Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts.
2025/08/24 09:02:00 parsed 1 programs
[   53.284700][ T4189] cgroup: Unknown subsys name 'net'
[   53.406696][ T4189] cgroup: Unknown subsys name 'rlimit'
[   54.661418][ T4189] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   55.880251][ T4197] chnl_net:caif_netlink_parms(): no params data found
[   55.918204][ T4197] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.925929][ T4197] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.933809][ T4197] device bridge_slave_0 entered promiscuous mode
[   55.943103][ T4197] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.950201][ T4197] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.958046][ T4197] device bridge_slave_1 entered promiscuous mode
[   55.976548][ T4197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.987926][ T4197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.009484][ T4197] team0: Port device team_slave_0 added
[   56.016605][ T4197] team0: Port device team_slave_1 added
[   56.033430][ T4197] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.040383][ T4197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.066509][ T4197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.078781][ T4197] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.086012][ T4197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.111947][ T4197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.139284][ T4197] device hsr_slave_0 entered promiscuous mode
[   56.146321][ T4197] device hsr_slave_1 entered promiscuous mode
[   56.220529][ T4197] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.231011][ T4197] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.239978][ T4197] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.249469][ T4197] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.272950][ T4197] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.280078][ T4197] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.287911][ T4197] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.295031][ T4197] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.333421][ T4197] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.345872][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.355167][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.363542][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.372557][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   56.386478][ T4197] 8021q: adding VLAN 0 to HW filter on device team0
[   56.397002][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.405491][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.412599][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.424863][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.433313][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.440350][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.458755][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.467274][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.478811][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.490050][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.503230][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.513276][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.580716][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   56.588586][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   56.600459][ T4197] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.616270][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.633707][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.642984][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   56.650845][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   56.660769][ T4197] device veth0_vlan entered promiscuous mode
[   56.671182][ T4197] device veth1_vlan entered promiscuous mode
[   56.687035][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   56.695103][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   56.703620][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.713723][ T4197] device veth0_macvtap entered promiscuous mode
[   56.723732][ T4197] device veth1_macvtap entered promiscuous mode
[   56.740328][ T4197] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.748024][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.757303][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   56.768495][ T4197] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.776304][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   56.786553][ T4197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.796587][ T4197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.805420][ T4197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.814231][ T4197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.938090][ T1154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.626554][ T1154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.906006][ T1154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.957116][ T1154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.738674][ T1154] device hsr_slave_0 left promiscuous mode
[   62.745386][ T1154] device hsr_slave_1 left promiscuous mode
[   62.753269][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   62.760718][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0
[   62.769630][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   62.777342][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1
[   62.785728][ T1154] device bridge_slave_1 left promiscuous mode
[   62.793237][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.808376][ T1154] device bridge_slave_0 left promiscuous mode
[   62.815652][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.830771][ T1154] device veth1_macvtap left promiscuous mode
[   62.837585][ T1154] device veth0_macvtap left promiscuous mode
[   62.843915][ T1154] device veth1_vlan left promiscuous mode
[   62.849851][ T1154] device veth0_vlan left promiscuous mode
[   62.970242][ T1154] team0 (unregistering): Port device team_slave_1 removed
[   62.983099][ T1154] team0 (unregistering): Port device team_slave_0 removed
[   62.994404][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   63.009863][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   63.054368][ T1154] bond0 (unregistering): Released all slaves
[   63.397443][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.416972][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.445471][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.472030][ T1450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.480823][ T1450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.495475][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/24 09:02:12 executed programs: 0
[   64.204324][ T4338] chnl_net:caif_netlink_parms(): no params data found
[   64.313558][ T4338] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.320743][ T4338] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.335118][ T4338] device bridge_slave_0 entered promiscuous mode
[   64.344959][ T4338] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.361580][ T4338] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.369575][ T4338] device bridge_slave_1 entered promiscuous mode
[   64.416147][ T4338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.444745][ T4338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.492469][ T4338] team0: Port device team_slave_0 added
[   64.500197][ T4338] team0: Port device team_slave_1 added
[   64.548330][ T4338] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.557113][ T4338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.590473][ T4338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.603334][ T4338] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.610277][ T4338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.636880][ T4338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.686223][ T4338] device hsr_slave_0 entered promiscuous mode
[   64.693123][ T4338] device hsr_slave_1 entered promiscuous mode
[   64.970972][ T1450] ODEBUG: Out of memory. ODEBUG disabled
[   65.370435][ T4338] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.382660][ T4338] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.392180][ T4338] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.402828][ T4338] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.464198][ T4338] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.478984][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.488865][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.499727][ T4338] 8021q: adding VLAN 0 to HW filter on device team0
[   65.512218][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.523413][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.533136][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.540204][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.548594][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.561114][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.572238][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.581069][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.588276][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.605645][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.614622][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.624775][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.634610][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.651657][ T4338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.662226][ T4338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.675911][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.685441][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.695703][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.705805][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.716056][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.726103][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.735925][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.749996][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.909911][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.918385][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.932673][ T4338] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.984838][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   65.995129][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.015255][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.024438][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.036158][ T4338] device veth0_vlan entered promiscuous mode
[   66.044442][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.052711][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.082455][ T4399] Bluetooth: hci0: command 0x0409 tx timeout
[   66.104560][ T4338] device veth1_vlan entered promiscuous mode
[   66.126075][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.137362][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.146315][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.156514][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.167434][ T4338] device veth0_macvtap entered promiscuous mode
[   66.207767][ T4338] device veth1_macvtap entered promiscuous mode
[   66.217519][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.226491][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.246615][ T4338] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.255754][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.265221][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.278160][ T4338] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.286534][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.296655][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.307747][ T4338] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.325055][ T4338] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.334596][ T4338] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.343717][ T4338] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.436427][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.449562][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.495029][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   66.505291][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.517309][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.528154][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.413066][ T4477] ==================================================================
[   67.421156][ T4477] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[   67.428365][ T4477] Read of size 8 at addr ffff88802842f8b8 by task syz.0.17/4477
[   67.435986][ T4477] 
[   67.438301][ T4477] CPU: 0 PID: 4477 Comm: syz.0.17 Not tainted 5.15.189-syzkaller #0
[   67.446270][ T4477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   67.456416][ T4477] Call Trace:
[   67.459691][ T4477]  <TASK>
[   67.462615][ T4477]  dump_stack_lvl+0x168/0x230
[   67.467289][ T4477]  ? show_regs_print_info+0x20/0x20
[   67.472481][ T4477]  ? load_image+0x3b0/0x3b0
[   67.477088][ T4477]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[   67.482472][ T4477]  print_address_description+0x60/0x2d0
[   67.488186][ T4477]  ? __lock_acquire+0xf7/0x7c60
[   67.493032][ T4477]  kasan_report+0xdf/0x130
[   67.497443][ T4477]  ? __lock_acquire+0xf7/0x7c60
[   67.502456][ T4477]  __lock_acquire+0xf7/0x7c60
[   67.507128][ T4477]  ? __lock_acquire+0x12d9/0x7c60
[   67.512152][ T4477]  ? lockdep_hardirqs_on+0x94/0x140
[   67.517340][ T4477]  ? finish_lock_switch+0x12f/0x280
[   67.522531][ T4477]  ? __switch_to_asm+0x34/0x60
[   67.527293][ T4477]  ? __schedule+0x11c0/0x43b0
[   67.531968][ T4477]  ? verify_lock_unused+0x140/0x140
[   67.537167][ T4477]  ? verify_lock_unused+0x140/0x140
[   67.542357][ T4477]  ? verify_lock_unused+0x140/0x140
[   67.547547][ T4477]  ? __lock_acquire+0x13ad/0x7c60
[   67.552567][ T4477]  ? mark_lock+0x94/0x320
[   67.556889][ T4477]  lock_acquire+0x197/0x3f0
[   67.561385][ T4477]  ? remove_wait_queue+0x20/0x120
[   67.566410][ T4477]  ? read_lock_is_recursive+0x10/0x10
[   67.571777][ T4477]  ? rcu_lock_release+0x9/0x20
[   67.576534][ T4477]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[   67.581892][ T4477]  ? lockdep_hardirqs_off+0x70/0x100
[   67.587160][ T4477]  _raw_spin_lock_irqsave+0xa4/0xf0
[   67.592351][ T4477]  ? remove_wait_queue+0x20/0x120
[   67.597413][ T4477]  ? _raw_spin_lock+0x40/0x40
[   67.602085][ T4477]  ? __fget_files+0x40f/0x480
[   67.606746][ T4477]  remove_wait_queue+0x20/0x120
[   67.611581][ T4477]  poll_freewait+0x99/0x210
[   67.616064][ T4477]  do_sys_poll+0xda0/0x1100
[   67.620574][ T4477]  ? do_sys_poll+0x671/0x1100
[   67.625230][ T4477]  ? poll_select_finish+0x5e0/0x5e0
[   67.630411][ T4477]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   67.636378][ T4477]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   67.642604][ T4477]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   67.648834][ T4477]  ? verify_lock_unused+0x140/0x140
[   67.654036][ T4477]  ? lock_chain_count+0x20/0x20
[   67.658877][ T4477]  ? __context_tracking_exit+0x4c/0x80
[   67.664314][ T4477]  ? set_user_sigmask+0xc4/0x1b0
[   67.669230][ T4477]  ? sigprocmask+0x190/0x190
[   67.673814][ T4477]  ? __lock_acquire+0x7c60/0x7c60
[   67.678821][ T4477]  __se_sys_ppoll+0x1fc/0x260
[   67.683503][ T4477]  ? __x64_sys_ppoll+0xc0/0xc0
[   67.688245][ T4477]  ? lockdep_hardirqs_on+0x94/0x140
[   67.693424][ T4477]  ? __x64_sys_ppoll+0x1c/0xc0
[   67.698165][ T4477]  do_syscall_64+0x4c/0xa0
[   67.702589][ T4477]  ? clear_bhb_loop+0x30/0x80
[   67.707256][ T4477]  ? clear_bhb_loop+0x30/0x80
[   67.711935][ T4477]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   67.717908][ T4477] RIP: 0033:0x7f74527e4be9
[   67.722305][ T4477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.741976][ T4477] RSP: 002b:00007f7451e54038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   67.750373][ T4477] RAX: ffffffffffffffda RBX: 00007f7452a0bfa0 RCX: 00007f74527e4be9
[   67.758323][ T4477] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000100
[   67.766273][ T4477] RBP: 00007f7452867e19 R08: 0000000000000000 R09: 0000000000000000
[   67.774224][ T4477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   67.782174][ T4477] R13: 00007f7452a0c038 R14: 00007f7452a0bfa0 R15: 00007ffd81b415e8
[   67.790147][ T4477]  </TASK>
[   67.793146][ T4477] 
[   67.795455][ T4477] Allocated by task 1:
[   67.799517][ T4477]  __kasan_kmalloc+0xb5/0xf0
[   67.804098][ T4477]  comedi_device_postconfig+0x496/0xc50
[   67.809641][ T4477]  comedi_auto_config+0x265/0x3a0
[   67.814658][ T4477]  comedi_test_init+0x8f/0x130
[   67.819408][ T4477]  do_one_initcall+0x1ee/0x680
[   67.824150][ T4477]  do_initcall_level+0x137/0x1f0
[   67.829067][ T4477]  do_initcalls+0x4b/0x90
[   67.833439][ T4477]  kernel_init_freeable+0x3ce/0x560
[   67.838613][ T4477]  kernel_init+0x19/0x1b0
[   67.842917][ T4477]  ret_from_fork+0x1f/0x30
[   67.847308][ T4477] 
[   67.849609][ T4477] Freed by task 4480:
[   67.853560][ T4477]  kasan_set_track+0x4b/0x70
[   67.858126][ T4477]  kasan_set_free_info+0x1f/0x40
[   67.863039][ T4477]  ____kasan_slab_free+0xd5/0x110
[   67.868036][ T4477]  slab_free_freelist_hook+0xea/0x170
[   67.873413][ T4477]  kfree+0xef/0x2a0
[   67.877196][ T4477]  comedi_device_detach+0x35f/0x6e0
[   67.882370][ T4477]  comedi_unlocked_ioctl+0xbd0/0xe90
[   67.887631][ T4477]  __se_sys_ioctl+0xfa/0x170
[   67.892201][ T4477]  do_syscall_64+0x4c/0xa0
[   67.896594][ T4477]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   67.902462][ T4477] 
[   67.904760][ T4477] The buggy address belongs to the object at ffff88802842f800
[   67.904760][ T4477]  which belongs to the cache kmalloc-256 of size 256
[   67.918785][ T4477] The buggy address is located 184 bytes inside of
[   67.918785][ T4477]  256-byte region [ffff88802842f800, ffff88802842f900)
[   67.932031][ T4477] The buggy address belongs to the page:
[   67.937639][ T4477] page:ffffea0000a10b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2842e
[   67.947785][ T4477] head:ffffea0000a10b80 order:1 compound_mapcount:0
[   67.954344][ T4477] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   67.962302][ T4477] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016841b40
[   67.970856][ T4477] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   67.979416][ T4477] page dumped because: kasan: bad access detected
[   67.985934][ T4477] page_owner tracks the page as allocated
[   67.991630][ T4477] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 9700787042, free_ts 0
[   68.009505][ T4477]  get_page_from_freelist+0x1b77/0x1c60
[   68.015039][ T4477]  __alloc_pages+0x1e1/0x470
[   68.019607][ T4477]  alloc_page_interleave+0x24/0x1e0
[   68.024780][ T4477]  new_slab+0xc0/0x4b0
[   68.028824][ T4477]  ___slab_alloc+0x81e/0xdf0
[   68.033390][ T4477]  kmem_cache_alloc_trace+0x1a5/0x2a0
[   68.038736][ T4477]  bus_add_driver+0xda/0x5a0
[   68.043298][ T4477]  driver_register+0x32d/0x430
[   68.048035][ T4477]  __hid_register_driver+0x126/0x170
[   68.053309][ T4477]  cmedia_init+0x1c/0x80
[   68.057525][ T4477]  do_one_initcall+0x1ee/0x680
[   68.062267][ T4477]  do_initcall_level+0x137/0x1f0
[   68.067181][ T4477]  do_initcalls+0x4b/0x90
[   68.071483][ T4477]  kernel_init_freeable+0x3ce/0x560
[   68.076654][ T4477]  kernel_init+0x19/0x1b0
[   68.080965][ T4477]  ret_from_fork+0x1f/0x30
[   68.085361][ T4477] page_owner free stack trace missing
[   68.090699][ T4477] 
[   68.092996][ T4477] Memory state around the buggy address:
[   68.098690][ T4477]  ffff88802842f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.106724][ T4477]  ffff88802842f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.114765][ T4477] >ffff88802842f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.122795][ T4477]                                         ^
[   68.128660][ T4477]  ffff88802842f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.136696][ T4477]  ffff88802842f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.144817][ T4477] ==================================================================
[   68.152849][ T4477] Disabling lock debugging due to kernel taint
[   68.158981][ T4477] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   68.166153][ T4477] CPU: 0 PID: 4477 Comm: syz.0.17 Tainted: G    B             5.15.189-syzkaller #0
[   68.175495][ T4477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   68.185526][ T4477] Call Trace:
[   68.188785][ T4477]  <TASK>
[   68.191695][ T4477]  dump_stack_lvl+0x168/0x230
[   68.196452][ T4477]  ? show_regs_print_info+0x20/0x20
[   68.201624][ T4477]  ? load_image+0x3b0/0x3b0
[   68.206109][ T4477]  panic+0x2c9/0x7f0
[   68.209984][ T4477]  ? bpf_jit_dump+0xd0/0xd0
[   68.214463][ T4477]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   68.220333][ T4477]  ? _raw_spin_unlock+0x40/0x40
[   68.225160][ T4477]  ? __lock_acquire+0xf7/0x7c60
[   68.229991][ T4477]  check_panic_on_warn+0x80/0xa0
[   68.234915][ T4477]  ? __lock_acquire+0xf7/0x7c60
[   68.239836][ T4477]  end_report+0x6d/0xf0
[   68.244217][ T4477]  kasan_report+0x102/0x130
[   68.248713][ T4477]  ? __lock_acquire+0xf7/0x7c60
[   68.253550][ T4477]  __lock_acquire+0xf7/0x7c60
[   68.258217][ T4477]  ? __lock_acquire+0x12d9/0x7c60
[   68.263233][ T4477]  ? lockdep_hardirqs_on+0x94/0x140
[   68.268414][ T4477]  ? finish_lock_switch+0x12f/0x280
[   68.273594][ T4477]  ? __switch_to_asm+0x34/0x60
[   68.278341][ T4477]  ? __schedule+0x11c0/0x43b0
[   68.282998][ T4477]  ? verify_lock_unused+0x140/0x140
[   68.288176][ T4477]  ? verify_lock_unused+0x140/0x140
[   68.293353][ T4477]  ? verify_lock_unused+0x140/0x140
[   68.298548][ T4477]  ? __lock_acquire+0x13ad/0x7c60
[   68.303649][ T4477]  ? mark_lock+0x94/0x320
[   68.307960][ T4477]  lock_acquire+0x197/0x3f0
[   68.312442][ T4477]  ? remove_wait_queue+0x20/0x120
[   68.317451][ T4477]  ? read_lock_is_recursive+0x10/0x10
[   68.322808][ T4477]  ? rcu_lock_release+0x9/0x20
[   68.327569][ T4477]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[   68.332936][ T4477]  ? lockdep_hardirqs_off+0x70/0x100
[   68.338210][ T4477]  _raw_spin_lock_irqsave+0xa4/0xf0
[   68.343392][ T4477]  ? remove_wait_queue+0x20/0x120
[   68.348421][ T4477]  ? _raw_spin_lock+0x40/0x40
[   68.353078][ T4477]  ? __fget_files+0x40f/0x480
[   68.357734][ T4477]  remove_wait_queue+0x20/0x120
[   68.362574][ T4477]  poll_freewait+0x99/0x210
[   68.367071][ T4477]  do_sys_poll+0xda0/0x1100
[   68.371561][ T4477]  ? do_sys_poll+0x671/0x1100
[   68.376227][ T4477]  ? poll_select_finish+0x5e0/0x5e0
[   68.381421][ T4477]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   68.387387][ T4477]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   68.393605][ T4477]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   68.399835][ T4477]  ? verify_lock_unused+0x140/0x140
[   68.405013][ T4477]  ? lock_chain_count+0x20/0x20
[   68.409853][ T4477]  ? __context_tracking_exit+0x4c/0x80
[   68.415288][ T4477]  ? set_user_sigmask+0xc4/0x1b0
[   68.420203][ T4477]  ? sigprocmask+0x190/0x190
[   68.424792][ T4477]  ? __lock_acquire+0x7c60/0x7c60
[   68.429798][ T4477]  __se_sys_ppoll+0x1fc/0x260
[   68.434475][ T4477]  ? __x64_sys_ppoll+0xc0/0xc0
[   68.439217][ T4477]  ? lockdep_hardirqs_on+0x94/0x140
[   68.444394][ T4477]  ? __x64_sys_ppoll+0x1c/0xc0
[   68.449222][ T4477]  do_syscall_64+0x4c/0xa0
[   68.453617][ T4477]  ? clear_bhb_loop+0x30/0x80
[   68.458272][ T4477]  ? clear_bhb_loop+0x30/0x80
[   68.462925][ T4477]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   68.468798][ T4477] RIP: 0033:0x7f74527e4be9
[   68.473193][ T4477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.492776][ T4477] RSP: 002b:00007f7451e54038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   68.501167][ T4477] RAX: ffffffffffffffda RBX: 00007f7452a0bfa0 RCX: 00007f74527e4be9
[   68.509117][ T4477] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000100
[   68.517518][ T4477] RBP: 00007f7452867e19 R08: 0000000000000000 R09: 0000000000000000
[   68.525470][ T4477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.533423][ T4477] R13: 00007f7452a0c038 R14: 00007f7452a0bfa0 R15: 00007ffd81b415e8
[   68.541384][ T4477]  </TASK>
[   68.545160][ T4477] Kernel Offset: disabled
[   68.549486][ T4477] Rebooting in 86400 seconds..