Warning: Permanently added '[localhost]:30257' (ED25519) to the list of known hosts.
2025/07/20 00:47:52 ignoring optional flag "sandboxArg"="0"
2025/07/20 00:47:52 parsed 1 programs
[ 80.804092][ T40] audit: type=1400 audit(1752972474.792:117): avc: denied { unlink } for pid=6245 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 81.343225][ T1331] cfg80211: failed to load regulatory.db
[ 81.752417][ T6245] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 83.400175][ T5316] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 83.403317][ T5316] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 83.406484][ T5316] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 83.409736][ T5316] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 83.412584][ T5316] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.818406][ T6301] chnl_net:caif_netlink_parms(): no params data found
[ 83.881965][ T6301] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.884227][ T6301] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.886439][ T6301] bridge_slave_0: entered allmulticast mode
[ 83.888978][ T6301] bridge_slave_0: entered promiscuous mode
[ 83.892773][ T6301] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.894969][ T6301] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.897177][ T6301] bridge_slave_1: entered allmulticast mode
[ 83.899694][ T6301] bridge_slave_1: entered promiscuous mode
[ 83.934229][ T6301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.938526][ T6301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.972586][ T6301] team0: Port device team_slave_0 added
[ 83.977290][ T6301] team0: Port device team_slave_1 added
[ 84.007567][ T6301] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.009738][ T6301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.019357][ T6301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.023687][ T6301] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.025840][ T6301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.034127][ T6301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.088597][ T6301] hsr_slave_0: entered promiscuous mode
[ 84.090778][ T6301] hsr_slave_1: entered promiscuous mode
[ 84.814750][ T6301] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.819395][ T6301] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.823854][ T6301] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.828152][ T6301] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.850746][ T6301] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.853884][ T6301] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.857103][ T6301] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.860036][ T6301] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.874251][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.877244][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.904611][ T6301] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.917717][ T6301] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.927308][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.929591][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.937594][ T60] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.940654][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.052375][ T6301] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.071495][ T6301] veth0_vlan: entered promiscuous mode
[ 85.076884][ T6301] veth1_vlan: entered promiscuous mode
[ 85.097683][ T6301] veth0_macvtap: entered promiscuous mode
[ 85.101230][ T6301] veth1_macvtap: entered promiscuous mode
[ 85.109029][ T6301] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.115903][ T6301] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.120262][ T6301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.123457][ T6301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.126102][ T6301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.128756][ T6301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.208755][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 85.245765][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.248255][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.263438][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.266120][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.273025][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 85.334053][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 85.416477][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.582760][ T40] audit: type=1401 audit(1752972480.572:118): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/07/20 00:48:00 executed programs: 0
[ 86.828786][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 86.832083][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 86.835702][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 86.839980][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 86.843640][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.960873][ T6487] chnl_net:caif_netlink_parms(): no params data found
[ 87.032637][ T6487] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.035039][ T6487] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.037299][ T6487] bridge_slave_0: entered allmulticast mode
[ 87.039916][ T6487] bridge_slave_0: entered promiscuous mode
[ 87.044184][ T6487] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.046518][ T6487] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.048750][ T6487] bridge_slave_1: entered allmulticast mode
[ 87.052786][ T6487] bridge_slave_1: entered promiscuous mode
[ 87.097592][ T6487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.102593][ T6487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.138978][ T6487] team0: Port device team_slave_0 added
[ 87.142561][ T6487] team0: Port device team_slave_1 added
[ 87.170763][ T6487] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.173197][ T6487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.181082][ T6487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.185619][ T6487] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.187793][ T6487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.195580][ T6487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.250265][ T6487] hsr_slave_0: entered promiscuous mode
[ 87.254394][ T6487] hsr_slave_1: entered promiscuous mode
[ 87.257253][ T6487] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 87.260360][ T6487] Cannot create hsr debugfs directory
[ 88.758868][ T60] bridge_slave_1: left allmulticast mode
[ 88.760944][ T60] bridge_slave_1: left promiscuous mode
[ 88.763032][ T60] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.766850][ T60] bridge_slave_0: left allmulticast mode
[ 88.768644][ T60] bridge_slave_0: left promiscuous mode
[ 88.770899][ T60] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.865184][ T63] Bluetooth: hci0: command tx timeout
[ 88.965695][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 88.969646][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 88.973277][ T60] bond0 (unregistering): Released all slaves
[ 89.126524][ T60] hsr_slave_0: left promiscuous mode
[ 89.128675][ T60] hsr_slave_1: left promiscuous mode
[ 89.130688][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 89.133170][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 89.135957][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 89.138308][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 89.150127][ T60] veth1_macvtap: left promiscuous mode
[ 89.153341][ T60] veth0_macvtap: left promiscuous mode
[ 89.155125][ T60] veth1_vlan: left promiscuous mode
[ 89.156807][ T60] veth0_vlan: left promiscuous mode
[ 89.551412][ T60] team0 (unregistering): Port device team_slave_1 removed
[ 89.587442][ T60] team0 (unregistering): Port device team_slave_0 removed
[ 90.169994][ T6487] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.174081][ T6487] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.177992][ T6487] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.182428][ T6487] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.228251][ T6487] 8021q: adding VLAN 0 to HW filter on device bond0
[ 90.236784][ T6487] 8021q: adding VLAN 0 to HW filter on device team0
[ 90.241305][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.243636][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 90.249743][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.252120][ T1200] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 90.361065][ T6487] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 90.605498][ T6487] veth0_vlan: entered promiscuous mode
[ 90.613879][ T6487] veth1_vlan: entered promiscuous mode
[ 90.627360][ T6487] veth0_macvtap: entered promiscuous mode
[ 90.631411][ T6487] veth1_macvtap: entered promiscuous mode
[ 90.639969][ T6487] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 90.649024][ T6487] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 90.654252][ T6487] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.657910][ T6487] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.661467][ T6487] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.666079][ T6487] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.720461][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.722973][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 90.743885][ T1200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.746549][ T1200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 90.776379][ T40] audit: type=1400 audit(1752972484.762:119): avc: denied { read append } for pid=6560 comm="syz.0.16" name="comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 90.776805][ T6561] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 90.783556][ T40] audit: type=1400 audit(1752972484.762:120): avc: denied { open } for pid=6560 comm="syz.0.16" path="/dev/comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 90.783582][ T40] audit: type=1400 audit(1752972484.762:121): avc: denied { ioctl } for pid=6560 comm="syz.0.16" path="/dev/comedi3" dev="devtmpfs" ino=1305 ioctlcmd=0x6400 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 90.811012][ T40] audit: type=1400 audit(1752972484.792:122): avc: denied { allowed } for pid=6560 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 90.818001][ T40] audit: type=1400 audit(1752972484.802:123): avc: denied { create } for pid=6560 comm="syz.0.16" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 90.824730][ T40] audit: type=1400 audit(1752972484.802:124): avc: denied { map } for pid=6560 comm="syz.0.16" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=11462 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 90.831650][ T40] audit: type=1400 audit(1752972484.802:125): avc: denied { read write } for pid=6560 comm="syz.0.16" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=11462 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 90.888827][ T6563] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 90.942338][ T63] Bluetooth: hci0: command tx timeout
[ 90.977054][ T6565] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.115808][ T6567] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.219196][ T6569] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.340706][ T6571] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.418209][ T6573] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.493093][ T6575] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.617647][ T6577] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.689543][ T6579] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.754435][ T837] ==================================================================
[ 91.757782][ T837] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irq+0x36/0x50
[ 91.758985][ T6581] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.760947][ T837] Read of size 1 at addr ffff888025296ab0 by task kworker/0:2/837
[ 91.760965][ T837]
[ 91.760974][ T837] CPU: 0 UID: 0 PID: 837 Comm: kworker/0:2 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4-dirty #0 PREEMPT(full)
[ 91.760995][ T837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 91.761005][ T837] Workqueue: events io_fallback_req_func
[ 91.761030][ T837] Call Trace:
[ 91.761035][ T837]
[ 91.761041][ T837] dump_stack_lvl+0x116/0x1f0
[ 91.761068][ T837] print_report+0xcd/0x610
[ 91.761084][ T837] ? __virt_addr_valid+0x81/0x610
[ 91.761104][ T837] ? __phys_addr+0xe8/0x180
[ 91.761124][ T837] ? _raw_spin_lock_irq+0x36/0x50
[ 91.761146][ T837] kasan_report+0xe0/0x110
[ 91.761162][ T837] ? _raw_spin_lock_irq+0x36/0x50
[ 91.761186][ T837] ? _raw_spin_lock_irq+0x36/0x50
[ 91.761209][ T837] __kasan_check_byte+0x36/0x50
[ 91.761225][ T837] lock_acquire+0xfc/0x350
[ 91.761243][ T837] _raw_spin_lock_irq+0x36/0x50
[ 91.761265][ T837] ? io_poll_remove_entries.part.0+0x17b/0x850
[ 91.761290][ T837] io_poll_remove_entries.part.0+0x17b/0x850
[ 91.761315][ T837] io_poll_task_func+0x4cd/0x1130
[ 91.761337][ T837] ? __pfx___mutex_lock+0x10/0x10
[ 91.761355][ T837] ? __pfx_io_poll_task_func+0x10/0x10
[ 91.761378][ T837] ? find_held_lock+0x2b/0x80
[ 91.761398][ T837] ? io_fallback_req_func+0x145/0x6d0
[ 91.761446][ T837] io_fallback_req_func+0x1c7/0x6d0
[ 91.761468][ T837] ? __pfx_io_fallback_req_func+0x10/0x10
[ 91.761489][ T837] ? rcu_is_watching+0x12/0xc0
[ 91.761512][ T837] process_one_work+0x9cf/0x1b70
[ 91.761534][ T837] ? __pfx_process_one_work+0x10/0x10
[ 91.761555][ T837] ? assign_work+0x1a0/0x250
[ 91.761572][ T837] worker_thread+0x6c8/0xf10
[ 91.761592][ T837] ? __kthread_parkme+0x19e/0x250
[ 91.761616][ T837] ? __pfx_worker_thread+0x10/0x10
[ 91.761634][ T837] kthread+0x3c5/0x780
[ 91.761650][ T837] ? __pfx_kthread+0x10/0x10
[ 91.761673][ T837] ? rcu_is_watching+0x12/0xc0
[ 91.761694][ T837] ? __pfx_kthread+0x10/0x10
[ 91.761711][ T837] ret_from_fork+0x5d4/0x6f0
[ 91.761735][ T837] ? __pfx_kthread+0x10/0x10
[ 91.761751][ T837] ret_from_fork_asm+0x1a/0x30
[ 91.761774][ T837]
[ 91.761780][ T837]
[ 91.834385][ T6583] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.835381][ T837] Allocated by task 6579:
[ 91.850639][ T837] kasan_save_stack+0x33/0x60
[ 91.852002][ T837] kasan_save_track+0x14/0x30
[ 91.853377][ T837] __kasan_kmalloc+0xaa/0xb0
[ 91.854838][ T837] comedi_device_postconfig+0x2cb/0xc80
[ 91.856611][ T837] comedi_device_attach+0x3cf/0x900
[ 91.858114][ T837] do_devconfig_ioctl+0x1a7/0x580
[ 91.859555][ T837] comedi_unlocked_ioctl+0x15bb/0x2e90
[ 91.861143][ T837] __x64_sys_ioctl+0x18e/0x210
2025/07/20 00:48:05 executed programs: 13
[ 91.862529][ T837] do_syscall_64+0xcd/0x4c0
[ 91.864048][ T837] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.865749][ T837]
[ 91.866466][ T837] Freed by task 6581:
[ 91.867622][ T837] kasan_save_stack+0x33/0x60
[ 91.868983][ T837] kasan_save_track+0x14/0x30
[ 91.870356][ T837] kasan_save_free_info+0x3b/0x60
[ 91.871812][ T837] __kasan_slab_free+0x51/0x70
[ 91.873195][ T837] kfree+0x2b4/0x4d0
[ 91.874342][ T837] comedi_device_detach+0x2a4/0x9e0
[ 91.875843][ T837] do_devconfig_ioctl+0x46c/0x580
[ 91.877304][ T837] comedi_unlocked_ioctl+0x15bb/0x2e90
[ 91.878905][ T837] __x64_sys_ioctl+0x18e/0x210
[ 91.880291][ T837] do_syscall_64+0xcd/0x4c0
[ 91.881634][ T837] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.883325][ T837]
[ 91.884035][ T837] The buggy address belongs to the object at ffff888025296a00
[ 91.884035][ T837] which belongs to the cache kmalloc-256 of size 256
[ 91.887946][ T837] The buggy address is located 176 bytes inside of
[ 91.887946][ T837] freed 256-byte region [ffff888025296a00, ffff888025296b00)
[ 91.891767][ T837]
[ 91.892473][ T837] The buggy address belongs to the physical page:
[ 91.894298][ T837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25296
[ 91.896728][ T837] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 91.899015][ T837] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 91.901125][ T837] page_type: f5(slab)
[ 91.902259][ T837] raw: 00fff00000000040 ffff88801b842b40 dead000000000122 0000000000000000
[ 91.904671][ T837] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 91.907114][ T837] head: 00fff00000000040 ffff88801b842b40 dead000000000122 0000000000000000
[ 91.909548][ T837] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 91.911976][ T837] head: 00fff00000000001 ffffea000094a581 00000000ffffffff 00000000ffffffff
[ 91.914397][ T837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 91.916811][ T837] page dumped because: kasan: bad access detected
[ 91.918617][ T837] page_owner tracks the page as allocated
[ 91.920218][ T837] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6279, tgid 6279 (udevd), ts 91681288326, free_ts 91422215520
[ 91.921973][ T6585] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[ 91.925279][ T837] post_alloc_hook+0x1c0/0x230
[ 91.929503][ T837] get_page_from_freelist+0x1321/0x3890
[ 91.931082][ T837] __alloc_frozen_pages_noprof+0x261/0x23f0
[ 91.932769][ T837] new_slab+0x94/0x330
[ 91.933948][ T837] ___slab_alloc+0xd9c/0x1940
[ 91.935311][ T837] __slab_alloc.constprop.0+0x56/0xb0
[ 91.936854][ T837] __kmalloc_node_noprof+0x2ed/0x500
[ 91.938364][ T837] alloc_slab_obj_exts+0x41/0xa0
[ 91.939780][ T837] new_slab+0x283/0x330
[ 91.940925][ T837] ___slab_alloc+0xd9c/0x1940
[ 91.942219][ T837] __slab_alloc.constprop.0+0x56/0xb0
[ 91.943705][ T837] __kvmalloc_node_noprof+0x3b1/0x620
[ 91.944569][ T40] audit: type=1400 audit(1752972485.922:126): avc: denied { read } for pid=5348 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 91.945195][ T837] simple_xattr_alloc+0x41/0xa0
[ 91.951806][ T40] audit: type=1400 audit(1752972485.922:127): avc: denied { search } for pid=5348 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 91.953130][ T837] simple_xattr_set+0x3d/0x3e0
[ 91.953144][ T837] shmem_xattr_handler_set+0x31b/0x3b0
[ 91.953156][ T837] __vfs_setxattr+0x172/0x1e0
[ 91.953171][ T837] page last free pid 33 tgid 33 stack trace:
[ 91.953177][ T837] __free_frozen_pages+0x7fe/0x1180
[ 91.953190][ T837] rcu_core+0x799/0x14e0
[ 91.953201][ T837] handle_softirqs+0x219/0x8e0
[ 91.970684][ T837] run_ksoftirqd+0x3a/0x60
[ 91.972089][ T837] smpboot_thread_fn+0x3f7/0xae0
[ 91.972148][ T40] audit: type=1400 audit(1752972485.922:128): avc: denied { search } for pid=5348 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 91.973698][ T837] kthread+0x3c5/0x780
[ 91.980188][ T40] audit: type=1400 audit(1752972485.922:129): avc: denied { add_name } for pid=5348 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 91.981451][ T837] ret_from_fork+0x5d4/0x6f0
[ 91.981479][ T837] ret_from_fork_asm+0x1a/0x30
[ 91.991183][ T837]
[ 91.991943][ T837] Memory state around the buggy address:
[ 91.993714][ T837] ffff888025296980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.996229][ T837] ffff888025296a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.998807][ T837] >ffff888025296a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.999728][ T40] audit: type=1400 audit(1752972485.922:130): avc: denied { create } for pid=5348 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 92.001372][ T837] ^
[ 92.007745][ T40] audit: type=1400 audit(1752972485.922:131): avc: denied { append open } for pid=5348 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 92.009213][ T837] ffff888025296b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.009222][ T837] ffff888025296b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.009228][ T837] ==================================================================
[ 92.009234][ T837] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.009243][ T837] CPU: 0 UID: 0 PID: 837 Comm: kworker/0:2 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4-dirty #0 PREEMPT(full)
[ 92.009257][ T837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 92.009264][ T837] Workqueue: events io_fallback_req_func
[ 92.009282][ T837] Call Trace:
[ 92.009286][ T837]
[ 92.009290][ T837] dump_stack_lvl+0x3d/0x1f0
[ 92.009310][ T837] panic+0x71c/0x800
[ 92.009326][ T837] ? __pfx_panic+0x10/0x10
[ 92.009348][ T837] ? __pfx__printk+0x10/0x10
[ 92.009365][ T837] ? end_report+0x4c/0x170
[ 92.009379][ T837] ? check_panic_on_warn+0x1f/0xb0
[ 92.009395][ T837] ? _raw_spin_lock_irq+0x36/0x50
[ 92.009437][ T837] check_panic_on_warn+0xab/0xb0
[ 92.009452][ T837] end_report+0x107/0x170
[ 92.009465][ T837] kasan_report+0xee/0x110
[ 92.009481][ T837] ? _raw_spin_lock_irq+0x36/0x50
[ 92.009504][ T837] ? _raw_spin_lock_irq+0x36/0x50
[ 92.009525][ T837] __kasan_check_byte+0x36/0x50
[ 92.009536][ T837] lock_acquire+0xfc/0x350
[ 92.009548][ T837] _raw_spin_lock_irq+0x36/0x50
[ 92.009562][ T837] ? io_poll_remove_entries.part.0+0x17b/0x850
[ 92.009578][ T837] io_poll_remove_entries.part.0+0x17b/0x850
[ 92.009595][ T837] io_poll_task_func+0x4cd/0x1130
[ 92.009613][ T837] ? __pfx___mutex_lock+0x10/0x10
[ 92.009627][ T837] ? __pfx_io_poll_task_func+0x10/0x10
[ 92.009647][ T837] ? find_held_lock+0x2b/0x80
[ 92.009666][ T837] ? io_fallback_req_func+0x145/0x6d0
[ 92.009687][ T837] io_fallback_req_func+0x1c7/0x6d0
[ 92.009707][ T837] ? __pfx_io_fallback_req_func+0x10/0x10
[ 92.009727][ T837] ? rcu_is_watching+0x12/0xc0
[ 92.009748][ T837] process_one_work+0x9cf/0x1b70
[ 92.009769][ T837] ? __pfx_process_one_work+0x10/0x10
[ 92.009783][ T837] ? assign_work+0x1a0/0x250
[ 92.009801][ T837] worker_thread+0x6c8/0xf10
[ 92.009819][ T837] ? __kthread_parkme+0x19e/0x250
[ 92.009841][ T837] ? __pfx_worker_thread+0x10/0x10
[ 92.009858][ T837] kthread+0x3c5/0x780
[ 92.009873][ T837] ? __pfx_kthread+0x10/0x10
[ 92.009885][ T837] ? rcu_is_watching+0x12/0xc0
[ 92.009899][ T837] ? __pfx_kthread+0x10/0x10
[ 92.009915][ T837] ret_from_fork+0x5d4/0x6f0
[ 92.009932][ T837] ? __pfx_kthread+0x10/0x10
[ 92.009942][ T837] ret_from_fork_asm+0x1a/0x30
[ 92.009960][ T837]
[ 92.017163][ T837] Kernel Offset: disabled