Warning: Permanently added '10.128.0.149' (ED25519) to the list of known hosts.
executing program
[ 94.712399][ T5826] FAULT_INJECTION: forcing a failure.
[ 94.712399][ T5826] name failslab, interval 1, probability 0, space 0, times 1
[ 94.725211][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor377 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full)
[ 94.725241][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 94.725257][ T5826] Call Trace:
[ 94.725265][ T5826]
[ 94.725277][ T5826] dump_stack_lvl+0x16c/0x1f0
[ 94.725334][ T5826] should_fail_ex+0x512/0x640
[ 94.725370][ T5826] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 94.725404][ T5826] should_failslab+0xc2/0x120
[ 94.725426][ T5826] __kmalloc_cache_noprof+0x6a/0x3e0
[ 94.725457][ T5826] ? apply_subsystem_event_filter+0xcd2/0x17a0
[ 94.725493][ T5826] apply_subsystem_event_filter+0xcd2/0x17a0
[ 94.725530][ T5826] ? __might_fault+0x13b/0x190
[ 94.725565][ T5826] ? __pfx_apply_subsystem_event_filter+0x10/0x10
[ 94.725601][ T5826] ? _copy_from_user+0x59/0xd0
[ 94.725640][ T5826] subsystem_filter_write+0x95/0x120
[ 94.725672][ T5826] ? __pfx_subsystem_filter_write+0x10/0x10
[ 94.725700][ T5826] vfs_write+0x2a0/0x1150
[ 94.725739][ T5826] ? __pfx_vfs_write+0x10/0x10
[ 94.725772][ T5826] ? do_sys_openat2+0x157/0x1d0
[ 94.725797][ T5826] ? __pfx_do_sys_openat2+0x10/0x10
[ 94.725821][ T5826] ? find_held_lock+0x2b/0x80
[ 94.725844][ T5826] ? handle_mm_fault+0x2ab/0xd10
[ 94.725884][ T5826] ksys_write+0x12a/0x250
[ 94.725916][ T5826] ? __pfx_ksys_write+0x10/0x10
[ 94.725958][ T5826] do_syscall_64+0xcd/0x490
[ 94.725996][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.726019][ T5826] RIP: 0033:0x7f0e994323a9
[ 94.726043][ T5826] Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 94.726064][ T5826] RSP: 002b:00007ffeb32f1f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.726085][ T5826] RAX: ffffffffffffffda RBX: 00007ffeb32f1fa0 RCX: 00007f0e994323a9
[ 94.726112][ T5826] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000004
[ 94.726126][ T5826] RBP: 0000000000000001 R08: 00007ffeb32f1d37 R09: 00007f0e994a0037
[ 94.726140][ T5826] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f0e9949d618
[ 94.726154][ T5826] R13: 00007ffeb32f2178 R14: 0000000000000001 R15: 0000000000000001
[ 94.726191][ T5826]
[ 94.954429][ T5826] ==================================================================
[ 94.962553][ T5826] BUG: KASAN: slab-use-after-free in __free_filter.part.0+0x153/0x160
[ 94.970731][ T5826] Read of size 8 at addr ffff88801d78a9a0 by task syz-executor377/5826
[ 94.978979][ T5826]
[ 94.981312][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor377 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full)
[ 94.981341][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 94.981355][ T5826] Call Trace:
[ 94.981364][ T5826]
[ 94.981373][ T5826] dump_stack_lvl+0x116/0x1f0
[ 94.981411][ T5826] print_report+0xcd/0x680
[ 94.981431][ T5826] ? __virt_addr_valid+0x81/0x610
[ 94.981454][ T5826] ? __phys_addr+0xe8/0x180
[ 94.981477][ T5826] ? __free_filter.part.0+0x153/0x160
[ 94.981502][ T5826] kasan_report+0xe0/0x110
[ 94.981522][ T5826] ? __free_filter.part.0+0x153/0x160
[ 94.981552][ T5826] __free_filter.part.0+0x153/0x160
[ 94.981579][ T5826] apply_subsystem_event_filter+0x1487/0x17a0
[ 94.981612][ T5826] ? __might_fault+0x13b/0x190
[ 94.981645][ T5826] ? __pfx_apply_subsystem_event_filter+0x10/0x10
[ 94.981678][ T5826] ? _copy_from_user+0x59/0xd0
[ 94.981714][ T5826] subsystem_filter_write+0x95/0x120
[ 94.981744][ T5826] ? __pfx_subsystem_filter_write+0x10/0x10
[ 94.981772][ T5826] vfs_write+0x2a0/0x1150
[ 94.981807][ T5826] ? __pfx_vfs_write+0x10/0x10
[ 94.981839][ T5826] ? do_sys_openat2+0x157/0x1d0
[ 94.981863][ T5826] ? __pfx_do_sys_openat2+0x10/0x10
[ 94.981886][ T5826] ? find_held_lock+0x2b/0x80
[ 94.981907][ T5826] ? handle_mm_fault+0x2ab/0xd10
[ 94.981941][ T5826] ksys_write+0x12a/0x250
[ 94.981972][ T5826] ? __pfx_ksys_write+0x10/0x10
[ 94.982008][ T5826] do_syscall_64+0xcd/0x490
[ 94.982044][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.982068][ T5826] RIP: 0033:0x7f0e994323a9
[ 94.982086][ T5826] Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 94.982108][ T5826] RSP: 002b:00007ffeb32f1f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.982134][ T5826] RAX: ffffffffffffffda RBX: 00007ffeb32f1fa0 RCX: 00007f0e994323a9
[ 94.982150][ T5826] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000004
[ 94.982163][ T5826] RBP: 0000000000000001 R08: 00007ffeb32f1d37 R09: 00007f0e994a0037
[ 94.982178][ T5826] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f0e9949d618
[ 94.982192][ T5826] R13: 00007ffeb32f2178 R14: 0000000000000001 R15: 0000000000000001
[ 94.982214][ T5826]
[ 94.982221][ T5826]
[ 95.206894][ T5826] Allocated by task 13:
[ 95.211054][ T5826] kasan_save_stack+0x33/0x60
[ 95.215754][ T5826] kasan_save_track+0x14/0x30
[ 95.220449][ T5826] __kasan_kmalloc+0xaa/0xb0
[ 95.225058][ T5826] event_create_dir+0x906/0xd40
[ 95.229934][ T5826] __trace_early_add_event_dirs+0xae/0x210
[ 95.235776][ T5826] event_trace_init+0x144/0x1f0
[ 95.240659][ T5826] tracer_init_tracefs_work_func+0x12/0x3d0
[ 95.246591][ T5826] process_one_work+0x9cc/0x1b70
[ 95.251556][ T5826] worker_thread+0x6c8/0xf10
[ 95.256167][ T5826] kthread+0x3c5/0x780
[ 95.260251][ T5826] ret_from_fork+0x5d4/0x6f0
[ 95.264858][ T5826] ret_from_fork_asm+0x1a/0x30
[ 95.269631][ T5826]
[ 95.271960][ T5826] Freed by task 5826:
[ 95.275942][ T5826] kasan_save_stack+0x33/0x60
[ 95.280639][ T5826] kasan_save_track+0x14/0x30
[ 95.285336][ T5826] kasan_save_free_info+0x3b/0x60
[ 95.290373][ T5826] __kasan_slab_free+0x51/0x70
[ 95.295159][ T5826] kfree+0x2b4/0x4d0
[ 95.299071][ T5826] free_filter_list+0xa5/0x240
[ 95.303846][ T5826] apply_subsystem_event_filter+0x12be/0x17a0
[ 95.309928][ T5826] subsystem_filter_write+0x95/0x120
[ 95.315228][ T5826] vfs_write+0x2a0/0x1150
[ 95.319574][ T5826] ksys_write+0x12a/0x250
[ 95.323921][ T5826] do_syscall_64+0xcd/0x490
[ 95.328444][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.334346][ T5826]
[ 95.336673][ T5826] The buggy address belongs to the object at ffff88801d78a9a0
[ 95.336673][ T5826] which belongs to the cache kmalloc-16 of size 16
[ 95.350560][ T5826] The buggy address is located 0 bytes inside of
[ 95.350560][ T5826] freed 16-byte region [ffff88801d78a9a0, ffff88801d78a9b0)
[ 95.364105][ T5826]
[ 95.366432][ T5826] The buggy address belongs to the physical page:
[ 95.372957][ T5826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d78a
[ 95.381744][ T5826] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 95.388864][ T5826] page_type: f5(slab)
[ 95.392851][ T5826] raw: 00fff00000000000 ffff88801b841640 dead000000000122 0000000000000000
[ 95.401443][ T5826] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[ 95.410050][ T5826] page dumped because: kasan: bad access detected
[ 95.416486][ T5826] page_owner tracks the page as allocated
[ 95.422213][ T5826] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 4520983069, free_ts 0
[ 95.439789][ T5826] post_alloc_hook+0x1c0/0x230
[ 95.444578][ T5826] get_page_from_freelist+0x1321/0x3890
[ 95.450145][ T5826] __alloc_frozen_pages_noprof+0x261/0x23f0
[ 95.456081][ T5826] alloc_pages_mpol+0x1fb/0x550
[ 95.460936][ T5826] new_slab+0x23b/0x330
[ 95.465111][ T5826] ___slab_alloc+0xd9c/0x1940
[ 95.469804][ T5826] __slab_alloc.constprop.0+0x56/0xb0
[ 95.475192][ T5826] __kmalloc_node_track_caller_noprof+0x2ee/0x510
[ 95.481628][ T5826] kvasprintf+0xbc/0x160
[ 95.485895][ T5826] kvasprintf_const+0x66/0x1a0
[ 95.490665][ T5826] kobject_set_name_vargs+0x5a/0x140
[ 95.495961][ T5826] dev_set_name+0xc7/0x100
[ 95.500388][ T5826] device_add+0xe59/0x1a70
[ 95.504815][ T5826] clockevents_init_sysfs+0x157/0x2d0
[ 95.510211][ T5826] do_one_initcall+0x120/0x6e0
[ 95.514984][ T5826] kernel_init_freeable+0x5c2/0x900
[ 95.520196][ T5826] page_owner free stack trace missing
[ 95.525566][ T5826]
[ 95.527896][ T5826] Memory state around the buggy address:
[ 95.533528][ T5826] ffff88801d78a880: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 95.541594][ T5826] ffff88801d78a900: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 95.549660][ T5826] >ffff88801d78a980: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 95.557724][ T5826] ^
[ 95.562836][ T5826] ffff88801d78aa00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 95.570987][ T5826] ffff88801d78aa80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 95.579060][ T5826] ==================================================================
[ 95.588984][ T5826] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 95.596233][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor377 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full)
[ 95.606961][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 95.617028][ T5826] Call Trace:
[ 95.620317][ T5826]
[ 95.623268][ T5826] dump_stack_lvl+0x3d/0x1f0
[ 95.627886][ T5826] panic+0x71c/0x800
[ 95.631802][ T5826] ? __pfx_panic+0x10/0x10
[ 95.636241][ T5826] ? irqentry_exit+0x3b/0x90
[ 95.640857][ T5826] ? lockdep_hardirqs_on+0x7c/0x110
[ 95.646081][ T5826] ? preempt_schedule_thunk+0x16/0x30
[ 95.651475][ T5826] ? __free_filter.part.0+0x153/0x160
[ 95.656865][ T5826] ? preempt_schedule_common+0x44/0xc0
[ 95.662346][ T5826] ? check_panic_on_warn+0x1f/0xb0
[ 95.667489][ T5826] ? __free_filter.part.0+0x153/0x160
[ 95.672899][ T5826] check_panic_on_warn+0xab/0xb0
[ 95.677883][ T5826] end_report+0x107/0x170
[ 95.682239][ T5826] kasan_report+0xee/0x110
[ 95.686674][ T5826] ? __free_filter.part.0+0x153/0x160
[ 95.692067][ T5826] __free_filter.part.0+0x153/0x160
[ 95.697292][ T5826] apply_subsystem_event_filter+0x1487/0x17a0
[ 95.703388][ T5826] ? __might_fault+0x13b/0x190
[ 95.708180][ T5826] ? __pfx_apply_subsystem_event_filter+0x10/0x10
[ 95.714644][ T5826] ? _copy_from_user+0x59/0xd0
[ 95.719439][ T5826] subsystem_filter_write+0x95/0x120
[ 95.724749][ T5826] ? __pfx_subsystem_filter_write+0x10/0x10
[ 95.730662][ T5826] vfs_write+0x2a0/0x1150
[ 95.735025][ T5826] ? __pfx_vfs_write+0x10/0x10
[ 95.739829][ T5826] ? do_sys_openat2+0x157/0x1d0
[ 95.744695][ T5826] ? __pfx_do_sys_openat2+0x10/0x10
[ 95.749910][ T5826] ? find_held_lock+0x2b/0x80
[ 95.754601][ T5826] ? handle_mm_fault+0x2ab/0xd10
[ 95.759562][ T5826] ksys_write+0x12a/0x250
[ 95.763916][ T5826] ? __pfx_ksys_write+0x10/0x10
[ 95.768796][ T5826] do_syscall_64+0xcd/0x490
[ 95.773333][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.779238][ T5826] RIP: 0033:0x7f0e994323a9
[ 95.783675][ T5826] Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 95.803311][ T5826] RSP: 002b:00007ffeb32f1f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 95.811748][ T5826] RAX: ffffffffffffffda RBX: 00007ffeb32f1fa0 RCX: 00007f0e994323a9
[ 95.819744][ T5826] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000004
[ 95.827742][ T5826] RBP: 0000000000000001 R08: 00007ffeb32f1d37 R09: 00007f0e994a0037
[ 95.835727][ T5826] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f0e9949d618
[ 95.843709][ T5826] R13: 00007ffeb32f2178 R14: 0000000000000001 R15: 0000000000000001
[ 95.851708][ T5826]
[ 95.855120][ T5826] Kernel Offset: disabled
[ 95.859473][ T5826] Rebooting in 86400 seconds..