Warning: Permanently added '10.128.1.175' (ED25519) to the list of known hosts.
2026/02/14 14:50:28 parsed 1 programs
[  109.693669][ T4291] cgroup: Unknown subsys name 'net'
[  109.839497][ T4291] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  111.386377][ T4291] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  113.928171][ T4320] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  113.936106][ T4320] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  113.944441][ T4320] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  113.952300][ T4320] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  113.960021][ T4320] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  113.970959][ T4320] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  114.429225][ T4334] chnl_net:caif_netlink_parms(): no params data found
[  114.475570][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.483493][ T4334] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.491688][ T4334] device bridge_slave_0 entered promiscuous mode
[  114.501777][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.509937][ T4334] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.518351][ T4334] device bridge_slave_1 entered promiscuous mode
[  114.547514][ T4334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.559140][ T4334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.588225][ T4334] team0: Port device team_slave_0 added
[  114.596417][ T4334] team0: Port device team_slave_1 added
[  114.617477][ T4334] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.624654][ T4334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.650755][ T4334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.663836][ T4334] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.670828][ T4334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.696891][ T4334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.765056][ T4334] device hsr_slave_0 entered promiscuous mode
[  114.777062][ T4334] device hsr_slave_1 entered promiscuous mode
[  114.877482][ T4334] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.888184][ T4334] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.897885][ T4334] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.906907][ T4334] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.942528][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.949969][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.957877][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.964989][ T4334] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.006994][ T4334] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.033058][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.044513][ T1124] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.053967][ T1124] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.068170][ T4334] 8021q: adding VLAN 0 to HW filter on device team0
[  115.090964][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.100072][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.107263][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.118747][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.128172][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.135401][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.155189][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  115.164429][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  115.176825][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  115.194822][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.206005][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.217690][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  115.400607][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  115.408216][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  115.423617][ T4334] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.447579][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  115.456920][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  115.477239][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  115.486848][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  115.496034][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  115.510256][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  115.520214][ T4334] device veth0_vlan entered promiscuous mode
[  115.542003][ T4334] device veth1_vlan entered promiscuous mode
[  115.567985][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  115.577666][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  115.587317][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  115.596051][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  115.608995][ T4334] device veth0_macvtap entered promiscuous mode
[  115.622208][ T4334] device veth1_macvtap entered promiscuous mode
[  115.637752][ T4334] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.645410][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  115.654590][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  115.662517][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  115.671090][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  115.682731][ T4334] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.690083][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  115.698843][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  115.710242][ T4334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.719860][ T4334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.732091][ T4334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.740942][ T4334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.855990][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.441399][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.452150][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.462743][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  116.484950][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.493696][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.501242][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/02/14 14:50:38 executed programs: 0
[  117.428637][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  117.437152][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  117.444812][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  117.454552][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  117.462000][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  117.469805][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  117.580754][ T4384] chnl_net:caif_netlink_parms(): no params data found
[  117.628390][ T4384] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.635805][ T4384] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.643851][ T4384] device bridge_slave_0 entered promiscuous mode
[  117.652170][ T4384] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.659476][ T4384] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.667386][ T4384] device bridge_slave_1 entered promiscuous mode
[  117.691854][ T4384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.702972][ T4384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  117.725028][ T4384] team0: Port device team_slave_0 added
[  117.733241][ T4384] team0: Port device team_slave_1 added
[  117.751347][ T4384] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.758740][ T4384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.785230][ T4384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.797943][ T4384] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.804944][ T4384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.831611][ T4384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.861869][ T4384] device hsr_slave_0 entered promiscuous mode
[  117.868776][ T4384] device hsr_slave_1 entered promiscuous mode
[  117.875724][ T4384] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  117.884306][ T4384] Cannot create hsr debugfs directory
[  118.503808][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.503040][ T4320] Bluetooth: hci0: command 0x0409 tx timeout
[  120.942995][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.014448][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.583470][ T4320] Bluetooth: hci0: command 0x041b tx timeout
[  121.882147][   T46] device hsr_slave_0 left promiscuous mode
[  121.893706][   T46] device hsr_slave_1 left promiscuous mode
[  121.900524][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.912630][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.921223][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.931609][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.939878][   T46] device bridge_slave_1 left promiscuous mode
[  121.949681][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.961751][   T46] device bridge_slave_0 left promiscuous mode
[  121.971872][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.000697][   T46] device veth1_macvtap left promiscuous mode
[  122.007243][   T46] device veth0_macvtap left promiscuous mode
[  122.013930][   T46] device veth1_vlan left promiscuous mode
[  122.020138][   T46] device veth0_vlan left promiscuous mode
[  122.400674][   T46] team0 (unregistering): Port device team_slave_1 removed
[  122.429846][   T46] team0 (unregistering): Port device team_slave_0 removed
[  122.459942][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.490918][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.684293][   T46] bond0 (unregistering): Released all slaves
[  122.804919][ T4384] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  122.814797][ T4384] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  122.826551][ T4384] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  122.837064][ T4384] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  122.908050][ T4384] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.921209][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  122.931190][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  122.941747][ T4384] 8021q: adding VLAN 0 to HW filter on device team0
[  122.953088][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  122.965500][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  122.974237][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.981356][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.991516][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.002245][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.011238][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.020069][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.027230][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.043434][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.052217][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.066392][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.075641][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.084215][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.104989][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.114049][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.134334][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.144014][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.167552][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.176172][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.194988][ T4384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  123.446735][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  123.454491][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  123.466925][ T4384] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.485344][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  123.494856][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  123.514978][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  123.523566][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  123.531881][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  123.541069][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  123.551373][ T4384] device veth0_vlan entered promiscuous mode
[  123.562084][ T4384] device veth1_vlan entered promiscuous mode
[  123.580835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  123.589660][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  123.598441][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  123.607227][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  123.635366][ T4384] device veth0_macvtap entered promiscuous mode
[  123.645041][ T4384] device veth1_macvtap entered promiscuous mode
[  123.660044][ T4384] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.662652][ T4320] Bluetooth: hci0: command 0x040f tx timeout
[  123.668080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  123.683245][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  123.691107][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  123.700226][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  123.725353][ T4384] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.734685][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  123.744034][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  123.755799][ T4384] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.765047][ T4384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.773872][ T4384] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.782635][ T4384] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.853485][ T4391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.865255][ T4391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.892515][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/02/14 14:50:44 executed programs: 2
[  123.910071][ T4391] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.918336][ T4391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.926471][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  124.094550][ T4446] ==================================================================
[  124.102682][ T4446] BUG: KASAN: use-after-free in dvb_device_open+0xc6/0x370
[  124.109914][ T4446] Read of size 8 at addr ffff8880294f4618 by task syz.0.19/4446
[  124.117564][ T4446] 
[  124.119902][ T4446] CPU: 1 PID: 4446 Comm: syz.0.19 Not tainted syzkaller #0
[  124.127118][ T4446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  124.137196][ T4446] Call Trace:
[  124.140491][ T4446]  <TASK>
[  124.143443][ T4446]  dump_stack_lvl+0x188/0x24e
[  124.148153][ T4446]  ? read_lock_is_recursive+0x10/0x10
[  124.153557][ T4446]  ? show_regs_print_info+0x12/0x12
[  124.158786][ T4446]  ? load_image+0x400/0x400
[  124.163312][ T4446]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  124.168792][ T4446]  ? __virt_addr_valid+0x188/0x540
[  124.173932][ T4446]  ? __virt_addr_valid+0x465/0x540
[  124.179066][ T4446]  ? dvb_device_open+0xc6/0x370
[  124.183946][ T4446]  print_report+0xa8/0x210
[  124.188412][ T4446]  kasan_report+0x10b/0x140
[  124.192942][ T4446]  ? dvb_device_open+0xc6/0x370
[  124.197824][ T4446]  dvb_device_open+0xc6/0x370
[  124.202530][ T4446]  ? do_raw_spin_unlock+0x11d/0x230
[  124.207758][ T4446]  chrdev_open+0x5c5/0x6a0
[  124.212292][ T4446]  ? cd_forget+0x160/0x160
[  124.216732][ T4446]  ? fsnotify_perm+0x39b/0x550
[  124.221523][ T4446]  ? cd_forget+0x160/0x160
[  124.225964][ T4446]  do_dentry_open+0x7e9/0x10d0
[  124.230781][ T4446]  path_openat+0x2635/0x2ee0
[  124.235418][ T4446]  ? verify_lock_unused+0x140/0x140
[  124.240654][ T4446]  ? do_syscall_64+0x4c/0xa0
[  124.245270][ T4446]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.251363][ T4446]  ? do_filp_open+0x430/0x430
[  124.256075][ T4446]  do_filp_open+0x1f1/0x430
[  124.260614][ T4446]  ? vfs_tmpfile+0x480/0x480
[  124.265233][ T4446]  ? _raw_spin_unlock+0x24/0x40
[  124.270106][ T4446]  ? alloc_fd+0x58f/0x630
[  124.274462][ T4446]  do_sys_openat2+0x150/0x4b0
[  124.279180][ T4446]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  124.285197][ T4446]  ? do_sys_open+0xe0/0xe0
[  124.289730][ T4446]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  124.295742][ T4446]  ? lock_chain_count+0x20/0x20
[  124.300620][ T4446]  __x64_sys_openat+0x135/0x160
[  124.305503][ T4446]  do_syscall_64+0x4c/0xa0
[  124.309958][ T4446]  ? clear_bhb_loop+0x60/0xb0
[  124.314662][ T4446]  ? clear_bhb_loop+0x60/0xb0
[  124.319364][ T4446]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.325276][ T4446] RIP: 0033:0x7f86f2b5c84e
[  124.329718][ T4446] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  124.349376][ T4446] RSP: 002b:00007f86f3aecb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  124.357816][ T4446] RAX: ffffffffffffffda RBX: 00007f86f3aed6c0 RCX: 00007f86f2b5c84e
[  124.365895][ T4446] RDX: 0000000000040002 RSI: 00007f86f3aecc00 RDI: ffffffffffffff9c
[  124.373896][ T4446] RBP: 00007f86f3aecc00 R08: 0000000000000000 R09: 0000000000000000
[  124.381892][ T4446] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  124.389882][ T4446] R13: 00007f86f2e16038 R14: 00007f86f2e15fa0 R15: 00007fff98387088
[  124.398060][ T4446]  </TASK>
[  124.401090][ T4446] 
[  124.403426][ T4446] Allocated by task 1:
[  124.407505][ T4446]  kasan_set_track+0x4b/0x70
[  124.412128][ T4446]  __kasan_kmalloc+0x8e/0xa0
[  124.416769][ T4446]  dvb_register_device+0x311/0x2150
[  124.422011][ T4446]  dvb_register_frontend+0x645/0x920
[  124.427321][ T4446]  vidtv_bridge_probe+0x9a1/0xf70
[  124.432454][ T4446]  platform_probe+0x137/0x1c0
[  124.437172][ T4446]  really_probe+0x2aa/0xc70
[  124.441795][ T4446]  __driver_probe_device+0x18c/0x330
[  124.447105][ T4446]  driver_probe_device+0x4f/0x420
[  124.452151][ T4446]  __driver_attach+0x44a/0x6e0
[  124.456937][ T4446]  bus_for_each_dev+0x182/0x1f0
[  124.461805][ T4446]  bus_add_driver+0x30a/0x5a0
[  124.466511][ T4446]  driver_register+0x32d/0x430
[  124.471387][ T4446]  vidtv_bridge_init+0x39/0x67
[  124.476169][ T4446]  do_one_initcall+0x26a/0x840
[  124.480955][ T4446]  do_initcall_level+0x137/0x1e4
[  124.485918][ T4446]  do_initcalls+0x4b/0x8a
[  124.490269][ T4446]  kernel_init_freeable+0x415/0x5be
[  124.495488][ T4446]  kernel_init+0x19/0x1b0
[  124.499934][ T4446]  ret_from_fork+0x1f/0x30
[  124.504373][ T4446] 
[  124.506715][ T4446] Freed by task 4444:
[  124.510710][ T4446]  kasan_set_track+0x4b/0x70
[  124.515499][ T4446]  kasan_save_free_info+0x2d/0x50
[  124.520553][ T4446]  ____kasan_slab_free+0x126/0x1e0
[  124.525685][ T4446]  slab_free_freelist_hook+0x131/0x1a0
[  124.531177][ T4446]  __kmem_cache_free+0xb6/0x1f0
[  124.536050][ T4446]  dvb_device_open+0x2e7/0x370
[  124.540841][ T4446]  chrdev_open+0x5c5/0x6a0
[  124.545277][ T4446]  do_dentry_open+0x7e9/0x10d0
[  124.550063][ T4446]  path_openat+0x2635/0x2ee0
[  124.554679][ T4446]  do_filp_open+0x1f1/0x430
[  124.559199][ T4446]  do_sys_openat2+0x150/0x4b0
[  124.563903][ T4446]  __x64_sys_openat+0x135/0x160
[  124.568775][ T4446]  do_syscall_64+0x4c/0xa0
[  124.573212][ T4446]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.579125][ T4446] 
[  124.581464][ T4446] The buggy address belongs to the object at ffff8880294f4600
[  124.581464][ T4446]  which belongs to the cache kmalloc-256 of size 256
[  124.595547][ T4446] The buggy address is located 24 bytes inside of
[  124.595547][ T4446]  256-byte region [ffff8880294f4600, ffff8880294f4700)
[  124.608752][ T4446] 
[  124.611094][ T4446] The buggy address belongs to the physical page:
[  124.617515][ T4446] page:ffffea0000a53d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x294f4
[  124.627686][ T4446] head:ffffea0000a53d00 order:1 compound_mapcount:0 compound_pincount:0
[  124.636021][ T4446] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  124.644037][ T4446] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441b40
[  124.652731][ T4446] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  124.661418][ T4446] page dumped because: kasan: bad access detected
[  124.667851][ T4446] page_owner tracks the page as allocated
[  124.673580][ T4446] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 11247605864, free_ts 0
[  124.693748][ T4446]  post_alloc_hook+0x173/0x1a0
[  124.698540][ T4446]  get_page_from_freelist+0x1a1e/0x1ab0
[  124.704115][ T4446]  __alloc_pages+0x1ec/0x4f0
[  124.708738][ T4446]  alloc_page_interleave+0x24/0x1e0
[  124.713957][ T4446]  alloc_slab_page+0x5d/0x160
[  124.718651][ T4446]  new_slab+0x87/0x2c0
[  124.722834][ T4446]  ___slab_alloc+0xbc6/0x1240
[  124.727543][ T4446]  __kmem_cache_alloc_node+0x1a0/0x260
[  124.733018][ T4446]  kmalloc_trace+0x26/0xe0
[  124.737459][ T4446]  bus_add_driver+0xda/0x5a0
[  124.742069][ T4446]  driver_register+0x32d/0x430
[  124.746857][ T4446]  usb_register_driver+0x202/0x3d0
[  124.751992][ T4446]  do_one_initcall+0x26a/0x840
[  124.756779][ T4446]  do_initcall_level+0x137/0x1e4
[  124.761745][ T4446]  do_initcalls+0x4b/0x8a
[  124.766098][ T4446]  kernel_init_freeable+0x415/0x5be
[  124.771323][ T4446] page_owner free stack trace missing
[  124.776710][ T4446] 
[  124.779049][ T4446] Memory state around the buggy address:
[  124.784693][ T4446]  ffff8880294f4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  124.792767][ T4446]  ffff8880294f4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  124.800838][ T4446] >ffff8880294f4600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.808914][ T4446]                             ^
[  124.813779][ T4446]  ffff8880294f4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.821857][ T4446]  ffff8880294f4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  124.829926][ T4446] ==================================================================
[  124.853748][ T4446] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  124.861013][ T4446] CPU: 1 PID: 4446 Comm: syz.0.19 Not tainted syzkaller #0
[  124.868232][ T4446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  124.878307][ T4446] Call Trace:
[  124.881616][ T4446]  <TASK>
[  124.884610][ T4446]  dump_stack_lvl+0x188/0x24e
[  124.889416][ T4446]  ? memcpy+0x3c/0x60
[  124.893426][ T4446]  ? show_regs_print_info+0x12/0x12
[  124.899083][ T4446]  ? load_image+0x400/0x400
[  124.903646][ T4446]  panic+0x2e5/0x730
[  124.907561][ T4446]  ? bpf_jit_dump+0xd0/0xd0
[  124.912090][ T4446]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  124.918102][ T4446]  ? _raw_spin_unlock+0x40/0x40
[  124.922987][ T4446]  check_panic_on_warn+0x80/0xa0
[  124.927957][ T4446]  ? dvb_device_open+0xc6/0x370
[  124.933025][ T4446]  end_report+0x66/0x110
[  124.937298][ T4446]  kasan_report+0x118/0x140
[  124.941829][ T4446]  ? dvb_device_open+0xc6/0x370
[  124.946715][ T4446]  dvb_device_open+0xc6/0x370
[  124.951417][ T4446]  ? do_raw_spin_unlock+0x11d/0x230
[  124.956633][ T4446]  chrdev_open+0x5c5/0x6a0
[  124.961097][ T4446]  ? cd_forget+0x160/0x160
[  124.965663][ T4446]  ? fsnotify_perm+0x39b/0x550
[  124.970506][ T4446]  ? cd_forget+0x160/0x160
[  124.974952][ T4446]  do_dentry_open+0x7e9/0x10d0
[  124.979752][ T4446]  path_openat+0x2635/0x2ee0
[  124.984370][ T4446]  ? verify_lock_unused+0x140/0x140
[  124.989599][ T4446]  ? do_syscall_64+0x4c/0xa0
[  124.994218][ T4446]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  125.000312][ T4446]  ? do_filp_open+0x430/0x430
[  125.005016][ T4446]  do_filp_open+0x1f1/0x430
[  125.009538][ T4446]  ? vfs_tmpfile+0x480/0x480
[  125.014249][ T4446]  ? _raw_spin_unlock+0x24/0x40
[  125.019141][ T4446]  ? alloc_fd+0x58f/0x630
[  125.023504][ T4446]  do_sys_openat2+0x150/0x4b0
[  125.028217][ T4446]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  125.034243][ T4446]  ? do_sys_open+0xe0/0xe0
[  125.038701][ T4446]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  125.044726][ T4446]  ? lock_chain_count+0x20/0x20
[  125.049610][ T4446]  __x64_sys_openat+0x135/0x160
[  125.054523][ T4446]  do_syscall_64+0x4c/0xa0
[  125.058980][ T4446]  ? clear_bhb_loop+0x60/0xb0
[  125.063678][ T4446]  ? clear_bhb_loop+0x60/0xb0
[  125.068384][ T4446]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  125.074300][ T4446] RIP: 0033:0x7f86f2b5c84e
[  125.078730][ T4446] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  125.098358][ T4446] RSP: 002b:00007f86f3aecb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  125.106807][ T4446] RAX: ffffffffffffffda RBX: 00007f86f3aed6c0 RCX: 00007f86f2b5c84e
[  125.114811][ T4446] RDX: 0000000000040002 RSI: 00007f86f3aecc00 RDI: ffffffffffffff9c
[  125.122810][ T4446] RBP: 00007f86f3aecc00 R08: 0000000000000000 R09: 0000000000000000
[  125.130795][ T4446] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  125.138779][ T4446] R13: 00007f86f2e16038 R14: 00007f86f2e15fa0 R15: 00007fff98387088
[  125.146788][ T4446]  </TASK>
[  125.149965][ T4446] Kernel Offset: disabled
[  125.154288][ T4446] Rebooting in 86400 seconds..