Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts.
2025/12/19 01:58:58 parsed 1 programs
[   53.019965][ T4187] cgroup: Unknown subsys name 'net'
[   53.168217][ T4187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   54.529096][ T4187] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   56.367301][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.375612][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.389048][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   56.403951][  T418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.411869][  T418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.420550][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   57.699232][ T4235] chnl_net:caif_netlink_parms(): no params data found
[   57.760013][ T4235] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.768594][ T4235] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.776633][ T4235] device bridge_slave_0 entered promiscuous mode
[   57.786615][ T4235] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.794648][ T4235] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.802297][ T4235] device bridge_slave_1 entered promiscuous mode
[   57.823941][ T4235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.835111][ T4235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.860779][ T4235] team0: Port device team_slave_0 added
[   57.870223][ T4235] team0: Port device team_slave_1 added
[   57.894066][ T4235] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.901029][ T4235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.927202][ T4235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.941043][ T4235] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.948104][ T4235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.974433][ T4235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.001084][ T4235] device hsr_slave_0 entered promiscuous mode
[   58.007997][ T4235] device hsr_slave_1 entered promiscuous mode
[   58.214313][ T4235] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.224812][ T4235] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.234536][ T4235] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.243516][ T4235] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.266475][ T4235] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.273779][ T4235] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.281412][ T4235] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.288502][ T4235] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.321599][ T4235] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.336486][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.345213][ T1276] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.353969][ T1276] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.366257][ T4235] 8021q: adding VLAN 0 to HW filter on device team0
[   58.378343][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.387499][ T1276] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.394565][ T1276] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.413794][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.422527][ T1276] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.429615][ T1276] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.440448][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   58.449090][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   58.459612][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   58.471876][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   58.483841][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   58.494857][ T4235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   58.596909][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.604980][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   58.618615][ T4235] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.650767][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.659538][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.695637][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.704465][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.712880][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.720601][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.730318][ T4235] device veth0_vlan entered promiscuous mode
[   58.743047][ T4235] device veth1_vlan entered promiscuous mode
[   58.771190][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   58.779837][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   58.789270][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.797740][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.809802][ T4235] device veth0_macvtap entered promiscuous mode
[   58.837018][ T4235] device veth1_macvtap entered promiscuous mode
[   58.851308][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.859220][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.867882][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.876398][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.885696][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.897565][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.920822][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.929640][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.940712][ T4235] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.950757][ T4235] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.959959][ T4235] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.971068][ T4235] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/12/19 01:59:06 executed programs: 0
[   60.023917][ T4292] chnl_net:caif_netlink_parms(): no params data found
[   60.078436][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.085767][ T4292] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.096777][ T4292] device bridge_slave_0 entered promiscuous mode
[   60.106575][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.116196][ T4292] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.125168][ T4292] device bridge_slave_1 entered promiscuous mode
[   60.155370][ T4292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.171420][ T4292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.203278][ T4292] team0: Port device team_slave_0 added
[   60.210972][ T4292] team0: Port device team_slave_1 added
[   60.236302][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.243719][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.271110][ T4292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.289759][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.296867][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.325539][ T4292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.365054][ T4292] device hsr_slave_0 entered promiscuous mode
[   60.371989][ T4292] device hsr_slave_1 entered promiscuous mode
[   60.381306][ T4292] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   60.389522][ T4292] Cannot create hsr debugfs directory
[   60.467223][ T4292] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.923718][ T4252] Bluetooth: hci0: command 0x0409 tx timeout
[   63.238516][ T4292] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.002865][ T4256] Bluetooth: hci0: command 0x041b tx timeout
[   64.037282][ T4292] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.119804][ T4292] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.228999][ T4292] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.237956][ T4292] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.247992][ T4292] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.262565][ T4292] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.317610][ T4292] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.328892][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.336864][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.346965][ T4292] 8021q: adding VLAN 0 to HW filter on device team0
[   64.368817][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.377860][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.386798][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.394010][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.401758][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.426123][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   64.435532][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.444462][  T418] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.451498][  T418] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.461526][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   64.482171][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   64.498648][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   64.509137][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.517700][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.526768][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.535494][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   64.544525][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.552834][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.571790][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.580352][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.591544][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.608942][  T154] device hsr_slave_0 left promiscuous mode
[   64.616307][  T154] device hsr_slave_1 left promiscuous mode
[   64.623481][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.631025][  T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.640432][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.648763][  T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.656580][  T154] device bridge_slave_1 left promiscuous mode
[   64.663789][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.677683][  T154] device bridge_slave_0 left promiscuous mode
[   64.684108][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.699161][  T154] device veth1_macvtap left promiscuous mode
[   64.705914][  T154] device veth0_macvtap left promiscuous mode
[   64.711934][  T154] device veth1_vlan left promiscuous mode
[   64.717915][  T154] device veth0_vlan left promiscuous mode
[   64.847239][  T154] team0 (unregistering): Port device team_slave_1 removed
[   64.860275][  T154] team0 (unregistering): Port device team_slave_0 removed
[   64.872160][  T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   64.885824][  T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   64.935986][  T154] bond0 (unregistering): Released all slaves
[   65.018631][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.026821][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.040025][ T4292] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.060820][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   65.070396][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.090103][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   65.098869][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.107229][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.115200][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.125160][ T4292] device veth0_vlan entered promiscuous mode
[   65.139686][ T4292] device veth1_vlan entered promiscuous mode
[   65.160917][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   65.168958][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   65.177194][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   65.185667][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   65.196909][ T4292] device veth0_macvtap entered promiscuous mode
[   65.211219][ T4292] device veth1_macvtap entered promiscuous mode
[   65.228628][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.238192][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   65.246712][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   65.255602][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   65.264630][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   65.275528][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.284040][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   65.292637][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   65.305846][ T4292] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.314755][ T4292] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.324238][ T4292] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.333043][ T4292] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.408875][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.418169][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.430859][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   65.466076][ T1276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.475496][ T1276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.484935][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   65.822849][ T4253] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   66.072794][ T4253] usb 1-1: Using ep0 maxpacket: 16
[   66.083077][   T23] Bluetooth: hci0: command 0x040f tx timeout
[   66.413055][ T4253] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   66.422358][ T4253] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.430470][ T4253] usb 1-1: Product: syz
[   66.434660][ T4253] usb 1-1: Manufacturer: syz
[   66.439242][ T4253] usb 1-1: SerialNumber: syz
[   66.447660][ T4253] usb 1-1: config 0 descriptor??
[   66.933091][ T4253] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   66.944783][ T4253] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   66.974791][ T4253] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   66.982944][ T4253] usb 1-1: media controller created
[   66.994754][ T4253] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   67.564007][ T4310] ==================================================================
[   67.572826][ T4310] BUG: KASAN: slab-out-of-bounds in dtv5100_i2c_msg+0x1db/0x2d0
[   67.580461][ T4310] Write of size 83 at addr ffff88802ac77c80 by task syz.0.17/4310
[   67.588252][ T4310] 
[   67.590572][ T4310] CPU: 0 PID: 4310 Comm: syz.0.17 Not tainted syzkaller #0
[   67.597749][ T4310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   67.607795][ T4310] Call Trace:
[   67.611058][ T4310]  <TASK>
[   67.613970][ T4310]  dump_stack_lvl+0x168/0x230
[   67.618629][ T4310]  ? show_regs_print_info+0x20/0x20
[   67.623816][ T4310]  ? load_image+0x3b0/0x3b0
[   67.628315][ T4310]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[   67.633667][ T4310]  ? __lock_acquire+0x7c60/0x7c60
[   67.638675][ T4310]  print_address_description+0x60/0x2d0
[   67.644203][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   67.649285][ T4310]  kasan_report+0xdf/0x130
[   67.653697][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   67.658654][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   67.664571][ T4310]  kasan_check_range+0x27b/0x290
[   67.669691][ T4310]  memcpy+0x3c/0x60
[   67.673516][ T4310]  dtv5100_i2c_msg+0x1db/0x2d0
[   67.678303][ T4310]  dtv5100_i2c_xfer+0x47c/0x650
[   67.683156][ T4310]  ? dtv5100_tuner_attach+0xf0/0xf0
[   67.688337][ T4310]  __i2c_transfer+0x864/0x2060
[   67.693086][ T4310]  ? rwsem_down_read_slowpath+0x990/0x990
[   67.698791][ T4310]  ? i2c_cmd+0x110/0x110
[   67.703102][ T4310]  ? __might_fault+0xb7/0x110
[   67.707851][ T4310]  i2c_transfer+0x24c/0x390
[   67.712333][ T4310]  ? __i2c_transfer+0x2060/0x2060
[   67.717332][ T4310]  ? __might_fault+0xb3/0x110
[   67.721989][ T4310]  ? _copy_from_user+0x111/0x170
[   67.726914][ T4310]  i2cdev_ioctl_rdwr+0x3da/0x6c0
[   67.731837][ T4310]  i2cdev_ioctl+0x5ba/0x750
[   67.736320][ T4310]  ? i2cdev_write+0x120/0x120
[   67.740978][ T4310]  ? lock_chain_count+0x20/0x20
[   67.745812][ T4310]  ? bpf_lsm_file_ioctl+0x5/0x10
[   67.750730][ T4310]  ? security_file_ioctl+0x7c/0xa0
[   67.755931][ T4310]  ? i2cdev_write+0x120/0x120
[   67.760589][ T4310]  __se_sys_ioctl+0xfa/0x170
[   67.765159][ T4310]  do_syscall_64+0x4c/0xa0
[   67.769556][ T4310]  ? clear_bhb_loop+0x30/0x80
[   67.774225][ T4310]  ? clear_bhb_loop+0x30/0x80
[   67.778913][ T4310]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   67.784805][ T4310] RIP: 0033:0x7f138f071749
[   67.789206][ T4310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.808789][ T4310] RSP: 002b:00007ffed77cdc08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   67.817184][ T4310] RAX: ffffffffffffffda RBX: 00007f138f2c7fa0 RCX: 00007f138f071749
[   67.825134][ T4310] RDX: 00002000000002c0 RSI: 0000000000000707 RDI: 0000000000000004
[   67.833084][ T4310] RBP: 00007f138f0f5f91 R08: 0000000000000000 R09: 0000000000000000
[   67.841067][ T4310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   67.849105][ T4310] R13: 00007f138f2c7fa0 R14: 00007f138f2c7fa0 R15: 0000000000000003
[   67.857070][ T4310]  </TASK>
[   67.860067][ T4310] 
[   67.862367][ T4310] Allocated by task 4253:
[   67.866785][ T4310]  __kasan_kmalloc+0xb5/0xf0
[   67.871355][ T4310]  dvb_usb_device_init+0xc5e/0x23f0
[   67.876530][ T4310]  usb_probe_interface+0x5a0/0xaf0
[   67.881619][ T4310]  really_probe+0x284/0xc80
[   67.886199][ T4310]  __driver_probe_device+0x18c/0x330
[   67.891459][ T4310]  driver_probe_device+0x4f/0x420
[   67.896458][ T4310]  __device_attach_driver+0x2b0/0x500
[   67.901806][ T4310]  bus_for_each_drv+0x175/0x200
[   67.906633][ T4310]  __device_attach+0x29b/0x460
[   67.911379][ T4310]  bus_probe_device+0xbc/0x1e0
[   67.916114][ T4310]  device_add+0xa00/0xfb0
[   67.920421][ T4310]  usb_set_configuration+0x1991/0x1fd0
[   67.925860][ T4310]  usb_generic_driver_probe+0x89/0x150
[   67.931299][ T4310]  usb_probe_device+0x139/0x270
[   67.936125][ T4310]  really_probe+0x284/0xc80
[   67.940611][ T4310]  __driver_probe_device+0x18c/0x330
[   67.945871][ T4310]  driver_probe_device+0x4f/0x420
[   67.950889][ T4310]  __device_attach_driver+0x2b0/0x500
[   67.956241][ T4310]  bus_for_each_drv+0x175/0x200
[   67.961069][ T4310]  __device_attach+0x29b/0x460
[   67.965813][ T4310]  bus_probe_device+0xbc/0x1e0
[   67.970549][ T4310]  device_add+0xa00/0xfb0
[   67.974851][ T4310]  usb_new_device+0xd53/0x1640
[   67.979593][ T4310]  hub_event+0x2dd9/0x5560
[   67.983994][ T4310]  process_one_work+0x863/0x1000
[   67.988939][ T4310]  worker_thread+0xaa8/0x12a0
[   67.993609][ T4310]  kthread+0x436/0x520
[   67.997654][ T4310]  ret_from_fork+0x1f/0x30
[   68.002138][ T4310] 
[   68.004451][ T4310] The buggy address belongs to the object at ffff88802ac77c80
[   68.004451][ T4310]  which belongs to the cache kmalloc-96 of size 96
[   68.018306][ T4310] The buggy address is located 0 bytes inside of
[   68.018306][ T4310]  96-byte region [ffff88802ac77c80, ffff88802ac77ce0)
[   68.031307][ T4310] The buggy address belongs to the page:
[   68.036928][ T4310] page:ffffea0000ab1dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ac77
[   68.047056][ T4310] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   68.054591][ T4310] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016841780
[   68.063246][ T4310] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[   68.071821][ T4310] page dumped because: kasan: bad access detected
[   68.078235][ T4310] page_owner tracks the page as allocated
[   68.083928][ T4310] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 4251, ts 66643047374, free_ts 66354429190
[   68.101524][ T4310]  get_page_from_freelist+0x1b77/0x1c60
[   68.107056][ T4310]  __alloc_pages+0x1e1/0x470
[   68.111622][ T4310]  new_slab+0xb6/0x4b0
[   68.115669][ T4310]  ___slab_alloc+0x81e/0xdf0
[   68.120240][ T4310]  __kmalloc_node+0x200/0x3b0
[   68.124902][ T4310]  memcg_alloc_page_obj_cgroups+0x81/0x120
[   68.130695][ T4310]  new_slab+0x100/0x4b0
[   68.134833][ T4310]  ___slab_alloc+0x81e/0xdf0
[   68.139400][ T4310]  kmem_cache_alloc+0x195/0x290
[   68.144225][ T4310]  dst_alloc+0x101/0x160
[   68.148443][ T4310]  icmp6_dst_alloc+0x78/0x4a0
[   68.153097][ T4310]  mld_sendpack+0x580/0xc30
[   68.157577][ T4310]  ipv6_mc_dad_complete+0x84/0x210
[   68.163010][ T4310]  addrconf_dad_completed+0x6c7/0xca0
[   68.168449][ T4310]  addrconf_dad_work+0xc70/0x1520
[   68.173093][ T4256] Bluetooth: hci0: command 0x0419 tx timeout
[   68.173452][ T4310]  process_one_work+0x863/0x1000
[   68.184354][ T4310] page last free stack trace:
[   68.189020][ T4310]  free_unref_page_prepare+0x637/0x6c0
[   68.194481][ T4310]  free_unref_page+0x94/0x280
[   68.199143][ T4310]  qlist_free_all+0x35/0x90
[   68.203625][ T4310]  kasan_quarantine_reduce+0x150/0x160
[   68.209066][ T4310]  __kasan_slab_alloc+0x2f/0xd0
[   68.213896][ T4310]  slab_post_alloc_hook+0x4c/0x380
[   68.219010][ T4310]  kmem_cache_alloc_node+0x12d/0x2d0
[   68.224267][ T4310]  __alloc_skb+0xf4/0x750
[   68.228576][ T4310]  mld_newpack+0x12a/0xb90
[   68.232973][ T4310]  add_grhead+0x5a/0x240
[   68.237195][ T4310]  add_grec+0x1341/0x15d0
[   68.241501][ T4310]  mld_send_initial_cr+0xed/0x240
[   68.246507][ T4310]  mld_dad_work+0x41/0x270
[   68.250905][ T4310]  process_one_work+0x863/0x1000
[   68.255857][ T4310]  worker_thread+0xaa8/0x12a0
[   68.260511][ T4310]  kthread+0x436/0x520
[   68.265161][ T4310] 
[   68.267464][ T4310] Memory state around the buggy address:
[   68.273086][ T4310]  ffff88802ac77b80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   68.281139][ T4310]  ffff88802ac77c00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   68.289177][ T4310] >ffff88802ac77c80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   68.297211][ T4310]                                                  ^
[   68.303863][ T4310]  ffff88802ac77d00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   68.311898][ T4310]  ffff88802ac77d80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   68.319933][ T4310] ==================================================================
[   68.327968][ T4310] Disabling lock debugging due to kernel taint
[   68.334664][ T4253] zl10353_read_register: readreg error (reg=127, ret==0)
[   68.335725][ T4310] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   68.341719][ T4253] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   68.348870][ T4310] CPU: 1 PID: 4310 Comm: syz.0.17 Tainted: G    B             syzkaller #0
[   68.348885][ T4310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   68.348893][ T4310] Call Trace:
[   68.348898][ T4310]  <TASK>
[   68.348904][ T4310]  dump_stack_lvl+0x168/0x230
[   68.348925][ T4310]  ? show_regs_print_info+0x20/0x20
[   68.357340][ T4253] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   68.365876][ T4310]  ? load_image+0x3b0/0x3b0
[   68.365899][ T4310]  panic+0x2c9/0x7f0
[   68.365914][ T4310]  ? bpf_jit_dump+0xd0/0xd0
[   68.365928][ T4310]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   68.419427][ T4310]  ? _raw_spin_unlock+0x40/0x40
[   68.424258][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   68.429169][ T4310]  check_panic_on_warn+0x80/0xa0
[   68.434085][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   68.439176][ T4310]  end_report+0x6d/0xf0
[   68.443305][ T4310]  kasan_report+0x102/0x130
[   68.447781][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   68.452705][ T4310]  ? dtv5100_i2c_msg+0x1db/0x2d0
[   68.457622][ T4310]  kasan_check_range+0x27b/0x290
[   68.462539][ T4310]  memcpy+0x3c/0x60
[   68.466323][ T4310]  dtv5100_i2c_msg+0x1db/0x2d0
[   68.471182][ T4310]  dtv5100_i2c_xfer+0x47c/0x650
[   68.476019][ T4310]  ? dtv5100_tuner_attach+0xf0/0xf0
[   68.481277][ T4310]  __i2c_transfer+0x864/0x2060
[   68.486022][ T4310]  ? rwsem_down_read_slowpath+0x990/0x990
[   68.491724][ T4310]  ? i2c_cmd+0x110/0x110
[   68.495961][ T4310]  ? __might_fault+0xb7/0x110
[   68.500724][ T4310]  i2c_transfer+0x24c/0x390
[   68.505209][ T4310]  ? __i2c_transfer+0x2060/0x2060
[   68.510207][ T4310]  ? __might_fault+0xb3/0x110
[   68.514859][ T4310]  ? _copy_from_user+0x111/0x170
[   68.519772][ T4310]  i2cdev_ioctl_rdwr+0x3da/0x6c0
[   68.524689][ T4310]  i2cdev_ioctl+0x5ba/0x750
[   68.529168][ T4310]  ? i2cdev_write+0x120/0x120
[   68.533821][ T4310]  ? lock_chain_count+0x20/0x20
[   68.538651][ T4310]  ? bpf_lsm_file_ioctl+0x5/0x10
[   68.543569][ T4310]  ? security_file_ioctl+0x7c/0xa0
[   68.548656][ T4310]  ? i2cdev_write+0x120/0x120
[   68.553310][ T4310]  __se_sys_ioctl+0xfa/0x170
[   68.557880][ T4310]  do_syscall_64+0x4c/0xa0
[   68.562367][ T4310]  ? clear_bhb_loop+0x30/0x80
[   68.567293][ T4310]  ? clear_bhb_loop+0x30/0x80
[   68.571954][ T4310]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   68.577857][ T4310] RIP: 0033:0x7f138f071749
[   68.582253][ T4310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.601940][ T4310] RSP: 002b:00007ffed77cdc08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.610414][ T4310] RAX: ffffffffffffffda RBX: 00007f138f2c7fa0 RCX: 00007f138f071749
[   68.618373][ T4310] RDX: 00002000000002c0 RSI: 0000000000000707 RDI: 0000000000000004
[   68.626320][ T4310] RBP: 00007f138f0f5f91 R08: 0000000000000000 R09: 0000000000000000
[   68.634272][ T4310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.642249][ T4310] R13: 00007f138f2c7fa0 R14: 00007f138f2c7fa0 R15: 0000000000000003
[   68.650203][ T4310]  </TASK>
[   68.653494][ T4310] Kernel Offset: disabled
[   68.657807][ T4310] Rebooting in 86400 seconds..