Warning: Permanently added '10.128.0.113' (ED25519) to the list of known hosts.
2026/04/05 16:53:24 parsed 1 programs
[   92.032978][   T31] cfg80211: failed to load regulatory.db
[   92.542682][ T5803] cgroup: Unknown subsys name 'net'
[   92.784143][ T5803] cgroup: Unknown subsys name 'cpuset'
[   92.838705][ T5803] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   94.699064][ T5803] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   98.463164][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   98.669973][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.670814][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.670950][ T5823] bridge_slave_0: entered allmulticast mode
[   98.672962][ T5823] bridge_slave_0: entered promiscuous mode
[   98.677496][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.677687][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.678826][ T5823] bridge_slave_1: entered allmulticast mode
[   98.686462][ T5823] bridge_slave_1: entered promiscuous mode
[   98.756054][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.764993][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.810725][ T5823] team0: Port device team_slave_0 added
[   98.813940][ T5823] team0: Port device team_slave_1 added
[   98.853470][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.853482][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.853500][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.856221][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.856236][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.856254][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.977874][ T5823] hsr_slave_0: entered promiscuous mode
[   98.985599][ T5823] hsr_slave_1: entered promiscuous mode
[   99.215157][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.234744][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.273253][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.313115][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.385478][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.386362][ T5823] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.387035][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.387138][ T5823] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.501983][ T2836] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.538454][ T2836] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.781152][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.807276][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   99.822927][ T2836] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.823076][ T2836] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.843149][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.843241][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.081135][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.132659][ T5823] veth0_vlan: entered promiscuous mode
[  100.146590][ T5823] veth1_vlan: entered promiscuous mode
[  100.181950][ T5823] veth0_macvtap: entered promiscuous mode
[  100.186305][ T5823] veth1_macvtap: entered promiscuous mode
[  100.212774][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.231007][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.254287][ T1160] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.255732][ T1160] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.255777][ T1160] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.255814][ T1160] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.943329][ T1160] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.203329][ T1160] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.472818][ T1160] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.043603][ T1160] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.180950][ T1160] bridge_slave_1: left allmulticast mode
[  103.181342][ T1160] bridge_slave_1: left promiscuous mode
[  103.182274][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.259351][ T1160] bridge_slave_0: left allmulticast mode
[  103.259376][ T1160] bridge_slave_0: left promiscuous mode
[  103.259560][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.900749][ T1160] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.978748][ T1160] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.000357][ T1160] bond0 (unregistering): Released all slaves
[  104.338115][ T1160] hsr_slave_0: left promiscuous mode
[  104.382565][ T1160] hsr_slave_1: left promiscuous mode
[  104.384048][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.384118][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.419914][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.419943][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.511612][ T1160] veth1_macvtap: left promiscuous mode
[  104.511853][ T1160] veth0_macvtap: left promiscuous mode
[  104.512152][ T1160] veth1_vlan: left promiscuous mode
[  104.512430][ T1160] veth0_vlan: left promiscuous mode
[  105.401576][ T1160] team0 (unregistering): Port device team_slave_1 removed
[  105.458762][ T1160] team0 (unregistering): Port device team_slave_0 removed
[  105.891515][ T5895] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.906681][ T5895] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.916425][ T5895] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.924369][ T5895] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.925996][ T5895] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.552243][ T3548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.552267][ T3548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.682839][ T3548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.682861][ T3548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/04/05 16:53:46 executed programs: 0
[  110.767006][ T5895] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  110.778520][ T5895] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  110.780205][ T5895] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  110.785498][ T5895] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  110.786632][ T5895] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  111.287677][ T5975] chnl_net:caif_netlink_parms(): no params data found
[  111.400489][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.400633][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.400742][ T5975] bridge_slave_0: entered allmulticast mode
[  111.402572][ T5975] bridge_slave_0: entered promiscuous mode
[  111.404880][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.405011][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.405115][ T5975] bridge_slave_1: entered allmulticast mode
[  111.406878][ T5975] bridge_slave_1: entered promiscuous mode
[  111.495067][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.500134][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.542409][ T5975] team0: Port device team_slave_0 added
[  111.544912][ T5975] team0: Port device team_slave_1 added
[  111.592399][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.592413][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.592431][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.596175][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.596205][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.596223][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.815480][ T5975] hsr_slave_0: entered promiscuous mode
[  111.816541][ T5975] hsr_slave_1: entered promiscuous mode
[  112.909514][ T5118] Bluetooth: hci0: command tx timeout
[  113.917187][ T5975] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  113.954508][ T5975] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  113.994757][ T5975] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.036153][ T5975] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.194401][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.225493][ T5975] 8021q: adding VLAN 0 to HW filter on device team0
[  114.238578][ T4996] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.238717][ T4996] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.269720][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.270670][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.627642][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.714788][ T5975] veth0_vlan: entered promiscuous mode
[  114.736993][ T5975] veth1_vlan: entered promiscuous mode
[  114.805092][ T5975] veth0_macvtap: entered promiscuous mode
[  114.823232][ T5975] veth1_macvtap: entered promiscuous mode
[  114.852785][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.870840][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.892233][ T2836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.893135][ T2836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.895924][ T2836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.897373][ T2836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.988920][ T5118] Bluetooth: hci0: command tx timeout
[  115.162061][ T2836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.162081][ T2836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.247270][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.247292][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.540599][ T6080] ==================================================================
[  115.540616][ T6080] BUG: KASAN: slab-use-after-free in dvb_device_open+0xc4/0x360
[  115.540662][ T6080] Read of size 8 at addr ffff88802be5b018 by task syz.0.19/6080
[  115.540680][ T6080] 
[  115.540709][ T6080] CPU: 1 UID: 0 PID: 6080 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  115.540733][ T6080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  115.540755][ T6080] Call Trace:
[  115.540767][ T6080]  <TASK>
[  115.540777][ T6080]  dump_stack_lvl+0xe8/0x150
[  115.540810][ T6080]  print_report+0xba/0x230
[  115.540863][ T6080]  ? dvb_device_open+0xc4/0x360
[  115.540891][ T6080]  kasan_report+0x117/0x150
[  115.540914][ T6080]  ? dvb_device_open+0xc4/0x360
[  115.540947][ T6080]  dvb_device_open+0xc4/0x360
[  115.540975][ T6080]  ? rt_spin_unlock+0x160/0x200
[  115.541009][ T6080]  chrdev_open+0x4d0/0x5f0
[  115.541033][ T6080]  ? __pfx_chrdev_open+0x10/0x10
[  115.541055][ T6080]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[  115.541088][ T6080]  ? __pfx_chrdev_open+0x10/0x10
[  115.541111][ T6080]  do_dentry_open+0x83d/0x13e0
[  115.541151][ T6080]  vfs_open+0x3b/0x350
[  115.541175][ T6080]  ? path_openat+0x2e2b/0x38a0
[  115.541211][ T6080]  path_openat+0x2e43/0x38a0
[  115.541264][ T6080]  ? __pfx_path_openat+0x10/0x10
[  115.541298][ T6080]  ? __lock_acquire+0x6b5/0x2cf0
[  115.541320][ T6080]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  115.541356][ T6080]  ? do_raw_spin_lock+0x12b/0x2f0
[  115.541391][ T6080]  do_file_open+0x23e/0x4a0
[  115.541425][ T6080]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  115.541450][ T6080]  ? __pfx_do_file_open+0x10/0x10
[  115.541483][ T6080]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  115.541527][ T6080]  ? alloc_fd+0x64e/0x6c0
[  115.541559][ T6080]  do_sys_openat2+0x113/0x200
[  115.541589][ T6080]  ? __pfx_do_sys_openat2+0x10/0x10
[  115.541620][ T6080]  ? __task_pid_nr_ns+0x28/0x470
[  115.541644][ T6080]  __x64_sys_openat+0x138/0x170
[  115.541673][ T6080]  do_syscall_64+0x14d/0xf80
[  115.541696][ T6080]  ? trace_irq_disable+0x3b/0x150
[  115.541723][ T6080]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.541745][ T6080]  ? clear_bhb_loop+0x40/0x90
[  115.541769][ T6080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.541792][ T6080] RIP: 0033:0x7f44f607d04e
[  115.541822][ T6080] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  115.541840][ T6080] RSP: 002b:00007ffe815de258 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  115.541863][ T6080] RAX: ffffffffffffffda RBX: 00005555952b0500 RCX: 00007f44f607d04e
[  115.541879][ T6080] RDX: 0000000000000002 RSI: 00007ffe815de330 RDI: ffffffffffffff9c
[  115.541894][ T6080] RBP: 00007ffe815de330 R08: 0000000000000000 R09: 0000000000000000
[  115.541907][ T6080] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  115.541921][ T6080] R13: 00007f44f6335fac R14: 00007f44f6335fa0 R15: 00007f44f6335fa0
[  115.541946][ T6080]  </TASK>
[  115.541953][ T6080] 
[  115.541958][ T6080] Allocated by task 1:
[  115.541968][ T6080]  kasan_save_track+0x3e/0x80
[  115.542010][ T6080]  __kasan_kmalloc+0x93/0xb0
[  115.542039][ T6080]  __kmalloc_cache_noprof+0x3a6/0x690
[  115.542057][ T6080]  dvb_register_device+0x2fd/0x21e0
[  115.542081][ T6080]  dvb_register_frontend+0x665/0x970
[  115.542103][ T6080]  vidtv_bridge_probe+0x9aa/0xf80
[  115.542131][ T6080]  platform_probe+0xf9/0x190
[  115.542162][ T6080]  really_probe+0x267/0xaf0
[  115.542187][ T6080]  __driver_probe_device+0x18c/0x320
[  115.542211][ T6080]  driver_probe_device+0x4f/0x240
[  115.542257][ T6080]  __driver_attach+0x34c/0x640
[  115.542282][ T6080]  bus_for_each_dev+0x23e/0x2c0
[  115.542300][ T6080]  bus_add_driver+0x348/0x670
[  115.542319][ T6080]  driver_register+0x23a/0x320
[  115.542347][ T6080]  vidtv_bridge_init+0x28/0x50
[  115.542377][ T6080]  do_one_initcall+0x250/0x8d0
[  115.542408][ T6080]  do_initcall_level+0x104/0x190
[  115.542428][ T6080]  do_initcalls+0x59/0xa0
[  115.542448][ T6080]  kernel_init_freeable+0x2a6/0x3e0
[  115.542468][ T6080]  kernel_init+0x1d/0x1d0
[  115.542506][ T6080]  ret_from_fork+0x51e/0xb90
[  115.542533][ T6080]  ret_from_fork_asm+0x1a/0x30
[  115.542550][ T6080] 
[  115.542555][ T6080] Freed by task 6078:
[  115.542565][ T6080]  kasan_save_track+0x3e/0x80
[  115.542593][ T6080]  kasan_save_free_info+0x46/0x50
[  115.542616][ T6080]  __kasan_slab_free+0x5c/0x80
[  115.542644][ T6080]  kfree+0x1c1/0x6c0
[  115.542669][ T6080]  dvb_device_open+0x2d6/0x360
[  115.542693][ T6080]  chrdev_open+0x4d0/0x5f0
[  115.542710][ T6080]  do_dentry_open+0x83d/0x13e0
[  115.542731][ T6080]  vfs_open+0x3b/0x350
[  115.542753][ T6080]  path_openat+0x2e43/0x38a0
[  115.542782][ T6080]  do_file_open+0x23e/0x4a0
[  115.542809][ T6080]  do_sys_openat2+0x113/0x200
[  115.542831][ T6080]  __x64_sys_openat+0x138/0x170
[  115.542854][ T6080]  do_syscall_64+0x14d/0xf80
[  115.542879][ T6080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.542897][ T6080] 
[  115.542902][ T6080] The buggy address belongs to the object at ffff88802be5b000
[  115.542902][ T6080]  which belongs to the cache kmalloc-512 of size 512
[  115.542920][ T6080] The buggy address is located 24 bytes inside of
[  115.542920][ T6080]  freed 512-byte region [ffff88802be5b000, ffff88802be5b200)
[  115.542940][ T6080] 
[  115.542945][ T6080] The buggy address belongs to the physical page:
[  115.542966][ T6080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2be58
[  115.542986][ T6080] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  115.543002][ T6080] flags: 0x80000000000040(head|node=0|zone=1)
[  115.543024][ T6080] page_type: f5(slab)
[  115.543043][ T6080] raw: 0080000000000040 ffff88813fe1ac80 dead000000000100 dead000000000122
[  115.543060][ T6080] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  115.543079][ T6080] head: 0080000000000040 ffff88813fe1ac80 dead000000000100 dead000000000122
[  115.543097][ T6080] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  115.543115][ T6080] head: 0080000000000002 ffffea0000af9601 00000000ffffffff 00000000ffffffff
[  115.543132][ T6080] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[  115.543148][ T6080] page dumped because: kasan: bad access detected
[  115.543162][ T6080] page_owner tracks the page as allocated
[  115.543169][ T6080] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 19177877244, free_ts 0
[  115.543202][ T6080]  post_alloc_hook+0x231/0x280
[  115.543231][ T6080]  get_page_from_freelist+0x28bb/0x2950
[  115.543251][ T6080]  __alloc_frozen_pages_noprof+0x18d/0x380
[  115.543271][ T6080]  allocate_slab+0x77/0x660
[  115.543293][ T6080]  refill_objects+0x334/0x3c0
[  115.543314][ T6080]  __pcs_replace_empty_main+0x35c/0x710
[  115.543336][ T6080]  __kmalloc_cache_noprof+0x44e/0x690
[  115.543354][ T6080]  set_kthread_struct+0xbb/0x340
[  115.543381][ T6080]  copy_process+0x128c/0x3cd0
[  115.543406][ T6080]  kernel_clone+0x249/0x840
[  115.543434][ T6080]  kernel_thread+0x13f/0x1b0
[  115.543461][ T6080]  kthreadd+0x4ec/0x6e0
[  115.543477][ T6080]  ret_from_fork+0x51e/0xb90
[  115.543504][ T6080]  ret_from_fork_asm+0x1a/0x30
[  115.543522][ T6080] page_owner free stack trace missing
[  115.543529][ T6080] 
[  115.543534][ T6080] Memory state around the buggy address:
[  115.543545][ T6080]  ffff88802be5af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  115.543559][ T6080]  ffff88802be5af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  115.543573][ T6080] >ffff88802be5b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.543584][ T6080]                             ^
[  115.543595][ T6080]  ffff88802be5b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.543609][ T6080]  ffff88802be5b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.543620][ T6080] ==================================================================
[  115.550019][ T6080] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  115.550040][ T6080] CPU: 1 UID: 0 PID: 6080 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  115.550064][ T6080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  115.550077][ T6080] Call Trace:
[  115.550086][ T6080]  <TASK>
[  115.550094][ T6080]  vpanic+0x56c/0xa60
[  115.550144][ T6080]  ? __pfx_vpanic+0x10/0x10
[  115.550176][ T6080]  ? __pfx___schedule+0x10/0x10
[  115.550201][ T6080]  panic+0xc5/0xd0
[  115.550231][ T6080]  ? __pfx_panic+0x10/0x10
[  115.550262][ T6080]  ? preempt_schedule_thunk+0x16/0x30
[  115.550292][ T6080]  ? dvb_device_open+0xc4/0x360
[  115.550321][ T6080]  check_panic_on_warn+0x89/0xb0
[  115.550347][ T6080]  ? dvb_device_open+0xc4/0x360
[  115.550375][ T6080]  end_report+0x73/0x180
[  115.550395][ T6080]  ? dvb_device_open+0xc4/0x360
[  115.550423][ T6080]  kasan_report+0x128/0x150
[  115.550445][ T6080]  ? dvb_device_open+0xc4/0x360
[  115.550476][ T6080]  dvb_device_open+0xc4/0x360
[  115.550504][ T6080]  ? rt_spin_unlock+0x160/0x200
[  115.550535][ T6080]  chrdev_open+0x4d0/0x5f0
[  115.550559][ T6080]  ? __pfx_chrdev_open+0x10/0x10
[  115.550581][ T6080]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[  115.550615][ T6080]  ? __pfx_chrdev_open+0x10/0x10
[  115.550636][ T6080]  do_dentry_open+0x83d/0x13e0
[  115.550669][ T6080]  vfs_open+0x3b/0x350
[  115.550691][ T6080]  ? path_openat+0x2e2b/0x38a0
[  115.550724][ T6080]  path_openat+0x2e43/0x38a0
[  115.550773][ T6080]  ? __pfx_path_openat+0x10/0x10
[  115.550805][ T6080]  ? __lock_acquire+0x6b5/0x2cf0
[  115.550826][ T6080]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  115.550863][ T6080]  ? do_raw_spin_lock+0x12b/0x2f0
[  115.550896][ T6080]  do_file_open+0x23e/0x4a0
[  115.550929][ T6080]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  115.550955][ T6080]  ? __pfx_do_file_open+0x10/0x10
[  115.550987][ T6080]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  115.551029][ T6080]  ? alloc_fd+0x64e/0x6c0
[  115.551060][ T6080]  do_sys_openat2+0x113/0x200
[  115.551088][ T6080]  ? __pfx_do_sys_openat2+0x10/0x10
[  115.551118][ T6080]  ? __task_pid_nr_ns+0x28/0x470
[  115.551150][ T6080]  __x64_sys_openat+0x138/0x170
[  115.551190][ T6080]  do_syscall_64+0x14d/0xf80
[  115.551213][ T6080]  ? trace_irq_disable+0x3b/0x150
[  115.551237][ T6080]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.551258][ T6080]  ? clear_bhb_loop+0x40/0x90
[  115.551280][ T6080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.551301][ T6080] RIP: 0033:0x7f44f607d04e
[  115.551318][ T6080] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  115.551336][ T6080] RSP: 002b:00007ffe815de258 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  115.551358][ T6080] RAX: ffffffffffffffda RBX: 00005555952b0500 RCX: 00007f44f607d04e
[  115.551373][ T6080] RDX: 0000000000000002 RSI: 00007ffe815de330 RDI: ffffffffffffff9c
[  115.551387][ T6080] RBP: 00007ffe815de330 R08: 0000000000000000 R09: 0000000000000000
[  115.551400][ T6080] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  115.551413][ T6080] R13: 00007f44f6335fac R14: 00007f44f6335fa0 R15: 00007f44f6335fa0
[  115.551437][ T6080]  </TASK>
[  115.551594][ T6080] Kernel Offset: disabled