./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor554195797
<...>
Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts.
execve("./syz-executor554195797", ["./syz-executor554195797"], 0x7ffe9e36ffd0 /* 10 vars */) = 0
brk(NULL) = 0x55555f4dc000
brk(0x55555f4dcd00) = 0x55555f4dcd00
arch_prctl(ARCH_SET_FS, 0x55555f4dc380) = 0
set_tid_address(0x55555f4dc650) = 5839
set_robust_list(0x55555f4dc660, 24) = 0
rseq(0x55555f4dcca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor554195797", 4096) = 27
getrandom("\x1d\x05\xf5\xfa\xaf\x5a\x03\xf2", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555f4dcd00
brk(0x55555f4fdd00) = 0x55555f4fdd00
brk(0x55555f4fe000) = 0x55555f4fe000
mprotect(0x7f52037e5000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f4dc650) = 5840
./strace-static-x86_64: Process 5840 attached
[pid 5840] set_robust_list(0x55555f4dc660, 24) = 0
[pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5840] setpgid(0, 0) = 0
[pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5840] write(3, "1000", 4) = 4
[pid 5840] close(3) = 0
executing program
[pid 5840] write(1, "executing program\n", 18) = 18
[pid 5840] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5840] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5840] write(4, "23", 2) = 2
[pid 5840] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOENT (No such file or directory)
[pid 5840] exit_group(0) = ?
[pid 5840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f4dc650) = 5843
./strace-static-x86_64: Process 5843 attached
[pid 5843] set_robust_list(0x55555f4dc660, 24) = 0
[pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5843] setpgid(0, 0) = 0
[pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5843] write(3, "1000", 4) = 4
executing program
[pid 5843] close(3) = 0
[pid 5843] write(1, "executing program\n", 18) = 18
[pid 5843] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[ 89.087202][ T5840] iommufd_mock iommufd_mock0: Adding to iommu group 0
[pid 5843] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5843] write(4, "23", 2) = 2
[ 89.171162][ T5843] FAULT_INJECTION: forcing a failure.
[ 89.171162][ T5843] name failslab, interval 1, probability 0, space 0, times 1
[ 89.183905][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor554 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 89.183926][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 89.183938][ T5843] Call Trace:
[ 89.183946][ T5843]
[ 89.183952][ T5843] dump_stack_lvl+0x241/0x360
[ 89.184001][ T5843] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.184023][ T5843] ? __pfx__printk+0x10/0x10
[ 89.184047][ T5843] ? __pfx___might_resched+0x10/0x10
[ 89.184069][ T5843] should_fail_ex+0x424/0x570
[ 89.184101][ T5843] should_failslab+0xac/0x100
[ 89.184124][ T5843] kmem_cache_alloc_noprof+0x78/0x390
[ 89.184144][ T5843] ? __kernfs_new_node+0xdf/0x890
[ 89.184164][ T5843] __kernfs_new_node+0xdf/0x890
[ 89.184181][ T5843] ? __lock_acquire+0xad5/0xd80
[ 89.184199][ T5843] ? __pfx___kernfs_new_node+0x10/0x10
[ 89.184223][ T5843] ? kernfs_root+0x1c/0x230
[ 89.184239][ T5843] ? kernfs_root+0x1c/0x230
[ 89.184255][ T5843] kernfs_new_node+0x114/0x220
[ 89.184275][ T5843] kernfs_create_dir_ns+0x43/0x120
[ 89.184294][ T5843] sysfs_create_dir_ns+0x1a2/0x3f0
[ 89.184311][ T5843] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 89.184333][ T5843] kobject_add_internal+0x435/0x8d0
[ 89.184361][ T5843] kobject_add+0x15b/0x230
[ 89.184378][ T5843] ? kobject_put+0x43d/0x480
[ 89.184394][ T5843] ? __pfx_kobject_add+0x10/0x10
[ 89.184411][ T5843] ? bus_get_dev_root+0x127/0x160
[ 89.184428][ T5843] ? get_device_parent+0x405/0x410
[ 89.184443][ T5843] ? device_add+0x318/0xbf0
[ 89.184460][ T5843] device_add+0x4e5/0xbf0
[ 89.184477][ T5843] ? iommufd_test+0x2efb/0x56a0
[ 89.184493][ T5843] iommufd_test+0x3350/0x56a0
[ 89.184517][ T5843] ? __pfx_iommufd_test+0x10/0x10
[ 89.184540][ T5843] ? __lock_acquire+0xad5/0xd80
[ 89.184578][ T5843] iommufd_fops_ioctl+0x4fc/0x610
[ 89.184600][ T5843] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.184637][ T5843] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.184658][ T5843] __se_sys_ioctl+0xf1/0x160
[ 89.184677][ T5843] do_syscall_64+0xf3/0x230
[ 89.184693][ T5843] ? clear_bhb_loop+0x45/0xa0
[ 89.184711][ T5843] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.184726][ T5843] RIP: 0033:0x7f52037796e9
[ 89.184743][ T5843] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.184755][ T5843] RSP: 002b:00007ffff39400e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 89.184771][ T5843] RAX: ffffffffffffffda RBX: 00007ffff3940100 RCX: 00007f52037796e9
[ 89.184782][ T5843] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 89.184791][ T5843] RBP: 0000000000000002 R08: 00007ffff393fe86 R09: 00000000000000a0
[ 89.184800][ T5843] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffff39400fc
[ 89.184810][ T5843] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 89.184831][ T5843]
[pid 5843] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOMEM (Cannot allocate memory)
[pid 5843] exit_group(0) = ?
[pid 5843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached
, child_tidptr=0x55555f4dc650) = 5844
[ 89.184866][ T5843] kobject: kobject_add_internal failed for iommufd_mock0 (error: -12 parent: devices)
[pid 5844] set_robust_list(0x55555f4dc660, 24) = 0
[pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5844] setpgid(0, 0) = 0
[pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5844] write(3, "1000", 4) = 4
[pid 5844] close(3) = 0
executing program
[pid 5844] write(1, "executing program\n", 18) = 18
[pid 5844] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5844] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5844] write(4, "23", 2) = 2
[ 89.542999][ T5844] FAULT_INJECTION: forcing a failure.
[ 89.542999][ T5844] name failslab, interval 1, probability 0, space 0, times 0
[ 89.556834][ T5844] CPU: 0 UID: 0 PID: 5844 Comm: syz-executor554 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 89.556857][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 89.556866][ T5844] Call Trace:
[ 89.556872][ T5844]
[ 89.556878][ T5844] dump_stack_lvl+0x241/0x360
[ 89.556915][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.556936][ T5844] ? __pfx__printk+0x10/0x10
[ 89.556960][ T5844] ? __pfx___might_resched+0x10/0x10
[ 89.556982][ T5844] should_fail_ex+0x424/0x570
[ 89.557010][ T5844] should_failslab+0xac/0x100
[ 89.557033][ T5844] kmem_cache_alloc_noprof+0x78/0x390
[ 89.557053][ T5844] ? __kernfs_new_node+0xdf/0x890
[ 89.557073][ T5844] __kernfs_new_node+0xdf/0x890
[ 89.557088][ T5844] ? __lock_acquire+0xad5/0xd80
[ 89.557109][ T5844] ? __pfx___kernfs_new_node+0x10/0x10
[ 89.557131][ T5844] ? kernfs_root+0x1c/0x230
[ 89.557146][ T5844] ? kernfs_root+0x1c/0x230
[ 89.557163][ T5844] kernfs_new_node+0x114/0x220
[ 89.557182][ T5844] kernfs_create_link+0xa5/0x1f0
[ 89.557205][ T5844] sysfs_do_create_link_sd+0x85/0x110
[ 89.557222][ T5844] software_node_notify+0xd9/0x1b0
[ 89.557240][ T5844] device_add+0x513/0xbf0
[ 89.557257][ T5844] ? iommufd_test+0x2efb/0x56a0
[ 89.557274][ T5844] iommufd_test+0x3350/0x56a0
[ 89.557297][ T5844] ? __pfx_iommufd_test+0x10/0x10
[ 89.557320][ T5844] ? __lock_acquire+0xad5/0xd80
[ 89.557360][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 89.557382][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.557416][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.557437][ T5844] __se_sys_ioctl+0xf1/0x160
[ 89.557457][ T5844] do_syscall_64+0xf3/0x230
[ 89.557474][ T5844] ? clear_bhb_loop+0x45/0xa0
[ 89.557491][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.557506][ T5844] RIP: 0033:0x7f52037796e9
[ 89.557520][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.557532][ T5844] RSP: 002b:00007ffff39400e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 89.557548][ T5844] RAX: ffffffffffffffda RBX: 00007ffff3940100 RCX: 00007f52037796e9
[ 89.557559][ T5844] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 89.557568][ T5844] RBP: 0000000000000002 R08: 00007ffff393fe86 R09: 00000000000000a0
[ 89.557577][ T5844] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffff39400fc
[ 89.557587][ T5844] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 89.557608][ T5844]
[ 89.558175][ T5844] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 89.815758][ T5844] ==================================================================
[ 89.823889][ T5844] BUG: KASAN: slab-use-after-free in software_node_notify_remove+0x1bc/0x1c0
[ 89.832680][ T5844] Read of size 1 at addr ffff88803029b108 by task syz-executor554/5844
[ 89.840915][ T5844]
[ 89.843239][ T5844] CPU: 0 UID: 0 PID: 5844 Comm: syz-executor554 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 89.843258][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 89.843267][ T5844] Call Trace:
[ 89.843274][ T5844]
[ 89.843281][ T5844] dump_stack_lvl+0x241/0x360
[ 89.843306][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.843326][ T5844] ? rcu_is_watching+0x15/0xb0
[ 89.843345][ T5844] ? __virt_addr_valid+0x183/0x530
[ 89.843366][ T5844] ? lock_release+0x4e/0x3e0
[ 89.843383][ T5844] ? __virt_addr_valid+0x183/0x530
[ 89.843402][ T5844] ? __virt_addr_valid+0x183/0x530
[ 89.843422][ T5844] print_report+0x16e/0x5b0
[ 89.843441][ T5844] ? __virt_addr_valid+0x183/0x530
[ 89.843460][ T5844] ? __virt_addr_valid+0x183/0x530
[ 89.843478][ T5844] ? __virt_addr_valid+0x45f/0x530
[ 89.843496][ T5844] ? __phys_addr+0xba/0x170
[ 89.843515][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 89.843531][ T5844] kasan_report+0x143/0x180
[ 89.843550][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 89.843568][ T5844] software_node_notify_remove+0x1bc/0x1c0
[ 89.843584][ T5844] device_del+0x594/0x9b0
[ 89.843601][ T5844] ? __pfx_iommufd_object_remove+0x10/0x10
[ 89.843622][ T5844] ? __pfx_device_del+0x10/0x10
[ 89.843642][ T5844] device_unregister+0x20/0xc0
[ 89.843658][ T5844] iommufd_test+0x3715/0x56a0
[ 89.843677][ T5844] ? __pfx_iommufd_test+0x10/0x10
[ 89.843695][ T5844] ? __lock_acquire+0xad5/0xd80
[ 89.843721][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 89.843741][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.843768][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 89.843788][ T5844] __se_sys_ioctl+0xf1/0x160
[ 89.843806][ T5844] do_syscall_64+0xf3/0x230
[ 89.843822][ T5844] ? clear_bhb_loop+0x45/0xa0
[ 89.843838][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.843852][ T5844] RIP: 0033:0x7f52037796e9
[ 89.843871][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.843883][ T5844] RSP: 002b:00007ffff39400e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 89.843898][ T5844] RAX: ffffffffffffffda RBX: 00007ffff3940100 RCX: 00007f52037796e9
[ 89.843909][ T5844] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 89.843919][ T5844] RBP: 0000000000000002 R08: 00007ffff393fe86 R09: 00000000000000a0
[ 89.843929][ T5844] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffff39400fc
[ 89.843938][ T5844] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 89.843954][ T5844]
[ 89.843959][ T5844]
[ 90.100700][ T5844] Allocated by task 5844:
[ 90.105039][ T5844] kasan_save_track+0x3f/0x80
[ 90.109741][ T5844] __kasan_kmalloc+0x9d/0xb0
[ 90.114339][ T5844] __kmalloc_cache_noprof+0x236/0x370
[ 90.119723][ T5844] swnode_register+0x5a/0x540
[ 90.124405][ T5844] fwnode_create_software_node+0x199/0x1f0
[ 90.130212][ T5844] device_create_managed_software_node+0xd5/0x1f0
[ 90.136646][ T5844] iommufd_test+0x3335/0x56a0
[ 90.141328][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 90.146363][ T5844] __se_sys_ioctl+0xf1/0x160
[ 90.150967][ T5844] do_syscall_64+0xf3/0x230
[ 90.155474][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.161368][ T5844]
[ 90.163695][ T5844] Freed by task 5844:
[ 90.167672][ T5844] kasan_save_track+0x3f/0x80
[ 90.172355][ T5844] kasan_save_free_info+0x40/0x50
[ 90.177395][ T5844] __kasan_slab_free+0x59/0x70
[ 90.182356][ T5844] kfree+0x198/0x430
[ 90.186271][ T5844] kobject_put+0x22f/0x480
[ 90.190702][ T5844] software_node_notify_remove+0x159/0x1c0
[ 90.196953][ T5844] device_del+0x594/0x9b0
[ 90.201290][ T5844] device_unregister+0x20/0xc0
[ 90.206059][ T5844] iommufd_test+0x3715/0x56a0
[ 90.210749][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 90.215781][ T5844] __se_sys_ioctl+0xf1/0x160
[ 90.220394][ T5844] do_syscall_64+0xf3/0x230
[ 90.224902][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.230801][ T5844]
[ 90.233131][ T5844] The buggy address belongs to the object at ffff88803029b000
[ 90.233131][ T5844] which belongs to the cache kmalloc-512 of size 512
[ 90.247185][ T5844] The buggy address is located 264 bytes inside of
[ 90.247185][ T5844] freed 512-byte region [ffff88803029b000, ffff88803029b200)
[ 90.260983][ T5844]
[ 90.263309][ T5844] The buggy address belongs to the physical page:
[ 90.269760][ T5844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30298
[ 90.278531][ T5844] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 90.287035][ T5844] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 90.295037][ T5844] page_type: f5(slab)
[ 90.299118][ T5844] raw: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 90.307716][ T5844] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 90.316302][ T5844] head: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 90.324974][ T5844] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 90.333648][ T5844] head: 00fff00000000002 ffffea0000c0a601 00000000ffffffff 00000000ffffffff
[ 90.342327][ T5844] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 90.350997][ T5844] page dumped because: kasan: bad access detected
[ 90.357419][ T5844] page_owner tracks the page as allocated
[ 90.363157][ T5844] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25186333391, free_ts 0
[ 90.382872][ T5844] post_alloc_hook+0x1f4/0x240
[ 90.387650][ T5844] get_page_from_freelist+0x352b/0x36c0
[ 90.393202][ T5844] __alloc_frozen_pages_noprof+0x211/0x5b0
[ 90.399014][ T5844] alloc_pages_mpol+0x339/0x690
[ 90.403874][ T5844] allocate_slab+0x8f/0x3a0
[ 90.408380][ T5844] ___slab_alloc+0xc3b/0x1500
[ 90.413057][ T5844] __slab_alloc+0x58/0xa0
[ 90.417397][ T5844] __kmalloc_cache_noprof+0x26a/0x370
[ 90.422782][ T5844] device_add+0xc1/0xbf0
[ 90.427029][ T5844] netdev_register_kobject+0x157/0x2f0
[ 90.432503][ T5844] register_netdevice+0x12b0/0x1b80
[ 90.437734][ T5844] __ip_tunnel_create+0x3f0/0x560
[ 90.442853][ T5844] ip_tunnel_init_net+0x2b7/0x810
[ 90.447879][ T5844] ops_init+0x349/0x5b0
[ 90.452041][ T5844] register_pernet_operations+0x31f/0x660
[ 90.457806][ T5844] register_pernet_device+0x33/0x80
[ 90.463015][ T5844] page_owner free stack trace missing
[ 90.468385][ T5844]
[ 90.470706][ T5844] Memory state around the buggy address:
[ 90.476336][ T5844] ffff88803029b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.484398][ T5844] ffff88803029b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.492462][ T5844] >ffff88803029b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.500609][ T5844] ^
[ 90.504934][ T5844] ffff88803029b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.513000][ T5844] ffff88803029b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.521067][ T5844] ==================================================================
[ 90.530256][ T5844] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.537492][ T5844] CPU: 0 UID: 0 PID: 5844 Comm: syz-executor554 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 90.549700][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 90.559777][ T5844] Call Trace:
[ 90.563087][ T5844]
[ 90.566042][ T5844] dump_stack_lvl+0x241/0x360
[ 90.570753][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.575985][ T5844] ? __pfx__printk+0x10/0x10
[ 90.580606][ T5844] ? vscnprintf+0x5d/0x90
[ 90.584977][ T5844] panic+0x349/0x880
[ 90.588904][ T5844] ? check_panic_on_warn+0x21/0xb0
[ 90.594035][ T5844] ? __pfx_panic+0x10/0x10
[ 90.598465][ T5844] ? _raw_spin_unlock_irqrestore+0x134/0x140
[ 90.604460][ T5844] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 90.610803][ T5844] ? print_report+0x519/0x5b0
[ 90.615489][ T5844] check_panic_on_warn+0x86/0xb0
[ 90.620438][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 90.626426][ T5844] end_report+0x77/0x160
[ 90.630681][ T5844] kasan_report+0x154/0x180
[ 90.635194][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 90.641182][ T5844] software_node_notify_remove+0x1bc/0x1c0
[ 90.646999][ T5844] device_del+0x594/0x9b0
[ 90.651372][ T5844] ? __pfx_iommufd_object_remove+0x10/0x10
[ 90.657190][ T5844] ? __pfx_device_del+0x10/0x10
[ 90.662055][ T5844] device_unregister+0x20/0xc0
[ 90.666829][ T5844] iommufd_test+0x3715/0x56a0
[ 90.671519][ T5844] ? __pfx_iommufd_test+0x10/0x10
[ 90.676551][ T5844] ? __lock_acquire+0xad5/0xd80
[ 90.681427][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 90.686465][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 90.692034][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 90.697596][ T5844] __se_sys_ioctl+0xf1/0x160
[ 90.702212][ T5844] do_syscall_64+0xf3/0x230
[ 90.706724][ T5844] ? clear_bhb_loop+0x45/0xa0
[ 90.711410][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.717745][ T5844] RIP: 0033:0x7f52037796e9
[ 90.722167][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.741795][ T5844] RSP: 002b:00007ffff39400e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 90.750236][ T5844] RAX: ffffffffffffffda RBX: 00007ffff3940100 RCX: 00007f52037796e9
[ 90.758234][ T5844] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 90.766304][ T5844] RBP: 0000000000000002 R08: 00007ffff393fe86 R09: 00000000000000a0
[ 90.774306][ T5844] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffff39400fc
[ 90.782294][ T5844] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 90.790287][ T5844]
[ 90.793568][ T5844] Kernel Offset: disabled
[ 90.797898][ T5844] Rebooting in 86400 seconds..