Warning: Permanently added '10.128.1.220' (ED25519) to the list of known hosts.
2025/07/21 18:52:45 ignoring optional flag "sandboxArg"="0"
2025/07/21 18:52:47 parsed 1 programs
syzkaller login: [  193.391767][ T5814] cgroup: Unknown subsys name 'net'
[  193.580720][ T5814] cgroup: Unknown subsys name 'cpuset'
[  193.595905][ T5814] cgroup: Unknown subsys name 'rlimit'
[  219.354691][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  219.361472][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  235.479512][ T5814] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  240.071303][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  241.964472][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.973364][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.027144][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.035716][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.295377][ T5875] chnl_net:caif_netlink_parms(): no params data found
[  245.607805][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.615441][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.623079][ T5875] bridge_slave_0: entered allmulticast mode
[  245.631521][ T5875] bridge_slave_0: entered promiscuous mode
[  245.643782][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.651408][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.661058][ T5875] bridge_slave_1: entered allmulticast mode
[  245.670743][ T5875] bridge_slave_1: entered promiscuous mode
[  245.733061][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.751395][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.813714][ T5875] team0: Port device team_slave_0 added
[  245.827703][ T5875] team0: Port device team_slave_1 added
[  245.886184][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.893512][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.920960][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.935838][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.943114][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.971528][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  246.055842][ T5875] hsr_slave_0: entered promiscuous mode
[  246.065699][ T5875] hsr_slave_1: entered promiscuous mode
[  246.364746][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  246.382888][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  246.399975][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  246.417167][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  246.642640][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.684281][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[  246.707148][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.714738][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.743637][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.751335][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.151314][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.255066][ T5875] veth0_vlan: entered promiscuous mode
[  247.283958][ T5875] veth1_vlan: entered promiscuous mode
[  247.362063][ T5875] veth0_macvtap: entered promiscuous mode
[  247.381571][ T5875] veth1_macvtap: entered promiscuous mode
[  247.425506][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.455901][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.477524][ T5875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.487568][ T5875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.497062][ T5875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.506156][ T5875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  248.784102][ T3841] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.835007][ T5909] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  248.844019][ T5909] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  248.853096][ T5909] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  248.865464][ T5909] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  248.876464][ T5909] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  250.085874][ T3841] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.454862][ T3841] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.544035][ T3841] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.769977][ T3841] bridge_slave_1: left allmulticast mode
[  250.775991][ T3841] bridge_slave_1: left promiscuous mode
[  250.782722][ T3841] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.835038][ T3841] bridge_slave_0: left allmulticast mode
[  250.841254][ T3841] bridge_slave_0: left promiscuous mode
[  250.847789][ T3841] bridge0: port 1(bridge_slave_0) entered disabled state
2025/07/21 18:53:58 executed programs: 0
[  251.271354][ T3841] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  251.289997][ T3841] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  251.310115][ T3841] bond0 (unregistering): Released all slaves
[  251.397258][ T5105] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  251.407557][ T5105] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  251.420125][ T5105] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  251.437867][ T5105] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  251.452358][ T5105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  251.490753][ T3841] hsr_slave_0: left promiscuous mode
[  251.503138][ T3841] hsr_slave_1: left promiscuous mode
[  251.510983][ T3841] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.518843][ T3841] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.530689][ T3841] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.538581][ T3841] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.562404][ T3841] veth1_macvtap: left promiscuous mode
[  251.568314][ T3841] veth0_macvtap: left promiscuous mode
[  251.574212][ T3841] veth1_vlan: left promiscuous mode
[  251.580926][ T3841] veth0_vlan: left promiscuous mode
[  252.113845][ T3841] team0 (unregistering): Port device team_slave_1 removed
[  252.169460][ T3841] team0 (unregistering): Port device team_slave_0 removed
[  253.333520][ T5934] chnl_net:caif_netlink_parms(): no params data found
[  253.498456][ T5909] Bluetooth: hci0: command tx timeout
[  253.820737][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.828512][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.836102][ T5934] bridge_slave_0: entered allmulticast mode
[  253.846039][ T5934] bridge_slave_0: entered promiscuous mode
[  253.860280][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.867791][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.877093][ T5934] bridge_slave_1: entered allmulticast mode
[  253.886274][ T5934] bridge_slave_1: entered promiscuous mode
[  253.970281][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.992373][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  254.075976][ T5934] team0: Port device team_slave_0 added
[  254.093103][ T5934] team0: Port device team_slave_1 added
[  254.175253][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0
[  254.182567][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.209004][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  254.226046][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1
[  254.233418][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.260920][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  254.404455][ T5934] hsr_slave_0: entered promiscuous mode
[  254.413680][ T5934] hsr_slave_1: entered promiscuous mode
[  255.236218][ T5934] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  255.263495][ T5934] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  255.284528][ T5934] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  255.305671][ T5934] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  255.589153][ T5909] Bluetooth: hci0: command tx timeout
[  255.697808][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0
[  255.757032][ T5934] 8021q: adding VLAN 0 to HW filter on device team0
[  255.786733][ T1843] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.794331][ T1843] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.822944][   T14] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.830553][   T14] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.974830][ T5934] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  256.461172][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0
[  256.611684][ T5934] veth0_vlan: entered promiscuous mode
[  256.655860][ T5934] veth1_vlan: entered promiscuous mode
[  256.772934][ T5934] veth0_macvtap: entered promiscuous mode
[  256.801850][ T5934] veth1_macvtap: entered promiscuous mode
[  256.861108][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0
[  256.882910][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1
[  256.924862][ T5934] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.934138][ T5934] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.943550][ T5934] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.952748][ T5934] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.662407][ T5909] Bluetooth: hci0: command tx timeout
[  258.828021][ T3841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.836233][ T3841] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.912965][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.921207][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/21 18:54:06 executed programs: 2
[  259.084905][ T6052] =====================================================
[  259.092393][ T6052] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120
[  259.101030][ T6052]  _copy_to_user+0xcc/0x120
[  259.105759][ T6052]  do_insn_ioctl+0x59c/0x6d0
[  259.110678][ T6052]  comedi_unlocked_ioctl+0x1432/0x1e80
[  259.116317][ T6052]  __se_sys_ioctl+0x23c/0x400
[  259.121364][ T6052]  __x64_sys_ioctl+0x97/0xe0
[  259.126160][ T6052]  x64_sys_call+0x1ebe/0x3db0
[  259.131221][ T6052]  do_syscall_64+0xd9/0x210
[  259.135910][ T6052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.142201][ T6052] 
[  259.144622][ T6052] Uninit was created at:
[  259.149222][ T6052]  kfree+0x252/0xec0
[  259.153286][ T6052]  put_css_set_locked+0xf5c/0x1440
[  259.158757][ T6052]  cgroup_migrate_finish+0x1d0/0x7c0
[  259.164305][ T6052]  cgroup_attach_task+0x6ec/0x970
[  259.169666][ T6052]  __cgroup1_procs_write+0x4ba/0x670
[  259.176727][ T6052]  cgroup1_procs_write+0x44/0x60
[  259.182579][ T6052]  cgroup_file_write+0x38d/0x920
[  259.187717][ T6052]  kernfs_fop_write_iter+0x545/0x9e0
[  259.193286][ T6052]  vfs_write+0xb4b/0x1580
[  259.197782][ T6052]  __x64_sys_write+0x1fb/0x4d0
[  259.202857][ T6052]  x64_sys_call+0x38c3/0x3db0
[  259.207740][ T6052]  do_syscall_64+0xd9/0x210
[  259.212549][ T6052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.218752][ T6052] 
[  259.221169][ T6052] Bytes 4-59 of 60 are uninitialized
[  259.226572][ T6052] Memory access of size 60 starts at ffff88804acc6380
[  259.233632][ T6052] Data copied to user address 0000200000000080
[  259.240045][ T6052] 
[  259.242508][ T6052] CPU: 0 UID: 0 PID: 6052 Comm: syz.0.16 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(none) 
[  259.252868][ T6052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.263212][ T6052] =====================================================
[  259.270444][ T6052] Disabling lock debugging due to kernel taint
[  259.276726][ T6052] Kernel panic - not syncing: kmsan.panic set ...
[  259.283308][ T6052] CPU: 0 UID: 0 PID: 6052 Comm: syz.0.16 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(none) 
[  259.295161][ T6052] Tainted: [B]=BAD_PAGE
[  259.299432][ T6052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.309652][ T6052] Call Trace:
[  259.313153][ T6052]  <TASK>
[  259.316201][ T6052]  __dump_stack+0x26/0x30
[  259.320747][ T6052]  dump_stack_lvl+0x53/0x270
[  259.325540][ T6052]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.331551][ T6052]  dump_stack+0x1e/0x25
[  259.335906][ T6052]  panic+0x4bd/0xd50
[  259.340057][ T6052]  kmsan_report+0x31c/0x320
[  259.344745][ T6052]  ? kmsan_internal_check_memory+0x1e1/0x230
[  259.350957][ T6052]  ? kmsan_copy_to_user+0xf1/0x190
[  259.356243][ T6052]  ? _copy_to_user+0xcc/0x120
[  259.361132][ T6052]  ? do_insn_ioctl+0x59c/0x6d0
[  259.366073][ T6052]  ? comedi_unlocked_ioctl+0x1432/0x1e80
[  259.371883][ T6052]  ? __se_sys_ioctl+0x23c/0x400
[  259.376968][ T6052]  ? __x64_sys_ioctl+0x97/0xe0
[  259.381952][ T6052]  ? x64_sys_call+0x1ebe/0x3db0
[  259.387029][ T6052]  ? do_syscall_64+0xd9/0x210
[  259.391885][ T6052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.398139][ T6052]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  259.404441][ T6052]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  259.410476][ T6052]  ? stack_depot_save_flags+0x60f/0x7b0
[  259.416241][ T6052]  ? kmsan_get_metadata+0xfb/0x160
[  259.421540][ T6052]  ? kmsan_get_metadata+0xfb/0x160
[  259.426839][ T6052]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.432842][ T6052]  ? kmsan_get_metadata+0xfb/0x160
[  259.438132][ T6052]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.444132][ T6052]  ? kmsan_get_metadata+0xfb/0x160
[  259.449430][ T6052]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  259.455444][ T6052]  kmsan_internal_check_memory+0x1e1/0x230
[  259.461510][ T6052]  kmsan_copy_to_user+0xf1/0x190
[  259.466629][ T6052]  _copy_to_user+0xcc/0x120
[  259.471371][ T6052]  do_insn_ioctl+0x59c/0x6d0
[  259.476154][ T6052]  comedi_unlocked_ioctl+0x1432/0x1e80
[  259.481816][ T6052]  ? kmsan_get_metadata+0xfb/0x160
[  259.487122][ T6052]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  259.493176][ T6052]  __se_sys_ioctl+0x23c/0x400
[  259.498095][ T6052]  __x64_sys_ioctl+0x97/0xe0
[  259.502895][ T6052]  x64_sys_call+0x1ebe/0x3db0
[  259.507777][ T6052]  do_syscall_64+0xd9/0x210
[  259.512445][ T6052]  ? irqentry_exit+0x16/0x60
[  259.517181][ T6052]  ? clear_bhb_loop+0x40/0x90
[  259.522019][ T6052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.528072][ T6052] RIP: 0033:0x7fe66718e9a9
[  259.532621][ T6052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.552484][ T6052] RSP: 002b:00007ffd14cb4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  259.561075][ T6052] RAX: ffffffffffffffda RBX: 00007fe6673b5fa0 RCX: 00007fe66718e9a9
[  259.569177][ T6052] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003
[  259.577276][ T6052] RBP: 00007fe667210d69 R08: 0000000000000000 R09: 0000000000000000
[  259.585387][ T6052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  259.593476][ T6052] R13: 00007fe6673b5fa0 R14: 00007fe6673b5fa0 R15: 0000000000000003
[  259.601606][ T6052]  </TASK>
[  259.605021][ T6052] Kernel Offset: disabled
[  259.609418][ T6052] Rebooting in 86400 seconds..