Warning: Permanently added '10.128.0.200' (ED25519) to the list of known hosts.
2026/06/23 16:40:15 parsed 1 programs
2026/06/23 16:40:15 serving rpc on tcp://38569
[ 49.101545][ T29] kauditd_printk_skb: 8 callbacks suppressed
[ 49.101563][ T29] audit: type=1400 audit(1782232815.871:129): avc: denied { node_bind } for pid=5618 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 51.097313][ T29] audit: type=1400 audit(1782232817.861:130): avc: denied { mounton } for pid=5625 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 51.120928][ T29] audit: type=1400 audit(1782232817.891:131): avc: denied { mount } for pid=5625 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.122566][ T5625] cgroup: Unknown subsys name 'net'
[ 51.149566][ T29] audit: type=1400 audit(1782232817.921:132): avc: denied { unmount } for pid=5625 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.310638][ T5625] cgroup: Unknown subsys name 'cpuset'
[ 51.317998][ T5625] cgroup: Unknown subsys name 'rlimit'
[ 51.440407][ T29] audit: type=1400 audit(1782232818.211:133): avc: denied { setattr } for pid=5625 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=821 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 51.464505][ T29] audit: type=1400 audit(1782232818.211:134): avc: denied { create } for pid=5625 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 51.485300][ T29] audit: type=1400 audit(1782232818.211:135): avc: denied { write } for pid=5625 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 51.506184][ T29] audit: type=1400 audit(1782232818.211:136): avc: denied { read } for pid=5625 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 51.527929][ T29] audit: type=1400 audit(1782232818.221:137): avc: denied { mounton } for pid=5625 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 51.541611][ T5629] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 51.553549][ T29] audit: type=1400 audit(1782232818.221:138): avc: denied { mount } for pid=5625 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 52.438143][ T5625] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 53.926494][ T5635] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 54.237591][ T29] kauditd_printk_skb: 23 callbacks suppressed
[ 54.237610][ T29] audit: type=1401 audit(1782232821.001:162): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 54.449885][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.457781][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.476602][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.484610][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 55.082607][ T29] audit: type=1400 audit(1782232821.851:163): avc: denied { create } for pid=5687 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 55.105031][ T29] audit: type=1400 audit(1782232821.851:164): avc: denied { read write } for pid=5687 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 55.131254][ T29] audit: type=1400 audit(1782232821.851:165): avc: denied { open } for pid=5687 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 55.132381][ T5689] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 55.155356][ T29] audit: type=1400 audit(1782232821.851:166): avc: denied { ioctl } for pid=5687 comm="syz-executor" path="socket:[5801]" dev="sockfs" ino=5801 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 55.187450][ T5689] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 55.201770][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 55.209919][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 55.217345][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 55.286913][ T29] audit: type=1400 audit(1782232822.051:167): avc: denied { module_request } for pid=5694 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 55.310257][ T29] audit: type=1400 audit(1782232822.071:168): avc: denied { sys_module } for pid=5694 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 55.524605][ T5694] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.532090][ T5694] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.541254][ T5694] bridge_slave_0: entered allmulticast mode
[ 55.547828][ T5694] bridge_slave_0: entered promiscuous mode
[ 55.555145][ T5694] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.562348][ T5694] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.569561][ T5694] bridge_slave_1: entered allmulticast mode
[ 55.575984][ T5694] bridge_slave_1: entered promiscuous mode
[ 55.590363][ T5694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.601029][ T5694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.617110][ T5694] team0: Port device team_slave_0 added
[ 55.623830][ T5694] team0: Port device team_slave_1 added
[ 55.636026][ T5694] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.643023][ T5694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.669253][ T5694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.680725][ T5694] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.687704][ T5694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.713662][ T5694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.735619][ T5694] hsr_slave_0: entered promiscuous mode
[ 55.741715][ T5694] hsr_slave_1: entered promiscuous mode
[ 55.795856][ T5694] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.804785][ T5694] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 55.812740][ T5694] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.821223][ T5694] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 55.828963][ T5694] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.837490][ T5694] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 55.845334][ T5694] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.853542][ T5694] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 55.868588][ T5694] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.875698][ T5694] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.883051][ T5694] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.890124][ T5694] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.916016][ T5694] 8021q: adding VLAN 0 to HW filter on device bond0
[ 55.927796][ T3432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.935668][ T3432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.947006][ T5694] 8021q: adding VLAN 0 to HW filter on device team0
[ 55.956643][ T48] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.963754][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.974160][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.981262][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.132399][ T5694] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 56.157098][ T5694] veth0_vlan: entered promiscuous mode
[ 56.166578][ T5694] veth1_vlan: entered promiscuous mode
[ 56.182216][ T5694] veth0_macvtap: entered promiscuous mode
[ 56.190040][ T5694] veth1_macvtap: entered promiscuous mode
[ 56.200882][ T5694] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 56.212195][ T5694] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 56.223315][ T566] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.232457][ T566] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.242025][ T566] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.250986][ T566] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.314323][ T3432] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 56.387133][ T3432] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 56.397554][ T29] audit: type=1400 audit(1782232823.151:169): avc: denied { create } for pid=5736 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 56.419788][ T29] audit: type=1400 audit(1782232823.161:170): avc: denied { sys_admin } for pid=5736 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 56.452098][ T29] audit: type=1400 audit(1782232823.221:171): avc: denied { sys_chroot } for pid=5737 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 56.476660][ T3432] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 56.528695][ T3432] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/06/23 16:40:23 executed programs: 0
[ 56.692558][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 56.700169][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 56.707391][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 56.715124][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 56.722657][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 56.914920][ T5746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.922256][ T5746] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.929506][ T5746] bridge_slave_0: entered allmulticast mode
[ 56.935944][ T5746] bridge_slave_0: entered promiscuous mode
[ 56.943213][ T5746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.950481][ T5746] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.957672][ T5746] bridge_slave_1: entered allmulticast mode
[ 56.964466][ T5746] bridge_slave_1: entered promiscuous mode
[ 56.979611][ T5746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 56.990194][ T5746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 57.008403][ T5746] team0: Port device team_slave_0 added
[ 57.015176][ T5746] team0: Port device team_slave_1 added
[ 57.029895][ T5746] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 57.036856][ T5746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 57.062958][ T5746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 57.074422][ T5746] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 57.081585][ T5746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 57.107990][ T5746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 57.136329][ T5746] hsr_slave_0: entered promiscuous mode
[ 57.142472][ T5746] hsr_slave_1: entered promiscuous mode
[ 57.148266][ T5746] debugfs: 'hsr0' already exists in 'hsr'
[ 57.154189][ T5746] Cannot create hsr debugfs directory
[ 58.778906][ T50] Bluetooth: hci0: command tx timeout
[ 59.146364][ T3432] bridge_slave_1: left allmulticast mode
[ 59.153045][ T3432] bridge_slave_1: left promiscuous mode
[ 59.159396][ T3432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.167924][ T3432] bridge_slave_0: left allmulticast mode
[ 59.175248][ T3432] bridge_slave_0: left promiscuous mode
[ 59.181258][ T3432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.241296][ T3432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 59.260725][ T3432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 59.271146][ T3432] bond0 (unregistering): Released all slaves
[ 59.304042][ T29] kauditd_printk_skb: 2 callbacks suppressed
[ 59.304063][ T29] audit: type=1400 audit(1782232826.071:174): avc: denied { write } for pid=5768 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 59.339871][ T29] audit: type=1400 audit(1782232826.111:175): avc: denied { write } for pid=5779 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 59.371204][ T3432] hsr_slave_0: left promiscuous mode
[ 59.377108][ T3432] hsr_slave_1: left promiscuous mode
[ 59.382919][ T3432] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 59.391738][ T3432] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 59.399971][ T3432] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 59.407398][ T3432] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 59.418369][ T3432] veth1_macvtap: left promiscuous mode
[ 59.424217][ T3432] veth0_macvtap: left promiscuous mode
[ 59.429929][ T3432] veth1_vlan: left promiscuous mode
[ 59.435136][ T3432] veth0_vlan: left promiscuous mode
[ 59.486421][ T3432] team0 (unregistering): Port device team_slave_1 removed
[ 59.497270][ T3432] team0 (unregistering): Port device team_slave_0 removed
[ 59.530692][ T5279] 8021q: adding VLAN 0 to HW filter on device eth1
[ 59.760694][ T29] audit: type=1400 audit(1782232826.531:176): avc: denied { write } for pid=5783 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 59.769658][ T5746] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 59.801193][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 59.809493][ T5746] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 59.818352][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 59.825522][ T29] audit: type=1400 audit(1782232826.591:177): avc: denied { write } for pid=5794 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 59.848213][ T5746] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 59.856768][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 59.869377][ T5746] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 59.878368][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 59.999801][ T5746] 8021q: adding VLAN 0 to HW filter on device bond0
[ 60.013112][ T29] audit: type=1400 audit(1782232826.781:178): avc: denied { write } for pid=5796 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 60.017287][ T5746] 8021q: adding VLAN 0 to HW filter on device team0
[ 60.048273][ T48] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.055442][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.073984][ T48] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.081137][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.090337][ T29] audit: type=1400 audit(1782232826.851:179): avc: denied { write } for pid=5813 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 60.272416][ T5746] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 60.299559][ T5746] veth0_vlan: entered promiscuous mode
[ 60.307730][ T5746] veth1_vlan: entered promiscuous mode
[ 60.323036][ T5746] veth0_macvtap: entered promiscuous mode
[ 60.330659][ T5746] veth1_macvtap: entered promiscuous mode
[ 60.343068][ T5746] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 60.354481][ T5746] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 60.365269][ T149] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.374117][ T149] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.383846][ T149] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.392760][ T149] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.421443][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.431553][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.445993][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.454732][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.481904][ T29] audit: type=1400 audit(1782232827.251:180): avc: denied { read write } for pid=5826 comm="syz.0.17" name="frontend0" dev="devtmpfs" ino=927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 60.505944][ T29] audit: type=1400 audit(1782232827.251:181): avc: denied { open } for pid=5826 comm="syz.0.17" path="/dev/dvb/adapter0/frontend0" dev="devtmpfs" ino=927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 60.531746][ T5828] ==================================================================
[ 60.539835][ T5828] BUG: KASAN: slab-use-after-free in dvb_device_open+0x33f/0x3b0
[ 60.547566][ T5828] Read of size 8 at addr ffff88802e40a018 by task syz.0.19/5828
[ 60.555171][ T5828]
[ 60.557502][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full)
[ 60.557520][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 60.557537][ T5828] Call Trace:
[ 60.557553][ T5828]
[ 60.557559][ T5828] dump_stack_lvl+0x100/0x190
[ 60.557584][ T5828] print_report+0x13d/0x4b0
[ 60.557605][ T5828] ? __virt_addr_valid+0x239/0x430
[ 60.557624][ T5828] ? dvb_device_open+0x33f/0x3b0
[ 60.557641][ T5828] kasan_report+0xdf/0x1c0
[ 60.557659][ T5828] ? dvb_device_open+0x33f/0x3b0
[ 60.557677][ T5828] ? __pfx_dvb_device_open+0x10/0x10
[ 60.557695][ T5828] dvb_device_open+0x33f/0x3b0
[ 60.557713][ T5828] ? __pfx_dvb_device_open+0x10/0x10
[ 60.557730][ T5828] chrdev_open+0x234/0x6a0
[ 60.557745][ T5828] ? __pfx_chrdev_open+0x10/0x10
[ 60.557757][ T5828] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 60.557776][ T5828] do_dentry_open+0x6ab/0x14d0
[ 60.557796][ T5828] ? __pfx_chrdev_open+0x10/0x10
[ 60.557809][ T5828] vfs_open+0x82/0x3f0
[ 60.557824][ T5828] path_openat+0x2873/0x4280
[ 60.557841][ T5828] ? __pfx_path_openat+0x10/0x10
[ 60.557853][ T5828] ? __hrtimer_rearm_deferred+0x23c/0x720
[ 60.557867][ T5828] ? rcu_is_watching+0x12/0xc0
[ 60.557889][ T5828] ? __hrtimer_rearm_deferred+0x23c/0x720
[ 60.557902][ T5828] ? lock_release+0x24d/0x310
[ 60.557919][ T5828] do_file_open+0x20e/0x430
[ 60.557931][ T5828] ? __pfx_do_file_open+0x10/0x10
[ 60.557944][ T5828] ? irqentry_exit+0x24d/0xa00
[ 60.557971][ T5828] ? alloc_fd+0x471/0x7a0
[ 60.557984][ T5828] ? do_getname+0x191/0x390
[ 60.558000][ T5828] do_sys_openat2+0x10f/0x1e0
[ 60.558014][ T5828] ? __pfx_do_sys_openat2+0x10/0x10
[ 60.558030][ T5828] ? __pfx_restore_altstack+0x10/0x10
[ 60.558045][ T5828] __x64_sys_openat+0x12d/0x210
[ 60.558060][ T5828] ? __pfx___x64_sys_openat+0x10/0x10
[ 60.558075][ T5828] ? __do_sys_rt_sigreturn+0x1da/0x2c0
[ 60.558092][ T5828] ? lock_release+0x24d/0x310
[ 60.558108][ T5828] ? rcu_is_watching+0x12/0xc0
[ 60.558127][ T5828] do_syscall_64+0x115/0x870
[ 60.558155][ T5828] ? clear_bhb_loop+0x40/0x90
[ 60.558171][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.558185][ T5828] RIP: 0033:0x7fdb4095d68e
[ 60.558198][ T5828] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 60.558211][ T5828] RSP: 002b:00007ffd0963a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 60.558235][ T5828] RAX: ffffffffffffffda RBX: 0000555583933500 RCX: 00007fdb4095d68e
[ 60.558244][ T5828] RDX: 0000000000000002 RSI: 00007ffd0963a210 RDI: ffffffffffffff9c
[ 60.558253][ T5828] RBP: 00007ffd0963a210 R08: 0000000000000000 R09: 0000000000000000
[ 60.558261][ T5828] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[ 60.558269][ T5828] R13: 00007fdb40c15fac R14: 00007fdb40c15fa0 R15: 00007fdb40c15fa0
[ 60.558281][ T5828]
[ 60.558286][ T5828]
[ 60.841951][ T5828] Allocated by task 1:
[ 60.846009][ T5828] kasan_save_stack+0x30/0x50
[ 60.850681][ T5828] kasan_save_track+0x14/0x30
[ 60.855334][ T5828] __kasan_kmalloc+0xaa/0xb0
[ 60.859900][ T5828] __kmalloc_cache_noprof+0x2e5/0x6c0
[ 60.865268][ T5828] dvb_register_device+0x1d6/0x1e20
[ 60.870452][ T5828] dvb_register_frontend+0x552/0x820
[ 60.875723][ T5828] vidtv_bridge_probe+0x44b/0xa30
[ 60.880733][ T5828] platform_probe+0x106/0x1d0
[ 60.885392][ T5828] really_probe+0x241/0xa60
[ 60.889878][ T5828] __driver_probe_device+0x20e/0x450
[ 60.895143][ T5828] driver_probe_device+0x4a/0x140
[ 60.900147][ T5828] __driver_attach+0x21f/0x5b0
[ 60.904891][ T5828] bus_for_each_dev+0x13e/0x1d0
[ 60.909722][ T5828] bus_add_driver+0x305/0x5b0
[ 60.914377][ T5828] driver_register+0x1e2/0x360
[ 60.919124][ T5828] vidtv_bridge_init+0x52/0x80
[ 60.923870][ T5828] do_one_initcall+0x11d/0x700
[ 60.928618][ T5828] kernel_init_freeable+0x6ea/0x7b0
[ 60.933800][ T5828] kernel_init+0x1f/0x1e0
[ 60.938127][ T5828] ret_from_fork+0x72b/0xd50
[ 60.942702][ T5828] ret_from_fork_asm+0x1a/0x30
[ 60.947442][ T5828]
[ 60.949748][ T5828] Freed by task 5827:
[ 60.953715][ T5828] kasan_save_stack+0x30/0x50
[ 60.958374][ T5828] kasan_save_track+0x14/0x30
[ 60.963028][ T5828] kasan_save_free_info+0x3b/0x70
[ 60.968035][ T5828] __kasan_slab_free+0x5f/0x80
[ 60.972779][ T5828] kfree+0x22b/0x6c0
[ 60.976657][ T5828] dvb_device_put.part.0+0x57/0x90
[ 60.981753][ T5828] dvb_device_open+0x2ba/0x3b0
[ 60.986498][ T5828] chrdev_open+0x234/0x6a0
[ 60.990891][ T5828] do_dentry_open+0x6ab/0x14d0
[ 60.995639][ T5828] vfs_open+0x82/0x3f0
[ 60.999685][ T5828] path_openat+0x2873/0x4280
[ 61.004260][ T5828] do_file_open+0x20e/0x430
[ 61.008741][ T5828] do_sys_openat2+0x10f/0x1e0
[ 61.013397][ T5828] __x64_sys_openat+0x12d/0x210
[ 61.018229][ T5828] do_syscall_64+0x115/0x870
[ 61.022802][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.028673][ T5828]
[ 61.030975][ T5828] The buggy address belongs to the object at ffff88802e40a000
[ 61.030975][ T5828] which belongs to the cache kmalloc-256 of size 256
[ 61.045010][ T5828] The buggy address is located 24 bytes inside of
[ 61.045010][ T5828] freed 256-byte region [ffff88802e40a000, ffff88802e40a100)
[ 61.058701][ T5828]
[ 61.061018][ T5828] The buggy address belongs to the physical page:
[ 61.067412][ T5828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e40a
[ 61.076154][ T5828] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 61.084628][ T5828] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 61.092168][ T5828] page_type: f5(slab)
[ 61.096130][ T5828] raw: 00fff00000000040 ffff88813fe44b40 dead000000000100 dead000000000122
[ 61.104696][ T5828] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 61.113257][ T5828] head: 00fff00000000040 ffff88813fe44b40 dead000000000100 dead000000000122
[ 61.121904][ T5828] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 61.130565][ T5828] head: 00fff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 61.139215][ T5828] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 61.147864][ T5828] page dumped because: kasan: bad access detected
[ 61.154268][ T5828] page_owner tracks the page as allocated
[ 61.159959][ T5828] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8253456781, free_ts 0
[ 61.179578][ T5828] post_alloc_hook+0xfd/0x120
[ 61.184251][ T5828] get_page_from_freelist+0xf48/0x3530
[ 61.189701][ T5828] __alloc_frozen_pages_noprof+0x299/0x2dc0
[ 61.195573][ T5828] new_slab+0xa2/0x650
[ 61.199630][ T5828] refill_objects+0xe3/0x410
[ 61.204206][ T5828] __pcs_replace_empty_main+0x376/0x680
[ 61.209738][ T5828] __kmalloc_cache_noprof+0x479/0x6c0
[ 61.215098][ T5828] bus_add_driver+0x92/0x5b0
[ 61.219670][ T5828] driver_register+0x1e2/0x360
[ 61.224424][ T5828] usb_register_driver+0x21c/0x3e0
[ 61.229525][ T5828] do_one_initcall+0x11d/0x700
[ 61.234286][ T5828] kernel_init_freeable+0x6ea/0x7b0
[ 61.239483][ T5828] kernel_init+0x1f/0x1e0
[ 61.243799][ T5828] ret_from_fork+0x72b/0xd50
[ 61.248375][ T5828] ret_from_fork_asm+0x1a/0x30
[ 61.253128][ T5828] page_owner free stack trace missing
[ 61.258488][ T5828]
[ 61.260803][ T5828] Memory state around the buggy address:
[ 61.266496][ T5828] ffff88802e409f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 61.274536][ T5828] ffff88802e409f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 61.282577][ T5828] >ffff88802e40a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.290613][ T5828] ^
[ 61.295437][ T5828] ffff88802e40a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.303494][ T5828] ffff88802e40a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 61.311550][ T5828] ==================================================================
[ 61.325695][ T50] Bluetooth: hci0: command tx timeout
[ 61.336156][ T5828] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 61.343399][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full)
[ 61.352521][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 61.362571][ T5828] Call Trace:
[ 61.365834][ T5828]
[ 61.368742][ T5828] dump_stack_lvl+0x100/0x190
[ 61.373424][ T5828] vpanic+0x552/0x970
[ 61.377391][ T5828] ? __pfx_vpanic+0x10/0x10
[ 61.381873][ T5828] ? rcu_is_watching+0x12/0xc0
[ 61.386630][ T5828] ? dvb_device_open+0x33f/0x3b0
[ 61.391563][ T5828] panic+0xd1/0xe0
[ 61.395282][ T5828] ? __pfx_panic+0x10/0x10
[ 61.399681][ T5828] ? dvb_device_open+0x33f/0x3b0
[ 61.404613][ T5828] ? preempt_schedule_common+0x42/0xc0
[ 61.410068][ T5828] ? check_panic_on_warn+0x1f/0x90
[ 61.415192][ T5828] check_panic_on_warn.cold+0x19/0x34
[ 61.420572][ T5828] end_report.part.0+0x3a/0x90
[ 61.425366][ T5828] kasan_report.cold+0xe/0x18
[ 61.430033][ T5828] ? dvb_device_open+0x33f/0x3b0
[ 61.434953][ T5828] ? __pfx_dvb_device_open+0x10/0x10
[ 61.440223][ T5828] dvb_device_open+0x33f/0x3b0
[ 61.444981][ T5828] ? __pfx_dvb_device_open+0x10/0x10
[ 61.450254][ T5828] chrdev_open+0x234/0x6a0
[ 61.454653][ T5828] ? __pfx_chrdev_open+0x10/0x10
[ 61.459571][ T5828] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 61.465884][ T5828] do_dentry_open+0x6ab/0x14d0
[ 61.470647][ T5828] ? __pfx_chrdev_open+0x10/0x10
[ 61.475566][ T5828] vfs_open+0x82/0x3f0
[ 61.479630][ T5828] path_openat+0x2873/0x4280
[ 61.484204][ T5828] ? __pfx_path_openat+0x10/0x10
[ 61.489119][ T5828] ? __hrtimer_rearm_deferred+0x23c/0x720
[ 61.494828][ T5828] ? rcu_is_watching+0x12/0xc0
[ 61.499580][ T5828] ? __hrtimer_rearm_deferred+0x23c/0x720
[ 61.505279][ T5828] ? lock_release+0x24d/0x310
[ 61.509940][ T5828] do_file_open+0x20e/0x430
[ 61.514439][ T5828] ? __pfx_do_file_open+0x10/0x10
[ 61.519443][ T5828] ? irqentry_exit+0x24d/0xa00
[ 61.524202][ T5828] ? alloc_fd+0x471/0x7a0
[ 61.528511][ T5828] ? do_getname+0x191/0x390
[ 61.533015][ T5828] do_sys_openat2+0x10f/0x1e0
[ 61.537676][ T5828] ? __pfx_do_sys_openat2+0x10/0x10
[ 61.542859][ T5828] ? __pfx_restore_altstack+0x10/0x10
[ 61.548237][ T5828] __x64_sys_openat+0x12d/0x210
[ 61.553082][ T5828] ? __pfx___x64_sys_openat+0x10/0x10
[ 61.558447][ T5828] ? __do_sys_rt_sigreturn+0x1da/0x2c0
[ 61.563889][ T5828] ? lock_release+0x24d/0x310
[ 61.568548][ T5828] ? rcu_is_watching+0x12/0xc0
[ 61.573298][ T5828] do_syscall_64+0x115/0x870
[ 61.577875][ T5828] ? clear_bhb_loop+0x40/0x90
[ 61.582532][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.588405][ T5828] RIP: 0033:0x7fdb4095d68e
[ 61.592801][ T5828] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 61.612388][ T5828] RSP: 002b:00007ffd0963a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 61.620784][ T5828] RAX: ffffffffffffffda RBX: 0000555583933500 RCX: 00007fdb4095d68e
[ 61.628739][ T5828] RDX: 0000000000000002 RSI: 00007ffd0963a210 RDI: ffffffffffffff9c
[ 61.636689][ T5828] RBP: 00007ffd0963a210 R08: 0000000000000000 R09: 0000000000000000
[ 61.644639][ T5828] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[ 61.652592][ T5828] R13: 00007fdb40c15fac R14: 00007fdb40c15fa0 R15: 00007fdb40c15fa0
[ 61.660624][ T5828]
[ 61.663897][ T5828] Kernel Offset: disabled
[ 61.668213][ T5828] Rebooting in 86400 seconds..