/04/23 18:31:12 executed programs: 10
[  111.778265][   T29] audit: type=1400 audit(1776969072.916:105): avc:  denied  { read write } for  pid=5750 comm="syz.6.21" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  111.886912][   T29] audit: type=1400 audit(1776969072.946:106): avc:  denied  { open } for  pid=5750 comm="syz.6.21" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  111.973209][   T29] audit: type=1400 audit(1776969072.946:107): avc:  denied  { ioctl } for  pid=5750 comm="syz.6.21" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  112.097924][ T3005] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  112.297990][ T3005] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  112.308631][ T3005] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.323461][ T3005] usb 7-1: Product: syz
[  112.333681][ T3005] usb 7-1: Manufacturer: syz
[  112.344084][ T3005] usb 7-1: SerialNumber: syz
[  112.360263][ T3005] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  112.401359][   T29] audit: type=1400 audit(1776969073.536:108): avc:  denied  { firmware_load } for  pid=10 comm="kworker/0:1" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  112.432305][   T28] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  112.435371][   T10] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  112.483164][ T2819] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  112.512312][   T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  112.592434][ T5773] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  112.606328][   T28] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  112.616124][   T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.625434][   T28] usb 4-1: Product: syz
[  112.630058][   T28] usb 4-1: Manufacturer: syz
[  112.635409][   T28] usb 4-1: SerialNumber: syz
[  112.648923][ T3005] usb 7-1: USB disconnect, device number 2
[  112.666959][ T2819] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  112.679056][   T28] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  112.690029][   T23] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  112.700600][ T2819] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.708968][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.721296][ T2819] usb 3-1: Product: syz
[  112.730151][   T23] usb 2-1: Product: syz
[  112.735736][ T2819] usb 3-1: Manufacturer: syz
[  112.742661][   T23] usb 2-1: Manufacturer: syz
[  112.749385][ T2819] usb 3-1: SerialNumber: syz
[  112.754902][   T23] usb 2-1: SerialNumber: syz
[  112.766045][ T5775] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  112.781209][ T2819] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  112.794071][ T5773] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  112.813686][   T23] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  112.822762][ T5773] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.837724][   T28] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  112.859929][   T43] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  112.872371][ T5773] usb 8-1: Product: syz
[  112.891938][ T5773] usb 8-1: Manufacturer: syz
[  112.911551][ T5773] usb 8-1: SerialNumber: syz
[  112.966630][ T5776] usb 4-1: USB disconnect, device number 2
[  113.020778][ T5773] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  113.037641][ T5779] usb 3-1: USB disconnect, device number 2
[  113.052635][   T23] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  113.062645][ T5778] usb 2-1: USB disconnect, device number 2
[  113.280027][    T9] usb 8-1: USB disconnect, device number 2
[  113.462472][   T10] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  113.470940][   T10] ath9k_htc: Failed to initialize the device
[  113.478514][ T3005] usb 7-1: ath9k_htc: USB layer deinitialized
[  113.792332][ T3005] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  113.862377][ T5775] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  113.869573][ T5775] ath9k_htc: Failed to initialize the device
[  113.876076][ T5776] usb 4-1: ath9k_htc: USB layer deinitialized
[  113.942339][   T28] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  113.946332][ T3005] usb 7-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[  113.949767][   T43] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  113.959189][ T3005] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.966652][   T28] ath9k_htc: Failed to initialize the device
[  113.975808][ T3005] usb 7-1: Product: syz
[  113.983223][   T43] ath9k_htc: Failed to initialize the device
[  113.987500][ T3005] usb 7-1: Manufacturer: syz
[  113.999594][ T5779] usb 3-1: ath9k_htc: USB layer deinitialized
[  114.008622][ T5778] usb 2-1: ath9k_htc: USB layer deinitialized
[  114.016256][ T3005] usb 7-1: SerialNumber: syz
[  114.102322][   T23] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  114.110063][   T23] ath9k_htc: Failed to initialize the device
[  114.117064][    T9] usb 8-1: ath9k_htc: USB layer deinitialized
[  114.173548][ T3005] usb 7-1: reset high-speed USB device number 3 using dummy_hcd
[  114.182401][ T5776] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  114.322356][ T5779] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  114.331011][ T5778] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  114.355999][ T5776] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[  114.365442][ T5776] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.375117][ T5776] usb 4-1: Product: syz
[  114.381211][ T5776] usb 4-1: Manufacturer: syz
[  114.386549][ T5776] usb 4-1: SerialNumber: syz
[  114.412358][    T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  114.487209][ T5779] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[  114.497664][ T5779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.506117][ T5778] usb 2-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[  114.515611][ T5779] usb 3-1: Product: syz
[  114.520419][ T5778] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.528962][ T5779] usb 3-1: Manufacturer: syz
[  114.534514][ T5776] usb 4-1: reset high-speed USB device number 3 using dummy_hcd
[  114.543029][ T5778] usb 2-1: Product: syz
[  114.547413][ T5779] usb 3-1: SerialNumber: syz
[  114.552970][ T5778] usb 2-1: Manufacturer: syz
[  114.559092][ T5778] usb 2-1: SerialNumber: syz
[  114.578326][    T9] usb 8-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[  114.591011][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.602364][    T9] usb 8-1: Product: syz
[  114.607604][    T9] usb 8-1: Manufacturer: syz
[  114.613063][    T9] usb 8-1: SerialNumber: syz
[  114.692582][ T5779] usb 3-1: reset high-speed USB device number 3 using dummy_hcd
[  114.712344][ T5778] usb 2-1: reset high-speed USB device number 3 using dummy_hcd
[  114.752326][    T9] usb 8-1: reset high-speed USB device number 3 using dummy_hcd
[  114.872388][ T3005] usb 7-1: device descriptor read/64, error -71
[  115.175861][ T5781] usb 7-1: driver   API: 1.9.9 2016-02-15 [1-1]
[  115.183096][ T5781] usb 7-1: firmware API: 1.9.6 2012-07-07
[  115.232329][ T5776] usb 4-1: device descriptor read/64, error -71
[  115.394794][    C0] usb 7-1: received invalid command response:got 60, instead of 0
[  115.402986][    C0] usb 7-1: restart device (9)
[  115.408753][ T5778] usb 2-1: device descriptor read/64, error -71
[  115.416268][    C0] usb 7-1: received invalid command response:got -2, instead of 0
[  115.424674][ T5779] usb 3-1: device descriptor read/64, error -71
[  115.492536][    T9] usb 8-1: device descriptor read/64, error -71
[  115.516124][ T3005] usb 4-1: driver   API: 1.9.9 2016-02-15 [1-1]
[  115.527776][ T3005] usb 4-1: firmware API: 1.9.6 2012-07-07
[  115.616505][    C0] usb 7-1: received invalid command response:got 60, instead of 4
[  115.624700][    C0] ==================================================================
[  115.633094][    C0] BUG: KASAN: stack-out-of-bounds in carl9170_handle_command_response+0x21f/0xc50
[  115.643095][    C0] Write of size 60 at addr ffffc900015dfa38 by task swapper/0/0
[  115.650826][    C0] 
[  115.653434][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  115.653454][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  115.653469][    C0] Call Trace:
[  115.653477][    C0]  <IRQ>
[  115.653486][    C0]  dump_stack_lvl+0x100/0x190
[  115.653515][    C0]  print_report+0x13d/0x4b0
[  115.653538][    C0]  ? __lock_acquire+0x4a5/0x2630
[  115.653557][    C0]  ? carl9170_handle_command_response+0x21f/0xc50
[  115.653576][    C0]  kasan_report+0xdf/0x1d0
[  115.653606][    C0]  ? carl9170_handle_command_response+0x21f/0xc50
[  115.653627][    C0]  kasan_check_range+0x10f/0x1e0
[  115.653642][    C0]  __asan_memcpy+0x3c/0x60
[  115.653659][    C0]  carl9170_handle_command_response+0x21f/0xc50
[  115.653678][    C0]  carl9170_usb_rx_irq_complete+0xfc/0x1b0
[  115.653702][    C0]  __usb_hcd_giveback_urb+0x38d/0x610
[  115.653720][    C0]  usb_hcd_giveback_urb+0x3ca/0x4a0
[  115.653735][    C0]  dummy_timer+0xda1/0x36c0
[  115.653756][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  115.653781][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  115.653795][    C0]  ? rcu_is_watching+0x12/0xc0
[  115.653816][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  115.653836][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  115.653852][    C0]  __hrtimer_run_queues+0x470/0xa00
[  115.653876][    C0]  hrtimer_run_softirq+0x17d/0x2c0
[  115.653896][    C0]  handle_softirqs+0x1dd/0x9e0
[  115.653922][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  115.653944][    C0]  ? _raw_spin_unlock+0x28/0x50
[  115.653961][    C0]  ? __hrtimer_rearm_deferred+0x9b/0x740
[  115.653983][    C0]  __irq_exit_rcu+0x160/0x210
[  115.654004][    C0]  irq_exit_rcu+0x9/0x30
[  115.654025][    C0]  sysvec_apic_timer_interrupt+0x8f/0xb0
[  115.654049][    C0]  </IRQ>
[  115.654054][    C0]  <TASK>
[  115.654059][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  115.654080][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  115.654102][    C0] Code: d4 b4 01 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 9d 15 00 fb f4 <e9> 7c f2 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  115.654120][    C0] RSP: 0018:ffffffff89407e10 EFLAGS: 00000242
[  115.654133][    C0] RAX: 00000000000942ef RBX: ffffffff8942ca40 RCX: ffffffff8770e3f5
[  115.654143][    C0] RDX: 0000000000000000 RSI: ffffffff890d1d42 RDI: ffffffff87b03fe0
[  115.654152][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed103eac673d
[  115.654165][    C0] R10: ffff8881f56339eb R11: 0000000000000000 R12: 0000000000000000
[  115.654178][    C0] R13: fffffbfff1285948 R14: 0000000000000000 R15: ffffffff8af1a1d0
[  115.654190][    C0]  ? ct_kernel_exit+0x125/0x180
[  115.654214][    C0]  default_idle+0x9/0x10
[  115.654228][    C0]  default_idle_call+0x6c/0xb0
[  115.654243][    C0]  do_idle+0x464/0x590
[  115.654260][    C0]  ? __pfx_do_idle+0x10/0x10
[  115.654277][    C0]  cpu_startup_entry+0x4f/0x60
[  115.654292][    C0]  rest_init+0x251/0x260
[  115.654308][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  115.654330][    C0]  start_kernel+0x47f/0x480
[  115.654354][    C0]  x86_64_start_reservations+0x24/0x30
[  115.654372][    C0]  x86_64_start_kernel+0x12b/0x130
[  115.654395][    C0]  common_startup_64+0x13e/0x148
[  115.654416][    C0]  </TASK>
[  115.654421][    C0] 
[  115.991311][    C0] The buggy address belongs to a vmalloc virtual mapping
[  115.998519][    C0] The buggy address belongs to the physical page:
[  116.005107][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10629f
[  116.014776][    C0] flags: 0x200000000000000(node=0|zone=2)
[  116.020989][    C0] raw: 0200000000000000 0000000000000000 ffffea000418a7c8 0000000000000000
[  116.029862][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  116.039598][    C0] page dumped because: kasan: bad access detected
[  116.046133][    C0] page_owner tracks the page as allocated
[  116.052115][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 113287168122, free_ts 83534111618
[  116.071786][    C0]  post_alloc_hook+0x153/0x170
[  116.076684][    C0]  get_page_from_freelist+0xf34/0x3a90
[  116.083144][    C0]  __alloc_frozen_pages_noprof+0x273/0x28a0
[  116.089710][    C0]  __alloc_pages_noprof+0xb/0x110
[  116.095211][    C0]  __vmalloc_node_range_noprof+0xe0c/0x1630
[  116.101837][    C0]  __vmalloc_node_noprof+0xad/0xf0
[  116.107327][    C0]  copy_process+0x7fb/0x7d20
[  116.112901][    C0]  kernel_clone+0x12e/0x9c0
[  116.117515][    C0]  kernel_thread+0xdb/0x120
[  116.122870][    C0]  kthreadd+0x498/0x7a0
[  116.128229][    C0]  ret_from_fork+0x69a/0xc80
[  116.133225][    C0]  ret_from_fork_asm+0x1a/0x30
[  116.138573][    C0] page last free pid 4434 tgid 4434 stack trace:
[  116.146648][    C0]  __free_frozen_pages+0x692/0xf10
[  116.152191][    C0]  qlist_free_all+0x47/0xf0
[  116.156992][    C0]  kasan_quarantine_reduce+0x1a0/0x1f0
[  116.163104][    C0]  __kasan_slab_alloc+0x4e/0x70
[  116.168201][    C0]  kmem_cache_alloc_noprof+0x2e7/0x6a0
[  116.174327][    C0]  vm_area_dup+0x25/0x6e0
[  116.179151][    C0]  __split_vma+0x18c/0xd60
[  116.183761][    C0]  vma_modify+0x11ab/0x2290
[  116.188633][    C0]  vma_modify_flags+0x1f2/0x360
[  116.193848][    C0]  mprotect_fixup+0x27a/0xe30
[  116.199275][    C0]  do_mprotect_pkey+0xa4b/0xef0
[  116.204882][    C0]  __x64_sys_mprotect+0x78/0xc0
[  116.210119][    C0]  do_syscall_64+0x10b/0x7f0
[  116.215102][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.221378][    C0] 
[  116.223789][    C0] Memory state around the buggy address:
[  116.229594][    C0]  ffffc900015df900: f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00
[  116.238253][    C0]  ffffc900015df980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  116.246688][    C0] >ffffc900015dfa00: 00 f1 f1 f1 f1 f1 f1 04 f2 04 f3 f3 f3 00 00 00
[  116.255136][    C0]                                         ^
[  116.261206][    C0]  ffffc900015dfa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  116.269781][    C0]  ffffc900015dfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  116.278298][    C0] ==================================================================
[  116.286579][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  116.294159][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  116.303566][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  116.314229][    C0] Call Trace:
[  116.317549][    C0]  <IRQ>
[  116.320402][    C0]  dump_stack_lvl+0x100/0x190
[  116.325469][    C0]  vpanic+0x552/0x970
[  116.329795][    C0]  ? __pfx_vpanic+0x10/0x10
[  116.334626][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  116.339788][    C0]  ? carl9170_handle_command_response+0x21f/0xc50
[  116.346520][    C0]  panic+0xd1/0xe0
[  116.350366][    C0]  ? __pfx_panic+0x10/0x10
[  116.354974][    C0]  ? end_report.part.0+0x23/0x90
[  116.359928][    C0]  ? rcu_is_watching+0x12/0xc0
[  116.364998][    C0]  ? end_report.part.0+0x23/0x90
[  116.370654][    C0]  ? check_panic_on_warn+0x1f/0x90
[  116.376074][    C0]  check_panic_on_warn.cold+0x19/0x34
[  116.382158][    C0]  end_report.part.0+0x3a/0x90
[  116.387313][    C0]  kasan_report.cold+0xe/0x18
[  116.392294][    C0]  ? carl9170_handle_command_response+0x21f/0xc50
[  116.399178][    C0]  kasan_check_range+0x10f/0x1e0
[  116.404735][    C0]  __asan_memcpy+0x3c/0x60
[  116.409293][    C0]  carl9170_handle_command_response+0x21f/0xc50
[  116.415994][    C0]  carl9170_usb_rx_irq_complete+0xfc/0x1b0
[  116.422163][    C0]  __usb_hcd_giveback_urb+0x38d/0x610
[  116.428271][    C0]  usb_hcd_giveback_urb+0x3ca/0x4a0
[  116.433782][    C0]  dummy_timer+0xda1/0x36c0
[  116.438488][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  116.444607][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  116.449850][    C0]  ? rcu_is_watching+0x12/0xc0
[  116.455191][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  116.461310][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  116.466458][    C0]  __hrtimer_run_queues+0x470/0xa00
[  116.471964][    C0]  hrtimer_run_softirq+0x17d/0x2c0
[  116.477266][    C0]  handle_softirqs+0x1dd/0x9e0
[  116.482575][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  116.488111][    C0]  ? _raw_spin_unlock+0x28/0x50
[  116.493245][    C0]  ? __hrtimer_rearm_deferred+0x9b/0x740
[  116.499722][    C0]  __irq_exit_rcu+0x160/0x210
[  116.504909][    C0]  irq_exit_rcu+0x9/0x30
[  116.509217][    C0]  sysvec_apic_timer_interrupt+0x8f/0xb0
[  116.515519][    C0]  </IRQ>
[  116.518852][    C0]  <TASK>
[  116.522447][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  116.529207][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  116.535744][    C0] Code: d4 b4 01 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 9d 15 00 fb f4 <e9> 7c f2 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  116.559127][    C0] RSP: 0018:ffffffff89407e10 EFLAGS: 00000242
[  116.565618][    C0] RAX: 00000000000942ef RBX: ffffffff8942ca40 RCX: ffffffff8770e3f5
[  116.573968][    C0] RDX: 0000000000000000 RSI: ffffffff890d1d42 RDI: ffffffff87b03fe0
[  116.582237][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed103eac673d
[  116.591769][    C0] R10: ffff8881f56339eb R11: 0000000000000000 R12: 0000000000000000
[  116.602685][    C0] R13: fffffbfff1285948 R14: 0000000000000000 R15: ffffffff8af1a1d0
[  116.611840][    C0]  ? ct_kernel_exit+0x125/0x180
[  116.617778][    C0]  default_idle+0x9/0x10
[  116.622741][    C0]  default_idle_call+0x6c/0xb0
[  116.627798][    C0]  do_idle+0x464/0x590
[  116.631991][    C0]  ? __pfx_do_idle+0x10/0x10
[  116.636863][    C0]  cpu_startup_entry+0x4f/0x60
[  116.642814][    C0]  rest_init+0x251/0x260
[  116.647634][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  116.654445][    C0]  start_kernel+0x47f/0x480
[  116.659692][    C0]  x86_64_start_reservations+0x24/0x30
[  116.665640][    C0]  x86_64_start_kernel+0x12b/0x130
[  116.671329][    C0]  common_startup_64+0x13e/0x148
[  116.677168][    C0]  </TASK>
[  116.681324][    C0] Kernel Offset: disabled
[  116.685959][    C0] Rebooting in 86400 seconds..