Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts.
2025/09/18 00:47:04 parsed 1 programs
[   86.394429][ T5867] cgroup: Unknown subsys name 'net'
[   86.497077][ T5867] cgroup: Unknown subsys name 'cpuset'
[   86.506221][ T5867] cgroup: Unknown subsys name 'rlimit'
[   88.128342][ T5867] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.781095][ T5883] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.881717][   T43] cfg80211: failed to load regulatory.db
[   93.315875][ T5929] chnl_net:caif_netlink_parms(): no params data found
[   93.394145][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.401793][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.409049][ T5929] bridge_slave_0: entered allmulticast mode
[   93.416458][ T5929] bridge_slave_0: entered promiscuous mode
[   93.425386][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.432516][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.440292][ T5929] bridge_slave_1: entered allmulticast mode
[   93.447629][ T5929] bridge_slave_1: entered promiscuous mode
[   93.481947][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.494219][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.529382][ T5929] team0: Port device team_slave_0 added
[   93.537420][ T5929] team0: Port device team_slave_1 added
[   93.561649][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.568711][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.595136][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.608107][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.615126][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.641120][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.680091][ T5929] hsr_slave_0: entered promiscuous mode
[   93.686409][ T5929] hsr_slave_1: entered promiscuous mode
[   93.812907][ T5929] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.824803][ T5929] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.836411][ T5929] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.846789][ T5929] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.873769][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.880968][ T5929] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.889017][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.896147][ T5929] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.948476][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.968730][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.977526][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.991375][ T5929] 8021q: adding VLAN 0 to HW filter on device team0
[   94.005851][ T1326] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.012945][ T1326] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.028128][ T1326] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.035311][ T1326] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.208319][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.250084][ T5929] veth0_vlan: entered promiscuous mode
[   94.260714][ T5929] veth1_vlan: entered promiscuous mode
[   94.290862][ T5929] veth0_macvtap: entered promiscuous mode
[   94.300144][ T5929] veth1_macvtap: entered promiscuous mode
[   94.318214][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.332594][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.348668][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.358743][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.368117][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.377310][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.488483][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.582239][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.659297][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.720711][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.819814][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.829004][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.838402][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.847415][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.855243][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.090423][ T1326] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.100448][ T1326] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.130462][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.140520][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/09/18 00:47:15 executed programs: 0
[   95.516920][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.526733][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.535116][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.543352][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.551833][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.709118][ T5976] chnl_net:caif_netlink_parms(): no params data found
[   95.782067][ T5976] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.790453][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.797753][ T5976] bridge_slave_0: entered allmulticast mode
[   95.805758][ T5976] bridge_slave_0: entered promiscuous mode
[   95.814448][ T5976] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.821676][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.829250][ T5976] bridge_slave_1: entered allmulticast mode
[   95.836407][ T5976] bridge_slave_1: entered promiscuous mode
[   95.870738][ T5976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.884594][ T5976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.924847][ T5976] team0: Port device team_slave_0 added
[   95.935224][ T5976] team0: Port device team_slave_1 added
[   95.963824][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.970794][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.998723][ T5976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.011687][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.018882][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.045720][ T5976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.097743][ T5976] hsr_slave_0: entered promiscuous mode
[   96.104579][ T5976] hsr_slave_1: entered promiscuous mode
[   96.110960][ T5976] debugfs: 'hsr0' already exists in 'hsr'
[   96.117632][ T5976] Cannot create hsr debugfs directory
[   97.114339][   T12] bridge_slave_1: left allmulticast mode
[   97.120131][   T12] bridge_slave_1: left promiscuous mode
[   97.127536][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.138864][   T12] bridge_slave_0: left allmulticast mode
[   97.145286][   T12] bridge_slave_0: left promiscuous mode
[   97.150977][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.365137][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.376062][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.386817][   T12] bond0 (unregistering): Released all slaves
[   97.513395][   T12] hsr_slave_0: left promiscuous mode
[   97.522926][   T12] hsr_slave_1: left promiscuous mode
[   97.530733][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.546236][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.555465][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.562868][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.591019][   T12] veth1_macvtap: left promiscuous mode
[   97.597640][   T12] veth0_macvtap: left promiscuous mode
[   97.603338][   T12] veth1_vlan: left promiscuous mode
[   97.610503][   T12] veth0_vlan: left promiscuous mode
[   97.634664][ T5185] Bluetooth: hci0: command tx timeout
[   98.057114][   T12] team0 (unregistering): Port device team_slave_1 removed
[   98.087359][   T12] team0 (unregistering): Port device team_slave_0 removed
[   98.629830][ T5976] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.644854][ T5976] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.659422][ T5976] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.675836][ T5976] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.058806][ T5976] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.187973][ T5976] 8021q: adding VLAN 0 to HW filter on device team0
[   99.215593][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.222772][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.251706][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.258936][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.670320][ T5976] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.710905][ T5976] veth0_vlan: entered promiscuous mode
[   99.713810][ T5185] Bluetooth: hci0: command tx timeout
[   99.730005][ T5976] veth1_vlan: entered promiscuous mode
[   99.759161][ T5976] veth0_macvtap: entered promiscuous mode
[   99.768267][ T5976] veth1_macvtap: entered promiscuous mode
[   99.784676][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.798847][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.812599][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.824204][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.835915][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.845394][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.903032][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.915582][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.938479][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.946721][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.981839][ T6036] FAULT_INJECTION: forcing a failure.
[   99.981839][ T6036] name failslab, interval 1, probability 0, space 0, times 1
[   99.995990][ T6036] CPU: 1 UID: 0 PID: 6036 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   99.996009][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   99.996021][ T6036] Call Trace:
[   99.996028][ T6036]  <TASK>
[   99.996034][ T6036]  dump_stack_lvl+0x16c/0x1f0
[   99.996062][ T6036]  should_fail_ex+0x512/0x640
[   99.996083][ T6036]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[   99.996110][ T6036]  should_failslab+0xc2/0x120
[   99.996128][ T6036]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[   99.996146][ T6036]  ? __kthread_create_on_node+0x186/0x3f0
[   99.996168][ T6036]  kvasprintf+0xbc/0x160
[   99.996183][ T6036]  ? __pfx_kvasprintf+0x10/0x10
[   99.996205][ T6036]  ? __pfx_dvb_frontend_thread+0x10/0x10
[   99.996226][ T6036]  __kthread_create_on_node+0x186/0x3f0
[   99.996244][ T6036]  ? __pfx___kthread_create_on_node+0x10/0x10
[   99.996272][ T6036]  ? __pfx_dvb_frontend_thread+0x10/0x10
[   99.996293][ T6036]  kthread_create_on_node+0xc7/0x100
[   99.996310][ T6036]  ? __pfx_kthread_create_on_node+0x10/0x10
[   99.996332][ T6036]  ? mark_held_locks+0x49/0x80
[   99.996349][ T6036]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[   99.996368][ T6036]  ? lockdep_hardirqs_on+0x7c/0x110
[   99.996390][ T6036]  dvb_frontend_open+0xf47/0x1730
[   99.996416][ T6036]  ? __pfx_dvb_frontend_open+0x10/0x10
[   99.996437][ T6036]  dvb_device_open+0x26d/0x3b0
[   99.996451][ T6036]  ? __pfx_dvb_device_open+0x10/0x10
[   99.996463][ T6036]  chrdev_open+0x234/0x6a0
[   99.996483][ T6036]  ? __pfx_chrdev_open+0x10/0x10
[   99.996501][ T6036]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[   99.996520][ T6036]  do_dentry_open+0x982/0x1530
[   99.996537][ T6036]  ? __pfx_chrdev_open+0x10/0x10
[   99.996558][ T6036]  vfs_open+0x82/0x3f0
[   99.996580][ T6036]  path_openat+0x1de4/0x2cb0
[   99.996602][ T6036]  ? __pfx_path_openat+0x10/0x10
[   99.996623][ T6036]  do_filp_open+0x20b/0x470
[   99.996640][ T6036]  ? __pfx_do_filp_open+0x10/0x10
[   99.996669][ T6036]  ? alloc_fd+0x471/0x7d0
[   99.996689][ T6036]  do_sys_openat2+0x11b/0x1d0
[   99.996709][ T6036]  ? __pfx_do_sys_openat2+0x10/0x10
[   99.996736][ T6036]  __x64_sys_openat+0x174/0x210
[   99.996749][ T6036]  ? __pfx___x64_sys_openat+0x10/0x10
[   99.996769][ T6036]  do_syscall_64+0xcd/0x4c0
[   99.996790][ T6036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.996804][ T6036] RIP: 0033:0x7fc90eb8eba9
[   99.996820][ T6036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.996836][ T6036] RSP: 002b:00007fff4455e338 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   99.996849][ T6036] RAX: ffffffffffffffda RBX: 00007fc90edd5fa0 RCX: 00007fc90eb8eba9
[   99.996858][ T6036] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   99.996866][ T6036] RBP: 00007fc90ec11e19 R08: 0000000000000000 R09: 0000000000000000
[   99.996874][ T6036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   99.996882][ T6036] R13: 00007fc90edd5fa0 R14: 00007fc90edd5fa0 R15: 0000000000000004
[   99.996899][ T6036]  </TASK>
[   99.996932][ T6036] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12)
[  100.317378][ T6037] FAULT_INJECTION: forcing a failure.
[  100.317378][ T6037] name failslab, interval 1, probability 0, space 0, times 0
[  100.330085][ T6037] CPU: 1 UID: 0 PID: 6037 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
[  100.330104][ T6037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  100.330112][ T6037] Call Trace:
[  100.330117][ T6037]  <TASK>
[  100.330122][ T6037]  dump_stack_lvl+0x16c/0x1f0
[  100.330147][ T6037]  should_fail_ex+0x512/0x640
[  100.330168][ T6037]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  100.330188][ T6037]  should_failslab+0xc2/0x120
[  100.330206][ T6037]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  100.330224][ T6037]  ? __kthread_create_on_node+0x186/0x3f0
[  100.330245][ T6037]  kvasprintf+0xbc/0x160
[  100.330260][ T6037]  ? __pfx_kvasprintf+0x10/0x10
[  100.330282][ T6037]  ? __pfx_dvb_frontend_thread+0x10/0x10
[  100.330304][ T6037]  __kthread_create_on_node+0x186/0x3f0
[  100.330322][ T6037]  ? __pfx___kthread_create_on_node+0x10/0x10
[  100.330346][ T6037]  ? __lock_acquire+0xb97/0x1ce0
[  100.330366][ T6037]  ? __pfx_dvb_frontend_thread+0x10/0x10
[  100.330387][ T6037]  kthread_create_on_node+0xc7/0x100
[  100.330405][ T6037]  ? __pfx_kthread_create_on_node+0x10/0x10
[  100.330426][ T6037]  ? mark_held_locks+0x49/0x80
[  100.330442][ T6037]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  100.330461][ T6037]  ? lockdep_hardirqs_on+0x7c/0x110
[  100.330483][ T6037]  dvb_frontend_open+0xf47/0x1730
[  100.330509][ T6037]  ? __pfx_dvb_frontend_open+0x10/0x10
[  100.330530][ T6037]  dvb_device_open+0x26d/0x3b0
[  100.330543][ T6037]  ? __pfx_dvb_device_open+0x10/0x10
[  100.330556][ T6037]  chrdev_open+0x234/0x6a0
[  100.330573][ T6037]  ? __pfx_apparmor_file_open+0x10/0x10
[  100.330588][ T6037]  ? __pfx_chrdev_open+0x10/0x10
[  100.330606][ T6037]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  100.330626][ T6037]  do_dentry_open+0x982/0x1530
[  100.330643][ T6037]  ? __pfx_chrdev_open+0x10/0x10
[  100.330664][ T6037]  vfs_open+0x82/0x3f0
[  100.330685][ T6037]  path_openat+0x1de4/0x2cb0
[  100.330708][ T6037]  ? __pfx_path_openat+0x10/0x10
[  100.330729][ T6037]  do_filp_open+0x20b/0x470
[  100.330745][ T6037]  ? __pfx_do_filp_open+0x10/0x10
[  100.330774][ T6037]  ? alloc_fd+0x471/0x7d0
[  100.330794][ T6037]  do_sys_openat2+0x11b/0x1d0
[  100.330818][ T6037]  ? __pfx_do_sys_openat2+0x10/0x10
[  100.330846][ T6037]  __x64_sys_openat+0x174/0x210
[  100.330858][ T6037]  ? __pfx___x64_sys_openat+0x10/0x10
[  100.330878][ T6037]  do_syscall_64+0xcd/0x4c0
[  100.330900][ T6037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.330913][ T6037] RIP: 0033:0x7fc90eb8eba9
[  100.330925][ T6037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.330938][ T6037] RSP: 002b:00007fff4455e338 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  100.330951][ T6037] RAX: ffffffffffffffda RBX: 00007fc90edd5fa0 RCX: 00007fc90eb8eba9
[  100.330960][ T6037] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  100.330968][ T6037] RBP: 00007fc90ec11e19 R08: 0000000000000000 R09: 0000000000000000
[  100.330976][ T6037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.330983][ T6037] R13: 00007fc90edd5fa0 R14: 00007fc90edd5fa0 R15: 0000000000000004
[  100.331001][ T6037]  </TASK>
[  100.331020][ T6037] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12)
[  100.668630][ T6038] ==================================================================
[  100.676715][ T6038] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[  100.684419][ T6038] Read of size 8 at addr ffff88802ab56a18 by task syz.0.19/6038
[  100.692026][ T6038] 
[  100.694334][ T6038] CPU: 1 UID: 0 PID: 6038 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) 
[  100.694351][ T6038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  100.694359][ T6038] Call Trace:
[  100.694365][ T6038]  <TASK>
[  100.694371][ T6038]  dump_stack_lvl+0x116/0x1f0
[  100.694395][ T6038]  print_report+0xcd/0x630
[  100.694412][ T6038]  ? __virt_addr_valid+0x81/0x610
[  100.694429][ T6038]  ? __phys_addr+0xe8/0x180
[  100.694445][ T6038]  ? dvb_device_open+0x36a/0x3b0
[  100.694457][ T6038]  kasan_report+0xe0/0x110
[  100.694473][ T6038]  ? dvb_device_open+0x36a/0x3b0
[  100.694486][ T6038]  ? __pfx_dvb_device_open+0x10/0x10
[  100.694498][ T6038]  dvb_device_open+0x36a/0x3b0
[  100.694511][ T6038]  ? __pfx_dvb_device_open+0x10/0x10
[  100.694523][ T6038]  chrdev_open+0x234/0x6a0
[  100.694540][ T6038]  ? __pfx_apparmor_file_open+0x10/0x10
[  100.694556][ T6038]  ? __pfx_chrdev_open+0x10/0x10
[  100.694573][ T6038]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  100.694590][ T6038]  do_dentry_open+0x982/0x1530
[  100.694606][ T6038]  ? __pfx_chrdev_open+0x10/0x10
[  100.694624][ T6038]  vfs_open+0x82/0x3f0
[  100.694644][ T6038]  path_openat+0x1de4/0x2cb0
[  100.694662][ T6038]  ? __pfx_path_openat+0x10/0x10
[  100.694679][ T6038]  do_filp_open+0x20b/0x470
[  100.694695][ T6038]  ? __pfx_do_filp_open+0x10/0x10
[  100.694716][ T6038]  ? alloc_fd+0x471/0x7d0
[  100.694732][ T6038]  do_sys_openat2+0x11b/0x1d0
[  100.694751][ T6038]  ? __pfx_do_sys_openat2+0x10/0x10
[  100.694779][ T6038]  __x64_sys_openat+0x174/0x210
[  100.694791][ T6038]  ? __pfx___x64_sys_openat+0x10/0x10
[  100.694807][ T6038]  do_syscall_64+0xcd/0x4c0
[  100.694834][ T6038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.694850][ T6038] RIP: 0033:0x7fc90eb8eba9
[  100.694861][ T6038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.694874][ T6038] RSP: 002b:00007fff4455e338 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  100.694887][ T6038] RAX: ffffffffffffffda RBX: 00007fc90edd5fa0 RCX: 00007fc90eb8eba9
[  100.694896][ T6038] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  100.694904][ T6038] RBP: 00007fc90ec11e19 R08: 0000000000000000 R09: 0000000000000000
[  100.694912][ T6038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.694920][ T6038] R13: 00007fc90edd5fa0 R14: 00007fc90edd5fa0 R15: 0000000000000004
[  100.694933][ T6038]  </TASK>
[  100.694937][ T6038] 
[  100.933852][ T6038] Allocated by task 1:
[  100.937907][ T6038]  kasan_save_stack+0x33/0x60
[  100.942582][ T6038]  kasan_save_track+0x14/0x30
[  100.947248][ T6038]  __kasan_kmalloc+0xaa/0xb0
[  100.951830][ T6038]  dvb_register_device+0x1e4/0x2370
[  100.957017][ T6038]  dvb_register_frontend+0x5a6/0x880
[  100.962300][ T6038]  vidtv_bridge_probe+0x459/0xa90
[  100.967323][ T6038]  platform_probe+0x103/0x1d0
[  100.972002][ T6038]  really_probe+0x241/0xa90
[  100.976514][ T6038]  __driver_probe_device+0x1de/0x440
[  100.981805][ T6038]  driver_probe_device+0x4c/0x1b0
[  100.986835][ T6038]  __driver_attach+0x283/0x580
[  100.991601][ T6038]  bus_for_each_dev+0x13e/0x1d0
[  100.996448][ T6038]  bus_add_driver+0x2e9/0x690
[  101.001120][ T6038]  driver_register+0x15c/0x4b0
[  101.005873][ T6038]  vidtv_bridge_init+0x45/0x80
[  101.010630][ T6038]  do_one_initcall+0x120/0x6e0
[  101.015386][ T6038]  kernel_init_freeable+0x5c2/0x910
[  101.020667][ T6038]  kernel_init+0x1c/0x2b0
[  101.024991][ T6038]  ret_from_fork+0x56d/0x730
[  101.029582][ T6038]  ret_from_fork_asm+0x1a/0x30
[  101.034338][ T6038] 
[  101.036647][ T6038] Freed by task 6037:
[  101.040610][ T6038]  kasan_save_stack+0x33/0x60
[  101.045279][ T6038]  kasan_save_track+0x14/0x30
[  101.049948][ T6038]  kasan_save_free_info+0x3b/0x60
[  101.054959][ T6038]  __kasan_slab_free+0x60/0x70
[  101.059715][ T6038]  kfree+0x2b4/0x4d0
[  101.063603][ T6038]  dvb_device_put.part.0+0x60/0x90
[  101.068717][ T6038]  dvb_device_open+0x2a4/0x3b0
[  101.073472][ T6038]  chrdev_open+0x234/0x6a0
[  101.077880][ T6038]  do_dentry_open+0x982/0x1530
[  101.082637][ T6038]  vfs_open+0x82/0x3f0
[  101.086706][ T6038]  path_openat+0x1de4/0x2cb0
[  101.091294][ T6038]  do_filp_open+0x20b/0x470
[  101.095787][ T6038]  do_sys_openat2+0x11b/0x1d0
[  101.100462][ T6038]  __x64_sys_openat+0x174/0x210
[  101.105299][ T6038]  do_syscall_64+0xcd/0x4c0
[  101.109807][ T6038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.115690][ T6038] 
[  101.117999][ T6038] The buggy address belongs to the object at ffff88802ab56a00
[  101.117999][ T6038]  which belongs to the cache kmalloc-256 of size 256
[  101.132037][ T6038] The buggy address is located 24 bytes inside of
[  101.132037][ T6038]  freed 256-byte region [ffff88802ab56a00, ffff88802ab56b00)
[  101.145740][ T6038] 
[  101.148050][ T6038] The buggy address belongs to the physical page:
[  101.154454][ T6038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ab56
[  101.163199][ T6038] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  101.171687][ T6038] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  101.179234][ T6038] page_type: f5(slab)
[  101.183202][ T6038] raw: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[  101.191775][ T6038] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  101.200344][ T6038] head: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[  101.209000][ T6038] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  101.217658][ T6038] head: 00fff00000000001 ffffea0000aad581 00000000ffffffff 00000000ffffffff
[  101.226315][ T6038] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  101.234967][ T6038] page dumped because: kasan: bad access detected
[  101.241374][ T6038] page_owner tracks the page as allocated
[  101.247068][ T6038] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18874490810, free_ts 0
[  101.266769][ T6038]  post_alloc_hook+0x1c0/0x230
[  101.271530][ T6038]  get_page_from_freelist+0x132b/0x38e0
[  101.277067][ T6038]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  101.282971][ T6038]  alloc_pages_mpol+0x1fb/0x550
[  101.287815][ T6038]  new_slab+0x247/0x330
[  101.291958][ T6038]  ___slab_alloc+0xcf2/0x1750
[  101.296621][ T6038]  __slab_alloc.constprop.0+0x56/0xb0
[  101.301982][ T6038]  __kmalloc_cache_noprof+0xfb/0x3e0
[  101.307256][ T6038]  bus_add_driver+0x92/0x690
[  101.311840][ T6038]  driver_register+0x15c/0x4b0
[  101.316592][ T6038]  usb_register_driver+0x216/0x4d0
[  101.321692][ T6038]  do_one_initcall+0x120/0x6e0
[  101.326456][ T6038]  kernel_init_freeable+0x5c2/0x910
[  101.331648][ T6038]  kernel_init+0x1c/0x2b0
[  101.335972][ T6038]  ret_from_fork+0x56d/0x730
[  101.340565][ T6038]  ret_from_fork_asm+0x1a/0x30
[  101.345323][ T6038] page_owner free stack trace missing
[  101.350674][ T6038] 
[  101.352994][ T6038] Memory state around the buggy address:
[  101.358610][ T6038]  ffff88802ab56900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.366660][ T6038]  ffff88802ab56980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.374714][ T6038] >ffff88802ab56a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.382760][ T6038]                             ^
[  101.387593][ T6038]  ffff88802ab56a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.395642][ T6038]  ffff88802ab56b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.403686][ T6038] ==================================================================
2025/09/18 00:47:21 executed programs: 4
[  101.451301][ T6038] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.458543][ T6038] CPU: 1 UID: 0 PID: 6038 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) 
[  101.467670][ T6038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  101.477739][ T6038] Call Trace:
[  101.481018][ T6038]  <TASK>
[  101.483951][ T6038]  dump_stack_lvl+0x3d/0x1f0
[  101.488561][ T6038]  vpanic+0x6e8/0x7a0
[  101.492558][ T6038]  ? __pfx_vpanic+0x10/0x10
[  101.497078][ T6038]  ? __pfx_vprintk_emit+0x10/0x10
[  101.502114][ T6038]  ? dvb_device_open+0x36a/0x3b0
[  101.507057][ T6038]  panic+0xca/0xd0
[  101.510805][ T6038]  ? __pfx_panic+0x10/0x10
[  101.515234][ T6038]  ? dvb_device_open+0x36a/0x3b0
[  101.520180][ T6038]  ? preempt_schedule_common+0x44/0xc0
[  101.525664][ T6038]  ? preempt_schedule_thunk+0x16/0x30
[  101.531065][ T6038]  ? check_panic_on_warn+0x1f/0xb0
[  101.536184][ T6038]  check_panic_on_warn+0xab/0xb0
[  101.541131][ T6038]  end_report+0x107/0x170
[  101.545459][ T6038]  kasan_report+0xee/0x110
[  101.549873][ T6038]  ? dvb_device_open+0x36a/0x3b0
[  101.554803][ T6038]  ? __pfx_dvb_device_open+0x10/0x10
[  101.560075][ T6038]  dvb_device_open+0x36a/0x3b0
[  101.564828][ T6038]  ? __pfx_dvb_device_open+0x10/0x10
[  101.570102][ T6038]  chrdev_open+0x234/0x6a0
[  101.574517][ T6038]  ? __pfx_apparmor_file_open+0x10/0x10
[  101.580055][ T6038]  ? __pfx_chrdev_open+0x10/0x10
[  101.584988][ T6038]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  101.591312][ T6038]  do_dentry_open+0x982/0x1530
[  101.596070][ T6038]  ? __pfx_chrdev_open+0x10/0x10
[  101.601015][ T6038]  vfs_open+0x82/0x3f0
[  101.605084][ T6038]  path_openat+0x1de4/0x2cb0
[  101.609676][ T6038]  ? __pfx_path_openat+0x10/0x10
[  101.614609][ T6038]  do_filp_open+0x20b/0x470
[  101.619111][ T6038]  ? __pfx_do_filp_open+0x10/0x10
[  101.624144][ T6038]  ? alloc_fd+0x471/0x7d0
[  101.628468][ T6038]  do_sys_openat2+0x11b/0x1d0
[  101.633144][ T6038]  ? __pfx_do_sys_openat2+0x10/0x10
[  101.638351][ T6038]  __x64_sys_openat+0x174/0x210
[  101.643194][ T6038]  ? __pfx___x64_sys_openat+0x10/0x10
[  101.648561][ T6038]  do_syscall_64+0xcd/0x4c0
[  101.653066][ T6038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.658951][ T6038] RIP: 0033:0x7fc90eb8eba9
[  101.663357][ T6038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.682952][ T6038] RSP: 002b:00007fff4455e338 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  101.691356][ T6038] RAX: ffffffffffffffda RBX: 00007fc90edd5fa0 RCX: 00007fc90eb8eba9
[  101.699314][ T6038] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  101.707276][ T6038] RBP: 00007fc90ec11e19 R08: 0000000000000000 R09: 0000000000000000
[  101.715235][ T6038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.723194][ T6038] R13: 00007fc90edd5fa0 R14: 00007fc90edd5fa0 R15: 0000000000000004
[  101.731158][ T6038]  </TASK>
[  101.735194][ T6038] Kernel Offset: disabled
[  101.739502][ T6038] Rebooting in 86400 seconds..