Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts.
[   86.964512][   T37] cfg80211: failed to load regulatory.db
2026/05/27 20:37:28 parsed 1 programs
[   90.348490][ T5627] cgroup: Unknown subsys name 'net'
[   90.589182][ T5627] cgroup: Unknown subsys name 'cpuset'
[   90.644919][ T5627] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.651708][ T5627] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  100.173548][ T5691] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.180653][ T5691] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.182117][ T5691] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.183549][ T5691] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.184246][ T5691] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.657650][ T1584] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.657672][ T1584] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.042663][ T1464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.042684][ T1464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.323604][ T5702] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.324796][ T5702] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.325058][ T5702] bridge_slave_0: entered allmulticast mode
[  102.329870][ T5702] bridge_slave_0: entered promiscuous mode
[  102.344294][ T5702] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.344766][ T5702] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.345030][ T5702] bridge_slave_1: entered allmulticast mode
[  102.348641][ T5702] bridge_slave_1: entered promiscuous mode
[  102.401457][ T5702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.408602][ T5702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.452011][ T5702] team0: Port device team_slave_0 added
[  102.456672][ T5702] team0: Port device team_slave_1 added
[  102.489350][ T5702] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.489364][ T5702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.489378][ T5702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.493664][ T5702] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.493675][ T5702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.493689][ T5702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.586819][ T5702] hsr_slave_0: entered promiscuous mode
[  102.588302][ T5702] hsr_slave_1: entered promiscuous mode
[  102.872678][ T5702] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.922014][ T5702] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  103.067927][ T5702] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.089292][ T5702] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  103.094219][ T5702] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.130202][ T5702] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  103.426410][ T5702] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.449909][ T5702] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  103.762247][ T5702] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.818291][ T5702] 8021q: adding VLAN 0 to HW filter on device team0
[  103.843376][ T1584] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.843551][ T1584] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.883305][ T1584] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.883437][ T1584] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.191679][ T5702] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.317326][ T5702] veth0_vlan: entered promiscuous mode
[  105.366435][ T5702] veth1_vlan: entered promiscuous mode
[  105.437481][ T5702] veth0_macvtap: entered promiscuous mode
[  105.444303][ T5702] veth1_macvtap: entered promiscuous mode
[  105.489957][ T5702] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.511684][ T5702] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.545238][ T1464] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.549156][ T1464] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.552448][ T1464] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.562938][ T1464] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.350433][ T1500] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.950372][ T1500] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.333473][ T1500] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/05/27 20:37:49 executed programs: 0
[  107.661075][ T5691] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.663360][ T5691] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.664149][ T5691] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.691498][ T5691] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.695904][ T5691] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.700427][ T1500] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.377070][ T1500] bridge_slave_1: left allmulticast mode
[  108.377216][ T1500] bridge_slave_1: left promiscuous mode
[  108.388801][ T1500] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.576532][ T1500] bridge_slave_0: left allmulticast mode
[  108.576571][ T1500] bridge_slave_0: left promiscuous mode
[  108.576872][ T1500] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.395124][ T1500] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.455251][ T1500] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  109.476555][ T1500] bond0 (unregistering): Released all slaves
[  109.524162][ T5277] 8021q: adding VLAN 0 to HW filter on device eth1
[  109.816198][   T60] Bluetooth: hci0: command tx timeout
[  109.954602][ T1500] hsr_slave_0: left promiscuous mode
[  109.994506][ T1500] hsr_slave_1: left promiscuous mode
[  109.996008][ T1500] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.996089][ T1500] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.037787][ T1500] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.037818][ T1500] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.138347][ T1500] veth1_macvtap: left promiscuous mode
[  110.138603][ T1500] veth0_macvtap: left promiscuous mode
[  110.138949][ T1500] veth1_vlan: left promiscuous mode
[  110.139306][ T1500] veth0_vlan: left promiscuous mode
[  110.835099][ T1500] team0 (unregistering): Port device team_slave_1 removed
[  110.875368][ T1500] team0 (unregistering): Port device team_slave_0 removed
[  111.069870][ T5277] 8021q: adding VLAN 0 to HW filter on device eth2
[  111.238297][ T5752] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.238669][ T5752] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.238958][ T5752] bridge_slave_0: entered allmulticast mode
[  111.242981][ T5752] bridge_slave_0: entered promiscuous mode
[  111.277108][ T5752] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.277563][ T5752] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.277850][ T5752] bridge_slave_1: entered allmulticast mode
[  111.281659][ T5752] bridge_slave_1: entered promiscuous mode
[  111.370890][ T5752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.392233][ T5752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.468526][ T5752] team0: Port device team_slave_0 added
[  111.474236][ T5752] team0: Port device team_slave_1 added
[  111.540462][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.540490][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.540517][ T5752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.544218][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.544233][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.544272][ T5752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.723684][ T5752] hsr_slave_0: entered promiscuous mode
[  111.732047][ T5752] hsr_slave_1: entered promiscuous mode
[  111.895557][   T60] Bluetooth: hci0: command tx timeout
[  112.105160][ T5277] 8021q: adding VLAN 0 to HW filter on device eth3
[  113.984507][   T60] Bluetooth: hci0: command tx timeout
[  114.158400][ T5752] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.199216][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  114.200946][ T5752] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.247415][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  114.249240][ T5752] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.313415][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  114.323088][ T5752] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.361976][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  114.663928][ T5752] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.726600][ T5752] 8021q: adding VLAN 0 to HW filter on device team0
[  114.746495][  T184] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.746764][  T184] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.789105][ T1464] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.789308][ T1464] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.933683][ T5752] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.805709][ T5752] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.963737][ T5752] veth0_vlan: entered promiscuous mode
[  116.021669][ T5752] veth1_vlan: entered promiscuous mode
[  116.054548][   T60] Bluetooth: hci0: command tx timeout
[  116.132545][ T5752] veth0_macvtap: entered promiscuous mode
[  116.158714][ T5752] veth1_macvtap: entered promiscuous mode
[  116.190176][ T5752] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.209569][ T5752] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.222711][ T1500] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.237747][  T184] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.248682][  T184] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.248724][  T184] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.629954][ T1500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.629976][ T1500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.693866][ T1423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.693889][ T1423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/05/27 20:37:58 executed programs: 2
[  116.919546][ T5909] ==================================================================
[  116.919562][ T5909] BUG: KASAN: slab-use-after-free in dvb_frontend_release+0x410/0x4e0
[  116.919591][ T5909] Read of size 4 at addr ffff88802ca5d83c by task syz.0.18/5909
[  116.919608][ T5909] 
[  116.919620][ T5909] CPU: 1 UID: 0 PID: 5909 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  116.919644][ T5909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  116.919657][ T5909] Call Trace:
[  116.919665][ T5909]  <TASK>
[  116.919673][ T5909]  dump_stack_lvl+0xe8/0x150
[  116.919699][ T5909]  print_address_description+0x55/0x1e0
[  116.919727][ T5909]  ? dvb_frontend_release+0x410/0x4e0
[  116.919747][ T5909]  print_report+0x58/0x70
[  116.919772][ T5909]  kasan_report+0x117/0x150
[  116.919797][ T5909]  ? dvb_frontend_release+0x410/0x4e0
[  116.919820][ T5909]  dvb_frontend_release+0x410/0x4e0
[  116.919839][ T5909]  ? __pfx_dvb_frontend_release+0x10/0x10
[  116.919858][ T5909]  __fput+0x461/0xa70
[  116.919883][ T5909]  task_work_run+0x1d9/0x270
[  116.919906][ T5909]  ? __pfx_task_work_run+0x10/0x10
[  116.919928][ T5909]  ? do_raw_spin_lock+0x12b/0x2f0
[  116.919954][ T5909]  get_signal+0x11eb/0x1330
[  116.919980][ T5909]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  116.920009][ T5909]  ? lockdep_hardirqs_on+0x7a/0x110
[  116.920036][ T5909]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  116.920064][ T5909]  ? reacquire_held_locks+0x104/0x190
[  116.920098][ T5909]  arch_do_signal_or_restart+0xbc/0x840
[  116.920120][ T5909]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  116.920149][ T5909]  exit_to_user_mode_loop+0xa9/0x680
[  116.920173][ T5909]  ? rcu_is_watching+0x15/0xb0
[  116.920200][ T5909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.920222][ T5909]  do_syscall_64+0x353/0x580
[  116.920249][ T5909]  ? clear_bhb_loop+0x40/0x90
[  116.920271][ T5909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.920291][ T5909] RIP: 0033:0x7f6d708cce59
[  116.920309][ T5909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  116.920326][ T5909] RSP: 002b:00007ffe2877f6a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  116.920350][ T5909] RAX: 0000000000000000 RBX: 00007ffe2877f790 RCX: 00007f6d708cce59
[  116.920364][ T5909] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  116.920376][ T5909] RBP: 000000000001c6fd R08: 0000000000000001 R09: 0000000000000000
[  116.920388][ T5909] R10: 0000001b33720000 R11: 0000000000000246 R12: 0000000000000000
[  116.920400][ T5909] R13: 00007f6d70b45fac R14: 00007f6d70b45fa8 R15: 00007f6d70b45fa0
[  116.920422][ T5909]  </TASK>
[  116.920430][ T5909] 
[  116.920434][ T5909] Allocated by task 1:
[  116.920444][ T5909]  kasan_save_track+0x3e/0x80
[  116.920465][ T5909]  __kasan_kmalloc+0x93/0xb0
[  116.920494][ T5909]  __kmalloc_cache_noprof+0x3a6/0x690
[  116.920518][ T5909]  dvb_register_device+0x2fd/0x21e0
[  116.920538][ T5909]  dvb_register_frontend+0x631/0x920
[  116.920568][ T5909]  vidtv_bridge_probe+0x9aa/0xf80
[  116.920592][ T5909]  platform_probe+0xf9/0x190
[  116.920611][ T5909]  really_probe+0x267/0xaf0
[  116.920632][ T5909]  __driver_probe_device+0x1e2/0x350
[  116.920653][ T5909]  driver_probe_device+0x4f/0x240
[  116.920674][ T5909]  __driver_attach+0x33c/0x600
[  116.920695][ T5909]  bus_for_each_dev+0x23e/0x2c0
[  116.920722][ T5909]  bus_add_driver+0x348/0x670
[  116.920747][ T5909]  driver_register+0x23a/0x320
[  116.920770][ T5909]  vidtv_bridge_init+0x36/0x60
[  116.920804][ T5909]  do_one_initcall+0x250/0x870
[  116.920825][ T5909]  do_initcall_level+0x104/0x190
[  116.920853][ T5909]  do_initcalls+0x59/0xa0
[  116.920879][ T5909]  kernel_init_freeable+0x2a6/0x3e0
[  116.920906][ T5909]  kernel_init+0x1d/0x1d0
[  116.920924][ T5909]  ret_from_fork+0x514/0xb70
[  116.920944][ T5909]  ret_from_fork_asm+0x1a/0x30
[  116.920968][ T5909] 
[  116.920973][ T5909] Freed by task 5909:
[  116.920982][ T5909]  kasan_save_track+0x3e/0x80
[  116.921001][ T5909]  kasan_save_free_info+0x46/0x50
[  116.921027][ T5909]  __kasan_slab_free+0x5c/0x80
[  116.921047][ T5909]  kfree+0x1c5/0x6c0
[  116.921065][ T5909]  dvb_generic_release+0x123/0x1c0
[  116.921083][ T5909]  dvb_frontend_release+0x138/0x4e0
[  116.921100][ T5909]  __fput+0x461/0xa70
[  116.921118][ T5909]  task_work_run+0x1d9/0x270
[  116.921137][ T5909]  get_signal+0x11eb/0x1330
[  116.921162][ T5909]  arch_do_signal_or_restart+0xbc/0x840
[  116.921180][ T5909]  exit_to_user_mode_loop+0xa9/0x680
[  116.921200][ T5909]  do_syscall_64+0x353/0x580
[  116.921226][ T5909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.921243][ T5909] 
[  116.921248][ T5909] The buggy address belongs to the object at ffff88802ca5d800
[  116.921248][ T5909]  which belongs to the cache kmalloc-512 of size 512
[  116.921264][ T5909] The buggy address is located 60 bytes inside of
[  116.921264][ T5909]  freed 512-byte region [ffff88802ca5d800, ffff88802ca5da00)
[  116.921285][ T5909] 
[  116.921290][ T5909] The buggy address belongs to the physical page:
[  116.921301][ T5909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ca5c
[  116.921319][ T5909] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  116.921335][ T5909] flags: 0x80000000000040(head|node=0|zone=1)
[  116.921352][ T5909] page_type: f5(slab)
[  116.921370][ T5909] raw: 0080000000000040 ffff88813feaac80 dead000000000100 dead000000000122
[  116.921387][ T5909] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  116.921405][ T5909] head: 0080000000000040 ffff88813feaac80 dead000000000100 dead000000000122
[  116.921422][ T5909] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  116.921439][ T5909] head: 0080000000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
[  116.921456][ T5909] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[  116.921466][ T5909] page dumped because: kasan: bad access detected
[  116.921475][ T5909] page_owner tracks the page as allocated
[  116.921491][ T5909] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 16818833748, free_ts 16818635493
[  116.921526][ T5909]  post_alloc_hook+0x1f9/0x250
[  116.921547][ T5909]  get_page_from_freelist+0x265c/0x26e0
[  116.921572][ T5909]  __alloc_frozen_pages_noprof+0x18d/0x380
[  116.921596][ T5909]  allocate_slab+0x74/0x5e0
[  116.921623][ T5909]  refill_objects+0x33c/0x3d0
[  116.921648][ T5909]  __pcs_replace_empty_main+0x373/0x720
[  116.921677][ T5909]  __kmalloc_cache_noprof+0x44e/0x690
[  116.921698][ T5909]  dvb_register_device+0x2fd/0x21e0
[  116.921716][ T5909]  dvb_register_frontend+0x631/0x920
[  116.921744][ T5909]  vidtv_bridge_probe+0x9aa/0xf80
[  116.921767][ T5909]  platform_probe+0xf9/0x190
[  116.921785][ T5909]  really_probe+0x267/0xaf0
[  116.921807][ T5909]  __driver_probe_device+0x1e2/0x350
[  116.921828][ T5909]  driver_probe_device+0x4f/0x240
[  116.921850][ T5909]  __driver_attach+0x33c/0x600
[  116.921871][ T5909]  bus_for_each_dev+0x23e/0x2c0
[  116.921897][ T5909] page last free pid 1 tgid 1 stack trace:
[  116.921908][ T5909]  __free_frozen_pages+0x10af/0x1190
[  116.921929][ T5909]  stack_depot_save_flags+0x40e/0x810
[  116.921961][ T5909]  kasan_save_track+0x4f/0x80
[  116.921981][ T5909]  __kasan_kmalloc+0x93/0xb0
[  116.922002][ T5909]  __kmalloc_cache_noprof+0x3a6/0x690
[  116.922024][ T5909]  dvb_register_frontend+0x192/0x920
[  116.922052][ T5909]  vidtv_bridge_probe+0x9aa/0xf80
[  116.922074][ T5909]  platform_probe+0xf9/0x190
[  116.922092][ T5909]  really_probe+0x267/0xaf0
[  116.922114][ T5909]  __driver_probe_device+0x1e2/0x350
[  116.922135][ T5909]  driver_probe_device+0x4f/0x240
[  116.922156][ T5909]  __driver_attach+0x33c/0x600
[  116.922176][ T5909]  bus_for_each_dev+0x23e/0x2c0
[  116.922202][ T5909]  bus_add_driver+0x348/0x670
[  116.922228][ T5909]  driver_register+0x23a/0x320
[  116.922250][ T5909]  vidtv_bridge_init+0x36/0x60
[  116.922278][ T5909] 
[  116.922283][ T5909] Memory state around the buggy address:
[  116.922293][ T5909]  ffff88802ca5d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  116.922307][ T5909]  ffff88802ca5d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  116.922320][ T5909] >ffff88802ca5d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.922330][ T5909]                                         ^
[  116.922341][ T5909]  ffff88802ca5d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.922354][ T5909]  ffff88802ca5d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.922392][ T5909] ==================================================================
[  116.922432][ T5909] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  116.922450][ T5909] CPU: 1 UID: 0 PID: 5909 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  116.922472][ T5909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  116.922492][ T5909] Call Trace:
[  116.922500][ T5909]  <TASK>
[  116.922508][ T5909]  vpanic+0x56c/0xa60
[  116.922540][ T5909]  ? __pfx_vpanic+0x10/0x10
[  116.922570][ T5909]  ? __pfx___schedule+0x10/0x10
[  116.922598][ T5909]  panic+0xc5/0xd0
[  116.922625][ T5909]  ? __pfx_panic+0x10/0x10
[  116.922654][ T5909]  ? preempt_schedule_common+0x82/0xd0
[  116.922683][ T5909]  ? dvb_frontend_release+0x410/0x4e0
[  116.922715][ T5909]  check_panic_on_warn+0x89/0xb0
[  116.922740][ T5909]  ? dvb_frontend_release+0x410/0x4e0
[  116.922759][ T5909]  end_report+0x73/0x170
[  116.922783][ T5909]  ? dvb_frontend_release+0x410/0x4e0
[  116.922813][ T5909]  kasan_report+0x128/0x150
[  116.922840][ T5909]  ? dvb_frontend_release+0x410/0x4e0
[  116.922862][ T5909]  dvb_frontend_release+0x410/0x4e0
[  116.922882][ T5909]  ? __pfx_dvb_frontend_release+0x10/0x10
[  116.922901][ T5909]  __fput+0x461/0xa70
[  116.922927][ T5909]  task_work_run+0x1d9/0x270
[  116.922952][ T5909]  ? __pfx_task_work_run+0x10/0x10
[  116.922973][ T5909]  ? do_raw_spin_lock+0x12b/0x2f0
[  116.922995][ T5909]  get_signal+0x11eb/0x1330
[  116.923022][ T5909]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  116.923070][ T5909]  ? lockdep_hardirqs_on+0x7a/0x110
[  116.923099][ T5909]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  116.923125][ T5909]  ? reacquire_held_locks+0x104/0x190
[  116.923158][ T5909]  arch_do_signal_or_restart+0xbc/0x840
[  116.923178][ T5909]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  116.923205][ T5909]  exit_to_user_mode_loop+0xa9/0x680
[  116.923226][ T5909]  ? rcu_is_watching+0x15/0xb0
[  116.923250][ T5909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.923270][ T5909]  do_syscall_64+0x353/0x580
[  116.923308][ T5909]  ? clear_bhb_loop+0x40/0x90
[  116.923329][ T5909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.923347][ T5909] RIP: 0033:0x7f6d708cce59
[  116.923378][ T5909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  116.923392][ T5909] RSP: 002b:00007ffe2877f6a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  116.923414][ T5909] RAX: 0000000000000000 RBX: 00007ffe2877f790 RCX: 00007f6d708cce59
[  116.923428][ T5909] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  116.923440][ T5909] RBP: 000000000001c6fd R08: 0000000000000001 R09: 0000000000000000
[  116.923452][ T5909] R10: 0000001b33720000 R11: 0000000000000246 R12: 0000000000000000
[  116.923465][ T5909] R13: 00007f6d70b45fac R14: 00007f6d70b45fa8 R15: 00007f6d70b45fa0
[  116.923505][ T5909]  </TASK>
[  116.923949][ T5909] Kernel Offset: disabled