Warning: Permanently added '10.128.0.88' (ED25519) to the list of known hosts. 2025/08/03 03:53:37 ignoring optional flag "sandboxArg"="0" 2025/08/03 03:53:38 parsed 1 programs [ 54.020836][ T4189] cgroup: Unknown subsys name 'net' [ 54.247007][ T4189] cgroup: Unknown subsys name 'rlimit' [ 55.429377][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 57.322136][ T4218] chnl_net:caif_netlink_parms(): no params data found [ 57.377685][ T4218] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.387107][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.395768][ T4218] device bridge_slave_0 entered promiscuous mode [ 57.407062][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.414529][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.424424][ T4218] device bridge_slave_1 entered promiscuous mode [ 57.452753][ T4218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.466373][ T4218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.494384][ T4218] team0: Port device team_slave_0 added [ 57.503133][ T4218] team0: Port device team_slave_1 added [ 57.536516][ T4218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.543519][ T4218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.573894][ T4218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.588537][ T4218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.596236][ T4218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.623512][ T4218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.661875][ T4218] device hsr_slave_0 entered promiscuous mode [ 57.669444][ T4218] device hsr_slave_1 entered promiscuous mode [ 57.795606][ T4218] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.810397][ T4218] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.821034][ T4218] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.833489][ T4218] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.864949][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.872190][ T4218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.880230][ T4218] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.887363][ T4218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.945789][ T4218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.960666][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.973915][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.985536][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.999513][ T4218] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.010902][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.020787][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.027889][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.053710][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.063355][ T1276] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.070412][ T1276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.080562][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.090920][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.105014][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.123314][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.132848][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.143419][ T4218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.264511][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.272773][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.286089][ T4218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.306270][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.315440][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.334319][ T4218] device veth0_vlan entered promiscuous mode [ 58.340735][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.349333][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 58.363601][ T4218] device veth1_vlan entered promiscuous mode [ 58.372626][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.380843][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.389267][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 58.411057][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 58.421055][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 58.437614][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 58.450559][ T4218] device veth0_macvtap entered promiscuous mode [ 58.461975][ T4218] device veth1_macvtap entered promiscuous mode [ 58.479589][ T4218] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.488266][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.497374][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.505929][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.515380][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.527727][ T4218] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.535986][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.544798][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.557316][ T4218] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.566408][ T4218] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.575467][ T4218] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.585111][ T4218] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.770895][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.781602][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.795592][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.806491][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.814806][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.823915][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/08/03 03:53:46 executed programs: 0 [ 60.520964][ T4290] chnl_net:caif_netlink_parms(): no params data found [ 60.572035][ T4290] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.579187][ T4290] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.587910][ T4290] device bridge_slave_0 entered promiscuous mode [ 60.596987][ T4290] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.604429][ T4290] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.612574][ T4290] device bridge_slave_1 entered promiscuous mode [ 60.639147][ T4290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.650389][ T4290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.674883][ T4290] team0: Port device team_slave_0 added [ 60.682539][ T4290] team0: Port device team_slave_1 added [ 60.706333][ T4290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.713464][ T4290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.740216][ T4290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.757593][ T4290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.764676][ T4290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.790899][ T4290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.829682][ T4290] device hsr_slave_0 entered promiscuous mode [ 60.837398][ T4290] device hsr_slave_1 entered promiscuous mode [ 60.846649][ T4290] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.854937][ T4290] Cannot create hsr debugfs directory [ 60.919338][ T4290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.432863][ T4301] Bluetooth: hci0: command 0x0409 tx timeout [ 63.877957][ T4290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.927296][ T4290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.969144][ T4290] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.056055][ T4290] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.066141][ T4290] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.074721][ T4290] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.084471][ T4290] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.146037][ T4290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.176607][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.185249][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.195784][ T4290] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.207867][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.217065][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.225941][ T1276] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.233060][ T1276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.240885][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.267680][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.278487][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.286990][ T382] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.294084][ T382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.317962][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.327224][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.336492][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.346035][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.355454][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.378328][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.387189][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.398135][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.406704][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.417573][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.426449][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.438005][ T4290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.522081][ T4302] Bluetooth: hci0: command 0x041b tx timeout [ 64.546478][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.554506][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.566557][ T4290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.587265][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.599771][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.629738][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.638456][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.648645][ T4290] device veth0_vlan entered promiscuous mode [ 64.656969][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.665078][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.677586][ T4290] device veth1_vlan entered promiscuous mode [ 64.706527][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.715815][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.725049][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.734193][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.745262][ T4290] device veth0_macvtap entered promiscuous mode [ 64.755649][ T4290] device veth1_macvtap entered promiscuous mode [ 64.781297][ T4290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.792965][ T4290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.805354][ T4290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.813509][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.821653][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.829748][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.838656][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.851092][ T4290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.862119][ T4290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.874139][ T4290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.887461][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.897159][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.917886][ T4290] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.926910][ T4290] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.935977][ T4290] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.945464][ T4290] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.997946][ T9] device hsr_slave_0 left promiscuous mode [ 65.004637][ T9] device hsr_slave_1 left promiscuous mode [ 65.011091][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.018703][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.028029][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.035717][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.043559][ T9] device bridge_slave_1 left promiscuous mode [ 65.050414][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.064027][ T9] device bridge_slave_0 left promiscuous mode [ 65.070284][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.084835][ T9] device veth1_macvtap left promiscuous mode [ 65.091024][ T9] device veth0_macvtap left promiscuous mode [ 65.097232][ T9] device veth1_vlan left promiscuous mode [ 65.103820][ T9] device veth0_vlan left promiscuous mode [ 65.234421][ T9] team0 (unregistering): Port device team_slave_1 removed [ 65.247663][ T9] team0 (unregistering): Port device team_slave_0 removed [ 65.258966][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 65.271223][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 65.320743][ T9] bond0 (unregistering): Released all slaves [ 65.400361][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.416919][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.427196][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.428030][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/08/03 03:53:51 executed programs: 2 [ 65.444716][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.454387][ T382] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.593162][ T4302] Bluetooth: hci0: command 0x040f tx timeout [ 67.190638][ T4319] ================================================================== [ 67.198755][ T4319] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60 [ 67.205959][ T4319] Read of size 8 at addr ffff88801e44c4b8 by task syz.0.18/4319 [ 67.213677][ T4319] [ 67.215995][ T4319] CPU: 0 PID: 4319 Comm: syz.0.18 Not tainted 5.15.189-syzkaller #0 [ 67.223962][ T4319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 67.234069][ T4319] Call Trace: [ 67.237330][ T4319] [ 67.240240][ T4319] dump_stack_lvl+0x168/0x230 [ 67.244900][ T4319] ? show_regs_print_info+0x20/0x20 [ 67.250074][ T4319] ? load_image+0x3b0/0x3b0 [ 67.254551][ T4319] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 67.259899][ T4319] print_address_description+0x60/0x2d0 [ 67.265419][ T4319] ? __lock_acquire+0xf7/0x7c60 [ 67.270254][ T4319] kasan_report+0xdf/0x130 [ 67.274645][ T4319] ? __lock_acquire+0xf7/0x7c60 [ 67.279487][ T4319] ? mark_lock+0x94/0x320 [ 67.283801][ T4319] __lock_acquire+0xf7/0x7c60 [ 67.288473][ T4319] ? __lock_acquire+0x12d9/0x7c60 [ 67.293484][ T4319] ? __switch_to_asm+0x34/0x60 [ 67.298228][ T4319] ? __schedule+0x11c0/0x43b0 [ 67.302905][ T4319] ? verify_lock_unused+0x140/0x140 [ 67.308083][ T4319] ? verify_lock_unused+0x140/0x140 [ 67.313256][ T4319] ? print_unlock_imbalance_bug+0x160/0x160 [ 67.319152][ T4319] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 67.325126][ T4319] lock_acquire+0x197/0x3f0 [ 67.329611][ T4319] ? remove_wait_queue+0x20/0x120 [ 67.334615][ T4319] ? read_lock_is_recursive+0x10/0x10 [ 67.339965][ T4319] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 67.345927][ T4319] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 67.351293][ T4319] ? lockdep_hardirqs_off+0x70/0x100 [ 67.356552][ T4319] _raw_spin_lock_irqsave+0xa4/0xf0 [ 67.361744][ T4319] ? remove_wait_queue+0x20/0x120 [ 67.366741][ T4319] ? _raw_spin_lock+0x40/0x40 [ 67.371421][ T4319] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 67.377286][ T4319] ? _raw_spin_unlock+0x40/0x40 [ 67.382116][ T4319] ? __fget_files+0x40f/0x480 [ 67.386795][ T4319] remove_wait_queue+0x20/0x120 [ 67.391628][ T4319] poll_freewait+0x99/0x210 [ 67.396114][ T4319] do_select+0x1629/0x16f0 [ 67.400507][ T4319] ? do_select+0xbc1/0x16f0 [ 67.404989][ T4319] ? core_sys_select+0x860/0x860 [ 67.409905][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.416139][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.422355][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.428582][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.434800][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.441022][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.447233][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.453448][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.459678][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 67.465890][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 67.470905][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 67.476007][ T4319] ? __might_fault+0xb3/0x110 [ 67.480671][ T4319] core_sys_select+0x65c/0x860 [ 67.485410][ T4319] ? poll_select_set_timeout+0x150/0x150 [ 67.491023][ T4319] ? sigprocmask+0x190/0x190 [ 67.495591][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 67.500609][ T4319] __se_sys_pselect6+0x2ed/0x3a0 [ 67.505576][ T4319] ? __x64_sys_pselect6+0xf0/0xf0 [ 67.510599][ T4319] ? __x64_sys_pselect6+0x1d/0xf0 [ 67.515597][ T4319] do_syscall_64+0x4c/0xa0 [ 67.520002][ T4319] ? clear_bhb_loop+0x30/0x80 [ 67.524653][ T4319] ? clear_bhb_loop+0x30/0x80 [ 67.529301][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.535193][ T4319] RIP: 0033:0x7f4660dc4b69 [ 67.539588][ T4319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.559166][ T4319] RSP: 002b:00007f4660034038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 67.567554][ T4319] RAX: ffffffffffffffda RBX: 00007f4660febfa0 RCX: 00007f4660dc4b69 [ 67.575511][ T4319] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040 [ 67.583552][ T4319] RBP: 00007f4660e47df1 R08: 0000000000000000 R09: 0000000000000000 [ 67.591508][ T4319] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 67.599460][ T4319] R13: 0000000000000000 R14: 00007f4660febfa0 R15: 00007ffca2f37df8 [ 67.607599][ T4319] [ 67.610594][ T4319] [ 67.612889][ T4319] Allocated by task 4317: [ 67.617186][ T4319] __kasan_kmalloc+0xb5/0xf0 [ 67.621766][ T4319] comedi_device_postconfig+0x496/0xc50 [ 67.627296][ T4319] comedi_device_attach+0x52f/0x650 [ 67.632472][ T4319] comedi_unlocked_ioctl+0x5ec/0xe90 [ 67.637744][ T4319] __se_sys_ioctl+0xfa/0x170 [ 67.642314][ T4319] do_syscall_64+0x4c/0xa0 [ 67.646716][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.652590][ T4319] [ 67.654895][ T4319] Freed by task 4320: [ 67.658849][ T4319] kasan_set_track+0x4b/0x70 [ 67.663427][ T4319] kasan_set_free_info+0x1f/0x40 [ 67.668338][ T4319] ____kasan_slab_free+0xd5/0x110 [ 67.673334][ T4319] slab_free_freelist_hook+0xea/0x170 [ 67.678681][ T4319] kfree+0xef/0x2a0 [ 67.682469][ T4319] comedi_device_detach+0x35f/0x6e0 [ 67.687656][ T4319] comedi_unlocked_ioctl+0xbd0/0xe90 [ 67.692914][ T4319] __se_sys_ioctl+0xfa/0x170 [ 67.697482][ T4319] do_syscall_64+0x4c/0xa0 [ 67.701875][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.707751][ T4319] [ 67.710057][ T4319] The buggy address belongs to the object at ffff88801e44c400 [ 67.710057][ T4319] which belongs to the cache kmalloc-256 of size 256 [ 67.724173][ T4319] The buggy address is located 184 bytes inside of [ 67.724173][ T4319] 256-byte region [ffff88801e44c400, ffff88801e44c500) [ 67.737438][ T4319] The buggy address belongs to the page: [ 67.743066][ T4319] page:ffffea0000791300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e44c [ 67.753200][ T4319] head:ffffea0000791300 order:1 compound_mapcount:0 [ 67.759766][ T4319] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 67.767728][ T4319] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016841b40 [ 67.776288][ T4319] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 67.784845][ T4319] page dumped because: kasan: bad access detected [ 67.791288][ T4319] page_owner tracks the page as allocated [ 67.797001][ T4319] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4290, ts 65486012347, free_ts 65478673230 [ 67.817590][ T4319] get_page_from_freelist+0x1b77/0x1c60 [ 67.823124][ T4319] __alloc_pages+0x1e1/0x470 [ 67.827690][ T4319] new_slab+0xc0/0x4b0 [ 67.831733][ T4319] ___slab_alloc+0x81e/0xdf0 [ 67.836304][ T4319] __kmalloc_node+0x200/0x3b0 [ 67.840978][ T4319] kvmalloc_node+0x84/0x130 [ 67.845461][ T4319] nf_hook_entries_grow+0x30e/0x750 [ 67.850632][ T4319] __nf_register_net_hook+0x238/0x850 [ 67.855994][ T4319] nf_register_net_hook+0xae/0x190 [ 67.861087][ T4319] nf_register_net_hooks+0x40/0x1a0 [ 67.866259][ T4319] ip6t_register_table+0x4ec/0x7e0 [ 67.871347][ T4319] ip6table_security_table_init+0x3d/0x60 [ 67.877046][ T4319] xt_find_table_lock+0x220/0x360 [ 67.882072][ T4319] xt_request_find_table_lock+0x22/0x100 [ 67.887750][ T4319] do_ip6t_get_ctl+0x5f8/0x1090 [ 67.892582][ T4319] nf_getsockopt+0x25e/0x280 [ 67.897236][ T4319] page last free stack trace: [ 67.901881][ T4319] free_unref_page_prepare+0x637/0x6c0 [ 67.907443][ T4319] free_unref_page+0x94/0x280 [ 67.912121][ T4319] qlist_free_all+0x35/0x90 [ 67.916599][ T4319] kasan_quarantine_reduce+0x150/0x160 [ 67.922047][ T4319] __kasan_slab_alloc+0x2f/0xd0 [ 67.926872][ T4319] slab_post_alloc_hook+0x4c/0x380 [ 67.931961][ T4319] __kmalloc_track_caller+0x125/0x330 [ 67.937317][ T4319] strndup_user+0x71/0x150 [ 67.941721][ T4319] __se_sys_mount+0x9b/0x3c0 [ 67.946286][ T4319] do_syscall_64+0x4c/0xa0 [ 67.950685][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.956555][ T4319] [ 67.958862][ T4319] Memory state around the buggy address: [ 67.964464][ T4319] ffff88801e44c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.972495][ T4319] ffff88801e44c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.980548][ T4319] >ffff88801e44c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.988580][ T4319] ^ [ 67.994448][ T4319] ffff88801e44c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.002495][ T4319] ffff88801e44c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.010529][ T4319] ================================================================== [ 68.018559][ T4319] Disabling lock debugging due to kernel taint [ 68.024694][ T4319] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.031871][ T4319] CPU: 0 PID: 4319 Comm: syz.0.18 Tainted: G B 5.15.189-syzkaller #0 [ 68.041219][ T4319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 68.051259][ T4319] Call Trace: [ 68.054525][ T4319] [ 68.057434][ T4319] dump_stack_lvl+0x168/0x230 [ 68.062092][ T4319] ? show_regs_print_info+0x20/0x20 [ 68.067270][ T4319] ? load_image+0x3b0/0x3b0 [ 68.071754][ T4319] panic+0x2c9/0x7f0 [ 68.075711][ T4319] ? bpf_jit_dump+0xd0/0xd0 [ 68.080186][ T4319] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 68.086052][ T4319] ? _raw_spin_unlock+0x40/0x40 [ 68.090877][ T4319] ? __lock_acquire+0xf7/0x7c60 [ 68.095702][ T4319] check_panic_on_warn+0x80/0xa0 [ 68.100624][ T4319] ? __lock_acquire+0xf7/0x7c60 [ 68.105469][ T4319] end_report+0x6d/0xf0 [ 68.109609][ T4319] kasan_report+0x102/0x130 [ 68.114092][ T4319] ? __lock_acquire+0xf7/0x7c60 [ 68.118917][ T4319] ? mark_lock+0x94/0x320 [ 68.123377][ T4319] __lock_acquire+0xf7/0x7c60 [ 68.128028][ T4319] ? __lock_acquire+0x12d9/0x7c60 [ 68.133029][ T4319] ? __switch_to_asm+0x34/0x60 [ 68.137777][ T4319] ? __schedule+0x11c0/0x43b0 [ 68.142438][ T4319] ? verify_lock_unused+0x140/0x140 [ 68.147617][ T4319] ? verify_lock_unused+0x140/0x140 [ 68.152795][ T4319] ? print_unlock_imbalance_bug+0x160/0x160 [ 68.158664][ T4319] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 68.164640][ T4319] lock_acquire+0x197/0x3f0 [ 68.169136][ T4319] ? remove_wait_queue+0x20/0x120 [ 68.174144][ T4319] ? read_lock_is_recursive+0x10/0x10 [ 68.179493][ T4319] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 68.185478][ T4319] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 68.190900][ T4319] ? lockdep_hardirqs_off+0x70/0x100 [ 68.196186][ T4319] _raw_spin_lock_irqsave+0xa4/0xf0 [ 68.201366][ T4319] ? remove_wait_queue+0x20/0x120 [ 68.206574][ T4319] ? _raw_spin_lock+0x40/0x40 [ 68.211247][ T4319] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 68.217136][ T4319] ? _raw_spin_unlock+0x40/0x40 [ 68.222262][ T4319] ? __fget_files+0x40f/0x480 [ 68.226927][ T4319] remove_wait_queue+0x20/0x120 [ 68.231759][ T4319] poll_freewait+0x99/0x210 [ 68.236482][ T4319] do_select+0x1629/0x16f0 [ 68.240892][ T4319] ? do_select+0xbc1/0x16f0 [ 68.245381][ T4319] ? core_sys_select+0x860/0x860 [ 68.250300][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.256518][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.262755][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.268973][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.275207][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.281423][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.287642][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.293862][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.300079][ T4319] ? __ia32_compat_sys_ppoll_time64+0x2f0/0x2f0 [ 68.306294][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 68.311311][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 68.316320][ T4319] ? __might_fault+0xb3/0x110 [ 68.320974][ T4319] core_sys_select+0x65c/0x860 [ 68.325711][ T4319] ? poll_select_set_timeout+0x150/0x150 [ 68.331323][ T4319] ? sigprocmask+0x190/0x190 [ 68.335946][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 68.340965][ T4319] __se_sys_pselect6+0x2ed/0x3a0 [ 68.345891][ T4319] ? __x64_sys_pselect6+0xf0/0xf0 [ 68.350908][ T4319] ? __x64_sys_pselect6+0x1d/0xf0 [ 68.355914][ T4319] do_syscall_64+0x4c/0xa0 [ 68.360322][ T4319] ? clear_bhb_loop+0x30/0x80 [ 68.364972][ T4319] ? clear_bhb_loop+0x30/0x80 [ 68.369628][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.375502][ T4319] RIP: 0033:0x7f4660dc4b69 [ 68.379902][ T4319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.399519][ T4319] RSP: 002b:00007f4660034038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 68.407917][ T4319] RAX: ffffffffffffffda RBX: 00007f4660febfa0 RCX: 00007f4660dc4b69 [ 68.415915][ T4319] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040 [ 68.423878][ T4319] RBP: 00007f4660e47df1 R08: 0000000000000000 R09: 0000000000000000 [ 68.431856][ T4319] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 68.439812][ T4319] R13: 0000000000000000 R14: 00007f4660febfa0 R15: 00007ffca2f37df8 [ 68.447765][ T4319] [ 68.451028][ T4319] Kernel Offset: disabled [ 68.455341][ T4319] Rebooting in 86400 seconds..