Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts.
2026/04/23 21:31:59 parsed 1 programs
[   53.522993][   T29] audit: type=1400 audit(1776979919.665:62): avc:  denied  { node_bind } for  pid=2972 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   53.547390][   T29] audit: type=1400 audit(1776979919.675:63): avc:  denied  { module_request } for  pid=2972 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   55.439837][   T29] audit: type=1400 audit(1776979921.585:64): avc:  denied  { mounton } for  pid=2982 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   55.467464][   T29] audit: type=1400 audit(1776979921.615:65): avc:  denied  { mount } for  pid=2982 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   55.470791][ T2982] cgroup: Unknown subsys name 'net'
[   55.502649][   T29] audit: type=1400 audit(1776979921.645:66): avc:  denied  { unmount } for  pid=2982 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   55.636718][ T2982] cgroup: Unknown subsys name 'cpuset'
[   55.647740][ T2982] cgroup: Unknown subsys name 'rlimit'
[   55.797275][   T29] audit: type=1400 audit(1776979921.945:67): avc:  denied  { setattr } for  pid=2982 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   55.823993][   T29] audit: type=1400 audit(1776979921.945:68): avc:  denied  { create } for  pid=2982 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   55.847893][   T29] audit: type=1400 audit(1776979921.945:69): avc:  denied  { write } for  pid=2982 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   55.871840][   T29] audit: type=1400 audit(1776979921.945:70): avc:  denied  { read } for  pid=2982 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   55.899484][   T29] audit: type=1400 audit(1776979921.975:71): avc:  denied  { sys_module } for  pid=2982 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   55.950765][ T2986] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   56.022307][ T2982] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.559267][ T2988] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   61.701962][   T29] kauditd_printk_skb: 33 callbacks suppressed
[   61.701981][   T29] audit: type=1400 audit(1776979927.845:105): avc:  denied  { create } for  pid=3037 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.113702][ T3037] syz-executor (3037) used greatest stack depth: 22696 bytes left
[   69.401239][   T29] audit: type=1400 audit(1776979935.545:106): avc:  denied  { create } for  pid=3502 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2026/04/23 21:32:16 executed programs: 0
2026/04/23 21:32:26 executed programs: 2
[   79.913851][   T29] audit: type=1400 audit(1776979946.055:107): avc:  denied  { read write } for  pid=3961 comm="syz.3.17" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   79.939086][   T29] audit: type=1400 audit(1776979946.055:108): avc:  denied  { open } for  pid=3961 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   79.973003][   T29] audit: type=1400 audit(1776979946.065:109): avc:  denied  { ioctl } for  pid=3961 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   80.154666][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   80.318703][   T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   80.328728][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.337301][   T10] usb 4-1: Product: syz
[   80.341876][   T10] usb 4-1: Manufacturer: syz
[   80.347611][   T10] usb 4-1: SerialNumber: syz
[   80.362800][   T10] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   80.409680][   T29] audit: type=1400 audit(1776979946.555:110): avc:  denied  { firmware_load } for  pid=2810 comm="kworker/0:2" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[   80.450797][ T2810] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   80.656218][  T350] usb 4-1: USB disconnect, device number 2
[   81.514327][ T2810] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[   81.522241][ T2810] ath9k_htc: Failed to initialize the device
[   81.529756][  T350] usb 4-1: ath9k_htc: USB layer deinitialized
[   81.824238][  T350] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   81.988294][  T350] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.08
[   81.998816][  T350] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.007749][  T350] usb 4-1: Product: syz
[   82.012236][  T350] usb 4-1: Manufacturer: syz
[   82.017470][  T350] usb 4-1: SerialNumber: syz
[   82.155050][  T350] usb 4-1: reset high-speed USB device number 3 using dummy_hcd
[   82.844321][  T350] usb 4-1: device descriptor read/64, error -71
[   83.120724][   T28] usb 4-1: driver   API: 1.9.9 2016-02-15 [1-1]
[   83.127475][   T28] usb 4-1: firmware API: 1.9.6 2012-07-07
[   83.339502][    C1] usb 4-1: received invalid command response:got 60, instead of 0
[   83.348224][    C1] usb 4-1: restart device (9)
[   83.354350][    C1] usb 4-1: received invalid command response:got -2, instead of 0
[   83.555069][    C1] usb 4-1: received invalid command response:got 60, instead of 4
[   83.563722][    C1] ==================================================================
[   83.572596][    C1] BUG: KASAN: stack-out-of-bounds in carl9170_handle_command_response+0x21f/0xc50
[   83.582248][    C1] Write of size 60 at addr ffffc900001e7a38 by task swapper/1/0
[   83.590678][    C1] 
[   83.593193][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[   83.593211][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   83.593226][    C1] Call Trace:
[   83.593234][    C1]  <IRQ>
[   83.593243][    C1]  dump_stack_lvl+0x100/0x190
[   83.593272][    C1]  print_report+0x13d/0x4b0
[   83.593292][    C1]  ? __lock_acquire+0x4a5/0x2630
[   83.593309][    C1]  ? carl9170_handle_command_response+0x21f/0xc50
[   83.593328][    C1]  kasan_report+0xdf/0x1d0
[   83.593349][    C1]  ? carl9170_handle_command_response+0x21f/0xc50
[   83.593368][    C1]  kasan_check_range+0x10f/0x1e0
[   83.593382][    C1]  __asan_memcpy+0x3c/0x60
[   83.593399][    C1]  carl9170_handle_command_response+0x21f/0xc50
[   83.593417][    C1]  carl9170_usb_rx_irq_complete+0xfc/0x1b0
[   83.593438][    C1]  __usb_hcd_giveback_urb+0x38d/0x610
[   83.593455][    C1]  usb_hcd_giveback_urb+0x3ca/0x4a0
[   83.593472][    C1]  dummy_timer+0xda1/0x36c0
[   83.593492][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   83.593515][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   83.593528][    C1]  ? rcu_is_watching+0x12/0xc0
[   83.593548][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[   83.593567][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   83.593581][    C1]  __hrtimer_run_queues+0x470/0xa00
[   83.593602][    C1]  hrtimer_run_softirq+0x17d/0x2c0
[   83.593621][    C1]  handle_softirqs+0x1dd/0x9e0
[   83.593644][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   83.593666][    C1]  ? _raw_spin_unlock+0x28/0x50
[   83.593683][    C1]  ? __hrtimer_rearm_deferred+0x9b/0x740
[   83.593703][    C1]  __irq_exit_rcu+0x160/0x210
[   83.593724][    C1]  irq_exit_rcu+0x9/0x30
[   83.593745][    C1]  sysvec_apic_timer_interrupt+0x8f/0xb0
[   83.593766][    C1]  </IRQ>
[   83.593771][    C1]  <TASK>
[   83.593776][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   83.593795][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[   83.593816][    C1] Code: d4 b4 01 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 9d 15 00 fb f4 <e9> 7c f2 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[   83.593833][    C1] RSP: 0018:ffffc9000013fe00 EFLAGS: 00000246
[   83.593845][    C1] RAX: 0000000000046e1b RBX: ffff8881022d9dc0 RCX: ffffffff8770e3f5
[   83.593855][    C1] RDX: 0000000000000000 RSI: ffffffff890d1d42 RDI: ffffffff87b03fe0
[   83.593865][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed103eae673d
[   83.593873][    C1] R10: ffff8881f57339eb R11: 0000000000000000 R12: 0000000000000001
[   83.593888][    C1] R13: ffffed102045b3b8 R14: 0000000000000001 R15: ffffffff8af1a1d0
[   83.593899][    C1]  ? ct_kernel_exit+0x125/0x180
[   83.593922][    C1]  default_idle+0x9/0x10
[   83.593936][    C1]  default_idle_call+0x6c/0xb0
[   83.593950][    C1]  do_idle+0x464/0x590
[   83.593965][    C1]  ? __pfx_do_idle+0x10/0x10
[   83.593982][    C1]  cpu_startup_entry+0x4f/0x60
[   83.593997][    C1]  start_secondary+0x21d/0x2d0
[   83.594010][    C1]  ? __pfx_start_secondary+0x10/0x10
[   83.594025][    C1]  common_startup_64+0x13e/0x148
[   83.594045][    C1]  </TASK>
[   83.594053][    C1] 
[   83.909623][    C1] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900001e0000 allocated at kernel_clone+0x12e/0x9c0
[   83.923064][    C1] The buggy address belongs to the physical page:
[   83.929673][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa7
[   83.939317][    C1] flags: 0x200000000000000(node=0|zone=2)
[   83.945240][    C1] raw: 0200000000000000 ffffea00040aa9c8 ffffea00040aa9c8 0000000000000000
[   83.954195][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   83.963557][    C1] page dumped because: kasan: bad access detected
[   83.970076][    C1] page_owner tracks the page as allocated
[   83.976315][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 2543325669, free_ts 0
[   83.995086][    C1]  post_alloc_hook+0x153/0x170
[   84.000040][    C1]  get_page_from_freelist+0xf34/0x3a90
[   84.006000][    C1]  __alloc_frozen_pages_noprof+0x273/0x28a0
[   84.012824][    C1]  __alloc_pages_noprof+0xb/0x110
[   84.018035][    C1]  __vmalloc_node_range_noprof+0xe0c/0x1630
[   84.024243][    C1]  __vmalloc_node_noprof+0xad/0xf0
[   84.030068][    C1]  copy_process+0x7fb/0x7d20
[   84.035274][    C1]  kernel_clone+0x12e/0x9c0
[   84.040226][    C1]  kernel_thread+0xdb/0x120
[   84.045001][    C1]  kthreadd+0x498/0x7a0
[   84.049822][    C1]  ret_from_fork+0x69a/0xc80
[   84.054815][    C1]  ret_from_fork_asm+0x1a/0x30
[   84.060070][    C1] page_owner free stack trace missing
[   84.066169][    C1] 
[   84.068973][    C1] Memory state around the buggy address:
[   84.075036][    C1]  ffffc900001e7900: f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00
[   84.083982][    C1]  ffffc900001e7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   84.092703][    C1] >ffffc900001e7a00: 00 f1 f1 f1 f1 f1 f1 04 f2 04 f3 f3 f3 00 00 00
[   84.102079][    C1]                                         ^
[   84.108622][    C1]  ffffc900001e7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   84.117244][    C1]  ffffc900001e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   84.126050][    C1] ==================================================================
[   84.134741][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   84.142269][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[   84.151788][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   84.163067][    C1] Call Trace:
[   84.166733][    C1]  <IRQ>
[   84.170007][    C1]  dump_stack_lvl+0x100/0x190
[   84.175011][    C1]  vpanic+0x552/0x970
[   84.179109][    C1]  ? __pfx_vpanic+0x10/0x10
[   84.184066][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[   84.189382][    C1]  ? carl9170_handle_command_response+0x21f/0xc50
[   84.196365][    C1]  panic+0xd1/0xe0
[   84.200262][    C1]  ? __pfx_panic+0x10/0x10
[   84.205073][    C1]  ? end_report.part.0+0x23/0x90
[   84.210645][    C1]  ? rcu_is_watching+0x12/0xc0
[   84.216353][    C1]  ? end_report.part.0+0x23/0x90
[   84.221767][    C1]  ? check_panic_on_warn+0x1f/0x90
[   84.227422][    C1]  check_panic_on_warn.cold+0x19/0x34
[   84.232983][    C1]  end_report.part.0+0x3a/0x90
[   84.238471][    C1]  kasan_report.cold+0xe/0x18
[   84.244168][    C1]  ? carl9170_handle_command_response+0x21f/0xc50
[   84.250982][    C1]  kasan_check_range+0x10f/0x1e0
[   84.256462][    C1]  __asan_memcpy+0x3c/0x60
[   84.261581][    C1]  carl9170_handle_command_response+0x21f/0xc50
[   84.268376][    C1]  carl9170_usb_rx_irq_complete+0xfc/0x1b0
[   84.275022][    C1]  __usb_hcd_giveback_urb+0x38d/0x610
[   84.280923][    C1]  usb_hcd_giveback_urb+0x3ca/0x4a0
[   84.286316][    C1]  dummy_timer+0xda1/0x36c0
[   84.291184][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   84.297351][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   84.302477][    C1]  ? rcu_is_watching+0x12/0xc0
[   84.307620][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[   84.313522][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   84.319069][    C1]  __hrtimer_run_queues+0x470/0xa00
[   84.326052][    C1]  hrtimer_run_softirq+0x17d/0x2c0
[   84.331358][    C1]  handle_softirqs+0x1dd/0x9e0
[   84.336604][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   84.342645][    C1]  ? _raw_spin_unlock+0x28/0x50
[   84.348626][    C1]  ? __hrtimer_rearm_deferred+0x9b/0x740
[   84.355364][    C1]  __irq_exit_rcu+0x160/0x210
[   84.360698][    C1]  irq_exit_rcu+0x9/0x30
[   84.365284][    C1]  sysvec_apic_timer_interrupt+0x8f/0xb0
[   84.371304][    C1]  </IRQ>
[   84.374810][    C1]  <TASK>
[   84.378157][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   84.384778][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[   84.390528][    C1] Code: d4 b4 01 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 9d 15 00 fb f4 <e9> 7c f2 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[   84.412236][    C1] RSP: 0018:ffffc9000013fe00 EFLAGS: 00000246
[   84.418484][    C1] RAX: 0000000000046e1b RBX: ffff8881022d9dc0 RCX: ffffffff8770e3f5
[   84.426718][    C1] RDX: 0000000000000000 RSI: ffffffff890d1d42 RDI: ffffffff87b03fe0
[   84.435120][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed103eae673d
[   84.443474][    C1] R10: ffff8881f57339eb R11: 0000000000000000 R12: 0000000000000001
[   84.451986][    C1] R13: ffffed102045b3b8 R14: 0000000000000001 R15: ffffffff8af1a1d0
[   84.460410][    C1]  ? ct_kernel_exit+0x125/0x180
[   84.465634][    C1]  default_idle+0x9/0x10
[   84.470057][    C1]  default_idle_call+0x6c/0xb0
[   84.475232][    C1]  do_idle+0x464/0x590
[   84.479565][    C1]  ? __pfx_do_idle+0x10/0x10
[   84.484331][    C1]  cpu_startup_entry+0x4f/0x60
[   84.489554][    C1]  start_secondary+0x21d/0x2d0
[   84.494728][    C1]  ? __pfx_start_secondary+0x10/0x10
[   84.500454][    C1]  common_startup_64+0x13e/0x148
[   84.506125][    C1]  </TASK>
[   84.510616][    C1] Kernel Offset: disabled
[   84.515588][    C1] Rebooting in 86400 seconds..