[ 92.313159][ T37] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.68' (ED25519) to the list of known hosts.
2026/06/30 03:19:50 parsed 1 programs
2026/06/30 03:19:50 serving rpc on tcp://33823
[ 100.841493][ T5620] cgroup: Unknown subsys name 'net'
[ 101.084335][ T5620] cgroup: Unknown subsys name 'cpuset'
[ 101.137799][ T5620] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 103.151154][ T5620] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 109.231658][ T5654] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.232936][ T5654] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.233896][ T5654] bridge_slave_0: entered allmulticast mode
[ 109.236456][ T5654] bridge_slave_0: entered promiscuous mode
[ 109.287275][ T5654] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.287583][ T5654] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.287861][ T5654] bridge_slave_1: entered allmulticast mode
[ 109.291366][ T5654] bridge_slave_1: entered promiscuous mode
[ 109.361748][ T5654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 109.366662][ T5654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 109.572067][ T5654] team0: Port device team_slave_0 added
[ 109.580366][ T5654] team0: Port device team_slave_1 added
[ 109.629281][ T5654] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 109.629296][ T5654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 109.629316][ T5654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 109.632844][ T5654] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 109.632856][ T5654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 109.632876][ T5654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 109.836509][ T5654] hsr_slave_0: entered promiscuous mode
[ 109.846487][ T5654] hsr_slave_1: entered promiscuous mode
[ 110.160154][ T5654] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 110.207958][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 110.400613][ T5654] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 110.424531][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 110.426210][ T5654] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 110.473061][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 110.476339][ T5654] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 110.511538][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 110.696249][ T5654] 8021q: adding VLAN 0 to HW filter on device bond0
[ 110.753809][ T5654] 8021q: adding VLAN 0 to HW filter on device team0
[ 110.779962][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.780120][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 110.816613][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.823809][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 111.383183][ T5654] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 111.491357][ T5654] veth0_vlan: entered promiscuous mode
[ 111.530612][ T5654] veth1_vlan: entered promiscuous mode
[ 111.621084][ T5654] veth0_macvtap: entered promiscuous mode
[ 111.654155][ T5654] veth1_macvtap: entered promiscuous mode
[ 111.703414][ T5654] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 111.774956][ T5654] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 111.814728][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.832676][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.834496][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.872895][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 112.593813][ T56] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 112.996976][ T56] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 113.112102][ T4923] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 113.146055][ T4923] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 113.152979][ T4923] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 113.174831][ T4923] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 113.176450][ T4923] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 113.450594][ T56] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.006384][ T56] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.264850][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.264872][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.356745][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.356765][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.958099][ T56] bridge_slave_1: left allmulticast mode
[ 114.958317][ T56] bridge_slave_1: left promiscuous mode
[ 114.963198][ T56] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.169159][ T56] bridge_slave_0: left allmulticast mode
[ 115.169196][ T56] bridge_slave_0: left promiscuous mode
[ 115.169475][ T56] bridge0: port 1(bridge_slave_0) entered disabled state
[ 116.018119][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 116.078293][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 116.099679][ T56] bond0 (unregistering): Released all slaves
[ 116.150033][ T5269] 8021q: adding VLAN 0 to HW filter on device eth1
[ 116.663337][ T56] hsr_slave_0: left promiscuous mode
[ 116.697651][ T56] hsr_slave_1: left promiscuous mode
[ 116.698966][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 116.699050][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 116.739266][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 116.739295][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 116.908920][ T56] veth1_macvtap: left promiscuous mode
[ 116.909181][ T56] veth0_macvtap: left promiscuous mode
[ 116.909513][ T56] veth1_vlan: left promiscuous mode
[ 116.909900][ T56] veth0_vlan: left promiscuous mode
[ 117.728317][ T56] team0 (unregistering): Port device team_slave_1 removed
[ 117.789099][ T56] team0 (unregistering): Port device team_slave_0 removed
[ 118.002177][ T5269] 8021q: adding VLAN 0 to HW filter on device eth2
[ 118.778984][ T5269] 8021q: adding VLAN 0 to HW filter on device eth3
[ 119.768852][ T5269] 8021q: adding VLAN 0 to HW filter on device eth4
2026/06/30 03:20:16 executed programs: 0
[ 122.035864][ T4923] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 122.049112][ T4923] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 122.050698][ T4923] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 122.051872][ T4923] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 122.053413][ T4923] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 123.346946][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state
[ 123.348136][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.348463][ T5807] bridge_slave_0: entered allmulticast mode
[ 123.356988][ T5807] bridge_slave_0: entered promiscuous mode
[ 123.377475][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.377887][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state
[ 123.378199][ T5807] bridge_slave_1: entered allmulticast mode
[ 123.382348][ T5807] bridge_slave_1: entered promiscuous mode
[ 123.449708][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 123.455419][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 123.512219][ T5807] team0: Port device team_slave_0 added
[ 123.516312][ T5807] team0: Port device team_slave_1 added
[ 123.581702][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 123.581715][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 123.581735][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 123.584417][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 123.584431][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 123.584450][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.755536][ T5807] hsr_slave_0: entered promiscuous mode
[ 123.763018][ T5807] hsr_slave_1: entered promiscuous mode
[ 124.121650][ T60] Bluetooth: hci0: command tx timeout
[ 126.198368][ T60] Bluetooth: hci0: command tx timeout
[ 126.585110][ T5807] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 126.629706][ T5807] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 126.631847][ T5807] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 126.665842][ T5807] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 126.674757][ T5807] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 126.723903][ T5807] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 126.725699][ T5807] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 126.766326][ T5807] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 127.015974][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0
[ 127.107706][ T5807] 8021q: adding VLAN 0 to HW filter on device team0
[ 127.141336][ T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.141607][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 127.186511][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.197602][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 128.053183][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 128.235151][ T5807] veth0_vlan: entered promiscuous mode
[ 128.271599][ T5807] veth1_vlan: entered promiscuous mode
[ 128.277259][ T60] Bluetooth: hci0: command tx timeout
[ 128.429008][ T5807] veth0_macvtap: entered promiscuous mode
[ 128.453718][ T5807] veth1_macvtap: entered promiscuous mode
[ 128.496665][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 128.541935][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 128.591587][ T3393] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 128.595365][ T3393] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 128.624561][ T3393] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 128.630886][ T3393] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.308137][ T3393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.308159][ T3393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.424165][ T2174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.424186][ T2174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/06/30 03:20:23 executed programs: 2
[ 129.796869][ T5961] ==================================================================
[ 129.796887][ T5961] BUG: KASAN: slab-use-after-free in dvb_device_open+0xc4/0x350
[ 129.796925][ T5961] Read of size 8 at addr ff[ 129.796925][ T5961] Read of size 8 at addr ffff88802c457018 by task syz.0.19/5961
[ 129.796949][ T5961]
[ 129.796975][ T5961] CPU: 1 UID: 0 PID: 5961 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 129.797004][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 129.797028][ T5961] Call Trace:
[ 129.797039][ T5961]
[ 129.797049][ T5961] dump_stack_lvl+0xe8/0x150
[ 129.797077][ T5961] print_address_description+0x55/0x1e0
[ 129.797107][ T5961] ? dvb_device_open+0xc4/0x350
[ 129.797136][ T5961] print_report+0x58/0x70
[ 129.797163][ T5961] kasan_report+0x117/0x150
[ 129.797191][ T5961] ? dvb_device_open+0xc4/0x350
[ 129.797226][ T5961] dvb_device_open+0xc4/0x350
[ 129.797256][ T5961] ? rt_spin_unlock+0x163/0x200
[ 129.797280][ T5961] chrdev_open+0x4dc/0x600
[ 129.797315][ T5961] ? __pfx_chrdev_open+0x10/0x10
[ 129.797346][ T5961] ? fsnotify_open_perm_and_set_mode+0x13b/0x6c0
[ 129.797379][ T5961] ? __pfx_chrdev_open+0x10/0x10
[ 129.797410][ T5961] do_dentry_open+0x849/0x1420
[ 129.797439][ T5961] vfs_open+0x3b/0x350
[ 129.797458][ T5961] ? path_openat+0x2e49/0x3850
[ 129.797489][ T5961] path_openat+0x2e60/0x3850
[ 129.797522][ T5961] ? kmem_cache_alloc_noprof+0x358/0x680
[ 129.797544][ T5961] ? __x64_sys_openat+0x138/0x170
[ 129.797566][ T5961] ? do_syscall_64+0x174/0x580
[ 129.797594][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.797629][ T5961] do_file_open+0x23e/0x4a0
[ 129.797656][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 129.797686][ T5961] ? __pfx_do_file_open+0x10/0x10
[ 129.797734][ T5961] ? alloc_fd+0x654/0x6d0
[ 129.797761][ T5961] do_sys_openat2+0x115/0x200
[ 129.797783][ T5961] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.797809][ T5961] ? __task_pid_nr_ns+0x28/0x470
[ 129.797836][ T5961] __x64_sys_openat+0x138/0x170
[ 129.797861][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.797882][ T5961] do_syscall_64+0x174/0x580
[ 129.797909][ T5961] ? trace_irq_disable+0x3b/0x140
[ 129.797937][ T5961] ? clear_bhb_loop+0x40/0x90
[ 129.797961][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.797982][ T5961] RIP: 0033:0x7fe836d6d68e
[ 129.798010][ T5961] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 129.798028][ T5961] RSP: 002b:00007ffdba67ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 129.798060][ T5961] RAX: ffffffffffffffda RBX: 000055556c6aa500 RCX: 00007fe836d6d68e
[ 129.798076][ T5961] RDX: 0000000000000002 RSI: 00007ffdba67cb60 RDI: ffffffffffffff9c
[ 129.798091][ T5961] RBP: 00007ffdba67cb60 R08: 0000000000000000 R09: 0000000000000000
[ 129.798104][ T5961] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[ 129.798118][ T5961] R13: 00007fe837025fac R14: 00007fe837025fa0 R15: 00007fe837025fa0
[ 129.798144][ T5961]
[ 129.798152][ T5961]
[ 129.798157][ T5961] Allocated by task 1:
[ 129.798166][ T5961] kasan_save_track+0x3e/0x80
[ 129.798187][ T5961] __kasan_kmalloc+0x93/0xb0
[ 129.798206][ T5961] __kmalloc_cache_noprof+0x3cd/0x670
[ 129.798229][ T5961] dvb_register_device+0x309/0x1dd0
[ 129.798256][ T5961] dvb_register_frontend+0x619/0x900
[ 129.798280][ T5961] vidtv_bridge_probe+0x9d5/0xf60
[ 129.798299][ T5961] platform_probe+0xf9/0x190
[ 129.798322][ T5961] really_probe+0x254/0xae0
[ 129.798350][ T5961] __driver_probe_device+0x1e8/0x360
[ 129.798377][ T5961] driver_probe_device+0x4f/0x240
[ 129.798406][ T5961] __driver_attach+0x339/0x600
[ 129.798430][ T5961] bus_for_each_dev+0x23e/0x2c0
[ 129.798448][ T5961] bus_add_driver+0x348/0x670
[ 129.798466][ T5961] driver_register+0x23a/0x320
[ 129.798494][ T5961] vidtv_bridge_init+0x3d/0x60
[ 129.798518][ T5961] do_one_initcall+0x250/0x870
[ 129.798539][ T5961] do_initcall_level+0x10a/0x1a0
[ 129.798562][ T5961] do_initcalls+0x59/0xa0
[ 129.798584][ T5961] kernel_init_freeable+0x29d/0x3e0
[ 129.798607][ T5961] kernel_init+0x1d/0x1d0
[ 129.798637][ T5961] ret_from_fork+0x514/0xb70
[ 129.798659][ T5961] ret_from_fork_asm+0x1a/0x30
[ 129.798682][ T5961]
[ 129.798688][ T5961] Freed by task 5960:
[ 129.798698][ T5961] kasan_save_track+0x3e/0x80
[ 129.798726][ T5961] kasan_save_free_info+0x40/0x50
[ 129.798753][ T5961] __kasan_slab_free+0x5c/0x80
[ 129.798773][ T5961] kfree+0x1c5/0x6c0
[ 129.798788][ T5961] dvb_device_open+0x2c1/0x350
[ 129.798817][ T5961] chrdev_open+0x4dc/0x600
[ 129.798844][ T5961] do_dentry_open+0x849/0x1420
[ 129.798862][ T5961] vfs_open+0x3b/0x350
[ 129.798879][ T5961] path_openat+0x2e60/0x3850
[ 129.798903][ T5961] do_file_open+0x23e/0x4a0
[ 129.798927][ T5961] do_sys_openat2+0x115/0x200
[ 129.798951][ T5961] __x64_sys_openat+0x138/0x170
[ 129.798970][ T5961] do_syscall_64+0x174/0x580
[ 129.798995][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.799014][ T5961]
[ 129.799020][ T5961] The buggy address belongs to the object at ffff88802c457000
[ 129.799020][ T5961] which belongs to the cache kmalloc-512 of size 512
[ 129.799039][ T5961] The buggy address is located 24 bytes inside of
[ 129.799039][ T5961] freed 512-byte region [ffff88802c457000, ffff88802c457200)
[ 129.799061][ T5961]
[ 129.799066][ T5961] The buggy address belongs to the physical page:
[ 129.799089][ T5961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c454
[ 129.799113][ T5961] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 129.799131][ T5961] flags: 0x80000000000040(head|node=0|zone=1)
[ 129.799157][ T5961] page_type: f5(slab)
[ 129.799176][ T5961] raw: 0080000000000040 ffff88813fea9c80 dead000000000100 dead000000000122
[ 129.799194][ T5961] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 129.799212][ T5961] head: 0080000000000040 ffff88813fea9c80 dead000000000100 dead000000000122
[ 129.799230][ T5961] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 129.799248][ T5961] head: 0080000000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
[ 129.799264][ T5961] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[ 129.799275][ T5961] page dumped because: kasan: bad access detected
[ 129.799290][ T5961] page_owner tracks the page as allocated
[ 129.799298][ T5961] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22446283516
[ 129.799331][ T5961] post_alloc_hook+0x1f9/0x250
[ 129.799350][ T5961] get_page_from_freelist+0x264c/0x26c0
[ 129.799375][ T5961] __alloc_frozen_pages_noprof+0x1a6/0x390
[ 129.799398][ T5961] allocate_slab+0x79/0x5e0
[ 129.799424][ T5961] refill_objects+0x2d8/0x350
[ 129.799451][ T5961] __pcs_replace_empty_main+0x330/0x690
[ 129.799477][ T5961] __kmalloc_cache_noprof+0x467/0x670
[ 129.799498][ T5961] bus_add_driver+0x165/0x670
[ 129.799516][ T5961] driver_register+0x23a/0x320
[ 129.799546][ T5961] usb_register_driver+0x1e4/0x390
[ 129.799573][ T5961] do_one_initcall+0x250/0x870
[ 129.799594][ T5961] do_initcall_level+0x10a/0x1a0
[ 129.799617][ T5961] do_initcalls+0x59/0xa0
[ 129.799639][ T5961] kernel_init_freeable+0x29d/0x3e0
[ 129.799662][ T5961] kernel_init+0x1d/0x1d0
[ 129.799693][ T5961] ret_from_fork+0x514/0xb70
[ 129.799725][ T5961] page_owner free stack trace missing
[ 129.799733][ T5961]
[ 129.799738][ T5961] Memory state around the buggy address:
[ 129.799750][ T5961] ffff88802c456f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 129.799765][ T5961] ffff88802c456f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 129.799780][ T5961] >ffff88802c457000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 129.799791][ T5961] ^
[ 129.799802][ T5961] ffff88802c457080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 129.799817][ T5961] ffff88802c457100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 129.799829][ T5961] ==================================================================
[ 129.821406][ T5961] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 129.821477][ T5961] CPU: 1 UID: 0 PID: 5961 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 129.821570][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 129.821611][ T5961] Call Trace:
[ 129.821636][ T5961]
[ 129.821667][ T5961] vpanic+0x56c/0xa60
[ 129.821776][ T5961] ? __pfx_vpanic+0x10/0x10
[ 129.821866][ T5961] ? __pfx___schedule+0x10/0x10
[ 129.821944][ T5961] panic+0xc5/0xd0
[ 129.822021][ T5961] ? __pfx_panic+0x10/0x10
[ 129.822098][ T5961] ? preempt_schedule_thunk+0x16/0x40
[ 129.822204][ T5961] ? dvb_device_open+0xc4/0x350
[ 129.822286][ T5961] check_panic_on_warn+0x89/0xb0
[ 129.822360][ T5961] ? dvb_device_open+0xc4/0x350
[ 129.822436][ T5961] end_report+0x73/0x170
[ 129.822501][ T5961] ? dvb_device_open+0xc4/0x350
[ 129.822577][ T5961] kasan_report+0x128/0x150
[ 129.822655][ T5961] ? dvb_device_open+0xc4/0x350
[ 129.822742][ T5961] dvb_device_open+0xc4/0x350
[ 129.822802][ T5961] ? rt_spin_unlock+0x163/0x200
[ 129.822823][ T5961] chrdev_open+0x4dc/0x600
[ 129.822932][ T5961] ? __pfx_chrdev_open+0x10/0x10
[ 129.823022][ T5961] ? fsnotify_open_perm_and_set_mode+0x13b/0x6c0
[ 129.823109][ T5961] ? __pfx_chrdev_open+0x10/0x10
[ 129.823194][ T5961] do_dentry_open+0x849/0x1420
[ 129.823262][ T5961] vfs_open+0x3b/0x350
[ 129.823308][ T5961] ? path_openat+0x2e49/0x3850
[ 129.823382][ T5961] path_openat+0x2e60/0x3850
[ 129.823461][ T5961] ? kmem_cache_alloc_noprof+0x358/0x680
[ 129.823522][ T5961] ? __x64_sys_openat+0x138/0x170
[ 129.823575][ T5961] ? do_syscall_64+0x174/0x580
[ 129.823642][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.823728][ T5961] do_file_open+0x23e/0x4a0
[ 129.823804][ T5961] ? lockdep_hardirqs_on+0x7a/0x110
[ 129.823879][ T5961] ? __pfx_do_file_open+0x10/0x10
[ 129.823987][ T5961] ? alloc_fd+0x654/0x6d0
[ 129.824055][ T5961] do_sys_openat2+0x115/0x200
[ 129.824119][ T5961] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.824184][ T5961] ? __task_pid_nr_ns+0x28/0x470
[ 129.824268][ T5961] __x64_sys_openat+0x138/0x170
[ 129.824293][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.824369][ T5961] do_syscall_64+0x174/0x580
[ 129.824443][ T5961] ? trace_irq_disable+0x3b/0x140
[ 129.824519][ T5961] ? clear_bhb_loop+0x40/0x90
[ 129.824582][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.824641][ T5961] RIP: 0033:0x7fe836d6d68e
[ 129.824692][ T5961] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 129.824743][ T5961] RSP: 002b:00007ffdba67ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 129.824816][ T5961] RAX: ffffffffffffffda RBX: 000055556c6aa500 RCX: 00007fe836d6d68e
[ 129.824851][ T5961] RDX: 0000000000000002 RSI: 00007ffdba67cb60 RDI: ffffffffffffff9c
[ 129.824893][ T5961] RBP: 00007ffdba67cb60 R08: 0000000000000000 R09: 0000000000000000
[ 129.824934][ T5961] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[ 129.824968][ T5961] R13: 00007fe837025fac R14: 00007fe837025fa0 R15: 00007fe837025fa0
[ 129.825033][ T5961]
[ 129.825656][ T5961] Kernel Offset: disabled