Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts.
2026/04/13 01:38:24 parsed 1 programs
[   88.946917][ T5843] cgroup: Unknown subsys name 'net'
[   89.059241][ T5843] cgroup: Unknown subsys name 'cpuset'
[   89.069059][ T5843] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   90.742977][ T5843] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.805689][  T963] cfg80211: failed to load regulatory.db
[   94.273741][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.315939][ T5899] chnl_net:caif_netlink_parms(): no params data found
[   96.407723][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.415749][ T5899] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.422972][ T5899] bridge_slave_0: entered allmulticast mode
[   96.430804][ T5899] bridge_slave_0: entered promiscuous mode
[   96.440901][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.448188][ T5899] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.456400][ T5899] bridge_slave_1: entered allmulticast mode
[   96.464640][ T5899] bridge_slave_1: entered promiscuous mode
[   96.525390][ T5899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.537695][ T5899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.583061][ T5899] team0: Port device team_slave_0 added
[   96.591132][ T5899] team0: Port device team_slave_1 added
[   96.621389][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.628653][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   96.654744][ T5899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.667832][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.674821][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   96.700860][ T5899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.749065][ T5899] hsr_slave_0: entered promiscuous mode
[   96.756183][ T5899] hsr_slave_1: entered promiscuous mode
[   96.915727][ T5899] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.928132][ T5899] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.939433][ T5899] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.949375][ T5899] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.983178][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.990564][ T5899] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.998340][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.005484][ T5899] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.063265][ T5899] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.084768][ T1019] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.094636][ T1019] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.110681][ T5899] 8021q: adding VLAN 0 to HW filter on device team0
[   97.124170][ T1019] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.131315][ T1019] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.146360][ T1019] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.153513][ T1019] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.332323][ T5899] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.376297][ T5899] veth0_vlan: entered promiscuous mode
[   97.389369][ T5899] veth1_vlan: entered promiscuous mode
[   97.423499][ T5899] veth0_macvtap: entered promiscuous mode
[   97.437490][ T5899] veth1_macvtap: entered promiscuous mode
[   97.456532][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.471512][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.488163][   T65] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.498912][   T65] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.508721][   T65] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.518187][   T65] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.673173][ T1019] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.753131][ T1019] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.811419][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.823173][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.847222][ T1019] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.880887][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.890007][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.913349][ T1019] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.692547][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.700981][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.709491][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.719357][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.727716][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/04/13 01:38:38 executed programs: 0
[   99.262603][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.271800][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.280466][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.289871][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.299111][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.469833][ T5951] chnl_net:caif_netlink_parms(): no params data found
[   99.551576][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.559044][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.567353][ T5951] bridge_slave_0: entered allmulticast mode
[   99.574747][ T5951] bridge_slave_0: entered promiscuous mode
[   99.584631][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.592090][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.599403][ T5951] bridge_slave_1: entered allmulticast mode
[   99.606771][ T5951] bridge_slave_1: entered promiscuous mode
[   99.639103][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.651134][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.682785][ T5951] team0: Port device team_slave_0 added
[   99.690880][ T5951] team0: Port device team_slave_1 added
[   99.718003][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.725036][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.751540][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.763952][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.771104][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.798464][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.843235][ T5951] hsr_slave_0: entered promiscuous mode
[   99.849648][ T5951] hsr_slave_1: entered promiscuous mode
[   99.856166][ T5951] debugfs: 'hsr0' already exists in 'hsr'
[   99.862014][ T5951] Cannot create hsr debugfs directory
[  100.664771][ T1019] bridge_slave_1: left allmulticast mode
[  100.671628][ T1019] bridge_slave_1: left promiscuous mode
[  100.681738][ T1019] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.693233][ T1019] bridge_slave_0: left allmulticast mode
[  100.700407][ T1019] bridge_slave_0: left promiscuous mode
[  100.707143][ T1019] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.871185][ T1019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.882613][ T1019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.893080][ T1019] bond0 (unregistering): Released all slaves
[  101.012377][ T1019] hsr_slave_0: left promiscuous mode
[  101.022528][ T1019] hsr_slave_1: left promiscuous mode
[  101.029419][ T1019] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.037335][ T1019] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.046637][ T1019] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.054140][ T1019] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.072108][ T1019] veth1_macvtap: left promiscuous mode
[  101.078303][ T1019] veth0_macvtap: left promiscuous mode
[  101.083970][ T1019] veth1_vlan: left promiscuous mode
[  101.089932][ T1019] veth0_vlan: left promiscuous mode
[  101.317060][ T5942] Bluetooth: hci0: command tx timeout
[  101.399772][ T1019] team0 (unregistering): Port device team_slave_1 removed
[  101.443232][ T1019] team0 (unregistering): Port device team_slave_0 removed
[  101.929808][ T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.954684][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.979190][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.992885][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.107749][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.134332][ T5951] 8021q: adding VLAN 0 to HW filter on device team0
[  102.402704][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.409880][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.427226][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.434451][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.830503][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.961317][ T5951] veth0_vlan: entered promiscuous mode
[  102.988787][ T5951] veth1_vlan: entered promiscuous mode
[  103.069401][ T5951] veth0_macvtap: entered promiscuous mode
[  103.081227][ T5951] veth1_macvtap: entered promiscuous mode
[  103.109128][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.132131][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.158779][   T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.174161][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.198615][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.207636][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.304073][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.324299][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.369505][ T1019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.379313][ T1019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.395413][ T5942] Bluetooth: hci0: command tx timeout
[  103.469365][ T6016] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size.
[  104.160352][ T6062] ==================================================================
[  104.168487][ T6062] BUG: KASAN: slab-use-after-free in drm_gem_object_release_handle+0x4b/0x1e0
[  104.177397][ T6062] Read of size 8 at addr ffff888037705a78 by task syz.0.28/6062
[  104.185068][ T6062] 
[  104.187442][ T6062] CPU: 1 UID: 0 PID: 6062 Comm: syz.0.28 Not tainted syzkaller #0 PREEMPT(full) 
[  104.187465][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.187486][ T6062] Call Trace:
[  104.187494][ T6062]  <TASK>
[  104.187502][ T6062]  dump_stack_lvl+0xe8/0x150
[  104.187534][ T6062]  print_address_description+0x55/0x1e0
[  104.187562][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  104.187582][ T6062]  print_report+0x58/0x70
[  104.187606][ T6062]  kasan_report+0x117/0x150
[  104.187628][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  104.187651][ T6062]  drm_gem_object_release_handle+0x4b/0x1e0
[  104.187672][ T6062]  idr_for_each+0x1c6/0x2a0
[  104.187698][ T6062]  ? __pfx_drm_fb_release+0x10/0x10
[  104.187726][ T6062]  ? __pfx_drm_gem_object_release_handle+0x10/0x10
[  104.187746][ T6062]  ? __pfx_idr_for_each+0x10/0x10
[  104.187778][ T6062]  drm_gem_release+0x28/0x40
[  104.187797][ T6062]  drm_file_free+0x729/0xa00
[  104.187826][ T6062]  drm_release+0x2de/0x3f0
[  104.187851][ T6062]  ? __pfx_drm_release+0x10/0x10
[  104.187874][ T6062]  __fput+0x44f/0xa60
[  104.187905][ T6062]  task_work_run+0x1d9/0x270
[  104.187929][ T6062]  ? __pfx_task_work_run+0x10/0x10
[  104.187955][ T6062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.187976][ T6062]  exit_to_user_mode_loop+0xed/0x480
[  104.188001][ T6062]  ? rcu_is_watching+0x15/0xb0
[  104.188030][ T6062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.188062][ T6062]  do_syscall_64+0x33e/0xf80
[  104.188085][ T6062]  ? trace_irq_disable+0x3b/0x140
[  104.188107][ T6062]  ? clear_bhb_loop+0x40/0x90
[  104.188126][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.188144][ T6062] RIP: 0033:0x7fa88339c819
[  104.188165][ T6062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.188180][ T6062] RSP: 002b:00007ffe18518438 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  104.188199][ T6062] RAX: 0000000000000000 RBX: 00007ffe18518520 RCX: 00007fa88339c819
[  104.188212][ T6062] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  104.188222][ T6062] RBP: 00000000000196b4 R08: 0000000000000001 R09: 0000000000000000
[  104.188233][ T6062] R10: 0000001b2fe20000 R11: 0000000000000246 R12: 00007ffe18518560
[  104.188244][ T6062] R13: 00007fa88361609c R14: 00000000000196e9 R15: 00007fa883616090
[  104.188265][ T6062]  </TASK>
[  104.188272][ T6062] 
[  104.424484][ T6062] Allocated by task 6063:
[  104.428819][ T6062]  kasan_save_track+0x3e/0x80
[  104.433527][ T6062]  __kasan_kmalloc+0x93/0xb0
[  104.438136][ T6062]  __kmalloc_cache_noprof+0x31c/0x660
[  104.443521][ T6062]  __drm_gem_shmem_create+0xc4/0x2e0
[  104.448840][ T6062]  drm_gem_shmem_dumb_create+0x72/0x120
[  104.454409][ T6062]  drm_mode_create_dumb_ioctl+0x2bd/0x340
[  104.460136][ T6062]  drm_ioctl_kernel+0x2df/0x3b0
[  104.465141][ T6062]  drm_ioctl+0x6ba/0xb80
[  104.469421][ T6062]  __se_sys_ioctl+0xfc/0x170
[  104.474043][ T6062]  do_syscall_64+0x15f/0xf80
[  104.478678][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.484589][ T6062] 
[  104.486946][ T6062] Freed by task 6064:
[  104.491045][ T6062]  kasan_save_track+0x3e/0x80
[  104.495857][ T6062]  kasan_save_free_info+0x46/0x50
[  104.500945][ T6062]  __kasan_slab_free+0x5c/0x80
[  104.505740][ T6062]  kfree+0x1c5/0x640
[  104.509656][ T6062]  drm_gem_object_release_handle+0xc2/0x1e0
[  104.515563][ T6062]  drm_gem_handle_delete+0x7b/0xb0
[  104.520697][ T6062]  drm_ioctl_kernel+0x2df/0x3b0
[  104.525574][ T6062]  drm_ioctl+0x6ba/0xb80
[  104.529836][ T6062]  __se_sys_ioctl+0xfc/0x170
[  104.534437][ T6062]  do_syscall_64+0x15f/0xf80
[  104.539045][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.544974][ T6062] 
[  104.547323][ T6062] The buggy address belongs to the object at ffff888037705800
[  104.547323][ T6062]  which belongs to the cache kmalloc-1k of size 1024
[  104.561386][ T6062] The buggy address is located 632 bytes inside of
[  104.561386][ T6062]  freed 1024-byte region [ffff888037705800, ffff888037705c00)
[  104.575287][ T6062] 
[  104.577640][ T6062] The buggy address belongs to the physical page:
[  104.584076][ T6062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888037702000 pfn:0x37700
[  104.594161][ T6062] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  104.602687][ T6062] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  104.611226][ T6062] page_type: f5(slab)
[  104.615228][ T6062] raw: 00fff00000000240 ffff88813fe34dc0 ffff88813fe2f888 ffffea0001fdfe10
[  104.623836][ T6062] raw: ffff888037702000 000000080010000f 00000000f5000000 0000000000000000
[  104.632445][ T6062] head: 00fff00000000240 ffff88813fe34dc0 ffff88813fe2f888 ffffea0001fdfe10
[  104.641133][ T6062] head: ffff888037702000 000000080010000f 00000000f5000000 0000000000000000
[  104.649817][ T6062] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  104.658506][ T6062] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  104.667261][ T6062] page dumped because: kasan: bad access detected
[  104.673693][ T6062] page_owner tracks the page as allocated
[  104.679435][ T6062] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5763, tgid 5763 (dhcpcd-run-hook), ts 68079648282, free_ts 68008443707
[  104.701072][ T6062]  post_alloc_hook+0x231/0x280
[  104.705870][ T6062]  get_page_from_freelist+0x24ba/0x2540
[  104.711431][ T6062]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.717243][ T6062]  allocate_slab+0x77/0x660
[  104.721769][ T6062]  refill_objects+0x339/0x3d0
[  104.726472][ T6062]  __pcs_replace_empty_main+0x321/0x720
[  104.732035][ T6062]  __kmalloc_noprof+0x474/0x760
[  104.736923][ T6062]  load_elf_binary+0x30f/0x2980
[  104.741794][ T6062]  bprm_execve+0x956/0x1450
[  104.746352][ T6062]  do_execveat_common+0x50d/0x690
[  104.751389][ T6062]  __x64_sys_execve+0x97/0xc0
[  104.756187][ T6062]  do_syscall_64+0x15f/0xf80
[  104.760944][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.766863][ T6062] page last free pid 5760 tgid 5760 stack trace:
[  104.773196][ T6062]  __free_frozen_pages+0xbc7/0xd30
[  104.778331][ T6062]  __slab_free+0x274/0x2c0
[  104.782851][ T6062]  qlist_free_all+0x99/0x100
[  104.787459][ T6062]  kasan_quarantine_reduce+0x148/0x160
[  104.792973][ T6062]  __kasan_slab_alloc+0x22/0x80
[  104.797864][ T6062]  kmem_cache_alloc_noprof+0x2bc/0x650
[  104.803356][ T6062]  vm_area_dup+0x2b/0x680
[  104.807694][ T6062]  __split_vma+0x1dc/0xa40
[  104.812140][ T6062]  vms_gather_munmap_vmas+0x32d/0x1380
[  104.817642][ T6062]  mmap_region+0x856/0x2280
[  104.822168][ T6062]  do_mmap+0xc39/0x10c0
[  104.826342][ T6062]  vm_mmap_pgoff+0x2c9/0x4f0
[  104.830945][ T6062]  ksys_mmap_pgoff+0x51e/0x760
[  104.835723][ T6062]  do_syscall_64+0x15f/0xf80
[  104.840332][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.846241][ T6062] 
[  104.848581][ T6062] Memory state around the buggy address:
[  104.854221][ T6062]  ffff888037705900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.862302][ T6062]  ffff888037705980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.870378][ T6062] >ffff888037705a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.878471][ T6062]                                                                 ^
[  104.886459][ T6062]  ffff888037705a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.894638][ T6062]  ffff888037705b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.902721][ T6062] ==================================================================
[  104.911785][ T6062] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.919058][ T6062] CPU: 1 UID: 0 PID: 6062 Comm: syz.0.28 Not tainted syzkaller #0 PREEMPT(full) 
[  104.928210][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.938386][ T6062] Call Trace:
[  104.941714][ T6062]  <TASK>
[  104.944663][ T6062]  vpanic+0x56c/0xa60
[  104.948671][ T6062]  ? __pfx_vpanic+0x10/0x10
[  104.953194][ T6062]  ? lockdep_hardirqs_on+0x7a/0x110
[  104.958438][ T6062]  panic+0xc5/0xd0
[  104.962174][ T6062]  ? __pfx_panic+0x10/0x10
[  104.966611][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  104.972692][ T6062]  ? panic+0x4/0xd0
[  104.976518][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  104.982607][ T6062]  check_panic_on_warn+0x89/0xb0
[  104.987561][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  104.993648][ T6062]  end_report+0x73/0x170
[  104.997909][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  105.004008][ T6062]  kasan_report+0x128/0x150
[  105.008534][ T6062]  ? drm_gem_object_release_handle+0x4b/0x1e0
[  105.014621][ T6062]  drm_gem_object_release_handle+0x4b/0x1e0
[  105.020536][ T6062]  idr_for_each+0x1c6/0x2a0
[  105.025068][ T6062]  ? __pfx_drm_fb_release+0x10/0x10
[  105.030292][ T6062]  ? __pfx_drm_gem_object_release_handle+0x10/0x10
[  105.036804][ T6062]  ? __pfx_idr_for_each+0x10/0x10
[  105.041858][ T6062]  drm_gem_release+0x28/0x40
[  105.046464][ T6062]  drm_file_free+0x729/0xa00
[  105.051070][ T6062]  drm_release+0x2de/0x3f0
[  105.055492][ T6062]  ? __pfx_drm_release+0x10/0x10
[  105.060440][ T6062]  __fput+0x44f/0xa60
[  105.064454][ T6062]  task_work_run+0x1d9/0x270
[  105.069103][ T6062]  ? __pfx_task_work_run+0x10/0x10
[  105.074260][ T6062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.080348][ T6062]  exit_to_user_mode_loop+0xed/0x480
[  105.085664][ T6062]  ? rcu_is_watching+0x15/0xb0
[  105.090452][ T6062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.096535][ T6062]  do_syscall_64+0x33e/0xf80
[  105.101159][ T6062]  ? trace_irq_disable+0x3b/0x140
[  105.106229][ T6062]  ? clear_bhb_loop+0x40/0x90
[  105.110930][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.116845][ T6062] RIP: 0033:0x7fa88339c819
[  105.121295][ T6062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  105.141010][ T6062] RSP: 002b:00007ffe18518438 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  105.149467][ T6062] RAX: 0000000000000000 RBX: 00007ffe18518520 RCX: 00007fa88339c819
[  105.157447][ T6062] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  105.165601][ T6062] RBP: 00000000000196b4 R08: 0000000000000001 R09: 0000000000000000
[  105.173575][ T6062] R10: 0000001b2fe20000 R11: 0000000000000246 R12: 00007ffe18518560
[  105.181558][ T6062] R13: 00007fa88361609c R14: 00000000000196e9 R15: 00007fa883616090
[  105.189549][ T6062]  </TASK>
[  105.193433][ T6062] Kernel Offset: disabled
[  105.197759][ T6062] Rebooting in 86400 seconds..