Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts.
2025/09/17 23:42:15 parsed 1 programs
[   83.584218][ T5870] cgroup: Unknown subsys name 'net'
[   83.736945][ T5870] cgroup: Unknown subsys name 'cpuset'
[   83.746174][ T5870] cgroup: Unknown subsys name 'rlimit'
[   85.300504][ T5870] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   87.815617][ T5883] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   87.947796][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.957915][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.966336][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.974843][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.983208][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.983231][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.995961][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.028424][ T3538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.037616][ T3538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.906163][ T5928] chnl_net:caif_netlink_parms(): no params data found
[   90.042426][ T5928] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.050645][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.057960][ T5928] bridge_slave_0: entered allmulticast mode
[   90.065913][ T5928] bridge_slave_0: entered promiscuous mode
[   90.080861][ T5928] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.088160][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.095850][ T5928] bridge_slave_1: entered allmulticast mode
[   90.102930][ T5928] bridge_slave_1: entered promiscuous mode
[   90.144978][ T5928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.156691][ T5928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.187930][ T5928] team0: Port device team_slave_0 added
[   90.197689][ T5928] team0: Port device team_slave_1 added
[   90.229959][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.237143][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.263578][ T5928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.278270][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.285726][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.312223][ T5928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.362287][ T5928] hsr_slave_0: entered promiscuous mode
[   90.368727][ T5928] hsr_slave_1: entered promiscuous mode
[   90.499837][ T5928] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.511831][ T5928] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.522231][ T5928] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.531816][ T5928] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.560790][ T5928] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.568059][ T5928] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.622511][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.638443][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.659357][ T5928] 8021q: adding VLAN 0 to HW filter on device team0
[   90.673219][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.680412][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.696488][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.703674][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.874956][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.917297][ T5928] veth0_vlan: entered promiscuous mode
[   90.928607][ T5928] veth1_vlan: entered promiscuous mode
[   90.958203][ T5928] veth0_macvtap: entered promiscuous mode
[   90.971122][ T5928] veth1_macvtap: entered promiscuous mode
[   90.991888][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.007292][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.022931][ T3538] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.032847][ T3538] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.051736][ T3538] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.060854][ T3538] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.176350][ T3538] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.226361][ T3538] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.306281][ T3538] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.406551][ T3538] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.852272][ T1213] cfg80211: failed to load regulatory.db
2025/09/17 23:42:26 executed programs: 0
[   92.706955][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.715064][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.722569][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.735312][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.743386][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.900399][ T5978] chnl_net:caif_netlink_parms(): no params data found
[   92.967387][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.974596][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.981725][ T5978] bridge_slave_0: entered allmulticast mode
[   92.989006][ T5978] bridge_slave_0: entered promiscuous mode
[   92.996701][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.004137][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.011457][ T5978] bridge_slave_1: entered allmulticast mode
[   93.019357][ T5978] bridge_slave_1: entered promiscuous mode
[   93.051915][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.064286][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.096556][ T5978] team0: Port device team_slave_0 added
[   93.104309][ T5978] team0: Port device team_slave_1 added
[   93.132471][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.139925][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.165956][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.178332][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.185373][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.212323][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.254263][ T5978] hsr_slave_0: entered promiscuous mode
[   93.260517][ T5978] hsr_slave_1: entered promiscuous mode
[   93.266767][ T5978] debugfs: 'hsr0' already exists in 'hsr'
[   93.272543][ T5978] Cannot create hsr debugfs directory
[   94.271162][ T3538] bridge_slave_1: left allmulticast mode
[   94.277323][ T3538] bridge_slave_1: left promiscuous mode
[   94.284090][ T3538] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.297700][ T3538] bridge_slave_0: left allmulticast mode
[   94.303346][ T3538] bridge_slave_0: left promiscuous mode
[   94.309208][ T3538] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.557991][ T3538] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   94.581545][ T3538] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   94.592591][ T3538] bond0 (unregistering): Released all slaves
[   94.745043][ T3538] hsr_slave_0: left promiscuous mode
[   94.777904][ T3538] hsr_slave_1: left promiscuous mode
[   94.788737][ T3538] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   94.800902][ T3538] batman_adv: batadv0: Removing interface: batadv_slave_0
[   94.810348][ T5186] Bluetooth: hci0: command tx timeout
[   94.823741][ T3538] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   94.831161][ T3538] batman_adv: batadv0: Removing interface: batadv_slave_1
[   94.867869][ T3538] veth1_macvtap: left promiscuous mode
[   94.873932][ T3538] veth0_macvtap: left promiscuous mode
[   94.879627][ T3538] veth1_vlan: left promiscuous mode
[   94.886050][ T3538] veth0_vlan: left promiscuous mode
[   95.428565][ T3538] team0 (unregistering): Port device team_slave_1 removed
[   95.455177][ T3538] team0 (unregistering): Port device team_slave_0 removed
[   95.937957][ T5978] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.950942][ T5978] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.964843][ T5978] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.977762][ T5978] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.337555][ T5978] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.362954][ T5978] 8021q: adding VLAN 0 to HW filter on device team0
[   96.380901][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.388121][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.406434][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.413653][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.711447][ T5978] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.754580][ T5978] veth0_vlan: entered promiscuous mode
[   96.765765][ T5978] veth1_vlan: entered promiscuous mode
[   96.795381][ T5978] veth0_macvtap: entered promiscuous mode
[   96.805803][ T5978] veth1_macvtap: entered promiscuous mode
[   96.823980][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.839009][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.852682][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.862335][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.874423][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.883861][ T5186] Bluetooth: hci0: command tx timeout
[   96.888483][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.941800][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.950834][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.978028][ T1109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.988000][ T1109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.028617][ T6025] FAULT_INJECTION: forcing a failure.
[   97.028617][ T6025] name failslab, interval 1, probability 0, space 0, times 1
[   97.042373][ T6025] CPU: 1 UID: 0 PID: 6025 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   97.042405][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.042422][ T6025] Call Trace:
[   97.042434][ T6025]  <TASK>
[   97.042443][ T6025]  dump_stack_lvl+0x16c/0x1f0
[   97.042484][ T6025]  should_fail_ex+0x512/0x640
[   97.042517][ T6025]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[   97.042550][ T6025]  should_failslab+0xc2/0x120
[   97.042586][ T6025]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[   97.042615][ T6025]  ? __kthread_create_on_node+0x186/0x3f0
[   97.042647][ T6025]  kvasprintf+0xbc/0x160
[   97.042673][ T6025]  ? __pfx_kvasprintf+0x10/0x10
[   97.042710][ T6025]  ? __pfx_dvb_frontend_thread+0x10/0x10
[   97.042741][ T6025]  __kthread_create_on_node+0x186/0x3f0
[   97.042770][ T6025]  ? __pfx___kthread_create_on_node+0x10/0x10
[   97.042817][ T6025]  ? __pfx_dvb_frontend_thread+0x10/0x10
[   97.042849][ T6025]  kthread_create_on_node+0xc7/0x100
[   97.042875][ T6025]  ? __pfx_kthread_create_on_node+0x10/0x10
[   97.042909][ T6025]  ? mark_held_locks+0x49/0x80
[   97.042936][ T6025]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[   97.042966][ T6025]  ? lockdep_hardirqs_on+0x7c/0x110
[   97.043002][ T6025]  dvb_frontend_open+0xf47/0x1730
[   97.043046][ T6025]  ? __pfx_dvb_frontend_open+0x10/0x10
[   97.043082][ T6025]  dvb_device_open+0x26d/0x3b0
[   97.043104][ T6025]  ? __pfx_dvb_device_open+0x10/0x10
[   97.043124][ T6025]  chrdev_open+0x234/0x6a0
[   97.043154][ T6025]  ? __pfx_chrdev_open+0x10/0x10
[   97.043185][ T6025]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[   97.043216][ T6025]  do_dentry_open+0x982/0x1530
[   97.043245][ T6025]  ? __pfx_chrdev_open+0x10/0x10
[   97.043282][ T6025]  vfs_open+0x82/0x3f0
[   97.043320][ T6025]  path_openat+0x1de4/0x2cb0
[   97.043360][ T6025]  ? __pfx_path_openat+0x10/0x10
[   97.043396][ T6025]  do_filp_open+0x20b/0x470
[   97.043426][ T6025]  ? __pfx_do_filp_open+0x10/0x10
[   97.043479][ T6025]  ? alloc_fd+0x471/0x7d0
[   97.043517][ T6025]  do_sys_openat2+0x11b/0x1d0
[   97.043549][ T6025]  ? __pfx_do_sys_openat2+0x10/0x10
[   97.043609][ T6025]  __x64_sys_openat+0x174/0x210
[   97.043631][ T6025]  ? __pfx___x64_sys_openat+0x10/0x10
[   97.043668][ T6025]  do_syscall_64+0xcd/0x4c0
[   97.043706][ T6025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.043730][ T6025] RIP: 0033:0x7f3ffff8eba9
[   97.043756][ T6025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.043777][ T6025] RSP: 002b:00007fff386e7928 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   97.043796][ T6025] RAX: ffffffffffffffda RBX: 00007f40001d5fa0 RCX: 00007f3ffff8eba9
[   97.043807][ T6025] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   97.043818][ T6025] RBP: 00007f4000011e19 R08: 0000000000000000 R09: 0000000000000000
[   97.043827][ T6025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.043837][ T6025] R13: 00007f40001d5fa0 R14: 00007f40001d5fa0 R15: 0000000000000004
[   97.043861][ T6025]  </TASK>
[   97.348901][ T6025] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12)
[   97.379569][ T6026] FAULT_INJECTION: forcing a failure.
[   97.379569][ T6026] name failslab, interval 1, probability 0, space 0, times 0
[   97.392557][ T6026] CPU: 0 UID: 0 PID: 6026 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
[   97.392584][ T6026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.392596][ T6026] Call Trace:
[   97.392604][ T6026]  <TASK>
[   97.392612][ T6026]  dump_stack_lvl+0x16c/0x1f0
[   97.392650][ T6026]  should_fail_ex+0x512/0x640
[   97.392683][ T6026]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[   97.392715][ T6026]  should_failslab+0xc2/0x120
[   97.392746][ T6026]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[   97.392775][ T6026]  ? __kthread_create_on_node+0x186/0x3f0
[   97.392808][ T6026]  kvasprintf+0xbc/0x160
[   97.392831][ T6026]  ? __pfx_kvasprintf+0x10/0x10
[   97.392870][ T6026]  ? __pfx_dvb_frontend_thread+0x10/0x10
[   97.392902][ T6026]  __kthread_create_on_node+0x186/0x3f0
[   97.392933][ T6026]  ? __pfx___kthread_create_on_node+0x10/0x10
[   97.392973][ T6026]  ? __lock_acquire+0xb97/0x1ce0
[   97.393004][ T6026]  ? __pfx_dvb_frontend_thread+0x10/0x10
[   97.393035][ T6026]  kthread_create_on_node+0xc7/0x100
[   97.393064][ T6026]  ? __pfx_kthread_create_on_node+0x10/0x10
[   97.393098][ T6026]  ? mark_held_locks+0x49/0x80
[   97.393125][ T6026]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[   97.393174][ T6026]  ? lockdep_hardirqs_on+0x7c/0x110
[   97.393211][ T6026]  dvb_frontend_open+0xf47/0x1730
[   97.393256][ T6026]  ? __pfx_dvb_frontend_open+0x10/0x10
[   97.393292][ T6026]  dvb_device_open+0x26d/0x3b0
[   97.393316][ T6026]  ? __pfx_dvb_device_open+0x10/0x10
[   97.393347][ T6026]  chrdev_open+0x234/0x6a0
[   97.393377][ T6026]  ? __pfx_apparmor_file_open+0x10/0x10
[   97.393402][ T6026]  ? __pfx_chrdev_open+0x10/0x10
[   97.393431][ T6026]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[   97.393465][ T6026]  do_dentry_open+0x982/0x1530
[   97.393497][ T6026]  ? __pfx_chrdev_open+0x10/0x10
[   97.393530][ T6026]  vfs_open+0x82/0x3f0
[   97.393566][ T6026]  path_openat+0x1de4/0x2cb0
[   97.393603][ T6026]  ? __pfx_path_openat+0x10/0x10
[   97.393640][ T6026]  do_filp_open+0x20b/0x470
[   97.393668][ T6026]  ? __pfx_do_filp_open+0x10/0x10
[   97.393720][ T6026]  ? alloc_fd+0x471/0x7d0
[   97.393757][ T6026]  do_sys_openat2+0x11b/0x1d0
[   97.393791][ T6026]  ? __pfx_do_sys_openat2+0x10/0x10
[   97.393841][ T6026]  __x64_sys_openat+0x174/0x210
[   97.393863][ T6026]  ? __pfx___x64_sys_openat+0x10/0x10
[   97.393897][ T6026]  do_syscall_64+0xcd/0x4c0
[   97.393936][ T6026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.393959][ T6026] RIP: 0033:0x7f3ffff8eba9
[   97.393978][ T6026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.393999][ T6026] RSP: 002b:00007fff386e7928 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   97.394022][ T6026] RAX: ffffffffffffffda RBX: 00007f40001d5fa0 RCX: 00007f3ffff8eba9
[   97.394037][ T6026] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   97.394051][ T6026] RBP: 00007f4000011e19 R08: 0000000000000000 R09: 0000000000000000
[   97.394064][ T6026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.394078][ T6026] R13: 00007f40001d5fa0 R14: 00007f40001d5fa0 R15: 0000000000000004
[   97.394111][ T6026]  </TASK>
[   97.706060][ T6026] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12)
2025/09/17 23:42:31 executed programs: 4
[   97.736331][ T6027] ==================================================================
[   97.744431][ T6027] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[   97.752181][ T6027] Read of size 8 at addr ffff88802b24e418 by task syz.0.19/6027
[   97.759981][ T6027] 
[   97.762311][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) 
[   97.762339][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.762353][ T6027] Call Trace:
[   97.762361][ T6027]  <TASK>
[   97.762370][ T6027]  dump_stack_lvl+0x116/0x1f0
[   97.762408][ T6027]  print_report+0xcd/0x630
[   97.762437][ T6027]  ? __virt_addr_valid+0x81/0x610
[   97.762465][ T6027]  ? __phys_addr+0xe8/0x180
[   97.762493][ T6027]  ? dvb_device_open+0x36a/0x3b0
[   97.762514][ T6027]  kasan_report+0xe0/0x110
[   97.762542][ T6027]  ? dvb_device_open+0x36a/0x3b0
[   97.762566][ T6027]  ? __pfx_dvb_device_open+0x10/0x10
[   97.762588][ T6027]  dvb_device_open+0x36a/0x3b0
[   97.762609][ T6027]  ? __pfx_dvb_device_open+0x10/0x10
[   97.762630][ T6027]  chrdev_open+0x234/0x6a0
[   97.762659][ T6027]  ? __pfx_apparmor_file_open+0x10/0x10
[   97.762685][ T6027]  ? __pfx_chrdev_open+0x10/0x10
[   97.762714][ T6027]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[   97.762743][ T6027]  do_dentry_open+0x982/0x1530
[   97.762772][ T6027]  ? __pfx_chrdev_open+0x10/0x10
[   97.762803][ T6027]  vfs_open+0x82/0x3f0
[   97.762837][ T6027]  path_openat+0x1de4/0x2cb0
[   97.762870][ T6027]  ? __pfx_path_openat+0x10/0x10
[   97.762900][ T6027]  do_filp_open+0x20b/0x470
[   97.762927][ T6027]  ? __pfx_do_filp_open+0x10/0x10
[   97.762966][ T6027]  ? alloc_fd+0x471/0x7d0
[   97.762995][ T6027]  do_sys_openat2+0x11b/0x1d0
[   97.763028][ T6027]  ? __pfx_do_sys_openat2+0x10/0x10
[   97.763067][ T6027]  __x64_sys_openat+0x174/0x210
[   97.763089][ T6027]  ? __pfx___x64_sys_openat+0x10/0x10
[   97.763116][ T6027]  do_syscall_64+0xcd/0x4c0
[   97.763151][ T6027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.763175][ T6027] RIP: 0033:0x7f3ffff8eba9
[   97.763193][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.763215][ T6027] RSP: 002b:00007fff386e7928 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   97.763238][ T6027] RAX: ffffffffffffffda RBX: 00007f40001d5fa0 RCX: 00007f3ffff8eba9
[   97.763254][ T6027] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   97.763269][ T6027] RBP: 00007f4000011e19 R08: 0000000000000000 R09: 0000000000000000
[   97.763289][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.763303][ T6027] R13: 00007f40001d5fa0 R14: 00007f40001d5fa0 R15: 0000000000000004
[   97.763326][ T6027]  </TASK>
[   97.763334][ T6027] 
[   98.002235][ T6027] Allocated by task 1:
[   98.006294][ T6027]  kasan_save_stack+0x33/0x60
[   98.010962][ T6027]  kasan_save_track+0x14/0x30
[   98.015619][ T6027]  __kasan_kmalloc+0xaa/0xb0
[   98.020194][ T6027]  dvb_register_device+0x1e4/0x2370
[   98.025372][ T6027]  dvb_register_frontend+0x5a6/0x880
[   98.030645][ T6027]  vidtv_bridge_probe+0x459/0xa90
[   98.035656][ T6027]  platform_probe+0x103/0x1d0
[   98.040320][ T6027]  really_probe+0x241/0xa90
[   98.044811][ T6027]  __driver_probe_device+0x1de/0x440
[   98.050081][ T6027]  driver_probe_device+0x4c/0x1b0
[   98.055091][ T6027]  __driver_attach+0x283/0x580
[   98.059839][ T6027]  bus_for_each_dev+0x13e/0x1d0
[   98.064673][ T6027]  bus_add_driver+0x2e9/0x690
[   98.069334][ T6027]  driver_register+0x15c/0x4b0
[   98.074105][ T6027]  vidtv_bridge_init+0x45/0x80
[   98.078851][ T6027]  do_one_initcall+0x120/0x6e0
[   98.083611][ T6027]  kernel_init_freeable+0x5c2/0x910
[   98.088813][ T6027]  kernel_init+0x1c/0x2b0
[   98.093131][ T6027]  ret_from_fork+0x56d/0x730
[   98.097708][ T6027]  ret_from_fork_asm+0x1a/0x30
[   98.102456][ T6027] 
[   98.104780][ T6027] Freed by task 6026:
[   98.108756][ T6027]  kasan_save_stack+0x33/0x60
[   98.113432][ T6027]  kasan_save_track+0x14/0x30
[   98.118090][ T6027]  kasan_save_free_info+0x3b/0x60
[   98.123113][ T6027]  __kasan_slab_free+0x60/0x70
[   98.127859][ T6027]  kfree+0x2b4/0x4d0
[   98.131735][ T6027]  dvb_device_put.part.0+0x60/0x90
[   98.136833][ T6027]  dvb_device_open+0x2a4/0x3b0
[   98.141583][ T6027]  chrdev_open+0x234/0x6a0
[   98.145987][ T6027]  do_dentry_open+0x982/0x1530
[   98.150737][ T6027]  vfs_open+0x82/0x3f0
[   98.154797][ T6027]  path_openat+0x1de4/0x2cb0
[   98.159368][ T6027]  do_filp_open+0x20b/0x470
[   98.163854][ T6027]  do_sys_openat2+0x11b/0x1d0
[   98.168542][ T6027]  __x64_sys_openat+0x174/0x210
[   98.173372][ T6027]  do_syscall_64+0xcd/0x4c0
[   98.177865][ T6027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.183737][ T6027] 
[   98.186039][ T6027] The buggy address belongs to the object at ffff88802b24e400
[   98.186039][ T6027]  which belongs to the cache kmalloc-256 of size 256
[   98.200070][ T6027] The buggy address is located 24 bytes inside of
[   98.200070][ T6027]  freed 256-byte region [ffff88802b24e400, ffff88802b24e500)
[   98.213789][ T6027] 
[   98.216113][ T6027] The buggy address belongs to the physical page:
[   98.222523][ T6027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b24e
[   98.231290][ T6027] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   98.239774][ T6027] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   98.247319][ T6027] page_type: f5(slab)
[   98.251293][ T6027] raw: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[   98.259864][ T6027] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.268434][ T6027] head: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[   98.277087][ T6027] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.285754][ T6027] head: 00fff00000000001 ffffea0000ac9381 00000000ffffffff 00000000ffffffff
[   98.294455][ T6027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   98.303123][ T6027] page dumped because: kasan: bad access detected
[   98.309522][ T6027] page_owner tracks the page as allocated
[   98.315216][ T6027] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18106208244, free_ts 0
[   98.334916][ T6027]  post_alloc_hook+0x1c0/0x230
[   98.339677][ T6027]  get_page_from_freelist+0x132b/0x38e0
[   98.345208][ T6027]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   98.351195][ T6027]  alloc_pages_mpol+0x1fb/0x550
[   98.356044][ T6027]  new_slab+0x247/0x330
[   98.360185][ T6027]  ___slab_alloc+0xcf2/0x1750
[   98.364842][ T6027]  __slab_alloc.constprop.0+0x56/0xb0
[   98.370196][ T6027]  __kmalloc_cache_noprof+0xfb/0x3e0
[   98.375465][ T6027]  bus_add_driver+0x92/0x690
[   98.380041][ T6027]  driver_register+0x15c/0x4b0
[   98.384787][ T6027]  usb_register_driver+0x216/0x4d0
[   98.389882][ T6027]  do_one_initcall+0x120/0x6e0
[   98.394629][ T6027]  kernel_init_freeable+0x5c2/0x910
[   98.399810][ T6027]  kernel_init+0x1c/0x2b0
[   98.404128][ T6027]  ret_from_fork+0x56d/0x730
[   98.408734][ T6027]  ret_from_fork_asm+0x1a/0x30
[   98.413518][ T6027] page_owner free stack trace missing
[   98.418883][ T6027] 
[   98.421209][ T6027] Memory state around the buggy address:
[   98.426835][ T6027]  ffff88802b24e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.434877][ T6027]  ffff88802b24e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.442920][ T6027] >ffff88802b24e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.450962][ T6027]                             ^
[   98.455791][ T6027]  ffff88802b24e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.463838][ T6027]  ffff88802b24e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.471898][ T6027] ==================================================================
[   98.487988][ T6027] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   98.495230][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) 
[   98.504347][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   98.514404][ T6027] Call Trace:
[   98.517676][ T6027]  <TASK>
[   98.520603][ T6027]  dump_stack_lvl+0x3d/0x1f0
[   98.525204][ T6027]  vpanic+0x6e8/0x7a0
[   98.529200][ T6027]  ? __pfx_vpanic+0x10/0x10
[   98.533709][ T6027]  ? __pfx_vprintk_emit+0x10/0x10
[   98.538735][ T6027]  ? dvb_device_open+0x36a/0x3b0
[   98.543671][ T6027]  panic+0xca/0xd0
[   98.547398][ T6027]  ? __pfx_panic+0x10/0x10
[   98.551822][ T6027]  ? dvb_device_open+0x36a/0x3b0
[   98.556755][ T6027]  ? preempt_schedule_common+0x44/0xc0
[   98.562220][ T6027]  ? preempt_schedule_thunk+0x16/0x30
[   98.567598][ T6027]  ? check_panic_on_warn+0x1f/0xb0
[   98.572716][ T6027]  check_panic_on_warn+0xab/0xb0
[   98.577658][ T6027]  end_report+0x107/0x170
[   98.581987][ T6027]  kasan_report+0xee/0x110
[   98.586402][ T6027]  ? dvb_device_open+0x36a/0x3b0
[   98.591334][ T6027]  ? __pfx_dvb_device_open+0x10/0x10
[   98.596612][ T6027]  dvb_device_open+0x36a/0x3b0
[   98.601370][ T6027]  ? __pfx_dvb_device_open+0x10/0x10
[   98.606652][ T6027]  chrdev_open+0x234/0x6a0
[   98.611068][ T6027]  ? __pfx_apparmor_file_open+0x10/0x10
[   98.616607][ T6027]  ? __pfx_chrdev_open+0x10/0x10
[   98.621545][ T6027]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[   98.627879][ T6027]  do_dentry_open+0x982/0x1530
[   98.632648][ T6027]  ? __pfx_chrdev_open+0x10/0x10
[   98.637589][ T6027]  vfs_open+0x82/0x3f0
[   98.641666][ T6027]  path_openat+0x1de4/0x2cb0
[   98.646260][ T6027]  ? __pfx_path_openat+0x10/0x10
[   98.651195][ T6027]  do_filp_open+0x20b/0x470
[   98.655699][ T6027]  ? __pfx_do_filp_open+0x10/0x10
[   98.660733][ T6027]  ? alloc_fd+0x471/0x7d0
[   98.665063][ T6027]  do_sys_openat2+0x11b/0x1d0
[   98.669745][ T6027]  ? __pfx_do_sys_openat2+0x10/0x10
[   98.674951][ T6027]  __x64_sys_openat+0x174/0x210
[   98.679796][ T6027]  ? __pfx___x64_sys_openat+0x10/0x10
[   98.685166][ T6027]  do_syscall_64+0xcd/0x4c0
[   98.689673][ T6027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.695559][ T6027] RIP: 0033:0x7f3ffff8eba9
[   98.699966][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.719564][ T6027] RSP: 002b:00007fff386e7928 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   98.727975][ T6027] RAX: ffffffffffffffda RBX: 00007f40001d5fa0 RCX: 00007f3ffff8eba9
[   98.735937][ T6027] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   98.743899][ T6027] RBP: 00007f4000011e19 R08: 0000000000000000 R09: 0000000000000000
[   98.751859][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.759818][ T6027] R13: 00007f40001d5fa0 R14: 00007f40001d5fa0 R15: 0000000000000004
[   98.767792][ T6027]  </TASK>
[   98.771049][ T6027] Kernel Offset: disabled
[   98.775355][ T6027] Rebooting in 86400 seconds..