Warning: Permanently added '10.128.1.230' (ED25519) to the list of known hosts.
2025/08/03 09:43:47 ignoring optional flag "sandboxArg"="0"
2025/08/03 09:43:48 parsed 1 programs
[ 58.033530][ T4271] cgroup: Unknown subsys name 'net'
[ 58.193216][ T4271] cgroup: Unknown subsys name 'rlimit'
[ 59.465808][ T4271] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 60.939517][ T4283] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 60.947416][ T4283] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 60.957185][ T4283] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 60.965267][ T4283] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 60.972852][ T4283] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 60.981635][ T4283] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 62.335025][ T4331] chnl_net:caif_netlink_parms(): no params data found
[ 62.387985][ T4331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.396078][ T4331] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.403768][ T4331] device bridge_slave_0 entered promiscuous mode
[ 62.412462][ T4331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.419797][ T4331] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.427513][ T4331] device bridge_slave_1 entered promiscuous mode
[ 62.458347][ T4331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 62.469047][ T4331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 62.490038][ T4331] team0: Port device team_slave_0 added
[ 62.507083][ T4331] team0: Port device team_slave_1 added
[ 62.523488][ T4331] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 62.530756][ T4331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 62.557994][ T4331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 62.579425][ T4331] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 62.586451][ T4331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 62.612897][ T4331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 62.652171][ T4331] device hsr_slave_0 entered promiscuous mode
[ 62.659089][ T4331] device hsr_slave_1 entered promiscuous mode
[ 62.773285][ T4331] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 62.785183][ T4331] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 62.795190][ T4331] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 62.804945][ T4331] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 62.832191][ T4331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.839384][ T4331] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 62.847254][ T4331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.854346][ T4331] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 62.891841][ T4331] 8021q: adding VLAN 0 to HW filter on device bond0
[ 62.922162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 62.942142][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.951072][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.960247][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 62.974275][ T4331] 8021q: adding VLAN 0 to HW filter on device team0
[ 62.986731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 62.995457][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.002598][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 63.030489][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 63.039481][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.046722][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 63.057247][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 63.069234][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 63.077745][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 63.086574][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 63.102149][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 63.112272][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 63.251347][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 63.258910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 63.272112][ T4331] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 63.292524][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 63.301456][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 63.319761][ T4331] device veth0_vlan entered promiscuous mode
[ 63.328040][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 63.336918][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 63.346308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 63.354092][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 63.369010][ T4331] device veth1_vlan entered promiscuous mode
[ 63.386981][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 63.395688][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 63.404170][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 63.413158][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 63.425334][ T4331] device veth0_macvtap entered promiscuous mode
[ 63.438757][ T4331] device veth1_macvtap entered promiscuous mode
[ 63.453339][ T4331] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 63.462622][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 63.471045][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 63.479085][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 63.487890][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 63.503422][ T4331] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 63.511355][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 63.520354][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 63.531250][ T4331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.541318][ T4331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.550151][ T4331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.559065][ T4331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.767982][ T34] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 64.091498][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.105721][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.117623][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 64.145644][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.153644][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.162407][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/03 09:43:56 executed programs: 0
[ 64.786322][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 64.794421][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 64.803531][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 64.813004][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 64.820737][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 64.828170][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 64.937340][ T4373] chnl_net:caif_netlink_parms(): no params data found
[ 64.978829][ T4373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 64.986164][ T4373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 64.993833][ T4373] device bridge_slave_0 entered promiscuous mode
[ 65.002401][ T4373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.009822][ T4373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.017873][ T4373] device bridge_slave_1 entered promiscuous mode
[ 65.041319][ T4373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.052826][ T4373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.075134][ T4373] team0: Port device team_slave_0 added
[ 65.082523][ T4373] team0: Port device team_slave_1 added
[ 65.102262][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.109583][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.135729][ T4373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.148368][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.155429][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.181712][ T4373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.210891][ T4373] device hsr_slave_0 entered promiscuous mode
[ 65.217971][ T4373] device hsr_slave_1 entered promiscuous mode
[ 65.225186][ T4373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 65.232963][ T4373] Cannot create hsr debugfs directory
[ 66.193318][ T34] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.844958][ T48] Bluetooth: hci0: command 0x0409 tx timeout
[ 68.763858][ T34] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.848070][ T34] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.934974][ T4285] Bluetooth: hci0: command 0x041b tx timeout
[ 69.670015][ T4373] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 69.687432][ T34] device hsr_slave_0 left promiscuous mode
[ 69.694007][ T34] device hsr_slave_1 left promiscuous mode
[ 69.700859][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 69.708622][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 69.717824][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 69.725789][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 69.733591][ T34] device bridge_slave_1 left promiscuous mode
[ 69.741576][ T34] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.751813][ T34] device bridge_slave_0 left promiscuous mode
[ 69.758805][ T34] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.775917][ T34] device veth1_macvtap left promiscuous mode
[ 69.782109][ T34] device veth0_macvtap left promiscuous mode
[ 69.788565][ T34] device veth1_vlan left promiscuous mode
[ 69.794449][ T34] device veth0_vlan left promiscuous mode
[ 70.049285][ T34] team0 (unregistering): Port device team_slave_1 removed
[ 70.077574][ T34] team0 (unregistering): Port device team_slave_0 removed
[ 70.101949][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 70.128898][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 70.345685][ T34] bond0 (unregistering): Released all slaves
[ 70.441752][ T4373] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 70.451864][ T4373] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 70.460896][ T4373] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 70.527306][ T4373] 8021q: adding VLAN 0 to HW filter on device bond0
[ 70.538775][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 70.546821][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 70.570023][ T4373] 8021q: adding VLAN 0 to HW filter on device team0
[ 70.579167][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 70.588783][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 70.597204][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.604266][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 70.612241][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 70.627810][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 70.637236][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 70.647228][ T75] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.654301][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 70.664441][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 70.677159][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 70.693506][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 70.702371][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 70.711032][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 70.721301][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 70.730271][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 70.748858][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 70.757576][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 70.770016][ T4373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 70.783273][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 70.792092][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 70.800773][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 70.983620][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 70.991123][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 71.002441][ T4373] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.009656][ T4285] Bluetooth: hci0: command 0x040f tx timeout
[ 71.025381][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 71.034091][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 71.050637][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 71.059151][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 71.068363][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 71.076751][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 71.087356][ T4373] device veth0_vlan entered promiscuous mode
[ 71.098479][ T4373] device veth1_vlan entered promiscuous mode
[ 71.116741][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 71.125435][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 71.133337][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 71.142058][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 71.152428][ T4373] device veth0_macvtap entered promiscuous mode
[ 71.161500][ T4373] device veth1_macvtap entered promiscuous mode
[ 71.184446][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.192201][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 71.201339][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 71.210492][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 71.219183][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 71.241595][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.249613][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 71.259336][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 71.269939][ T4373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.279152][ T4373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.288398][ T4373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.297453][ T4373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.328434][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.334957][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.381650][ T2956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.390171][ T2956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.406388][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 71.427741][ T2956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.436108][ T2956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.446540][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 72.322880][ T4429] ==================================================================
[ 72.331067][ T4429] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c50
[ 72.338275][ T4429] Read of size 8 at addr ffff888027f310b8 by task syz.0.17/4429
[ 72.345897][ T4429]
[ 72.348221][ T4429] CPU: 0 PID: 4429 Comm: syz.0.17 Not tainted 6.1.147-syzkaller #0
[ 72.356087][ T4429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 72.366148][ T4429] Call Trace:
[ 72.369432][ T4429]
[ 72.372355][ T4429] dump_stack_lvl+0x168/0x22e
[ 72.377027][ T4429] ? __lock_acquire+0x7c50/0x7c50
[ 72.382041][ T4429] ? show_regs_print_info+0x12/0x12
[ 72.387396][ T4429] ? load_image+0x3b0/0x3b0
[ 72.391887][ T4429] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 72.397247][ T4429] ? __virt_addr_valid+0x188/0x540
[ 72.402345][ T4429] ? __virt_addr_valid+0x465/0x540
[ 72.407442][ T4429] ? __lock_acquire+0xf7/0x7c50
[ 72.412296][ T4429] print_report+0xa8/0x200
[ 72.416702][ T4429] kasan_report+0x10b/0x140
[ 72.421194][ T4429] ? __lock_acquire+0xf7/0x7c50
[ 72.426099][ T4429] __lock_acquire+0xf7/0x7c50
[ 72.430849][ T4429] ? __lock_acquire+0x12e5/0x7c50
[ 72.435860][ T4429] ? verify_lock_unused+0x140/0x140
[ 72.441042][ T4429] ? lockdep_hardirqs_on+0x94/0x140
[ 72.446225][ T4429] ? finish_task_switch+0x32a/0x8f0
[ 72.451487][ T4429] ? verify_lock_unused+0x140/0x140
[ 72.456673][ T4429] ? __schedule+0x10f4/0x40b0
[ 72.461859][ T4429] lock_acquire+0x1b4/0x490
[ 72.466360][ T4429] ? remove_wait_queue+0x20/0x120
[ 72.471374][ T4429] ? read_lock_is_recursive+0x10/0x10
[ 72.476736][ T4429] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 72.482708][ T4429] _raw_spin_lock_irqsave+0xa4/0xf0
[ 72.487981][ T4429] ? remove_wait_queue+0x20/0x120
[ 72.493049][ T4429] ? _raw_spin_lock+0x40/0x40
[ 72.497713][ T4429] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 72.503590][ T4429] ? _raw_spin_unlock+0x40/0x40
[ 72.508427][ T4429] remove_wait_queue+0x20/0x120
[ 72.513267][ T4429] poll_freewait+0x99/0x210
[ 72.517760][ T4429] do_select+0x1761/0x1850
[ 72.522168][ T4429] ? do_select+0xeb/0x1850
[ 72.526577][ T4429] ? core_sys_select+0x8b0/0x8b0
[ 72.531506][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.537738][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.543970][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.550202][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.556431][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.562662][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.568887][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.575115][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.581345][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 72.587571][ T4429] ? __lock_acquire+0x7c50/0x7c50
[ 72.592581][ T4429] ? futex_unqueue+0xc7/0xf0
[ 72.597159][ T4429] ? __lock_acquire+0x7c50/0x7c50
[ 72.602166][ T4429] ? __might_fault+0xa6/0x120
[ 72.606829][ T4429] ? __might_fault+0xc2/0x120
[ 72.611495][ T4429] ? __might_fault+0xa6/0x120
[ 72.616159][ T4429] core_sys_select+0x6ad/0x8b0
[ 72.620912][ T4429] ? poll_select_set_timeout+0x150/0x150
[ 72.626533][ T4429] ? sigprocmask+0x190/0x190
[ 72.631111][ T4429] ? do_sys_openat2+0x1fe/0x490
[ 72.635946][ T4429] __se_sys_pselect6+0x2ed/0x3a0
[ 72.640871][ T4429] ? __x64_sys_pselect6+0xf0/0xf0
[ 72.645922][ T4429] ? __x64_sys_pselect6+0x1d/0xf0
[ 72.650934][ T4429] do_syscall_64+0x4c/0xa0
[ 72.655334][ T4429] ? clear_bhb_loop+0x60/0xb0
[ 72.659998][ T4429] ? clear_bhb_loop+0x60/0xb0
[ 72.664655][ T4429] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 72.670535][ T4429] RIP: 0033:0x7fa1da78eb69
[ 72.674955][ T4429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 72.694555][ T4429] RSP: 002b:00007fa1db6e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 72.702953][ T4429] RAX: ffffffffffffffda RBX: 00007fa1da9b5fa0 RCX: 00007fa1da78eb69
[ 72.710914][ T4429] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[ 72.718875][ T4429] RBP: 00007fa1da811df1 R08: 0000000000000000 R09: 0000000000000000
[ 72.726833][ T4429] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[ 72.734786][ T4429] R13: 0000000000000000 R14: 00007fa1da9b5fa0 R15: 00007ffe614b36e8
[ 72.742751][ T4429]
[ 72.745860][ T4429]
[ 72.748165][ T4429] Allocated by task 4429:
[ 72.752467][ T4429] kasan_set_track+0x4b/0x70
[ 72.757045][ T4429] __kasan_kmalloc+0x8e/0xa0
[ 72.761618][ T4429] comedi_device_postconfig+0x496/0xc50
[ 72.767148][ T4429] comedi_device_attach+0x52f/0x650
[ 72.772358][ T4429] comedi_unlocked_ioctl+0x5ec/0xf20
[ 72.777627][ T4429] __se_sys_ioctl+0xfa/0x170
[ 72.782201][ T4429] do_syscall_64+0x4c/0xa0
[ 72.786607][ T4429] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 72.792485][ T4429]
[ 72.794787][ T4429] Freed by task 4430:
[ 72.798741][ T4429] kasan_set_track+0x4b/0x70
[ 72.803313][ T4429] kasan_save_free_info+0x2d/0x50
[ 72.808321][ T4429] ____kasan_slab_free+0x126/0x1e0
[ 72.813415][ T4429] slab_free_freelist_hook+0x131/0x1a0
[ 72.818856][ T4429] __kmem_cache_free+0xb6/0x1f0
[ 72.823684][ T4429] comedi_device_detach+0x35f/0x6e0
[ 72.828870][ T4429] comedi_unlocked_ioctl+0xb6b/0xf20
[ 72.834399][ T4429] __se_sys_ioctl+0xfa/0x170
[ 72.838971][ T4429] do_syscall_64+0x4c/0xa0
[ 72.843373][ T4429] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 72.849250][ T4429]
[ 72.851558][ T4429] The buggy address belongs to the object at ffff888027f31000
[ 72.851558][ T4429] which belongs to the cache kmalloc-256 of size 256
[ 72.865590][ T4429] The buggy address is located 184 bytes inside of
[ 72.865590][ T4429] 256-byte region [ffff888027f31000, ffff888027f31100)
[ 72.878842][ T4429]
[ 72.881146][ T4429] The buggy address belongs to the physical page:
[ 72.887632][ T4429] page:ffffea00009fcc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f30
[ 72.897765][ T4429] head:ffffea00009fcc00 order:1 compound_mapcount:0 compound_pincount:0
[ 72.906067][ T4429] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 72.914040][ T4429] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441b40
[ 72.922608][ T4429] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 72.931171][ T4429] page dumped because: kasan: bad access detected
[ 72.937570][ T4429] page_owner tracks the page as allocated
[ 72.943264][ T4429] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4373, tgid 4373 (syz-executor), ts 71377811142, free_ts 71373413640
[ 72.965995][ T4429] post_alloc_hook+0x173/0x1a0
[ 72.970747][ T4429] get_page_from_freelist+0x1a26/0x1ac0
[ 72.976278][ T4429] __alloc_pages+0x1df/0x4e0
[ 72.980853][ T4429] alloc_slab_page+0x5d/0x160
[ 72.985514][ T4429] new_slab+0x87/0x2c0
[ 72.989565][ T4429] ___slab_alloc+0xbc6/0x1220
[ 72.994226][ T4429] __kmem_cache_alloc_node+0x1a0/0x260
[ 72.999666][ T4429] __kmalloc+0xa0/0x240
[ 73.003827][ T4429] __register_sysctl_table+0x96c/0xe70
[ 73.009271][ T4429] neigh_sysctl_register+0x993/0xa70
[ 73.014545][ T4429] addrconf_sysctl_register+0xac/0x1b0
[ 73.019989][ T4429] ipv6_add_dev+0xbe0/0x1120
[ 73.024560][ T4429] addrconf_notify+0x634/0xf40
[ 73.029310][ T4429] raw_notifier_call_chain+0xcb/0x160
[ 73.034664][ T4429] register_netdevice+0x1600/0x1aa0
[ 73.039845][ T4429] cfg80211_register_netdevice+0x155/0x2f0
[ 73.045634][ T4429] page last free stack trace:
[ 73.050284][ T4429] free_unref_page_prepare+0x8b4/0x9a0
[ 73.055743][ T4429] free_unref_page+0x2e/0x3f0
[ 73.060490][ T4429] __unfreeze_partials+0x1a5/0x200
[ 73.065583][ T4429] put_cpu_partial+0x17c/0x250
[ 73.070331][ T4429] qlist_free_all+0x76/0xe0
[ 73.074846][ T4429] kasan_quarantine_reduce+0x144/0x160
[ 73.080285][ T4429] __kasan_slab_alloc+0x1e/0x80
[ 73.085120][ T4429] slab_post_alloc_hook+0x4b/0x480
[ 73.090210][ T4429] __kmem_cache_alloc_node+0x140/0x260
[ 73.095647][ T4429] __kmalloc_node+0xa0/0x240
[ 73.100224][ T4429] memcg_alloc_slab_cgroups+0x83/0x120
[ 73.105675][ T4429] new_slab+0xc3/0x2c0
[ 73.109725][ T4429] ___slab_alloc+0xbc6/0x1220
[ 73.114385][ T4429] kmem_cache_alloc_lru+0x1ae/0x2e0
[ 73.119610][ T4429] __d_alloc+0x31/0x700
[ 73.123750][ T4429] d_alloc_parallel+0xd9/0x1480
[ 73.128587][ T4429]
[ 73.130892][ T4429] Memory state around the buggy address:
[ 73.136512][ T4429] ffff888027f30f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.144568][ T4429] ffff888027f31000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.152620][ T4429] >ffff888027f31080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.160664][ T4429] ^
[ 73.166545][ T4429] ffff888027f31100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.174594][ T4429] ffff888027f31180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.182637][ T4429] ==================================================================
[ 73.190695][ T4429] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.197867][ T4429] CPU: 0 PID: 4429 Comm: syz.0.17 Not tainted 6.1.147-syzkaller #0
[ 73.205739][ T4429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 73.215790][ T4429] Call Trace:
[ 73.219058][ T4429]
[ 73.221974][ T4429] dump_stack_lvl+0x168/0x22e
[ 73.226654][ T4429] ? memcpy+0x3c/0x60
[ 73.230625][ T4429] ? show_regs_print_info+0x12/0x12
[ 73.235805][ T4429] ? load_image+0x3b0/0x3b0
[ 73.240296][ T4429] panic+0x2c9/0x710
[ 73.244188][ T4429] ? __lock_acquire+0x7c50/0x7c50
[ 73.249211][ T4429] ? bpf_jit_dump+0xd0/0xd0
[ 73.253700][ T4429] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 73.259595][ T4429] ? _raw_spin_unlock+0x40/0x40
[ 73.264432][ T4429] check_panic_on_warn+0x80/0xa0
[ 73.269357][ T4429] ? __lock_acquire+0xf7/0x7c50
[ 73.274207][ T4429] end_report+0x66/0x110
[ 73.278449][ T4429] kasan_report+0x118/0x140
[ 73.282937][ T4429] ? __lock_acquire+0xf7/0x7c50
[ 73.287774][ T4429] __lock_acquire+0xf7/0x7c50
[ 73.292440][ T4429] ? __lock_acquire+0x12e5/0x7c50
[ 73.297454][ T4429] ? verify_lock_unused+0x140/0x140
[ 73.302638][ T4429] ? lockdep_hardirqs_on+0x94/0x140
[ 73.307824][ T4429] ? finish_task_switch+0x32a/0x8f0
[ 73.313006][ T4429] ? verify_lock_unused+0x140/0x140
[ 73.318194][ T4429] ? __schedule+0x10f4/0x40b0
[ 73.322858][ T4429] lock_acquire+0x1b4/0x490
[ 73.327374][ T4429] ? remove_wait_queue+0x20/0x120
[ 73.332403][ T4429] ? read_lock_is_recursive+0x10/0x10
[ 73.337775][ T4429] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 73.343748][ T4429] _raw_spin_lock_irqsave+0xa4/0xf0
[ 73.348947][ T4429] ? remove_wait_queue+0x20/0x120
[ 73.353960][ T4429] ? _raw_spin_lock+0x40/0x40
[ 73.358626][ T4429] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 73.364504][ T4429] ? _raw_spin_unlock+0x40/0x40
[ 73.369361][ T4429] remove_wait_queue+0x20/0x120
[ 73.374207][ T4429] poll_freewait+0x99/0x210
[ 73.378702][ T4429] do_select+0x1761/0x1850
[ 73.383109][ T4429] ? do_select+0xeb/0x1850
[ 73.387515][ T4429] ? core_sys_select+0x8b0/0x8b0
[ 73.392441][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.398668][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.404895][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.411123][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.417349][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.423576][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.429802][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.436032][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.442260][ T4429] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 73.448491][ T4429] ? __lock_acquire+0x7c50/0x7c50
[ 73.453503][ T4429] ? futex_unqueue+0xc7/0xf0
[ 73.458095][ T4429] ? __lock_acquire+0x7c50/0x7c50
[ 73.463103][ T4429] ? __might_fault+0xa6/0x120
[ 73.467777][ T4429] ? __might_fault+0xc2/0x120
[ 73.472443][ T4429] ? __might_fault+0xa6/0x120
[ 73.477112][ T4429] core_sys_select+0x6ad/0x8b0
[ 73.481875][ T4429] ? poll_select_set_timeout+0x150/0x150
[ 73.487500][ T4429] ? sigprocmask+0x190/0x190
[ 73.492082][ T4429] ? do_sys_openat2+0x1fe/0x490
[ 73.496925][ T4429] __se_sys_pselect6+0x2ed/0x3a0
[ 73.501853][ T4429] ? __x64_sys_pselect6+0xf0/0xf0
[ 73.506957][ T4429] ? __x64_sys_pselect6+0x1d/0xf0
[ 73.511971][ T4429] do_syscall_64+0x4c/0xa0
[ 73.516374][ T4429] ? clear_bhb_loop+0x60/0xb0
[ 73.521038][ T4429] ? clear_bhb_loop+0x60/0xb0
[ 73.525697][ T4429] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 73.531599][ T4429] RIP: 0033:0x7fa1da78eb69
[ 73.535998][ T4429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 73.555594][ T4429] RSP: 002b:00007fa1db6e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 73.563990][ T4429] RAX: ffffffffffffffda RBX: 00007fa1da9b5fa0 RCX: 00007fa1da78eb69
[ 73.571948][ T4429] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[ 73.579908][ T4429] RBP: 00007fa1da811df1 R08: 0000000000000000 R09: 0000000000000000
[ 73.587863][ T4429] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[ 73.595818][ T4429] R13: 0000000000000000 R14: 00007fa1da9b5fa0 R15: 00007ffe614b36e8
[ 73.603782][ T4429]
[ 73.607069][ T4429] Kernel Offset: disabled
[ 73.611377][ T4429] Rebooting in 86400 seconds..