./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3493772672
<...>
Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts.
execve("./syz-executor3493772672", ["./syz-executor3493772672"], 0x7fff1427e550 /* 10 vars */) = 0
brk(NULL) = 0x555571ff1000
brk(0x555571ff1d00) = 0x555571ff1d00
arch_prctl(ARCH_SET_FS, 0x555571ff1380) = 0
set_tid_address(0x555571ff1650) = 5841
set_robust_list(0x555571ff1660, 24) = 0
rseq(0x555571ff1ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3493772672", 4096) = 28
getrandom("\x38\x94\x11\x13\x82\xf1\x78\xbe", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555571ff1d00
brk(0x555572012d00) = 0x555572012d00
brk(0x555572013000) = 0x555572013000
mprotect(0x7f98849c8000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff1650) = 5842
./strace-static-x86_64: Process 5842 attached
[pid 5842] set_robust_list(0x555571ff1660, 24) = 0
[pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5842] setpgid(0, 0) = 0
[pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5842] write(3, "1000", 4) = 4
[pid 5842] close(3executing program
) = 0
[pid 5842] write(1, "executing program\n", 18) = 18
[pid 5842] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5842] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5842] write(4, "23", 2) = 2
[ 87.844655][ T5842] FAULT_INJECTION: forcing a failure.
[ 87.844655][ T5842] name failslab, interval 1, probability 0, space 0, times 1
[ 87.857654][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor349 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 87.857680][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 87.857695][ T5842] Call Trace:
[ 87.857701][ T5842]
[ 87.857707][ T5842] dump_stack_lvl+0x241/0x360
[ 87.857753][ T5842] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.857775][ T5842] ? __pfx__printk+0x10/0x10
[ 87.857795][ T5842] ? __mutex_trylock_common+0x184/0x2e0
[ 87.857817][ T5842] ? __pfx___might_resched+0x10/0x10
[ 87.857838][ T5842] should_fail_ex+0x424/0x570
[ 87.857868][ T5842] should_failslab+0xac/0x100
[ 87.857891][ T5842] kmem_cache_alloc_node_noprof+0x7d/0x3b0
[ 87.857912][ T5842] ? __alloc_skb+0x1c2/0x480
[ 87.857936][ T5842] ? __lock_acquire+0xad5/0xd80
[ 87.857954][ T5842] __alloc_skb+0x1c2/0x480
[ 87.857985][ T5842] ? __pfx___alloc_skb+0x10/0x10
[ 87.858008][ T5842] ? netlink_has_listeners+0x73/0x3a0
[ 87.858028][ T5842] alloc_uevent_skb+0x74/0x230
[ 87.858051][ T5842] kobject_uevent_net_broadcast+0x2fd/0x580
[ 87.858074][ T5842] kobject_uevent_env+0x57d/0x8e0
[ 87.858100][ T5842] swnode_register+0x4b3/0x540
[ 87.858121][ T5842] fwnode_create_software_node+0x199/0x1f0
[ 87.858138][ T5842] device_create_managed_software_node+0xd5/0x1f0
[ 87.858153][ T5842] ? iommufd_test+0x2efb/0x56a0
[ 87.858170][ T5842] iommufd_test+0x3335/0x56a0
[ 87.858193][ T5842] ? __pfx_iommufd_test+0x10/0x10
[ 87.858217][ T5842] ? __lock_acquire+0xad5/0xd80
[ 87.858256][ T5842] iommufd_fops_ioctl+0x4fc/0x610
[ 87.858278][ T5842] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 87.858313][ T5842] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 87.858334][ T5842] __se_sys_ioctl+0xf1/0x160
[ 87.858354][ T5842] do_syscall_64+0xf3/0x230
[ 87.858369][ T5842] ? clear_bhb_loop+0x45/0xa0
[ 87.858386][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.858401][ T5842] RIP: 0033:0x7f988495c6e9
[ 87.858418][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 87.858429][ T5842] RSP: 002b:00007ffd6cb87d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 87.858445][ T5842] RAX: ffffffffffffffda RBX: 00007ffd6cb87db0 RCX: 00007f988495c6e9
[ 87.858456][ T5842] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[pid 5842] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOENT (No such file or directory)
[pid 5842] exit_group(0) = ?
[pid 5842] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} ---
[ 87.858466][ T5842] RBP: 0000000000000002 R08: 00007ffd6cb87b36 R09: 00000000000000a0
[ 87.858475][ T5842] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 87.858483][ T5842] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 87.858505][ T5842]
[ 87.859800][ T5842] iommufd_mock iommufd_mock0: Adding to iommu group 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached
, child_tidptr=0x555571ff1650) = 5845
[pid 5845] set_robust_list(0x555571ff1660, 24) = 0
[pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5845] setpgid(0, 0) = 0
[pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5845] write(3, "1000", 4) = 4
[pid 5845] close(3) = 0
[pid 5845] write(1, "executing program\n", 18executing program
) = 18
[pid 5845] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5845] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5845] write(4, "23", 2) = 2
[ 88.275282][ T5845] FAULT_INJECTION: forcing a failure.
[ 88.275282][ T5845] name failslab, interval 1, probability 0, space 0, times 0
[ 88.288154][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: syz-executor349 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 88.288181][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 88.288194][ T5845] Call Trace:
[ 88.288201][ T5845]
[ 88.288209][ T5845] dump_stack_lvl+0x241/0x360
[ 88.288246][ T5845] ? __pfx_dump_stack_lvl+0x10/0x10
[ 88.288277][ T5845] ? __pfx__printk+0x10/0x10
[ 88.288302][ T5845] ? __pfx___might_resched+0x10/0x10
[ 88.288324][ T5845] should_fail_ex+0x424/0x570
[ 88.288352][ T5845] should_failslab+0xac/0x100
[ 88.288374][ T5845] kmem_cache_alloc_noprof+0x78/0x390
[ 88.288395][ T5845] ? skb_clone+0x20c/0x390
[ 88.288413][ T5845] skb_clone+0x20c/0x390
[ 88.288427][ T5845] ? netlink_broadcast_filtered+0x702/0x12a0
[ 88.288447][ T5845] netlink_broadcast_filtered+0x710/0x12a0
[ 88.288479][ T5845] netlink_broadcast+0x39/0x50
[ 88.288498][ T5845] kobject_uevent_net_broadcast+0x38f/0x580
[ 88.288522][ T5845] kobject_uevent_env+0x57d/0x8e0
[ 88.288547][ T5845] swnode_register+0x4b3/0x540
[ 88.288568][ T5845] fwnode_create_software_node+0x199/0x1f0
[ 88.288586][ T5845] device_create_managed_software_node+0xd5/0x1f0
[ 88.288601][ T5845] ? iommufd_test+0x2efb/0x56a0
[ 88.288618][ T5845] iommufd_test+0x3335/0x56a0
[ 88.288641][ T5845] ? __pfx_iommufd_test+0x10/0x10
[ 88.288664][ T5845] ? __lock_acquire+0xad5/0xd80
[ 88.288705][ T5845] iommufd_fops_ioctl+0x4fc/0x610
[ 88.288732][ T5845] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 88.288767][ T5845] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 88.288788][ T5845] __se_sys_ioctl+0xf1/0x160
[ 88.288808][ T5845] do_syscall_64+0xf3/0x230
[ 88.288824][ T5845] ? clear_bhb_loop+0x45/0xa0
[ 88.288841][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.288861][ T5845] RIP: 0033:0x7f988495c6e9
[ 88.288875][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 88.288887][ T5845] RSP: 002b:00007ffd6cb87d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 88.288902][ T5845] RAX: ffffffffffffffda RBX: 00007ffd6cb87db0 RCX: 00007f988495c6e9
[ 88.288913][ T5845] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 88.288923][ T5845] RBP: 0000000000000002 R08: 00007ffd6cb87b36 R09: 00000000000000a0
[pid 5845] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOENT (No such file or directory)
[pid 5845] exit_group(0) = ?
[pid 5845] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} ---
[ 88.288932][ T5845] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd6cb87dac
[ 88.288946][ T5845] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 88.288968][ T5845]
[ 88.290018][ T5845] iommufd_mock iommufd_mock0: Adding to iommu group 0
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached
[pid 5846] set_robust_list(0x555571ff1660, 24) = 0
[pid 5841] <... clone resumed>, child_tidptr=0x555571ff1650) = 5846
[pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5846] setpgid(0, 0) = 0
[pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5846] write(3, "1000", 4) = 4
[pid 5846] close(3) = 0
executing program
[pid 5846] write(1, "executing program\n", 18) = 18
[pid 5846] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5846] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5846] write(4, "23", 2) = 2
[ 88.661006][ T5846] FAULT_INJECTION: forcing a failure.
[ 88.661006][ T5846] name failslab, interval 1, probability 0, space 0, times 0
[ 88.674469][ T5846] CPU: 0 UID: 0 PID: 5846 Comm: syz-executor349 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 88.674500][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 88.674513][ T5846] Call Trace:
[ 88.674521][ T5846]
[ 88.674530][ T5846] dump_stack_lvl+0x241/0x360
[ 88.674568][ T5846] ? __pfx_dump_stack_lvl+0x10/0x10
[ 88.674598][ T5846] ? __pfx__printk+0x10/0x10
[ 88.674631][ T5846] ? __pfx___might_resched+0x10/0x10
[ 88.674662][ T5846] should_fail_ex+0x424/0x570
[ 88.674701][ T5846] should_failslab+0xac/0x100
[ 88.674732][ T5846] kmem_cache_alloc_noprof+0x78/0x390
[ 88.674761][ T5846] ? __kernfs_new_node+0xdf/0x890
[ 88.674789][ T5846] __kernfs_new_node+0xdf/0x890
[ 88.674813][ T5846] ? __lock_acquire+0xad5/0xd80
[ 88.674841][ T5846] ? __pfx___kernfs_new_node+0x10/0x10
[ 88.674875][ T5846] ? kernfs_root+0x1c/0x230
[ 88.674898][ T5846] ? kernfs_root+0x1c/0x230
[ 88.674922][ T5846] kernfs_new_node+0x114/0x220
[ 88.674960][ T5846] kernfs_create_dir_ns+0x43/0x120
[ 88.674989][ T5846] sysfs_create_dir_ns+0x1a2/0x3f0
[ 88.675013][ T5846] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 88.675045][ T5846] kobject_add_internal+0x435/0x8d0
[ 88.675079][ T5846] kobject_add+0x15b/0x230
[ 88.675104][ T5846] ? kobject_put+0x43d/0x480
[ 88.675127][ T5846] ? __pfx_kobject_add+0x10/0x10
[ 88.675150][ T5846] ? bus_get_dev_root+0x127/0x160
[ 88.675174][ T5846] ? get_device_parent+0x405/0x410
[ 88.675195][ T5846] ? device_add+0x318/0xbf0
[ 88.675220][ T5846] device_add+0x4e5/0xbf0
[ 88.675244][ T5846] ? iommufd_test+0x2efb/0x56a0
[ 88.675268][ T5846] iommufd_test+0x3350/0x56a0
[ 88.675302][ T5846] ? __pfx_iommufd_test+0x10/0x10
[ 88.675335][ T5846] ? __lock_acquire+0xad5/0xd80
[ 88.675392][ T5846] iommufd_fops_ioctl+0x4fc/0x610
[ 88.675424][ T5846] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 88.675475][ T5846] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 88.675504][ T5846] __se_sys_ioctl+0xf1/0x160
[ 88.675533][ T5846] do_syscall_64+0xf3/0x230
[ 88.675555][ T5846] ? clear_bhb_loop+0x45/0xa0
[ 88.675579][ T5846] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.675599][ T5846] RIP: 0033:0x7f988495c6e9
[ 88.675618][ T5846] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 88.675635][ T5846] RSP: 002b:00007ffd6cb87d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 88.675657][ T5846] RAX: ffffffffffffffda RBX: 00007ffd6cb87db0 RCX: 00007f988495c6e9
[ 88.675672][ T5846] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 88.675685][ T5846] RBP: 0000000000000002 R08: 00007ffd6cb87b36 R09: 00000000000000a0
[ 88.675698][ T5846] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd6cb87dac
[ 88.675710][ T5846] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 88.675741][ T5846]
[pid 5846] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOMEM (Cannot allocate memory)
[pid 5846] exit_group(0) = ?
[pid 5846] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached
[ 88.675771][ T5846] kobject: kobject_add_internal failed for iommufd_mock0 (error: -12 parent: devices)
[pid 5847] set_robust_list(0x555571ff1660, 24) = 0
[pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL
[pid 5841] <... clone resumed>, child_tidptr=0x555571ff1650) = 5847
[pid 5847] <... prctl resumed>) = 0
[pid 5847] setpgid(0, 0) = 0
[pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid 5847] write(3, "1000", 4) = 4
[pid 5847] close(3) = 0
[pid 5847] write(1, "executing program\n", 18) = 18
[pid 5847] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5847] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5847] write(4, "23", 2) = 2
[ 89.046889][ T5847] FAULT_INJECTION: forcing a failure.
[ 89.046889][ T5847] name failslab, interval 1, probability 0, space 0, times 0
[ 89.060537][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor349 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 89.060567][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 89.060579][ T5847] Call Trace:
[ 89.060587][ T5847]
[ 89.060596][ T5847] dump_stack_lvl+0x241/0x360
[ 89.060634][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.060664][ T5847] ? __pfx__printk+0x10/0x10
[ 89.060699][ T5847] ? __pfx___might_resched+0x10/0x10
[ 89.060730][ T5847] should_fail_ex+0x424/0x570
[ 89.060769][ T5847] should_failslab+0xac/0x100
[ 89.060801][ T5847] kmem_cache_alloc_noprof+0x78/0x390
[ 89.060830][ T5847] ? __kernfs_new_node+0xdf/0x890
[ 89.060858][ T5847] __kernfs_new_node+0xdf/0x890
[ 89.060880][ T5847] ? __lock_acquire+0xad5/0xd80
[ 89.060920][ T5847] ? __pfx___kernfs_new_node+0x10/0x10
[ 89.060953][ T5847] ? kernfs_root+0x1c/0x230
[ 89.060975][ T5847] ? kernfs_root+0x1c/0x230
[ 89.060999][ T5847] kernfs_new_node+0x114/0x220
[ 89.061027][ T5847] kernfs_create_link+0xa5/0x1f0
[ 89.061060][ T5847] sysfs_do_create_link_sd+0x85/0x110
[ 89.061083][ T5847] software_node_notify+0xd9/0x1b0
[ 89.061107][ T5847] device_add+0x513/0xbf0
[ 89.061131][ T5847] ? iommufd_test+0x2efb/0x56a0
[ 89.061155][ T5847] iommufd_test+0x3350/0x56a0
[ 89.061189][ T5847] ? __pfx_iommufd_test+0x10/0x10
[ 89.061222][ T5847] ? __lock_acquire+0xad5/0xd80
[ 89.061280][ T5847] iommufd_fops_ioctl+0x4fc/0x610
[ 89.061312][ T5847] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.061362][ T5847] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.061391][ T5847] __se_sys_ioctl+0xf1/0x160
[ 89.061420][ T5847] do_syscall_64+0xf3/0x230
[ 89.061442][ T5847] ? clear_bhb_loop+0x45/0xa0
[ 89.061467][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.061487][ T5847] RIP: 0033:0x7f988495c6e9
[ 89.061505][ T5847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.061522][ T5847] RSP: 002b:00007ffd6cb87d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 89.061545][ T5847] RAX: ffffffffffffffda RBX: 00007ffd6cb87db0 RCX: 00007f988495c6e9
[ 89.061560][ T5847] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 89.061573][ T5847] RBP: 0000000000000002 R08: 00007ffd6cb87b36 R09: 00000000000000a0
[ 89.061585][ T5847] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd6cb87dac
[ 89.061598][ T5847] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 89.061628][ T5847]
[ 89.062448][ T5847] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 89.320467][ T5847] ==================================================================
[ 89.328582][ T5847] BUG: KASAN: slab-use-after-free in software_node_notify_remove+0x1bc/0x1c0
[ 89.337387][ T5847] Read of size 1 at addr ffff888034947d08 by task syz-executor349/5847
[ 89.345692][ T5847]
[ 89.348044][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor349 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 89.348071][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 89.348084][ T5847] Call Trace:
[ 89.348092][ T5847]
[ 89.348100][ T5847] dump_stack_lvl+0x241/0x360
[ 89.348143][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.348170][ T5847] ? rcu_is_watching+0x15/0xb0
[ 89.348196][ T5847] ? __virt_addr_valid+0x183/0x530
[ 89.348225][ T5847] ? lock_release+0x4e/0x3e0
[ 89.348248][ T5847] ? __virt_addr_valid+0x183/0x530
[ 89.348276][ T5847] ? __virt_addr_valid+0x183/0x530
[ 89.348304][ T5847] print_report+0x16e/0x5b0
[ 89.348331][ T5847] ? __virt_addr_valid+0x183/0x530
[ 89.348357][ T5847] ? __virt_addr_valid+0x183/0x530
[ 89.348383][ T5847] ? __virt_addr_valid+0x45f/0x530
[ 89.348410][ T5847] ? __phys_addr+0xba/0x170
[ 89.348437][ T5847] ? software_node_notify_remove+0x1bc/0x1c0
[ 89.348459][ T5847] kasan_report+0x143/0x180
[ 89.348487][ T5847] ? software_node_notify_remove+0x1bc/0x1c0
[ 89.348512][ T5847] software_node_notify_remove+0x1bc/0x1c0
[ 89.348535][ T5847] device_del+0x594/0x9b0
[ 89.348559][ T5847] ? __pfx_iommufd_object_remove+0x10/0x10
[ 89.348589][ T5847] ? __pfx_device_del+0x10/0x10
[ 89.348617][ T5847] device_unregister+0x20/0xc0
[ 89.348641][ T5847] iommufd_test+0x3715/0x56a0
[ 89.348668][ T5847] ? __pfx_iommufd_test+0x10/0x10
[ 89.348693][ T5847] ? __lock_acquire+0xad5/0xd80
[ 89.348730][ T5847] iommufd_fops_ioctl+0x4fc/0x610
[ 89.348759][ T5847] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.348794][ T5847] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.348822][ T5847] __se_sys_ioctl+0xf1/0x160
[ 89.348847][ T5847] do_syscall_64+0xf3/0x230
[ 89.348869][ T5847] ? clear_bhb_loop+0x45/0xa0
[ 89.348893][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.348913][ T5847] RIP: 0033:0x7f988495c6e9
[ 89.348932][ T5847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.348949][ T5847] RSP: 002b:00007ffd6cb87d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 89.348971][ T5847] RAX: ffffffffffffffda RBX: 00007ffd6cb87db0 RCX: 00007f988495c6e9
[ 89.348987][ T5847] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 89.349001][ T5847] RBP: 0000000000000002 R08: 00007ffd6cb87b36 R09: 00000000000000a0
[ 89.349014][ T5847] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd6cb87dac
[ 89.349027][ T5847] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 89.349049][ T5847]
[ 89.349057][ T5847]
[ 89.606796][ T5847] Allocated by task 5847:
[ 89.611126][ T5847] kasan_save_track+0x3f/0x80
[ 89.615816][ T5847] __kasan_kmalloc+0x9d/0xb0
[ 89.620414][ T5847] __kmalloc_cache_noprof+0x236/0x370
[ 89.625799][ T5847] swnode_register+0x5a/0x540
[ 89.630480][ T5847] fwnode_create_software_node+0x199/0x1f0
[ 89.636297][ T5847] device_create_managed_software_node+0xd5/0x1f0
[ 89.642718][ T5847] iommufd_test+0x3335/0x56a0
[ 89.647403][ T5847] iommufd_fops_ioctl+0x4fc/0x610
[ 89.652439][ T5847] __se_sys_ioctl+0xf1/0x160
[ 89.657047][ T5847] do_syscall_64+0xf3/0x230
[ 89.661564][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.667462][ T5847]
[ 89.669792][ T5847] Freed by task 5847:
[ 89.673773][ T5847] kasan_save_track+0x3f/0x80
[ 89.678459][ T5847] kasan_save_free_info+0x40/0x50
[ 89.683486][ T5847] __kasan_slab_free+0x59/0x70
[ 89.688257][ T5847] kfree+0x198/0x430
[ 89.692158][ T5847] kobject_put+0x22f/0x480
[ 89.696577][ T5847] software_node_notify_remove+0x159/0x1c0
[ 89.702391][ T5847] device_del+0x594/0x9b0
[ 89.706727][ T5847] device_unregister+0x20/0xc0
[ 89.711509][ T5847] iommufd_test+0x3715/0x56a0
[ 89.716192][ T5847] iommufd_fops_ioctl+0x4fc/0x610
[ 89.721226][ T5847] __se_sys_ioctl+0xf1/0x160
[ 89.725825][ T5847] do_syscall_64+0xf3/0x230
[ 89.730359][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.736288][ T5847]
[ 89.738631][ T5847] The buggy address belongs to the object at ffff888034947c00
[ 89.738631][ T5847] which belongs to the cache kmalloc-512 of size 512
[ 89.752690][ T5847] The buggy address is located 264 bytes inside of
[ 89.752690][ T5847] freed 512-byte region [ffff888034947c00, ffff888034947e00)
[ 89.766495][ T5847]
[ 89.768830][ T5847] The buggy address belongs to the physical page:
[ 89.775259][ T5847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034945400 pfn:0x34944
[ 89.785342][ T5847] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 89.793846][ T5847] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 89.801834][ T5847] page_type: f5(slab)
[ 89.805828][ T5847] raw: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 89.814589][ T5847] raw: ffff888034945400 000000008010000b 00000000f5000000 0000000000000000
[ 89.823179][ T5847] head: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 89.831856][ T5847] head: ffff888034945400 000000008010000b 00000000f5000000 0000000000000000
[ 89.840531][ T5847] head: 00fff00000000002 ffffea0000d25101 00000000ffffffff 00000000ffffffff
[ 89.849210][ T5847] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 89.857881][ T5847] page dumped because: kasan: bad access detected
[ 89.864305][ T5847] page_owner tracks the page as allocated
[ 89.870028][ T5847] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5217, tgid 5217 (udevd), ts 39636611893, free_ts 39622141341
[ 89.890795][ T5847] post_alloc_hook+0x1f4/0x240
[ 89.895579][ T5847] get_page_from_freelist+0x352b/0x36c0
[ 89.901129][ T5847] __alloc_frozen_pages_noprof+0x211/0x5b0
[ 89.906941][ T5847] alloc_pages_mpol+0x339/0x690
[ 89.911803][ T5847] allocate_slab+0x8f/0x3a0
[ 89.916316][ T5847] ___slab_alloc+0xc3b/0x1500
[ 89.921004][ T5847] __slab_alloc+0x58/0xa0
[ 89.925341][ T5847] __kmalloc_cache_noprof+0x26a/0x370
[ 89.930723][ T5847] kernfs_fop_open+0x3a3/0xdf0
[ 89.935497][ T5847] do_dentry_open+0xdec/0x1960
[ 89.940272][ T5847] vfs_open+0x3b/0x370
[ 89.944353][ T5847] path_openat+0x2caf/0x35d0
[ 89.948953][ T5847] do_filp_open+0x284/0x4e0
[ 89.953464][ T5847] do_sys_openat2+0x12b/0x1d0
[ 89.958151][ T5847] __x64_sys_openat+0x249/0x2a0
[ 89.963015][ T5847] do_syscall_64+0xf3/0x230
[ 89.967531][ T5847] page last free pid 5222 tgid 5222 stack trace:
[ 89.973860][ T5847] __free_frozen_pages+0xde8/0x10a0
[ 89.979071][ T5847] __put_partials+0x160/0x1c0
[ 89.983757][ T5847] put_cpu_partial+0x17e/0x250
[ 89.988534][ T5847] __slab_free+0x294/0x390
[ 89.992955][ T5847] qlist_free_all+0x9a/0x140
[ 89.997551][ T5847] kasan_quarantine_reduce+0x14f/0x170
[ 90.003016][ T5847] __kasan_slab_alloc+0x23/0x80
[ 90.007880][ T5847] kmem_cache_alloc_noprof+0x1e1/0x390
[ 90.013352][ T5847] getname_flags+0xb6/0x530
[ 90.017871][ T5847] do_sys_openat2+0xbf/0x1d0
[ 90.022522][ T5847] __x64_sys_openat+0x249/0x2a0
[ 90.027386][ T5847] do_syscall_64+0xf3/0x230
[ 90.031961][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.037921][ T5847]
[ 90.040248][ T5847] Memory state around the buggy address:
[ 90.045886][ T5847] ffff888034947c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.053962][ T5847] ffff888034947c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.062041][ T5847] >ffff888034947d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.070279][ T5847] ^
[ 90.074614][ T5847] ffff888034947d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.082679][ T5847] ffff888034947e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.090739][ T5847] ==================================================================
[ 90.118949][ T5847] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.126213][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor349 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 90.138314][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 90.148405][ T5847] Call Trace:
[ 90.151717][ T5847]
[ 90.154674][ T5847] dump_stack_lvl+0x241/0x360
[ 90.159397][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.164649][ T5847] ? __pfx__printk+0x10/0x10
[ 90.169282][ T5847] ? vscnprintf+0x5d/0x90
[ 90.173648][ T5847] panic+0x349/0x880
[ 90.177578][ T5847] ? check_panic_on_warn+0x21/0xb0
[ 90.182726][ T5847] ? __pfx_panic+0x10/0x10
[ 90.187182][ T5847] ? _raw_spin_unlock_irqrestore+0x134/0x140
[ 90.193209][ T5847] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 90.199579][ T5847] ? print_report+0x519/0x5b0
[ 90.204395][ T5847] check_panic_on_warn+0x86/0xb0
[ 90.209382][ T5847] ? software_node_notify_remove+0x1bc/0x1c0
[ 90.215392][ T5847] end_report+0x77/0x160
[ 90.219690][ T5847] kasan_report+0x154/0x180
[ 90.224246][ T5847] ? software_node_notify_remove+0x1bc/0x1c0
[ 90.230267][ T5847] software_node_notify_remove+0x1bc/0x1c0
[ 90.236114][ T5847] device_del+0x594/0x9b0
[ 90.240484][ T5847] ? __pfx_iommufd_object_remove+0x10/0x10
[ 90.246334][ T5847] ? __pfx_device_del+0x10/0x10
[ 90.251228][ T5847] device_unregister+0x20/0xc0
[ 90.256036][ T5847] iommufd_test+0x3715/0x56a0
[ 90.260752][ T5847] ? __pfx_iommufd_test+0x10/0x10
[ 90.265810][ T5847] ? __lock_acquire+0xad5/0xd80
[ 90.270709][ T5847] iommufd_fops_ioctl+0x4fc/0x610
[ 90.275775][ T5847] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 90.281370][ T5847] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 90.286978][ T5847] __se_sys_ioctl+0xf1/0x160
[ 90.291611][ T5847] do_syscall_64+0xf3/0x230
[ 90.296146][ T5847] ? clear_bhb_loop+0x45/0xa0
[ 90.300862][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.306788][ T5847] RIP: 0033:0x7f988495c6e9
[ 90.311228][ T5847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.330894][ T5847] RSP: 002b:00007ffd6cb87d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 90.339349][ T5847] RAX: ffffffffffffffda RBX: 00007ffd6cb87db0 RCX: 00007f988495c6e9
[ 90.347358][ T5847] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 90.355368][ T5847] RBP: 0000000000000002 R08: 00007ffd6cb87b36 R09: 00000000000000a0
[ 90.363372][ T5847] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd6cb87dac
[ 90.371378][ T5847] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 90.379394][ T5847]
[ 90.382746][ T5847] Kernel Offset: disabled
[ 90.387084][ T5847] Rebooting in 86400 seconds..