Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts.
2025/08/24 09:09:39 parsed 1 programs
[   64.732149][ T4267] cgroup: Unknown subsys name 'net'
[   64.889365][ T4267] cgroup: Unknown subsys name 'rlimit'
[   66.129064][ T4267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   67.916522][ T4285] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.924874][ T4285] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.932332][ T4285] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.941114][ T4285] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.949190][ T4285] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.956714][ T4285] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.295801][ T4295] chnl_net:caif_netlink_parms(): no params data found
[   68.338886][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.346672][ T4295] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.355155][ T4295] device bridge_slave_0 entered promiscuous mode
[   68.364831][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.372094][ T4295] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.380221][ T4295] device bridge_slave_1 entered promiscuous mode
[   68.403563][ T4295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.416559][ T4295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.443362][ T4295] team0: Port device team_slave_0 added
[   68.451474][ T4295] team0: Port device team_slave_1 added
[   68.472689][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.479789][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.505898][ T4295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.518692][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.525739][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.552145][ T4295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.579278][ T4295] device hsr_slave_0 entered promiscuous mode
[   68.586670][ T4295] device hsr_slave_1 entered promiscuous mode
[   68.717994][ T4295] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   68.728381][ T4295] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   68.736839][ T4295] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   68.747913][ T4295] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.769312][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.776604][ T4295] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.784341][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.791608][ T4295] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.827941][ T4295] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.839601][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.850500][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.859676][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.868052][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   68.889066][ T4295] 8021q: adding VLAN 0 to HW filter on device team0
[   68.901625][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.910468][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.917749][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.930148][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.939263][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.946370][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.970810][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.979880][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.991566][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.010409][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.021896][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.040855][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.201783][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   69.209418][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.225460][ T4295] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.248787][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   69.265175][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   69.273820][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   69.282794][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   69.290870][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   69.301878][ T4295] device veth0_vlan entered promiscuous mode
[   69.318727][ T4295] device veth1_vlan entered promiscuous mode
[   69.361019][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   69.369439][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   69.377590][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   69.387011][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   69.397355][ T4295] device veth0_macvtap entered promiscuous mode
[   69.410141][ T4295] device veth1_macvtap entered promiscuous mode
[   69.430797][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.438514][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   69.446865][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   69.458467][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   69.468802][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   69.481147][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.491501][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   69.500585][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   69.510488][ T4295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.520057][ T4295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.529228][ T4295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.539618][ T4295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.717716][   T32] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.764516][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.772498][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.791938][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.801667][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.810653][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.820222][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   71.098652][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[   71.105400][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
2025/08/24 09:09:47 executed programs: 0
[   71.673651][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.682274][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.690446][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.698729][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.706913][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   71.714445][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.813057][ T4366] chnl_net:caif_netlink_parms(): no params data found
[   71.847514][ T4366] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.855131][ T4366] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.862739][ T4366] device bridge_slave_0 entered promiscuous mode
[   71.871820][ T4366] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.879396][ T4366] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.887473][ T4366] device bridge_slave_1 entered promiscuous mode
[   71.907208][ T4366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.917978][ T4366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.940197][ T4366] team0: Port device team_slave_0 added
[   71.947380][ T4366] team0: Port device team_slave_1 added
[   71.964374][ T4366] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.971349][ T4366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.997891][ T4366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.011264][ T4366] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.018261][ T4366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.044327][ T4366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.071005][ T4366] device hsr_slave_0 entered promiscuous mode
[   72.077752][ T4366] device hsr_slave_1 entered promiscuous mode
[   72.086390][ T4366] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   72.094122][ T4366] Cannot create hsr debugfs directory
[   72.164400][   T32] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.735282][   T47] Bluetooth: hci0: command 0x0409 tx timeout
[   74.463463][   T32] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.526976][   T32] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.369673][ T4366] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.387187][ T4366] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.396787][ T4366] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.405536][ T4366] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.439828][   T32] device hsr_slave_0 left promiscuous mode
[   75.446372][   T32] device hsr_slave_1 left promiscuous mode
[   75.453035][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.461257][   T32] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.469213][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.476690][   T32] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.484304][   T32] device bridge_slave_1 left promiscuous mode
[   75.491223][   T32] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.501533][   T32] device bridge_slave_0 left promiscuous mode
[   75.508567][   T32] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.524421][   T32] device veth1_macvtap left promiscuous mode
[   75.530676][   T32] device veth0_macvtap left promiscuous mode
[   75.537561][   T32] device veth1_vlan left promiscuous mode
[   75.543447][   T32] device veth0_vlan left promiscuous mode
[   75.807983][   T32] team0 (unregistering): Port device team_slave_1 removed
[   75.815486][ T4285] Bluetooth: hci0: command 0x041b tx timeout
[   75.835936][   T32] team0 (unregistering): Port device team_slave_0 removed
[   75.860324][   T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   75.890320][   T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.112198][   T32] bond0 (unregistering): Released all slaves
[   76.202231][ T4366] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.216360][   T41] cfg80211: failed to load regulatory.db
[   76.219478][ T4366] 8021q: adding VLAN 0 to HW filter on device team0
[   76.249580][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   76.258906][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.267701][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   76.277519][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   76.286688][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.293967][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.313249][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   76.324113][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   76.334908][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   76.343916][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.351132][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.367055][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   76.388992][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   76.398667][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   76.408787][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   76.420243][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   76.429743][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   76.439361][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   76.448350][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.463691][ T4366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.475889][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   76.488014][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   76.497221][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   76.506220][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.807584][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   76.816857][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   76.836154][ T4366] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.853839][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   76.862861][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   76.884855][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   76.893023][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   76.901811][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   76.910401][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   76.921806][ T4366] device veth0_vlan entered promiscuous mode
[   76.943063][ T4366] device veth1_vlan entered promiscuous mode
[   76.966581][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   76.976942][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   76.985511][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   76.996454][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   77.007158][ T4366] device veth0_macvtap entered promiscuous mode
[   77.017049][ T4366] device veth1_macvtap entered promiscuous mode
[   77.037053][ T4366] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.049906][ T4366] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.058766][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   77.068606][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   77.076617][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   77.085268][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   77.093835][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   77.102834][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   77.114067][ T4366] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.123044][ T4366] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.132380][ T4366] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.142492][ T4366] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.228967][ T4409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.265139][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.281795][ T4409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.297030][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.299447][ T2884] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   77.325078][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.894375][ T4285] Bluetooth: hci0: command 0x040f tx timeout
[   78.247214][ T4424] ==================================================================
[   78.255569][ T4424] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c50
[   78.262756][ T4424] Read of size 8 at addr ffff88814a9956b8 by task syz.0.17/4424
[   78.270372][ T4424] 
[   78.272717][ T4424] CPU: 0 PID: 4424 Comm: syz.0.17 Not tainted 6.1.148-syzkaller #0
[   78.280606][ T4424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   78.290745][ T4424] Call Trace:
[   78.294015][ T4424]  <TASK>
[   78.296929][ T4424]  dump_stack_lvl+0x168/0x22e
[   78.301602][ T4424]  ? __lock_acquire+0x7c50/0x7c50
[   78.306627][ T4424]  ? show_regs_print_info+0x12/0x12
[   78.311864][ T4424]  ? load_image+0x3b0/0x3b0
[   78.316436][ T4424]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[   78.321809][ T4424]  ? __virt_addr_valid+0x188/0x540
[   78.326920][ T4424]  ? __virt_addr_valid+0x465/0x540
[   78.332023][ T4424]  ? __lock_acquire+0xf7/0x7c50
[   78.336866][ T4424]  print_report+0xa8/0x210
[   78.341459][ T4424]  kasan_report+0x10b/0x140
[   78.345980][ T4424]  ? __lock_acquire+0xf7/0x7c50
[   78.350829][ T4424]  __lock_acquire+0xf7/0x7c50
[   78.355499][ T4424]  ? mark_lock+0x94/0x320
[   78.359849][ T4424]  ? __lock_acquire+0x12e5/0x7c50
[   78.364884][ T4424]  ? verify_lock_unused+0x140/0x140
[   78.370177][ T4424]  ? lockdep_hardirqs_on+0x94/0x140
[   78.375378][ T4424]  ? finish_task_switch+0x32a/0x8f0
[   78.380579][ T4424]  ? verify_lock_unused+0x140/0x140
[   78.385789][ T4424]  ? __schedule+0x10f4/0x40b0
[   78.390469][ T4424]  lock_acquire+0x1b4/0x490
[   78.394974][ T4424]  ? remove_wait_queue+0x20/0x120
[   78.400006][ T4424]  ? read_lock_is_recursive+0x10/0x10
[   78.405391][ T4424]  ? __fget_files+0x28/0x4d0
[   78.409983][ T4424]  _raw_spin_lock_irqsave+0xa4/0xf0
[   78.415192][ T4424]  ? remove_wait_queue+0x20/0x120
[   78.420304][ T4424]  ? _raw_spin_lock+0x40/0x40
[   78.424984][ T4424]  ? __fget_files+0x28/0x4d0
[   78.429580][ T4424]  ? __fget_files+0x44a/0x4d0
[   78.434260][ T4424]  remove_wait_queue+0x20/0x120
[   78.439116][ T4424]  poll_freewait+0x99/0x210
[   78.443623][ T4424]  do_sys_poll+0xe8a/0x11f0
[   78.448136][ T4424]  ? poll_select_finish+0x5e0/0x5e0
[   78.453347][ T4424]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   78.459597][ T4424]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   78.465859][ T4424]  ? futex_wake_mark+0x150/0x150
[   78.470807][ T4424]  ? set_user_sigmask+0xc4/0x1b0
[   78.475758][ T4424]  ? sigprocmask+0x190/0x190
[   78.480352][ T4424]  ? do_sys_openat2+0x1fe/0x490
[   78.485207][ T4424]  ? __se_sys_futex+0x14a/0x440
[   78.490075][ T4424]  __se_sys_ppoll+0x1fc/0x260
[   78.494759][ T4424]  ? __x64_sys_ppoll+0xc0/0xc0
[   78.499538][ T4424]  ? lockdep_hardirqs_on+0x94/0x140
[   78.504758][ T4424]  ? __x64_sys_ppoll+0x1c/0xc0
[   78.509548][ T4424]  do_syscall_64+0x4c/0xa0
[   78.513982][ T4424]  ? clear_bhb_loop+0x60/0xb0
[   78.518757][ T4424]  ? clear_bhb_loop+0x60/0xb0
[   78.523444][ T4424]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   78.529345][ T4424] RIP: 0033:0x7fefffd8ebe9
[   78.533768][ T4424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.553477][ T4424] RSP: 002b:00007ff000bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   78.561895][ T4424] RAX: ffffffffffffffda RBX: 00007feffffb5fa0 RCX: 00007fefffd8ebe9
[   78.569868][ T4424] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000100
[   78.578097][ T4424] RBP: 00007fefffe11e19 R08: 0000000000000000 R09: 0000000000000000
[   78.586069][ T4424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   78.594044][ T4424] R13: 00007feffffb6038 R14: 00007feffffb5fa0 R15: 00007ffd2a8a16c8
[   78.602029][ T4424]  </TASK>
[   78.605056][ T4424] 
[   78.607378][ T4424] Allocated by task 1:
[   78.611439][ T4424]  kasan_set_track+0x4b/0x70
[   78.616199][ T4424]  __kasan_kmalloc+0x8e/0xa0
[   78.620789][ T4424]  comedi_device_postconfig+0x496/0xc50
[   78.626344][ T4424]  comedi_auto_config+0x265/0x3a0
[   78.631380][ T4424]  comedi_test_init+0x8f/0x127
[   78.636149][ T4424]  do_one_initcall+0x214/0x7a0
[   78.640914][ T4424]  do_initcall_level+0x137/0x1e4
[   78.645852][ T4424]  do_initcalls+0x4b/0x8a
[   78.650187][ T4424]  kernel_init_freeable+0x3fa/0x5ac
[   78.655390][ T4424]  kernel_init+0x19/0x1b0
[   78.659730][ T4424]  ret_from_fork+0x1f/0x30
[   78.664245][ T4424] 
[   78.666568][ T4424] Freed by task 4425:
[   78.670545][ T4424]  kasan_set_track+0x4b/0x70
[   78.675141][ T4424]  kasan_save_free_info+0x2d/0x50
[   78.680182][ T4424]  ____kasan_slab_free+0x126/0x1e0
[   78.685298][ T4424]  slab_free_freelist_hook+0x131/0x1a0
[   78.690758][ T4424]  __kmem_cache_free+0xb6/0x1f0
[   78.695622][ T4424]  comedi_device_detach+0x35f/0x6e0
[   78.700848][ T4424]  comedi_unlocked_ioctl+0xb6b/0xf20
[   78.706142][ T4424]  __se_sys_ioctl+0xfa/0x170
[   78.710849][ T4424]  do_syscall_64+0x4c/0xa0
[   78.715266][ T4424]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   78.721161][ T4424] 
[   78.723484][ T4424] The buggy address belongs to the object at ffff88814a995600
[   78.723484][ T4424]  which belongs to the cache kmalloc-256 of size 256
[   78.737533][ T4424] The buggy address is located 184 bytes inside of
[   78.737533][ T4424]  256-byte region [ffff88814a995600, ffff88814a995700)
[   78.750804][ T4424] 
[   78.753125][ T4424] The buggy address belongs to the physical page:
[   78.759733][ T4424] page:ffffea00052a6500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a994
[   78.769989][ T4424] head:ffffea00052a6500 order:1 compound_mapcount:0 compound_pincount:0
[   78.778355][ T4424] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[   78.786614][ T4424] raw: 057ff00000010200 0000000000000000 dead000000000122 ffff888017441b40
[   78.795228][ T4424] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   78.803812][ T4424] page dumped because: kasan: bad access detected
[   78.810479][ T4424] page_owner tracks the page as allocated
[   78.816278][ T4424] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 11625821495, free_ts 0
[   78.836165][ T4424]  post_alloc_hook+0x173/0x1a0
[   78.840933][ T4424]  get_page_from_freelist+0x1a26/0x1ac0
[   78.846485][ T4424]  __alloc_pages+0x1df/0x4e0
[   78.851078][ T4424]  alloc_page_interleave+0x24/0x1e0
[   78.856278][ T4424]  alloc_slab_page+0x5d/0x160
[   78.861046][ T4424]  new_slab+0x87/0x2c0
[   78.865203][ T4424]  ___slab_alloc+0xbc6/0x1220
[   78.869906][ T4424]  __kmem_cache_alloc_node+0x1a0/0x260
[   78.875366][ T4424]  kmalloc_trace+0x26/0xe0
[   78.879790][ T4424]  bus_add_driver+0xda/0x5a0
[   78.884407][ T4424]  driver_register+0x32d/0x430
[   78.889193][ T4424]  __hid_register_driver+0x126/0x170
[   78.894493][ T4424]  do_one_initcall+0x214/0x7a0
[   78.899616][ T4424]  do_initcall_level+0x137/0x1e4
[   78.904564][ T4424]  do_initcalls+0x4b/0x8a
[   78.908899][ T4424]  kernel_init_freeable+0x3fa/0x5ac
[   78.914097][ T4424] page_owner free stack trace missing
[   78.919474][ T4424] 
[   78.921834][ T4424] Memory state around the buggy address:
[   78.927562][ T4424]  ffff88814a995580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.935620][ T4424]  ffff88814a995600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.943711][ T4424] >ffff88814a995680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.951788][ T4424]                                         ^
[   78.957689][ T4424]  ffff88814a995700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.965864][ T4424]  ffff88814a995780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.973923][ T4424] ==================================================================
[   78.981989][ T4424] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   78.989265][ T4424] CPU: 0 PID: 4424 Comm: syz.0.17 Not tainted 6.1.148-syzkaller #0
[   78.997247][ T4424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   79.007301][ T4424] Call Trace:
[   79.010581][ T4424]  <TASK>
[   79.013513][ T4424]  dump_stack_lvl+0x168/0x22e
[   79.018200][ T4424]  ? memcpy+0x3c/0x60
[   79.022286][ T4424]  ? show_regs_print_info+0x12/0x12
[   79.027660][ T4424]  ? load_image+0x3b0/0x3b0
[   79.032257][ T4424]  panic+0x2c9/0x710
[   79.036154][ T4424]  ? __lock_acquire+0x7c50/0x7c50
[   79.041403][ T4424]  ? bpf_jit_dump+0xd0/0xd0
[   79.046014][ T4424]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   79.051914][ T4424]  ? _raw_spin_unlock+0x40/0x40
[   79.056780][ T4424]  check_panic_on_warn+0x80/0xa0
[   79.061806][ T4424]  ? __lock_acquire+0xf7/0x7c50
[   79.066660][ T4424]  end_report+0x66/0x110
[   79.070904][ T4424]  kasan_report+0x118/0x140
[   79.075413][ T4424]  ? __lock_acquire+0xf7/0x7c50
[   79.080268][ T4424]  __lock_acquire+0xf7/0x7c50
[   79.084944][ T4424]  ? mark_lock+0x94/0x320
[   79.089296][ T4424]  ? __lock_acquire+0x12e5/0x7c50
[   79.094426][ T4424]  ? verify_lock_unused+0x140/0x140
[   79.099629][ T4424]  ? lockdep_hardirqs_on+0x94/0x140
[   79.104830][ T4424]  ? finish_task_switch+0x32a/0x8f0
[   79.110034][ T4424]  ? verify_lock_unused+0x140/0x140
[   79.115243][ T4424]  ? __schedule+0x10f4/0x40b0
[   79.119927][ T4424]  lock_acquire+0x1b4/0x490
[   79.124437][ T4424]  ? remove_wait_queue+0x20/0x120
[   79.129467][ T4424]  ? read_lock_is_recursive+0x10/0x10
[   79.134841][ T4424]  ? __fget_files+0x28/0x4d0
[   79.139436][ T4424]  _raw_spin_lock_irqsave+0xa4/0xf0
[   79.144902][ T4424]  ? remove_wait_queue+0x20/0x120
[   79.150016][ T4424]  ? _raw_spin_lock+0x40/0x40
[   79.154696][ T4424]  ? __fget_files+0x28/0x4d0
[   79.159286][ T4424]  ? __fget_files+0x44a/0x4d0
[   79.164137][ T4424]  remove_wait_queue+0x20/0x120
[   79.168996][ T4424]  poll_freewait+0x99/0x210
[   79.173505][ T4424]  do_sys_poll+0xe8a/0x11f0
[   79.178102][ T4424]  ? poll_select_finish+0x5e0/0x5e0
[   79.183305][ T4424]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   79.189636][ T4424]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   79.195983][ T4424]  ? futex_wake_mark+0x150/0x150
[   79.200953][ T4424]  ? set_user_sigmask+0xc4/0x1b0
[   79.205904][ T4424]  ? sigprocmask+0x190/0x190
[   79.210496][ T4424]  ? do_sys_openat2+0x1fe/0x490
[   79.215349][ T4424]  ? __se_sys_futex+0x14a/0x440
[   79.220295][ T4424]  __se_sys_ppoll+0x1fc/0x260
[   79.225004][ T4424]  ? __x64_sys_ppoll+0xc0/0xc0
[   79.229882][ T4424]  ? lockdep_hardirqs_on+0x94/0x140
[   79.235083][ T4424]  ? __x64_sys_ppoll+0x1c/0xc0
[   79.239851][ T4424]  do_syscall_64+0x4c/0xa0
[   79.244266][ T4424]  ? clear_bhb_loop+0x60/0xb0
[   79.248949][ T4424]  ? clear_bhb_loop+0x60/0xb0
[   79.253652][ T4424]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   79.259551][ T4424] RIP: 0033:0x7fefffd8ebe9
[   79.263975][ T4424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.283686][ T4424] RSP: 002b:00007ff000bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   79.292107][ T4424] RAX: ffffffffffffffda RBX: 00007feffffb5fa0 RCX: 00007fefffd8ebe9
[   79.300081][ T4424] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000100
[   79.308056][ T4424] RBP: 00007fefffe11e19 R08: 0000000000000000 R09: 0000000000000000
[   79.316908][ T4424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   79.324882][ T4424] R13: 00007feffffb6038 R14: 00007feffffb5fa0 R15: 00007ffd2a8a16c8
[   79.332860][ T4424]  </TASK>
[   79.336264][ T4424] Kernel Offset: disabled
[   79.340671][ T4424] Rebooting in 86400 seconds..