Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts.
2025/08/03 12:35:22 ignoring optional flag "sandboxArg"="0"
2025/08/03 12:35:23 parsed 1 programs
[   80.659455][ T4271] cgroup: Unknown subsys name 'net'
[   80.819826][ T4271] cgroup: Unknown subsys name 'rlimit'
[   82.327852][ T4271] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   84.174944][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.183161][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.194558][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   84.216435][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.224768][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.236134][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   85.765012][ T4324] chnl_net:caif_netlink_parms(): no params data found
[   85.833664][ T4324] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.841055][ T4324] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.849770][ T4324] device bridge_slave_0 entered promiscuous mode
[   85.859319][ T4324] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.866646][ T4324] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.875736][ T4324] device bridge_slave_1 entered promiscuous mode
[   85.901158][ T4324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.912607][ T4324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.957016][ T4324] team0: Port device team_slave_0 added
[   85.969427][ T4324] team0: Port device team_slave_1 added
[   86.025041][ T4324] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.032834][ T4324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.059444][ T4324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.077653][ T4324] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.084713][ T4324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.110750][ T4324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.143867][ T4324] device hsr_slave_0 entered promiscuous mode
[   86.151060][ T4324] device hsr_slave_1 entered promiscuous mode
[   86.256763][ T4324] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   86.267833][ T4324] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   86.277165][ T4324] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   86.288276][ T4324] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   86.370355][ T4324] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.395584][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   86.407860][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   86.419283][ T4324] 8021q: adding VLAN 0 to HW filter on device team0
[   86.445392][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   86.454307][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   86.463746][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.471119][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.480578][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   86.501789][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.511336][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   86.520364][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.527900][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.538701][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   86.564970][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   86.576850][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   86.586426][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   86.595818][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   86.624124][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   86.634735][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   86.643901][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   86.652421][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.661413][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   86.670249][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.693531][ T4324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.794710][   T27] cfg80211: failed to load regulatory.db
[   87.055690][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   87.070910][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   87.089836][ T4324] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.118910][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   87.130228][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   87.151639][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   87.163749][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   87.183677][ T4324] device veth0_vlan entered promiscuous mode
[   87.196589][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   87.205206][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   87.219171][ T4324] device veth1_vlan entered promiscuous mode
[   87.246311][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   87.258367][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   87.267995][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   87.279182][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   87.291787][ T4324] device veth0_macvtap entered promiscuous mode
[   87.307076][ T4324] device veth1_macvtap entered promiscuous mode
[   87.326808][ T4324] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.334525][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   87.343272][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   87.352052][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   87.363893][ T4324] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.371282][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   87.380469][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   87.393252][ T4324] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.402095][ T4324] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.410952][ T4324] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.420471][ T4324] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.546180][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.679694][ T4350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.689909][ T4350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.698195][ T4350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.707035][ T4350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.714728][ T4350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   87.722086][ T4350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/08/03 12:35:34 executed programs: 0
[   88.886732][ T4350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.895214][ T4350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.903959][ T4350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.911932][ T4350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.919917][ T4350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   88.927403][ T4350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.066899][ T4367] chnl_net:caif_netlink_parms(): no params data found
[   89.117542][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.124973][ T4367] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.133761][ T4367] device bridge_slave_0 entered promiscuous mode
[   89.141975][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.149341][ T4367] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.157309][ T4367] device bridge_slave_1 entered promiscuous mode
[   89.180425][ T4367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.191671][ T4367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.221372][ T4367] team0: Port device team_slave_0 added
[   89.229374][ T4367] team0: Port device team_slave_1 added
[   89.251034][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.258202][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.284778][ T4367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.299463][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.306611][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.332711][ T4367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.372695][ T4367] device hsr_slave_0 entered promiscuous mode
[   89.379825][ T4367] device hsr_slave_1 entered promiscuous mode
[   89.386742][ T4367] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.395128][ T4367] Cannot create hsr debugfs directory
[   89.684484][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.952949][   T48] Bluetooth: hci0: command 0x0409 tx timeout
[   91.942722][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.995586][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.827522][ T4367] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.838386][ T4367] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.848953][ T4367] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.865244][   T11] device hsr_slave_0 left promiscuous mode
[   92.873570][   T11] device hsr_slave_1 left promiscuous mode
[   92.880964][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.888767][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   92.897736][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.905752][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   92.915160][   T11] device bridge_slave_1 left promiscuous mode
[   92.922398][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.937889][   T11] device bridge_slave_0 left promiscuous mode
[   92.944338][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.977444][   T11] device veth1_macvtap left promiscuous mode
[   92.984110][   T11] device veth0_macvtap left promiscuous mode
[   92.990270][   T11] device veth1_vlan left promiscuous mode
[   92.999583][   T11] device veth0_vlan left promiscuous mode
[   93.033569][ T4350] Bluetooth: hci0: command 0x041b tx timeout
[   93.416216][   T11] team0 (unregistering): Port device team_slave_1 removed
[   93.445597][   T11] team0 (unregistering): Port device team_slave_0 removed
[   93.474067][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   93.504145][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   93.780065][   T11] bond0 (unregistering): Released all slaves
[   93.873454][ T4367] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.945493][ T4367] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.960496][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   93.969437][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.980399][ T4367] 8021q: adding VLAN 0 to HW filter on device team0
[   93.994265][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   94.003546][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   94.011987][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.019185][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.027210][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   94.052558][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   94.061463][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   94.070281][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.077487][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.089032][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   94.101489][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   94.130931][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   94.140512][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   94.150039][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   94.168072][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   94.177303][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   94.190131][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   94.199237][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   94.210401][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   94.219314][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   94.230686][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   94.479519][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   94.487770][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   94.501749][ T4367] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.519657][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   94.529084][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   94.547013][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.557311][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.567537][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.575922][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.587015][ T4367] device veth0_vlan entered promiscuous mode
[   94.598491][ T4367] device veth1_vlan entered promiscuous mode
[   94.617602][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   94.626017][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   94.634789][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.643835][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.655033][ T4367] device veth0_macvtap entered promiscuous mode
[   94.676396][ T4367] device veth1_macvtap entered promiscuous mode
[   94.693505][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.701101][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.710181][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.718979][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   94.727792][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   94.743333][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.761963][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   94.770817][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.782590][ T4367] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.791451][ T4367] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.802104][ T4367] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.811922][ T4367] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.879800][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.890232][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.924576][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   94.937189][ T4418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.945822][ T4418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.955481][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   95.122574][ T4350] Bluetooth: hci0: command 0x040f tx timeout
[   95.840089][ T4420] ==================================================================
[   95.848219][ T4420] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c50
[   95.855447][ T4420] Read of size 8 at addr ffff888076eb5cb8 by task syz.0.17/4420
[   95.863084][ T4420] 
[   95.865427][ T4420] CPU: 1 PID: 4420 Comm: syz.0.17 Not tainted 6.1.147-syzkaller #0
[   95.873331][ T4420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   95.883456][ T4420] Call Trace:
[   95.886778][ T4420]  <TASK>
[   95.889741][ T4420]  dump_stack_lvl+0x168/0x22e
[   95.894588][ T4420]  ? __lock_acquire+0x7c50/0x7c50
[   95.899639][ T4420]  ? show_regs_print_info+0x12/0x12
[   95.904849][ T4420]  ? load_image+0x3b0/0x3b0
[   95.909362][ T4420]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[   95.914773][ T4420]  ? __virt_addr_valid+0x188/0x540
[   95.919932][ T4420]  ? __virt_addr_valid+0x465/0x540
[   95.925083][ T4420]  ? __lock_acquire+0xf7/0x7c50
[   95.929990][ T4420]  print_report+0xa8/0x200
[   95.934442][ T4420]  kasan_report+0x10b/0x140
[   95.938983][ T4420]  ? __lock_acquire+0xf7/0x7c50
[   95.943858][ T4420]  __lock_acquire+0xf7/0x7c50
[   95.948728][ T4420]  ? __lock_acquire+0x12e5/0x7c50
[   95.953773][ T4420]  ? verify_lock_unused+0x140/0x140
[   95.958985][ T4420]  ? lockdep_hardirqs_on+0x94/0x140
[   95.964196][ T4420]  ? finish_task_switch+0x32a/0x8f0
[   95.969410][ T4420]  ? verify_lock_unused+0x140/0x140
[   95.974668][ T4420]  ? __schedule+0x10f4/0x40b0
[   95.979369][ T4420]  lock_acquire+0x1b4/0x490
[   95.983897][ T4420]  ? remove_wait_queue+0x20/0x120
[   95.988953][ T4420]  ? read_lock_is_recursive+0x10/0x10
[   95.994437][ T4420]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   96.000444][ T4420]  _raw_spin_lock_irqsave+0xa4/0xf0
[   96.005663][ T4420]  ? remove_wait_queue+0x20/0x120
[   96.010702][ T4420]  ? _raw_spin_lock+0x40/0x40
[   96.015390][ T4420]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   96.021314][ T4420]  ? _raw_spin_unlock+0x40/0x40
[   96.026191][ T4420]  remove_wait_queue+0x20/0x120
[   96.031071][ T4420]  poll_freewait+0x99/0x210
[   96.035596][ T4420]  do_select+0x1761/0x1850
[   96.040031][ T4420]  ? do_select+0xeb/0x1850
[   96.044473][ T4420]  ? core_sys_select+0x8b0/0x8b0
[   96.049431][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.055688][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.061946][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.068216][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.074502][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.080803][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.087165][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.093443][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.099716][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.105984][ T4420]  ? __lock_acquire+0x7c50/0x7c50
[   96.111028][ T4420]  ? __lock_acquire+0x7c50/0x7c50
[   96.116131][ T4420]  ? __might_fault+0xa6/0x120
[   96.120833][ T4420]  ? __might_fault+0xc2/0x120
[   96.125532][ T4420]  ? __might_fault+0xa6/0x120
[   96.130228][ T4420]  core_sys_select+0x6ad/0x8b0
[   96.135008][ T4420]  ? poll_select_set_timeout+0x150/0x150
[   96.140653][ T4420]  ? sigprocmask+0x190/0x190
[   96.145257][ T4420]  ? do_sys_openat2+0x1fe/0x490
[   96.150115][ T4420]  __se_sys_pselect6+0x2ed/0x3a0
[   96.155070][ T4420]  ? __x64_sys_pselect6+0xf0/0xf0
[   96.160118][ T4420]  ? __x64_sys_pselect6+0x1d/0xf0
[   96.165173][ T4420]  do_syscall_64+0x4c/0xa0
[   96.169679][ T4420]  ? clear_bhb_loop+0x60/0xb0
[   96.174394][ T4420]  ? clear_bhb_loop+0x60/0xb0
[   96.179076][ T4420]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   96.185091][ T4420] RIP: 0033:0x7fdca8f8eb69
[   96.189526][ T4420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.209273][ T4420] RSP: 002b:00007fdca9eb6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[   96.217703][ T4420] RAX: ffffffffffffffda RBX: 00007fdca91b5fa0 RCX: 00007fdca8f8eb69
[   96.225697][ T4420] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[   96.233695][ T4420] RBP: 00007fdca9011df1 R08: 0000000000000000 R09: 0000000000000000
[   96.241686][ T4420] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[   96.249698][ T4420] R13: 0000000000000000 R14: 00007fdca91b5fa0 R15: 00007ffd9f431908
[   96.257694][ T4420]  </TASK>
[   96.260716][ T4420] 
[   96.263318][ T4420] Allocated by task 4420:
[   96.267651][ T4420]  kasan_set_track+0x4b/0x70
[   96.272330][ T4420]  __kasan_kmalloc+0x8e/0xa0
[   96.276956][ T4420]  comedi_device_postconfig+0x496/0xc50
[   96.282629][ T4420]  comedi_device_attach+0x52f/0x650
[   96.288049][ T4420]  comedi_unlocked_ioctl+0x5ec/0xf20
[   96.293444][ T4420]  __se_sys_ioctl+0xfa/0x170
[   96.298079][ T4420]  do_syscall_64+0x4c/0xa0
[   96.302607][ T4420]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   96.308545][ T4420] 
[   96.310873][ T4420] Freed by task 4421:
[   96.314856][ T4420]  kasan_set_track+0x4b/0x70
[   96.319460][ T4420]  kasan_save_free_info+0x2d/0x50
[   96.324508][ T4420]  ____kasan_slab_free+0x126/0x1e0
[   96.329753][ T4420]  slab_free_freelist_hook+0x131/0x1a0
[   96.335232][ T4420]  __kmem_cache_free+0xb6/0x1f0
[   96.340088][ T4420]  comedi_device_detach+0x35f/0x6e0
[   96.345298][ T4420]  comedi_unlocked_ioctl+0xb6b/0xf20
[   96.350602][ T4420]  __se_sys_ioctl+0xfa/0x170
[   96.355289][ T4420]  do_syscall_64+0x4c/0xa0
[   96.359703][ T4420]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   96.365621][ T4420] 
[   96.367948][ T4420] The buggy address belongs to the object at ffff888076eb5c00
[   96.367948][ T4420]  which belongs to the cache kmalloc-256 of size 256
[   96.382005][ T4420] The buggy address is located 184 bytes inside of
[   96.382005][ T4420]  256-byte region [ffff888076eb5c00, ffff888076eb5d00)
[   96.395314][ T4420] 
[   96.397641][ T4420] The buggy address belongs to the physical page:
[   96.404116][ T4420] page:ffffea0001dbad00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76eb4
[   96.414403][ T4420] head:ffffea0001dbad00 order:1 compound_mapcount:0 compound_pincount:0
[   96.422752][ T4420] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   96.430798][ T4420] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441b40
[   96.439489][ T4420] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   96.448086][ T4420] page dumped because: kasan: bad access detected
[   96.454555][ T4420] page_owner tracks the page as allocated
[   96.460628][ T4420] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4367, tgid 4367 (syz-executor), ts 94858418643, free_ts 94857594145
[   96.483479][ T4420]  post_alloc_hook+0x173/0x1a0
[   96.488452][ T4420]  get_page_from_freelist+0x1a26/0x1ac0
[   96.494019][ T4420]  __alloc_pages+0x1df/0x4e0
[   96.498643][ T4420]  alloc_slab_page+0x5d/0x160
[   96.503350][ T4420]  new_slab+0x87/0x2c0
[   96.507421][ T4420]  ___slab_alloc+0xbc6/0x1220
[   96.512117][ T4420]  __kmem_cache_alloc_node+0x1a0/0x260
[   96.517607][ T4420]  __kmalloc+0xa0/0x240
[   96.521773][ T4420]  fib_create_info+0xa53/0x2490
[   96.526627][ T4420]  fib_table_insert+0xc3/0x1b50
[   96.531480][ T4420]  fib_magic+0x2c1/0x390
[   96.535737][ T4420]  fib_add_ifaddr+0x389/0x5e0
[   96.540435][ T4420]  fib_netdev_event+0x361/0x470
[   96.545298][ T4420]  raw_notifier_call_chain+0xcb/0x160
[   96.550703][ T4420]  __dev_notify_flags+0x178/0x2d0
[   96.555735][ T4420]  dev_change_flags+0xe3/0x1a0
[   96.560502][ T4420] page last free stack trace:
[   96.565187][ T4420]  free_unref_page_prepare+0x8b4/0x9a0
[   96.570657][ T4420]  free_unref_page+0x2e/0x3f0
[   96.575345][ T4420]  __unfreeze_partials+0x1a5/0x200
[   96.580496][ T4420]  put_cpu_partial+0x17c/0x250
[   96.585276][ T4420]  qlist_free_all+0x76/0xe0
[   96.589807][ T4420]  kasan_quarantine_reduce+0x144/0x160
[   96.595476][ T4420]  __kasan_slab_alloc+0x1e/0x80
[   96.600341][ T4420]  slab_post_alloc_hook+0x4b/0x480
[   96.605483][ T4420]  __kmem_cache_alloc_node+0x140/0x260
[   96.610962][ T4420]  kmalloc_trace+0x26/0xe0
[   96.615622][ T4420]  ____ip_mc_inc_group+0x2ad/0xac0
[   96.620780][ T4420]  ip_mc_up+0x121/0x2f0
[   96.624945][ T4420]  inetdev_event+0xe68/0x1410
[   96.629657][ T4420]  raw_notifier_call_chain+0xcb/0x160
[   96.635137][ T4420]  __dev_notify_flags+0x178/0x2d0
[   96.640189][ T4420]  dev_change_flags+0xe3/0x1a0
[   96.644974][ T4420] 
[   96.647332][ T4420] Memory state around the buggy address:
[   96.653011][ T4420]  ffff888076eb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.661127][ T4420]  ffff888076eb5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.669310][ T4420] >ffff888076eb5c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.677396][ T4420]                                         ^
[   96.683390][ T4420]  ffff888076eb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.691593][ T4420]  ffff888076eb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.699683][ T4420] ==================================================================
[   96.707762][ T4420] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   96.714984][ T4420] CPU: 1 PID: 4420 Comm: syz.0.17 Not tainted 6.1.147-syzkaller #0
[   96.722950][ T4420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   96.733028][ T4420] Call Trace:
[   96.736318][ T4420]  <TASK>
[   96.739253][ T4420]  dump_stack_lvl+0x168/0x22e
[   96.743940][ T4420]  ? memcpy+0x3c/0x60
[   96.747934][ T4420]  ? show_regs_print_info+0x12/0x12
[   96.753148][ T4420]  ? load_image+0x3b0/0x3b0
[   96.757707][ T4420]  panic+0x2c9/0x710
[   96.761918][ T4420]  ? __lock_acquire+0x7c50/0x7c50
[   96.767157][ T4420]  ? bpf_jit_dump+0xd0/0xd0
[   96.771692][ T4420]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   96.777635][ T4420]  ? _raw_spin_unlock+0x40/0x40
[   96.782772][ T4420]  check_panic_on_warn+0x80/0xa0
[   96.787900][ T4420]  ? __lock_acquire+0xf7/0x7c50
[   96.792937][ T4420]  end_report+0x66/0x110
[   96.797284][ T4420]  kasan_report+0x118/0x140
[   96.801809][ T4420]  ? __lock_acquire+0xf7/0x7c50
[   96.806673][ T4420]  __lock_acquire+0xf7/0x7c50
[   96.811373][ T4420]  ? __lock_acquire+0x12e5/0x7c50
[   96.816411][ T4420]  ? verify_lock_unused+0x140/0x140
[   96.821739][ T4420]  ? lockdep_hardirqs_on+0x94/0x140
[   96.826954][ T4420]  ? finish_task_switch+0x32a/0x8f0
[   96.832260][ T4420]  ? verify_lock_unused+0x140/0x140
[   96.837505][ T4420]  ? __schedule+0x10f4/0x40b0
[   96.842197][ T4420]  lock_acquire+0x1b4/0x490
[   96.846724][ T4420]  ? remove_wait_queue+0x20/0x120
[   96.852308][ T4420]  ? read_lock_is_recursive+0x10/0x10
[   96.857700][ T4420]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   96.863698][ T4420]  _raw_spin_lock_irqsave+0xa4/0xf0
[   96.868942][ T4420]  ? remove_wait_queue+0x20/0x120
[   96.873998][ T4420]  ? _raw_spin_lock+0x40/0x40
[   96.878718][ T4420]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   96.884643][ T4420]  ? _raw_spin_unlock+0x40/0x40
[   96.889617][ T4420]  remove_wait_queue+0x20/0x120
[   96.894484][ T4420]  poll_freewait+0x99/0x210
[   96.899088][ T4420]  do_select+0x1761/0x1850
[   96.903646][ T4420]  ? do_select+0xeb/0x1850
[   96.908089][ T4420]  ? core_sys_select+0x8b0/0x8b0
[   96.913144][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.919408][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.925672][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.931966][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.938324][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.944599][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.950853][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.957119][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.963635][ T4420]  ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[   96.970011][ T4420]  ? __lock_acquire+0x7c50/0x7c50
[   96.975062][ T4420]  ? __lock_acquire+0x7c50/0x7c50
[   96.980159][ T4420]  ? __might_fault+0xa6/0x120
[   96.984858][ T4420]  ? __might_fault+0xc2/0x120
[   96.989558][ T4420]  ? __might_fault+0xa6/0x120
[   96.994260][ T4420]  core_sys_select+0x6ad/0x8b0
[   96.999052][ T4420]  ? poll_select_set_timeout+0x150/0x150
[   97.004736][ T4420]  ? sigprocmask+0x190/0x190
[   97.009489][ T4420]  ? do_sys_openat2+0x1fe/0x490
[   97.014364][ T4420]  __se_sys_pselect6+0x2ed/0x3a0
[   97.019319][ T4420]  ? __x64_sys_pselect6+0xf0/0xf0
[   97.024478][ T4420]  ? __x64_sys_pselect6+0x1d/0xf0
[   97.029535][ T4420]  do_syscall_64+0x4c/0xa0
[   97.033967][ T4420]  ? clear_bhb_loop+0x60/0xb0
[   97.038742][ T4420]  ? clear_bhb_loop+0x60/0xb0
[   97.043437][ T4420]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   97.049537][ T4420] RIP: 0033:0x7fdca8f8eb69
[   97.053986][ T4420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.073973][ T4420] RSP: 002b:00007fdca9eb6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[   97.082439][ T4420] RAX: ffffffffffffffda RBX: 00007fdca91b5fa0 RCX: 00007fdca8f8eb69
[   97.090614][ T4420] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[   97.098648][ T4420] RBP: 00007fdca9011df1 R08: 0000000000000000 R09: 0000000000000000
[   97.106732][ T4420] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[   97.114722][ T4420] R13: 0000000000000000 R14: 00007fdca91b5fa0 R15: 00007ffd9f431908
[   97.122787][ T4420]  </TASK>
[   97.126132][ T4420] Kernel Offset: disabled
[   97.130565][ T4420] Rebooting in 86400 seconds..