Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts.
2025/07/07 09:26:01 ignoring optional flag "sandboxArg"="0"
2025/07/07 09:26:02 parsed 1 programs
[   56.727364][   T29] audit: type=1400 audit(1751880362.724:110): avc:  denied  { unlink } for  pid=2651 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   56.761824][ T2651] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.074092][   T29] audit: type=1401 audit(1751880363.074:111): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   57.562660][ T2733] chnl_net:caif_netlink_parms(): no params data found
[   58.253235][ T2733] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.658538][ T2733] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.665389][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.672833][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
2025/07/07 09:26:05 executed programs: 0
[   59.499930][   T23] bond0 (unregistering): Released all slaves
[   59.616564][ T3140] chnl_net:caif_netlink_parms(): no params data found
[   60.292574][ T3140] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.704643][ T3140] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.711615][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.719219][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.476567][   T29] audit: type=1400 audit(1751880367.474:112): avc:  denied  { write } for  pid=3540 comm="syz.2.16" name="comedi4" dev="devtmpfs" ino=193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   61.486445][ T3540] ==================================================================
[   61.499184][   T29] audit: type=1400 audit(1751880367.474:113): avc:  denied  { open } for  pid=3540 comm="syz.2.16" path="/dev/comedi4" dev="devtmpfs" ino=193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   61.507069][ T3540] BUG: KASAN: use-after-free in __lock_acquire.constprop.0+0xab4/0xb20
[   61.507094][ T3540] Read of size 8 at addr ffff88810e1854c0 by task syz.2.16/3540
[   61.529893][   T29] audit: type=1400 audit(1751880367.474:114): avc:  denied  { ioctl } for  pid=3540 comm="syz.2.16" path="/dev/comedi4" dev="devtmpfs" ino=193 ioctlcmd=0x6400 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   61.538056][ T3540] 
[   61.538065][ T3540] CPU: 0 PID: 3540 Comm: syz.2.16 Not tainted 5.12.0-rc6-syzkaller #0
[   61.552407][   T28] Bluetooth: hci0: command 0x0409 tx timeout
[   61.569924][ T3540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   61.569937][ T3540] Call Trace:
[   61.569942][ T3540]  dump_stack+0x8f/0xc7
[   61.569953][ T3540]  print_address_description.constprop.0+0x18/0x170
[   61.569960][ T3540]  ? __lock_acquire.constprop.0+0xab4/0xb20
[   61.569966][ T3540]  ? __lock_acquire.constprop.0+0xab4/0xb20
[   61.569970][ T3540]  kasan_report.cold+0x7f/0x111
[   61.569976][ T3540]  ? __lock_acquire.constprop.0+0xab4/0xb20
[   61.569981][ T3540]  __lock_acquire.constprop.0+0xab4/0xb20
[   61.638219][ T3540]  ? ep_free+0xee/0x280
[   61.642335][ T3540]  lock_acquire+0x11a/0x230
[   61.646796][ T3540]  ? remove_wait_queue+0x21/0x180
[   61.651774][ T3540]  _raw_spin_lock_irqsave+0x26/0x40
[   61.656935][ T3540]  ? remove_wait_queue+0x21/0x180
[   61.661913][ T3540]  remove_wait_queue+0x21/0x180
[   61.666718][ T3540]  ? ep_unregister_pollwait.constprop.0+0x79/0x150
[   61.673183][ T3540]  ep_unregister_pollwait.constprop.0+0xbf/0x150
[   61.679467][ T3540]  ep_free+0x11e/0x280
[   61.683499][ T3540]  ep_eventpoll_release+0x33/0x50
[   61.688487][ T3540]  __fput+0x1a9/0x770
[   61.692437][ T3540]  task_work_run+0xc5/0x150
[   61.696910][ T3540]  exit_to_user_mode_prepare+0x139/0x140
[   61.702500][ T3540]  syscall_exit_to_user_mode+0x13/0x40
[   61.707939][ T3540]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   61.713794][ T3540] RIP: 0033:0x7f21f0a2e929
[   61.718182][ T3540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.737752][ T3540] RSP: 002b:00007ffc09cd6688 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   61.746139][ T3540] RAX: 0000000000000000 RBX: 000000000000f01a RCX: 00007f21f0a2e929
[   61.754075][ T3540] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   61.762011][ T3540] RBP: 00007f21f0c57ba0 R08: 0000000000000001 R09: 0000000409cd697f
[   61.769962][ T3540] R10: 00007f21f08a0000 R11: 0000000000000246 R12: 00007f21f0c55fac
[   61.777904][ T3540] R13: 00007f21f0c55fa0 R14: ffffffffffffffff R15: 00007ffc09cd67a0
[   61.785846][ T3540] 
[   61.788135][ T3540] Allocated by task 1:
[   61.792172][ T3540]  kasan_save_stack+0x1b/0x40
[   61.796824][ T3540]  __kasan_kmalloc+0x99/0xc0
[   61.801373][ T3540]  __comedi_device_postconfig+0x255/0x860
[   61.807050][ T3540]  comedi_auto_config+0x182/0x250
[   61.812031][ T3540]  comedi_test_init+0xa8/0xee
[   61.816722][ T3540]  do_one_initcall+0xb9/0x2d0
[   61.821365][ T3540]  kernel_init_freeable+0x53d/0x5a0
[   61.826528][ T3540]  kernel_init+0x8/0x115
[   61.830731][ T3540]  ret_from_fork+0x1f/0x30
[   61.835111][ T3540] 
[   61.837399][ T3540] Freed by task 3541:
[   61.841355][ T3540]  kasan_save_stack+0x1b/0x40
[   61.846005][ T3540]  kasan_set_track+0x1c/0x30
[   61.850553][ T3540]  kasan_set_free_info+0x20/0x30
[   61.855445][ T3540]  __kasan_slab_free+0xe3/0x120
[   61.860256][ T3540]  slab_free_freelist_hook+0x6a/0x1b0
[   61.865604][ T3540]  kfree+0xd8/0x520
[   61.869369][ T3540]  comedi_device_detach+0x260/0x8d0
[   61.874528][ T3540]  do_devconfig_ioctl+0x33f/0x3f0
[   61.879520][ T3540]  comedi_unlocked_ioctl+0x1319/0x29b0
[   61.884943][ T3540]  __x64_sys_ioctl+0x122/0x190
[   61.889667][ T3540]  do_syscall_64+0x34/0x50
[   61.894041][ T3540]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   61.899892][ T3540] 
[   61.902222][ T3540] The buggy address belongs to the object at ffff88810e185400
[   61.902222][ T3540]  which belongs to the cache kmalloc-256 of size 256
[   61.916246][ T3540] The buggy address is located 192 bytes inside of
[   61.916246][ T3540]  256-byte region [ffff88810e185400, ffff88810e185500)
[   61.929506][ T3540] The buggy address belongs to the page:
[   61.935108][ T3540] page:ffffea0004386100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e184
[   61.945307][ T3540] head:ffffea0004386100 order:1 compound_mapcount:0
[   61.951853][ T3540] flags: 0x200000000010200(slab|head)
[   61.957184][ T3540] raw: 0200000000010200 dead000000000100 dead000000000122 ffff888100041b40
[   61.965735][ T3540] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   61.974275][ T3540] page dumped because: kasan: bad access detected
[   61.980653][ T3540] page_owner tracks the page as allocated
[   61.986328][ T3540] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 5829918329
[   62.003384][ T3540]  get_page_from_freelist+0x3eb6/0x5100
[   62.008900][ T3540]  __alloc_pages_nodemask+0x2d1/0x620
[   62.014226][ T3540]  alloc_page_interleave+0xf/0x140
[   62.019307][ T3540]  allocate_slab+0x2a5/0x470
[   62.023858][ T3540]  ___slab_alloc+0x415/0x6c0
[   62.028419][ T3540]  __slab_alloc+0xd/0x30
[   62.032618][ T3540]  kmem_cache_alloc_trace+0x2d6/0x310
[   62.037946][ T3540]  bus_add_driver+0xb6/0x570
[   62.042498][ T3540]  driver_register+0x20a/0x380
[   62.047218][ T3540]  __hid_register_driver+0x137/0x210
[   62.052466][ T3540]  do_one_initcall+0xb9/0x2d0
[   62.057106][ T3540]  kernel_init_freeable+0x53d/0x5a0
[   62.062261][ T3540]  kernel_init+0x8/0x115
[   62.066559][ T3540]  ret_from_fork+0x1f/0x30
[   62.070939][ T3540] page_owner free stack trace missing
[   62.076271][ T3540] 
[   62.078562][ T3540] Memory state around the buggy address:
[   62.084160][ T3540]  ffff88810e185380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.092186][ T3540]  ffff88810e185400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.100213][ T3540] >ffff88810e185480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.108242][ T3540]                                            ^
[   62.114359][ T3540]  ffff88810e185500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.122387][ T3540]  ffff88810e185580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.130417][ T3540] ==================================================================
[   62.138446][ T3540] Disabling lock debugging due to kernel taint
[   62.144554][ T3540] Kernel panic - not syncing: panic_on_warn set ...
[   62.151262][ T3540] Kernel Offset: disabled
[   62.155554][ T3540] Rebooting in 86400 seconds..