Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts.
2025/08/03 02:46:26 ignoring optional flag "sandboxArg"="0"
2025/08/03 02:46:27 parsed 1 programs
syzkaller login: [ 81.940245][ T4193] cgroup: Unknown subsys name 'net'
[ 82.172328][ T4193] cgroup: Unknown subsys name 'rlimit'
[ 83.693343][ T4193] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 85.124507][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.144596][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.163673][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.180797][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.189062][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.197994][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 85.977336][ T4219] chnl_net:caif_netlink_parms(): no params data found
[ 86.042462][ T4219] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.050490][ T4219] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.058717][ T4219] device bridge_slave_0 entered promiscuous mode
[ 86.068839][ T4219] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.076364][ T4219] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.084259][ T4219] device bridge_slave_1 entered promiscuous mode
[ 86.114406][ T4219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.128807][ T4219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.160378][ T4219] team0: Port device team_slave_0 added
[ 86.168973][ T4219] team0: Port device team_slave_1 added
[ 86.194661][ T4219] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.201921][ T4219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.228511][ T4219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.243297][ T4219] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.250602][ T4219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.278085][ T4219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.322393][ T4219] device hsr_slave_0 entered promiscuous mode
[ 86.329511][ T4219] device hsr_slave_1 entered promiscuous mode
[ 86.482350][ T4219] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 86.497486][ T4219] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 86.508349][ T4219] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 86.520055][ T4219] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 86.611723][ T4219] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.632262][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 86.643813][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 86.658323][ T4219] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.673211][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 86.683219][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 86.694015][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.701407][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.730874][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 86.741993][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 86.752782][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 86.764400][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.771599][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.783833][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 86.793563][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 86.805908][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 86.814787][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 86.831188][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 86.847633][ T2856] cfg80211: failed to load regulatory.db
[ 86.853348][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 86.867784][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 86.883070][ T4219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 87.020230][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 87.028510][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 87.043817][ T4219] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.069473][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 87.104749][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 87.114246][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 87.122918][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 87.134670][ T4219] device veth0_vlan entered promiscuous mode
[ 87.150625][ T4219] device veth1_vlan entered promiscuous mode
[ 87.180419][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 87.190794][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 87.202022][ T4219] device veth0_macvtap entered promiscuous mode
[ 87.213644][ T4219] device veth1_macvtap entered promiscuous mode
[ 87.232978][ T4219] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.249376][ T4219] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.260398][ T4219] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.269904][ T4219] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.279305][ T4219] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.288337][ T4219] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.299358][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 87.309491][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 87.319768][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 87.330471][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 87.339908][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 87.350526][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/08/03 02:46:37 executed programs: 0
[ 89.643502][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 89.781429][ T4285] chnl_net:caif_netlink_parms(): no params data found
[ 89.825986][ T4285] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.833155][ T4285] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.841268][ T4285] device bridge_slave_0 entered promiscuous mode
[ 89.849402][ T4285] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.857085][ T4285] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.864891][ T4285] device bridge_slave_1 entered promiscuous mode
[ 89.888478][ T4285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.899621][ T4285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.924313][ T4285] team0: Port device team_slave_0 added
[ 89.931726][ T4285] team0: Port device team_slave_1 added
[ 89.952352][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.959647][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.985882][ T4285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.998662][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.005969][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.032250][ T4285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.064911][ T4285] device hsr_slave_0 entered promiscuous mode
[ 90.072015][ T4285] device hsr_slave_1 entered promiscuous mode
[ 90.078976][ T4285] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 90.087456][ T4285] Cannot create hsr debugfs directory
[ 91.716581][ T1108] Bluetooth: hci0: command 0x0409 tx timeout
[ 92.063290][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.121953][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.193950][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.012452][ T4285] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.022471][ T4285] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.031989][ T4285] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.042153][ T4285] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.101097][ T4285] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.113657][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 93.124897][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 93.136442][ T4285] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.179048][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 93.188251][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 93.197387][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.204506][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.215286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 93.228085][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 93.239406][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 93.248384][ T4222] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.255566][ T4222] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.293334][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 93.304849][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 93.327671][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 93.337848][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 93.346687][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 93.356855][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 93.366442][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 93.409152][ T4285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 93.420683][ T4285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 93.432869][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 93.442367][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 93.451406][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 93.460711][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 93.470363][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 93.590975][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 93.599075][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 93.611755][ T4285] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.629917][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 93.639983][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 93.680331][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 93.689061][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 93.700340][ T4285] device veth0_vlan entered promiscuous mode
[ 93.708348][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 93.716535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 93.728860][ T4285] device veth1_vlan entered promiscuous mode
[ 93.780687][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 93.789445][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 93.797204][ T4319] Bluetooth: hci0: command 0x041b tx timeout
[ 93.804313][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 93.814526][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 93.826753][ T4285] device veth0_macvtap entered promiscuous mode
[ 93.863903][ T4285] device veth1_macvtap entered promiscuous mode
[ 93.878909][ T4285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 93.890254][ T4285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.902606][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.912319][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 93.920681][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 93.929294][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 93.938084][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 93.949285][ T4285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 93.960259][ T4285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 93.971703][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.981259][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 93.990348][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 94.001995][ T4285] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.011431][ T4285] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.020454][ T4285] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.029412][ T4285] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.102087][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.117645][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.126761][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 94.165460][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.173514][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.183258][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 94.249075][ T155] device hsr_slave_0 left promiscuous mode
[ 94.256094][ T155] device hsr_slave_1 left promiscuous mode
[ 94.263367][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 94.271364][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 94.280047][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 94.288014][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 94.296188][ T155] device bridge_slave_1 left promiscuous mode
[ 94.303659][ T155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.324887][ T155] device bridge_slave_0 left promiscuous mode
[ 94.331393][ T155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.351852][ T155] device veth1_macvtap left promiscuous mode
[ 94.363831][ T155] device veth0_macvtap left promiscuous mode
[ 94.370766][ T155] device veth1_vlan left promiscuous mode
[ 94.377394][ T155] device veth0_vlan left promiscuous mode
[ 94.574179][ T155] team0 (unregistering): Port device team_slave_1 removed
[ 94.594027][ T155] team0 (unregistering): Port device team_slave_0 removed
[ 94.608946][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 94.623458][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 94.692623][ T155] bond0 (unregistering): Released all slaves
2025/08/03 02:46:42 executed programs: 3
[ 95.875982][ T23] Bluetooth: hci0: command 0x040f tx timeout
[ 95.950605][ T4354] ==================================================================
[ 95.958773][ T4354] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[ 95.966016][ T4354] Read of size 8 at addr ffff88807835e8b8 by task syz.0.18/4354
[ 95.973652][ T4354]
[ 95.975989][ T4354] CPU: 1 PID: 4354 Comm: syz.0.18 Not tainted 5.15.189-syzkaller #0
[ 95.983981][ T4354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 95.994054][ T4354] Call Trace:
[ 95.997467][ T4354]
[ 96.000405][ T4354] dump_stack_lvl+0x168/0x230
[ 96.005100][ T4354] ? show_regs_print_info+0x20/0x20
[ 96.010308][ T4354] ? load_image+0x3b0/0x3b0
[ 96.014898][ T4354] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 96.020279][ T4354] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 96.026270][ T4354] print_address_description+0x60/0x2d0
[ 96.031828][ T4354] ? __lock_acquire+0xf7/0x7c60
[ 96.036685][ T4354] kasan_report+0xdf/0x130
[ 96.041227][ T4354] ? __lock_acquire+0xf7/0x7c60
[ 96.046105][ T4354] ? mark_lock+0x94/0x320
[ 96.050452][ T4354] __lock_acquire+0xf7/0x7c60
[ 96.055137][ T4354] ? __lock_acquire+0x12d9/0x7c60
[ 96.060208][ T4354] ? __schedule+0x11c0/0x43b0
[ 96.064888][ T4354] ? verify_lock_unused+0x140/0x140
[ 96.070096][ T4354] ? verify_lock_unused+0x140/0x140
[ 96.075302][ T4354] ? print_unlock_imbalance_bug+0x160/0x160
[ 96.081221][ T4354] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 96.087256][ T4354] lock_acquire+0x197/0x3f0
[ 96.091781][ T4354] ? remove_wait_queue+0x20/0x120
[ 96.096813][ T4354] ? read_lock_is_recursive+0x10/0x10
[ 96.102195][ T4354] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 96.108189][ T4354] ? _raw_spin_lock_irqsave+0x7f/0xf0
[ 96.113576][ T4354] ? lockdep_hardirqs_off+0x70/0x100
[ 96.118907][ T4354] _raw_spin_lock_irqsave+0xa4/0xf0
[ 96.124121][ T4354] ? remove_wait_queue+0x20/0x120
[ 96.129159][ T4354] ? _raw_spin_lock+0x40/0x40
[ 96.133860][ T4354] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 96.139959][ T4354] ? _raw_spin_unlock+0x40/0x40
[ 96.145719][ T4354] ? __fget_files+0x40f/0x480
[ 96.150439][ T4354] remove_wait_queue+0x20/0x120
[ 96.155407][ T4354] poll_freewait+0x99/0x210
[ 96.159936][ T4354] do_select+0x1629/0x16f0
[ 96.164369][ T4354] ? do_select+0xbc1/0x16f0
[ 96.168897][ T4354] ? core_sys_select+0x860/0x860
[ 96.173881][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.180129][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.186374][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.192646][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.198927][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.205181][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.211431][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.217736][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.224072][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 96.230324][ T4354] ? __lock_acquire+0x7c60/0x7c60
[ 96.235367][ T4354] ? __lock_acquire+0x7c60/0x7c60
[ 96.240425][ T4354] ? __might_fault+0xb3/0x110
[ 96.245110][ T4354] core_sys_select+0x65c/0x860
[ 96.249882][ T4354] ? poll_select_set_timeout+0x150/0x150
[ 96.255528][ T4354] ? sigprocmask+0x190/0x190
[ 96.260125][ T4354] ? __lock_acquire+0x7c60/0x7c60
[ 96.265158][ T4354] __se_sys_pselect6+0x2ed/0x3a0
[ 96.270191][ T4354] ? __x64_sys_pselect6+0xf0/0xf0
[ 96.275220][ T4354] ? __x64_sys_pselect6+0x1d/0xf0
[ 96.280252][ T4354] do_syscall_64+0x4c/0xa0
[ 96.284682][ T4354] ? clear_bhb_loop+0x30/0x80
[ 96.289359][ T4354] ? clear_bhb_loop+0x30/0x80
[ 96.294053][ T4354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 96.299969][ T4354] RIP: 0033:0x7f2f2ea7cb69
[ 96.304387][ T4354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 96.324009][ T4354] RSP: 002b:00007f2f2dcec038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 96.332449][ T4354] RAX: ffffffffffffffda RBX: 00007f2f2eca3fa0 RCX: 00007f2f2ea7cb69
[ 96.340451][ T4354] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[ 96.348430][ T4354] RBP: 00007f2f2eaffdf1 R08: 0000000000000000 R09: 0000000000000000
[ 96.356406][ T4354] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[ 96.364380][ T4354] R13: 0000000000000000 R14: 00007f2f2eca3fa0 R15: 00007ffc9ac0b338
[ 96.372364][ T4354]
[ 96.375410][ T4354]
[ 96.377732][ T4354] Allocated by task 4352:
[ 96.382053][ T4354] __kasan_kmalloc+0xb5/0xf0
[ 96.386648][ T4354] comedi_device_postconfig+0x496/0xc50
[ 96.392222][ T4354] comedi_device_attach+0x52f/0x650
[ 96.397423][ T4354] comedi_unlocked_ioctl+0x5ec/0xe90
[ 96.402797][ T4354] __se_sys_ioctl+0xfa/0x170
[ 96.407391][ T4354] do_syscall_64+0x4c/0xa0
[ 96.411827][ T4354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 96.417739][ T4354]
[ 96.420064][ T4354] Freed by task 4355:
[ 96.424040][ T4354] kasan_set_track+0x4b/0x70
[ 96.428643][ T4354] kasan_set_free_info+0x1f/0x40
[ 96.433590][ T4354] ____kasan_slab_free+0xd5/0x110
[ 96.438626][ T4354] slab_free_freelist_hook+0xea/0x170
[ 96.444017][ T4354] kfree+0xef/0x2a0
[ 96.447825][ T4354] comedi_device_detach+0x35f/0x6e0
[ 96.453027][ T4354] comedi_unlocked_ioctl+0xbd0/0xe90
[ 96.458483][ T4354] __se_sys_ioctl+0xfa/0x170
[ 96.463112][ T4354] do_syscall_64+0x4c/0xa0
[ 96.467546][ T4354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 96.473477][ T4354]
[ 96.475820][ T4354] The buggy address belongs to the object at ffff88807835e800
[ 96.475820][ T4354] which belongs to the cache kmalloc-256 of size 256
[ 96.489870][ T4354] The buggy address is located 184 bytes inside of
[ 96.489870][ T4354] 256-byte region [ffff88807835e800, ffff88807835e900)
[ 96.503151][ T4354] The buggy address belongs to the page:
[ 96.508863][ T4354] page:ffffea0001e0d780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7835e
[ 96.519011][ T4354] head:ffffea0001e0d780 order:1 compound_mapcount:0
[ 96.525682][ T4354] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 96.533670][ T4354] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016841b40
[ 96.542252][ T4354] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 96.550828][ T4354] page dumped because: kasan: bad access detected
[ 96.557250][ T4354] page_owner tracks the page as allocated
[ 96.562958][ T4354] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4285, ts 94211456672, free_ts 94085964028
[ 96.583446][ T4354] get_page_from_freelist+0x1b77/0x1c60
[ 96.589006][ T4354] __alloc_pages+0x1e1/0x470
[ 96.593600][ T4354] new_slab+0xc0/0x4b0
[ 96.597676][ T4354] ___slab_alloc+0x81e/0xdf0
[ 96.602420][ T4354] __kmalloc_track_caller+0x1cb/0x330
[ 96.607898][ T4354] kmemdup+0x22/0x50
[ 96.611816][ T4354] ip6t_register_table+0x28c/0x7e0
[ 96.616937][ T4354] ip6table_mangle_table_init+0x3d/0x60
[ 96.622542][ T4354] xt_find_table_lock+0x220/0x360
[ 96.627572][ T4354] xt_request_find_table_lock+0x22/0x100
[ 96.633207][ T4354] do_ip6t_get_ctl+0x5f8/0x1090
[ 96.638064][ T4354] nf_getsockopt+0x25e/0x280
[ 96.642660][ T4354] ipv6_getsockopt+0x442/0x2000
[ 96.647542][ T4354] tcp_getsockopt+0x1e3/0x2390
[ 96.652315][ T4354] __sys_getsockopt+0x1b0/0x230
[ 96.657165][ T4354] __x64_sys_getsockopt+0xb1/0xc0
[ 96.662194][ T4354] page last free stack trace:
[ 96.667083][ T4354] free_unref_page_prepare+0x637/0x6c0
[ 96.672559][ T4354] free_unref_page+0x94/0x280
[ 96.677252][ T4354] qlist_free_all+0x35/0x90
[ 96.681775][ T4354] kasan_quarantine_reduce+0x150/0x160
[ 96.687239][ T4354] __kasan_slab_alloc+0x2f/0xd0
[ 96.692106][ T4354] slab_post_alloc_hook+0x4c/0x380
[ 96.697222][ T4354] __kmalloc_node+0x15a/0x3b0
[ 96.702037][ T4354] kvmalloc_node+0x84/0x130
[ 96.706550][ T4354] seq_read_iter+0x1f6/0xd50
[ 96.711149][ T4354] vfs_read+0x725/0xcf0
[ 96.715684][ T4354] ksys_read+0x14d/0x250
[ 96.719937][ T4354] do_syscall_64+0x4c/0xa0
[ 96.724911][ T4354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 96.730823][ T4354]
[ 96.733170][ T4354] Memory state around the buggy address:
[ 96.738896][ T4354] ffff88807835e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.746967][ T4354] ffff88807835e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.755033][ T4354] >ffff88807835e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.763187][ T4354] ^
[ 96.769107][ T4354] ffff88807835e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.777172][ T4354] ffff88807835e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.785233][ T4354] ==================================================================
[ 96.793295][ T4354] Disabling lock debugging due to kernel taint
[ 96.799461][ T4354] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 96.806658][ T4354] CPU: 1 PID: 4354 Comm: syz.0.18 Tainted: G B 5.15.189-syzkaller #0
[ 96.816025][ T4354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 96.826081][ T4354] Call Trace:
[ 96.829377][ T4354]
[ 96.832311][ T4354] dump_stack_lvl+0x168/0x230
[ 96.837000][ T4354] ? show_regs_print_info+0x20/0x20
[ 96.842211][ T4354] ? load_image+0x3b0/0x3b0
[ 96.846732][ T4354] panic+0x2c9/0x7f0
[ 96.850638][ T4354] ? bpf_jit_dump+0xd0/0xd0
[ 96.855148][ T4354] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 96.861060][ T4354] ? _raw_spin_unlock+0x40/0x40
[ 96.865918][ T4354] ? __lock_acquire+0xf7/0x7c60
[ 96.870792][ T4354] check_panic_on_warn+0x80/0xa0
[ 96.875772][ T4354] ? __lock_acquire+0xf7/0x7c60
[ 96.880633][ T4354] end_report+0x6d/0xf0
[ 96.884797][ T4354] kasan_report+0x102/0x130
[ 96.889335][ T4354] ? __lock_acquire+0xf7/0x7c60
[ 96.894191][ T4354] ? mark_lock+0x94/0x320
[ 96.898528][ T4354] __lock_acquire+0xf7/0x7c60
[ 96.903220][ T4354] ? __lock_acquire+0x12d9/0x7c60
[ 96.908258][ T4354] ? __schedule+0x11c0/0x43b0
[ 96.912940][ T4354] ? verify_lock_unused+0x140/0x140
[ 96.918143][ T4354] ? verify_lock_unused+0x140/0x140
[ 96.923348][ T4354] ? print_unlock_imbalance_bug+0x160/0x160
[ 96.929253][ T4354] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 96.935242][ T4354] lock_acquire+0x197/0x3f0
[ 96.939760][ T4354] ? remove_wait_queue+0x20/0x120
[ 96.944801][ T4354] ? read_lock_is_recursive+0x10/0x10
[ 96.950176][ T4354] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 96.956165][ T4354] ? _raw_spin_lock_irqsave+0x7f/0xf0
[ 96.961551][ T4354] ? lockdep_hardirqs_off+0x70/0x100
[ 96.966848][ T4354] _raw_spin_lock_irqsave+0xa4/0xf0
[ 96.972052][ T4354] ? remove_wait_queue+0x20/0x120
[ 96.977084][ T4354] ? _raw_spin_lock+0x40/0x40
[ 96.981768][ T4354] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 96.987673][ T4354] ? _raw_spin_unlock+0x40/0x40
[ 96.992534][ T4354] ? __fget_files+0x40f/0x480
[ 96.997214][ T4354] remove_wait_queue+0x20/0x120
[ 97.002073][ T4354] poll_freewait+0x99/0x210
[ 97.006582][ T4354] do_select+0x1629/0x16f0
[ 97.011004][ T4354] ? do_select+0xbc1/0x16f0
[ 97.015516][ T4354] ? core_sys_select+0x860/0x860
[ 97.020463][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.026711][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.032958][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.039210][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.045459][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.051706][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.057954][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.064199][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.070448][ T4354] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0
[ 97.076692][ T4354] ? __lock_acquire+0x7c60/0x7c60
[ 97.081723][ T4354] ? __lock_acquire+0x7c60/0x7c60
[ 97.086752][ T4354] ? __might_fault+0xb3/0x110
[ 97.091434][ T4354] core_sys_select+0x65c/0x860
[ 97.096205][ T4354] ? poll_select_set_timeout+0x150/0x150
[ 97.101851][ T4354] ? sigprocmask+0x190/0x190
[ 97.106446][ T4354] ? __lock_acquire+0x7c60/0x7c60
[ 97.111476][ T4354] __se_sys_pselect6+0x2ed/0x3a0
[ 97.116416][ T4354] ? __x64_sys_pselect6+0xf0/0xf0
[ 97.121448][ T4354] ? __x64_sys_pselect6+0x1d/0xf0
[ 97.126510][ T4354] do_syscall_64+0x4c/0xa0
[ 97.130959][ T4354] ? clear_bhb_loop+0x30/0x80
[ 97.135639][ T4354] ? clear_bhb_loop+0x30/0x80
[ 97.140324][ T4354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 97.146237][ T4354] RIP: 0033:0x7f2f2ea7cb69
[ 97.150659][ T4354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 97.170273][ T4354] RSP: 002b:00007f2f2dcec038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 97.178692][ T4354] RAX: ffffffffffffffda RBX: 00007f2f2eca3fa0 RCX: 00007f2f2ea7cb69
[ 97.186673][ T4354] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[ 97.194650][ T4354] RBP: 00007f2f2eaffdf1 R08: 0000000000000000 R09: 0000000000000000
[ 97.202623][ T4354] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[ 97.210688][ T4354] R13: 0000000000000000 R14: 00007f2f2eca3fa0 R15: 00007ffc9ac0b338
[ 97.218673][ T4354]
[ 97.221921][ T4354] Kernel Offset: disabled
[ 97.226281][ T4354] Rebooting in 86400 seconds..