Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts.
2025/09/18 00:16:21 parsed 1 programs
[   86.619261][ T5869] cgroup: Unknown subsys name 'net'
[   86.748139][ T5869] cgroup: Unknown subsys name 'cpuset'
[   86.757203][ T5869] cgroup: Unknown subsys name 'rlimit'
[   88.341362][ T5869] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.869216][ T5882] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.905614][    T9] cfg80211: failed to load regulatory.db
[   93.002080][ T5920] chnl_net:caif_netlink_parms(): no params data found
[   93.094037][ T5920] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.101316][ T5920] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.109835][ T5920] bridge_slave_0: entered allmulticast mode
[   93.117772][ T5920] bridge_slave_0: entered promiscuous mode
[   93.127063][ T5920] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.134141][ T5920] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.141418][ T5920] bridge_slave_1: entered allmulticast mode
[   93.148435][ T5920] bridge_slave_1: entered promiscuous mode
[   93.179853][ T5920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.192995][ T5920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.231233][ T5920] team0: Port device team_slave_0 added
[   93.239929][ T5920] team0: Port device team_slave_1 added
[   93.266383][ T5920] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.273332][ T5920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.299702][ T5920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.312728][ T5920] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.319896][ T5920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.345908][ T5920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.386304][ T5920] hsr_slave_0: entered promiscuous mode
[   93.392860][ T5920] hsr_slave_1: entered promiscuous mode
[   93.520434][ T5920] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.533503][ T5920] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.544199][ T5920] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.553967][ T5920] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.583122][ T5920] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.590451][ T5920] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.598267][ T5920] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.605395][ T5920] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.661426][ T5920] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.680637][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.690256][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.709578][ T5920] 8021q: adding VLAN 0 to HW filter on device team0
[   93.723446][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.730598][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.744669][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.751875][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.926728][ T5920] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.969823][ T5920] veth0_vlan: entered promiscuous mode
[   93.982097][ T5920] veth1_vlan: entered promiscuous mode
[   94.011282][ T5920] veth0_macvtap: entered promiscuous mode
[   94.021472][ T5920] veth1_macvtap: entered promiscuous mode
[   94.041096][ T5920] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.056453][ T5920] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.073855][ T1113] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.084592][ T1113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.094344][ T1113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.104310][ T1113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.236768][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.297952][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.408160][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.444293][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.453959][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.463019][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.475721][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.477293][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.483701][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   94.857736][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.866013][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.898375][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.906838][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/09/18 00:16:33 executed programs: 0
[   95.657872][ T5187] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.667858][ T5187] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.676325][ T5187] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.684338][ T5187] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.693005][ T5187] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.871077][ T5975] chnl_net:caif_netlink_parms(): no params data found
[   95.939414][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.946746][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.953948][ T5975] bridge_slave_0: entered allmulticast mode
[   95.961929][ T5975] bridge_slave_0: entered promiscuous mode
[   95.971194][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.978530][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.985996][ T5975] bridge_slave_1: entered allmulticast mode
[   95.992953][ T5975] bridge_slave_1: entered promiscuous mode
[   96.021519][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.032939][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.066609][ T5975] team0: Port device team_slave_0 added
[   96.074317][ T5975] team0: Port device team_slave_1 added
[   96.102018][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.109722][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.136336][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.148708][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.155983][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.182638][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.224213][ T5975] hsr_slave_0: entered promiscuous mode
[   96.230543][ T5975] hsr_slave_1: entered promiscuous mode
[   96.236909][ T5975] debugfs: 'hsr0' already exists in 'hsr'
[   96.242721][ T5975] Cannot create hsr debugfs directory
[   97.238286][   T13] bridge_slave_1: left allmulticast mode
[   97.244200][   T13] bridge_slave_1: left promiscuous mode
[   97.251433][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.263056][   T13] bridge_slave_0: left allmulticast mode
[   97.270086][   T13] bridge_slave_0: left promiscuous mode
[   97.276554][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.467580][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.478824][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.491943][   T13] bond0 (unregistering): Released all slaves
[   97.589004][   T13] hsr_slave_0: left promiscuous mode
[   97.599714][   T13] hsr_slave_1: left promiscuous mode
[   97.613279][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.622465][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.631094][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.640142][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.663620][   T13] veth1_macvtap: left promiscuous mode
[   97.674292][   T13] veth0_macvtap: left promiscuous mode
[   97.680506][   T13] veth1_vlan: left promiscuous mode
[   97.689155][   T13] veth0_vlan: left promiscuous mode
[   97.735861][ T5187] Bluetooth: hci0: command tx timeout
[   98.148495][   T13] team0 (unregistering): Port device team_slave_1 removed
[   98.181097][   T13] team0 (unregistering): Port device team_slave_0 removed
[   98.717344][ T5975] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.739561][ T5975] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.759582][ T5975] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.782883][ T5975] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.217364][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.287643][ T5975] 8021q: adding VLAN 0 to HW filter on device team0
[   99.303207][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.310383][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.354175][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.361387][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.810044][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.818998][ T5187] Bluetooth: hci0: command tx timeout
[   99.871303][ T5975] veth0_vlan: entered promiscuous mode
[   99.886637][ T5975] veth1_vlan: entered promiscuous mode
[   99.922833][ T5975] veth0_macvtap: entered promiscuous mode
[   99.933196][ T5975] veth1_macvtap: entered promiscuous mode
[   99.961144][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.973707][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.998026][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.018088][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.029905][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.039184][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.095024][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.103178][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.132851][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.142272][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.207259][ T6035] FAULT_INJECTION: forcing a failure.
[  100.207259][ T6035] name failslab, interval 1, probability 0, space 0, times 1
[  100.221332][ T6035] CPU: 0 UID: 0 PID: 6035 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  100.221360][ T6035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  100.221376][ T6035] Call Trace:
[  100.221387][ T6035]  <TASK>
[  100.221395][ T6035]  dump_stack_lvl+0x16c/0x1f0
[  100.221434][ T6035]  should_fail_ex+0x512/0x640
[  100.221460][ T6035]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  100.221493][ T6035]  should_failslab+0xc2/0x120
[  100.221517][ T6035]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  100.221544][ T6035]  ? __kthread_create_on_node+0x186/0x3f0
[  100.221574][ T6035]  kvasprintf+0xbc/0x160
[  100.221596][ T6035]  ? __pfx_kvasprintf+0x10/0x10
[  100.221631][ T6035]  ? __pfx_dvb_frontend_thread+0x10/0x10
[  100.221670][ T6035]  __kthread_create_on_node+0x186/0x3f0
[  100.221699][ T6035]  ? __pfx___kthread_create_on_node+0x10/0x10
[  100.221746][ T6035]  ? __pfx_dvb_frontend_thread+0x10/0x10
[  100.221782][ T6035]  kthread_create_on_node+0xc7/0x100
[  100.221812][ T6035]  ? __pfx_kthread_create_on_node+0x10/0x10
[  100.221854][ T6035]  ? mark_held_locks+0x49/0x80
[  100.221884][ T6035]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  100.221914][ T6035]  ? lockdep_hardirqs_on+0x7c/0x110
[  100.221958][ T6035]  dvb_frontend_open+0xf47/0x1730
[  100.222003][ T6035]  ? __pfx_dvb_frontend_open+0x10/0x10
[  100.222041][ T6035]  dvb_device_open+0x26d/0x3b0
[  100.222064][ T6035]  ? __pfx_dvb_device_open+0x10/0x10
[  100.222086][ T6035]  chrdev_open+0x234/0x6a0
[  100.222118][ T6035]  ? __pfx_chrdev_open+0x10/0x10
[  100.222150][ T6035]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  100.222184][ T6035]  do_dentry_open+0x982/0x1530
[  100.222213][ T6035]  ? __pfx_chrdev_open+0x10/0x10
[  100.222250][ T6035]  vfs_open+0x82/0x3f0
[  100.222288][ T6035]  path_openat+0x1de4/0x2cb0
[  100.222327][ T6035]  ? __pfx_path_openat+0x10/0x10
[  100.222363][ T6035]  do_filp_open+0x20b/0x470
[  100.222389][ T6035]  ? __pfx_do_filp_open+0x10/0x10
[  100.222441][ T6035]  ? alloc_fd+0x471/0x7d0
[  100.222475][ T6035]  do_sys_openat2+0x11b/0x1d0
[  100.222508][ T6035]  ? __pfx_do_sys_openat2+0x10/0x10
[  100.222556][ T6035]  __x64_sys_openat+0x174/0x210
[  100.222578][ T6035]  ? __pfx___x64_sys_openat+0x10/0x10
[  100.222613][ T6035]  do_syscall_64+0xcd/0x4c0
[  100.222657][ T6035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.222680][ T6035] RIP: 0033:0x7f02ae18eba9
[  100.222707][ T6035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.222730][ T6035] RSP: 002b:00007fffac3827c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  100.222752][ T6035] RAX: ffffffffffffffda RBX: 00007f02ae3d5fa0 RCX: 00007f02ae18eba9
[  100.222767][ T6035] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  100.222781][ T6035] RBP: 00007f02ae211e19 R08: 0000000000000000 R09: 0000000000000000
[  100.222795][ T6035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.222808][ T6035] R13: 00007f02ae3d5fa0 R14: 00007f02ae3d5fa0 R15: 0000000000000004
[  100.222842][ T6035]  </TASK>
[  100.222888][ T6035] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12)
[  100.567633][ T6036] FAULT_INJECTION: forcing a failure.
[  100.567633][ T6036] name failslab, interval 1, probability 0, space 0, times 0
[  100.581968][ T6036] CPU: 0 UID: 0 PID: 6036 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
[  100.582001][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  100.582014][ T6036] Call Trace:
[  100.582022][ T6036]  <TASK>
[  100.582031][ T6036]  dump_stack_lvl+0x16c/0x1f0
2025/09/18 00:16:38 executed programs: 3
[  100.582071][ T6036]  should_fail_ex+0x512/0x640
[  100.582106][ T6036]  ? fs_reclaim_acquire+0xae/0x150
[  100.582143][ T6036]  ? tomoyo_encode2+0x100/0x3e0
[  100.582174][ T6036]  should_failslab+0xc2/0x120
[  100.582206][ T6036]  __kmalloc_noprof+0xd2/0x510
[  100.582233][ T6036]  ? d_absolute_path+0x136/0x1a0
[  100.582272][ T6036]  tomoyo_encode2+0x100/0x3e0
[  100.582310][ T6036]  tomoyo_encode+0x29/0x50
[  100.582341][ T6036]  tomoyo_realpath_from_path+0x18f/0x6e0
[  100.582385][ T6036]  tomoyo_check_open_permission+0x2ab/0x3c0
[  100.582416][ T6036]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  100.582485][ T6036]  ? do_raw_spin_lock+0x12c/0x2b0
[  100.582531][ T6036]  tomoyo_file_open+0x6b/0x90
[  100.582556][ T6036]  security_file_open+0x84/0x1e0
[  100.582589][ T6036]  do_dentry_open+0x596/0x1530
[  100.582635][ T6036]  vfs_open+0x82/0x3f0
[  100.582674][ T6036]  path_openat+0x1de4/0x2cb0
[  100.582717][ T6036]  ? __pfx_path_openat+0x10/0x10
[  100.582756][ T6036]  do_filp_open+0x20b/0x470
[  100.582785][ T6036]  ? __pfx_do_filp_open+0x10/0x10
[  100.582841][ T6036]  ? alloc_fd+0x471/0x7d0
[  100.582878][ T6036]  do_sys_openat2+0x11b/0x1d0
[  100.582912][ T6036]  ? __pfx_do_sys_openat2+0x10/0x10
[  100.582962][ T6036]  __x64_sys_openat+0x174/0x210
[  100.582984][ T6036]  ? __pfx___x64_sys_openat+0x10/0x10
[  100.583022][ T6036]  do_syscall_64+0xcd/0x4c0
[  100.583061][ T6036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.583085][ T6036] RIP: 0033:0x7f02ae18eba9
[  100.583104][ T6036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.583126][ T6036] RSP: 002b:00007fffac3827c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  100.583148][ T6036] RAX: ffffffffffffffda RBX: 00007f02ae3d5fa0 RCX: 00007f02ae18eba9
[  100.583165][ T6036] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  100.583180][ T6036] RBP: 00007f02ae211e19 R08: 0000000000000000 R09: 0000000000000000
[  100.583194][ T6036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.583208][ T6036] R13: 00007f02ae3d5fa0 R14: 00007f02ae3d5fa0 R15: 0000000000000004
[  100.583242][ T6036]  </TASK>
[  100.583462][ T6036] ERROR: Out of memory at tomoyo_realpath_from_path.
[  100.853396][ T6038] FAULT_INJECTION: forcing a failure.
[  100.853396][ T6038] name failslab, interval 1, probability 0, space 0, times 0
[  100.867528][ T6038] CPU: 0 UID: 0 PID: 6038 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) 
[  100.867560][ T6038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  100.867573][ T6038] Call Trace:
[  100.867581][ T6038]  <TASK>
[  100.867591][ T6038]  dump_stack_lvl+0x16c/0x1f0
[  100.867630][ T6038]  should_fail_ex+0x512/0x640
[  100.867664][ T6038]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  100.867699][ T6038]  should_failslab+0xc2/0x120
[  100.867729][ T6038]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  100.867760][ T6038]  ? __kthread_create_on_node+0x186/0x3f0
[  100.867798][ T6038]  kvasprintf+0xbc/0x160
[  100.867823][ T6038]  ? __pfx_kvasprintf+0x10/0x10
[  100.867863][ T6038]  ? __pfx_dvb_frontend_thread+0x10/0x10
[  100.867897][ T6038]  __kthread_create_on_node+0x186/0x3f0
[  100.867929][ T6038]  ? __pfx___kthread_create_on_node+0x10/0x10
[  100.867972][ T6038]  ? __lock_acquire+0xb97/0x1ce0
[  100.868007][ T6038]  ? __pfx_dvb_frontend_thread+0x10/0x10
[  100.868042][ T6038]  kthread_create_on_node+0xc7/0x100
[  100.868072][ T6038]  ? __pfx_kthread_create_on_node+0x10/0x10
[  100.868109][ T6038]  ? mark_held_locks+0x49/0x80
[  100.868138][ T6038]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  100.868173][ T6038]  ? lockdep_hardirqs_on+0x7c/0x110
[  100.868212][ T6038]  dvb_frontend_open+0xf47/0x1730
[  100.868257][ T6038]  ? __pfx_dvb_frontend_open+0x10/0x10
[  100.868294][ T6038]  dvb_device_open+0x26d/0x3b0
[  100.868323][ T6038]  ? __pfx_dvb_device_open+0x10/0x10
[  100.868346][ T6038]  chrdev_open+0x234/0x6a0
[  100.868375][ T6038]  ? __pfx_apparmor_file_open+0x10/0x10
[  100.868403][ T6038]  ? __pfx_chrdev_open+0x10/0x10
[  100.868434][ T6038]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  100.868467][ T6038]  do_dentry_open+0x982/0x1530
[  100.868496][ T6038]  ? __pfx_chrdev_open+0x10/0x10
[  100.868533][ T6038]  vfs_open+0x82/0x3f0
[  100.868572][ T6038]  path_openat+0x1de4/0x2cb0
[  100.868612][ T6038]  ? __pfx_path_openat+0x10/0x10
[  100.868649][ T6038]  do_filp_open+0x20b/0x470
[  100.868678][ T6038]  ? __pfx_do_filp_open+0x10/0x10
[  100.868733][ T6038]  ? alloc_fd+0x471/0x7d0
[  100.868770][ T6038]  do_sys_openat2+0x11b/0x1d0
[  100.868803][ T6038]  ? __pfx_do_sys_openat2+0x10/0x10
[  100.868852][ T6038]  __x64_sys_openat+0x174/0x210
[  100.868874][ T6038]  ? __pfx___x64_sys_openat+0x10/0x10
[  100.868910][ T6038]  do_syscall_64+0xcd/0x4c0
[  100.868948][ T6038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.868972][ T6038] RIP: 0033:0x7f02ae18eba9
[  100.868991][ T6038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.869012][ T6038] RSP: 002b:00007fffac3827c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  100.869034][ T6038] RAX: ffffffffffffffda RBX: 00007f02ae3d5fa0 RCX: 00007f02ae18eba9
[  100.869050][ T6038] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  100.869064][ T6038] RBP: 00007f02ae211e19 R08: 0000000000000000 R09: 0000000000000000
[  100.869078][ T6038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.869092][ T6038] R13: 00007f02ae3d5fa0 R14: 00007f02ae3d5fa0 R15: 0000000000000004
[  100.869125][ T6038]  </TASK>
[  100.869156][ T6038] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12)
[  101.204086][ T6039] ==================================================================
[  101.212179][ T6039] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[  101.219913][ T6039] Read of size 8 at addr ffff888140ec9618 by task syz.0.20/6039
[  101.227552][ T6039] 
[  101.229876][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) 
[  101.229894][ T6039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  101.229902][ T6039] Call Trace:
[  101.229908][ T6039]  <TASK>
[  101.229914][ T6039]  dump_stack_lvl+0x116/0x1f0
[  101.229938][ T6039]  print_report+0xcd/0x630
[  101.229956][ T6039]  ? __virt_addr_valid+0x81/0x610
[  101.229973][ T6039]  ? __phys_addr+0xe8/0x180
[  101.229989][ T6039]  ? dvb_device_open+0x36a/0x3b0
[  101.230002][ T6039]  kasan_report+0xe0/0x110
[  101.230018][ T6039]  ? dvb_device_open+0x36a/0x3b0
[  101.230031][ T6039]  ? __pfx_dvb_device_open+0x10/0x10
[  101.230044][ T6039]  dvb_device_open+0x36a/0x3b0
[  101.230056][ T6039]  ? __pfx_dvb_device_open+0x10/0x10
[  101.230068][ T6039]  chrdev_open+0x234/0x6a0
[  101.230085][ T6039]  ? __pfx_apparmor_file_open+0x10/0x10
[  101.230101][ T6039]  ? __pfx_chrdev_open+0x10/0x10
[  101.230118][ T6039]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  101.230135][ T6039]  do_dentry_open+0x982/0x1530
[  101.230152][ T6039]  ? __pfx_chrdev_open+0x10/0x10
[  101.230170][ T6039]  vfs_open+0x82/0x3f0
[  101.230189][ T6039]  path_openat+0x1de4/0x2cb0
[  101.230208][ T6039]  ? __pfx_path_openat+0x10/0x10
[  101.230225][ T6039]  do_filp_open+0x20b/0x470
[  101.230240][ T6039]  ? __pfx_do_filp_open+0x10/0x10
[  101.230264][ T6039]  ? alloc_fd+0x471/0x7d0
[  101.230280][ T6039]  do_sys_openat2+0x11b/0x1d0
[  101.230300][ T6039]  ? __pfx_do_sys_openat2+0x10/0x10
[  101.230324][ T6039]  __x64_sys_openat+0x174/0x210
[  101.230335][ T6039]  ? __pfx___x64_sys_openat+0x10/0x10
[  101.230351][ T6039]  do_syscall_64+0xcd/0x4c0
[  101.230372][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.230386][ T6039] RIP: 0033:0x7f02ae18eba9
[  101.230397][ T6039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.230410][ T6039] RSP: 002b:00007fffac3827c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  101.230423][ T6039] RAX: ffffffffffffffda RBX: 00007f02ae3d5fa0 RCX: 00007f02ae18eba9
[  101.230432][ T6039] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  101.230440][ T6039] RBP: 00007f02ae211e19 R08: 0000000000000000 R09: 0000000000000000
[  101.230449][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.230456][ T6039] R13: 00007f02ae3d5fa0 R14: 00007f02ae3d5fa0 R15: 0000000000000004
[  101.230469][ T6039]  </TASK>
[  101.230473][ T6039] 
[  101.469417][ T6039] Allocated by task 1:
[  101.473473][ T6039]  kasan_save_stack+0x33/0x60
[  101.478148][ T6039]  kasan_save_track+0x14/0x30
[  101.482822][ T6039]  __kasan_kmalloc+0xaa/0xb0
[  101.487404][ T6039]  dvb_register_device+0x1e4/0x2370
[  101.492597][ T6039]  dvb_register_frontend+0x5a6/0x880
[  101.497885][ T6039]  vidtv_bridge_probe+0x459/0xa90
[  101.502915][ T6039]  platform_probe+0x103/0x1d0
[  101.507594][ T6039]  really_probe+0x241/0xa90
[  101.512099][ T6039]  __driver_probe_device+0x1de/0x440
[  101.517382][ T6039]  driver_probe_device+0x4c/0x1b0
[  101.522404][ T6039]  __driver_attach+0x283/0x580
[  101.527166][ T6039]  bus_for_each_dev+0x13e/0x1d0
[  101.532012][ T6039]  bus_add_driver+0x2e9/0x690
[  101.536683][ T6039]  driver_register+0x15c/0x4b0
[  101.541437][ T6039]  vidtv_bridge_init+0x45/0x80
[  101.546194][ T6039]  do_one_initcall+0x120/0x6e0
[  101.550954][ T6039]  kernel_init_freeable+0x5c2/0x910
[  101.556147][ T6039]  kernel_init+0x1c/0x2b0
[  101.560470][ T6039]  ret_from_fork+0x56d/0x730
[  101.565062][ T6039]  ret_from_fork_asm+0x1a/0x30
[  101.569819][ T6039] 
[  101.572131][ T6039] Freed by task 6038:
[  101.576094][ T6039]  kasan_save_stack+0x33/0x60
[  101.580761][ T6039]  kasan_save_track+0x14/0x30
[  101.585430][ T6039]  kasan_save_free_info+0x3b/0x60
[  101.590443][ T6039]  __kasan_slab_free+0x60/0x70
[  101.595199][ T6039]  kfree+0x2b4/0x4d0
[  101.599089][ T6039]  dvb_device_put.part.0+0x60/0x90
[  101.604198][ T6039]  dvb_device_open+0x2a4/0x3b0
[  101.608954][ T6039]  chrdev_open+0x234/0x6a0
[  101.613367][ T6039]  do_dentry_open+0x982/0x1530
[  101.618125][ T6039]  vfs_open+0x82/0x3f0
[  101.622191][ T6039]  path_openat+0x1de4/0x2cb0
[  101.626775][ T6039]  do_filp_open+0x20b/0x470
[  101.631272][ T6039]  do_sys_openat2+0x11b/0x1d0
[  101.635956][ T6039]  __x64_sys_openat+0x174/0x210
[  101.640811][ T6039]  do_syscall_64+0xcd/0x4c0
[  101.645327][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.651222][ T6039] 
[  101.653546][ T6039] The buggy address belongs to the object at ffff888140ec9600
[  101.653546][ T6039]  which belongs to the cache kmalloc-256 of size 256
[  101.667587][ T6039] The buggy address is located 24 bytes inside of
[  101.667587][ T6039]  freed 256-byte region [ffff888140ec9600, ffff888140ec9700)
[  101.681284][ T6039] 
[  101.683595][ T6039] The buggy address belongs to the physical page:
[  101.690007][ T6039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x140ec8
[  101.698850][ T6039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  101.707343][ T6039] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  101.714983][ T6039] page_type: f5(slab)
[  101.718963][ T6039] raw: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[  101.727548][ T6039] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  101.736125][ T6039] head: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[  101.744786][ T6039] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  101.753449][ T6039] head: 057ff00000000001 ffffea000503b201 00000000ffffffff 00000000ffffffff
[  101.762122][ T6039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  101.770786][ T6039] page dumped because: kasan: bad access detected
[  101.777204][ T6039] page_owner tracks the page as allocated
[  101.782902][ T6039] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18419152785, free_ts 0
[  101.802606][ T6039]  post_alloc_hook+0x1c0/0x230
[  101.807371][ T6039]  get_page_from_freelist+0x132b/0x38e0
[  101.812909][ T6039]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  101.818795][ T6039]  alloc_pages_mpol+0x1fb/0x550
[  101.823643][ T6039]  new_slab+0x247/0x330
[  101.827787][ T6039]  ___slab_alloc+0xcf2/0x1750
[  101.832455][ T6039]  __slab_alloc.constprop.0+0x56/0xb0
[  101.837815][ T6039]  __kmalloc_cache_noprof+0xfb/0x3e0
[  101.843090][ T6039]  bus_add_driver+0x92/0x690
[  101.847680][ T6039]  driver_register+0x15c/0x4b0
[  101.852434][ T6039]  usb_register_driver+0x216/0x4d0
[  101.857541][ T6039]  do_one_initcall+0x120/0x6e0
[  101.862302][ T6039]  kernel_init_freeable+0x5c2/0x910
[  101.867498][ T6039]  kernel_init+0x1c/0x2b0
[  101.871821][ T6039]  ret_from_fork+0x56d/0x730
[  101.876415][ T6039]  ret_from_fork_asm+0x1a/0x30
[  101.881180][ T6039] page_owner free stack trace missing
[  101.886534][ T6039] 
[  101.888844][ T6039] Memory state around the buggy address:
[  101.894468][ T6039]  ffff888140ec9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.902518][ T6039]  ffff888140ec9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.910568][ T6039] >ffff888140ec9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.918619][ T6039]                             ^
[  101.923461][ T6039]  ffff888140ec9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.931509][ T6039]  ffff888140ec9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.939648][ T6039] ==================================================================
[  101.963265][ T5187] Bluetooth: hci0: command tx timeout
[  101.978998][ T6039] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.986234][ T6039] CPU: 0 UID: 0 PID: 6039 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) 
[  101.995360][ T6039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  102.005419][ T6039] Call Trace:
[  102.008688][ T6039]  <TASK>
[  102.011603][ T6039]  dump_stack_lvl+0x3d/0x1f0
[  102.016191][ T6039]  vpanic+0x6e8/0x7a0
[  102.020158][ T6039]  ? __pfx_vpanic+0x10/0x10
[  102.024649][ T6039]  ? __pfx_vprintk_emit+0x10/0x10
[  102.029658][ T6039]  ? dvb_device_open+0x36a/0x3b0
[  102.034612][ T6039]  panic+0xca/0xd0
[  102.038346][ T6039]  ? __pfx_panic+0x10/0x10
[  102.042750][ T6039]  ? dvb_device_open+0x36a/0x3b0
[  102.047668][ T6039]  ? preempt_schedule_common+0x44/0xc0
[  102.053114][ T6039]  ? preempt_schedule_thunk+0x16/0x30
[  102.058476][ T6039]  ? check_panic_on_warn+0x1f/0xb0
[  102.063582][ T6039]  check_panic_on_warn+0xab/0xb0
[  102.068509][ T6039]  end_report+0x107/0x170
[  102.072828][ T6039]  kasan_report+0xee/0x110
[  102.077231][ T6039]  ? dvb_device_open+0x36a/0x3b0
[  102.082153][ T6039]  ? __pfx_dvb_device_open+0x10/0x10
[  102.087427][ T6039]  dvb_device_open+0x36a/0x3b0
[  102.092177][ T6039]  ? __pfx_dvb_device_open+0x10/0x10
[  102.097445][ T6039]  chrdev_open+0x234/0x6a0
[  102.101853][ T6039]  ? __pfx_apparmor_file_open+0x10/0x10
[  102.107399][ T6039]  ? __pfx_chrdev_open+0x10/0x10
[  102.112326][ T6039]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  102.118642][ T6039]  do_dentry_open+0x982/0x1530
[  102.123391][ T6039]  ? __pfx_chrdev_open+0x10/0x10
[  102.128315][ T6039]  vfs_open+0x82/0x3f0
[  102.132374][ T6039]  path_openat+0x1de4/0x2cb0
[  102.136964][ T6039]  ? __pfx_path_openat+0x10/0x10
[  102.141913][ T6039]  do_filp_open+0x20b/0x470
[  102.146408][ T6039]  ? __pfx_do_filp_open+0x10/0x10
[  102.151424][ T6039]  ? alloc_fd+0x471/0x7d0
[  102.155735][ T6039]  do_sys_openat2+0x11b/0x1d0
[  102.160403][ T6039]  ? __pfx_do_sys_openat2+0x10/0x10
[  102.165599][ T6039]  __x64_sys_openat+0x174/0x210
[  102.170449][ T6039]  ? __pfx___x64_sys_openat+0x10/0x10
[  102.175811][ T6039]  do_syscall_64+0xcd/0x4c0
[  102.180306][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.186178][ T6039] RIP: 0033:0x7f02ae18eba9
[  102.190575][ T6039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.210169][ T6039] RSP: 002b:00007fffac3827c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  102.218573][ T6039] RAX: ffffffffffffffda RBX: 00007f02ae3d5fa0 RCX: 00007f02ae18eba9
[  102.226534][ T6039] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  102.234486][ T6039] RBP: 00007f02ae211e19 R08: 0000000000000000 R09: 0000000000000000
[  102.242440][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.250393][ T6039] R13: 00007f02ae3d5fa0 R14: 00007f02ae3d5fa0 R15: 0000000000000004
[  102.258354][ T6039]  </TASK>
[  102.261503][ T6039] Kernel Offset: disabled
[  102.265808][ T6039] Rebooting in 86400 seconds..