./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1053526925
<...>
Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts.
execve("./syz-executor1053526925", ["./syz-executor1053526925"], 0x7ffc6ce8fb40 /* 10 vars */) = 0
brk(NULL) = 0x555591b05000
brk(0x555591b05d00) = 0x555591b05d00
arch_prctl(ARCH_SET_FS, 0x555591b05380) = 0
set_tid_address(0x555591b05650) = 5839
set_robust_list(0x555591b05660, 24) = 0
rseq(0x555591b05ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1053526925", 4096) = 28
getrandom("\xee\x43\x1a\x1b\xf8\x4b\xf2\x74", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555591b05d00
brk(0x555591b26d00) = 0x555591b26d00
brk(0x555591b27000) = 0x555591b27000
mprotect(0x7f14c7b77000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591b05650) = 5840
./strace-static-x86_64: Process 5840 attached
[pid 5840] set_robust_list(0x555591b05660, 24) = 0
[pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5840] setpgid(0, 0) = 0
[pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5840] write(3, "1000", 4) = 4
[pid 5840] close(3) = 0
[pid 5840] write(1, "executing program\n", 18executing program
) = 18
[pid 5840] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5840] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5840] write(4, "23", 2) = 2
[pid 5840] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOENT (No such file or directory)
[pid 5840] exit_group(0) = ?
[pid 5840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached
, child_tidptr=0x555591b05650) = 5843
[pid 5843] set_robust_list(0x555591b05660, 24) = 0
[ 91.323796][ T5840] iommufd_mock iommufd_mock0: Adding to iommu group 0
[pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5843] setpgid(0, 0) = 0
[pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5843] write(3, "1000", 4) = 4
[pid 5843] close(3) = 0
[pid 5843] write(1, "executing program\n", 18executing program
) = 18
[pid 5843] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5843] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5843] write(4, "23", 2) = 2
[ 91.471262][ T5843] FAULT_INJECTION: forcing a failure.
[ 91.471262][ T5843] name failslab, interval 1, probability 0, space 0, times 0
[ 91.484071][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor105 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 91.484121][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 91.484141][ T5843] Call Trace:
[ 91.484147][ T5843]
[ 91.484154][ T5843] dump_stack_lvl+0x241/0x360
[ 91.484201][ T5843] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.484223][ T5843] ? __pfx__printk+0x10/0x10
[ 91.484248][ T5843] ? __pfx___might_resched+0x10/0x10
[ 91.484269][ T5843] should_fail_ex+0x424/0x570
[ 91.484301][ T5843] should_failslab+0xac/0x100
[ 91.484323][ T5843] kmem_cache_alloc_noprof+0x78/0x390
[ 91.484343][ T5843] ? __kernfs_new_node+0xdf/0x890
[ 91.484363][ T5843] __kernfs_new_node+0xdf/0x890
[ 91.484381][ T5843] ? __lock_acquire+0xad5/0xd80
[ 91.484400][ T5843] ? __pfx___kernfs_new_node+0x10/0x10
[ 91.484424][ T5843] ? kernfs_root+0x1c/0x230
[ 91.484439][ T5843] ? kernfs_root+0x1c/0x230
[ 91.484456][ T5843] kernfs_new_node+0x114/0x220
[ 91.484475][ T5843] kernfs_create_dir_ns+0x43/0x120
[ 91.484494][ T5843] sysfs_create_dir_ns+0x1a2/0x3f0
[ 91.484511][ T5843] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 91.484532][ T5843] kobject_add_internal+0x435/0x8d0
[ 91.484560][ T5843] kobject_add+0x15b/0x230
[ 91.484577][ T5843] ? kobject_put+0x43d/0x480
[ 91.484593][ T5843] ? __pfx_kobject_add+0x10/0x10
[ 91.484610][ T5843] ? bus_get_dev_root+0x127/0x160
[ 91.484627][ T5843] ? get_device_parent+0x405/0x410
[ 91.484642][ T5843] ? device_add+0x318/0xbf0
[ 91.484659][ T5843] device_add+0x4e5/0xbf0
[ 91.484676][ T5843] ? iommufd_test+0x2efb/0x56a0
[ 91.484693][ T5843] iommufd_test+0x3350/0x56a0
[ 91.484716][ T5843] ? __pfx_iommufd_test+0x10/0x10
[ 91.484739][ T5843] ? __lock_acquire+0xad5/0xd80
[ 91.484778][ T5843] iommufd_fops_ioctl+0x4fc/0x610
[ 91.484799][ T5843] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 91.484834][ T5843] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 91.484854][ T5843] __se_sys_ioctl+0xf1/0x160
[ 91.484874][ T5843] do_syscall_64+0xf3/0x230
[ 91.484889][ T5843] ? clear_bhb_loop+0x45/0xa0
[ 91.484907][ T5843] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.484921][ T5843] RIP: 0033:0x7f14c7b0b6e9
[ 91.484942][ T5843] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.484954][ T5843] RSP: 002b:00007fff388f87b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 91.484970][ T5843] RAX: ffffffffffffffda RBX: 00007fff388f87d0 RCX: 00007f14c7b0b6e9
[ 91.484981][ T5843] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 91.484990][ T5843] RBP: 0000000000000002 R08: 00007fff388f8556 R09: 00000000000000a0
[ 91.485000][ T5843] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fff388f87cc
[ 91.485009][ T5843] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 91.485030][ T5843]
[pid 5843] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0xa0, 0), 0x200000000200) = -1 ENOMEM (Cannot allocate memory)
[pid 5843] exit_group(0) = ?
[pid 5843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 91.485055][ T5843] kobject: kobject_add_internal failed for iommufd_mock0 (error: -12 parent: devices)
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached
, child_tidptr=0x555591b05650) = 5844
[pid 5844] set_robust_list(0x555591b05660, 24) = 0
[pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5844] setpgid(0, 0) = 0
[pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5844] write(3, "1000", 4) = 4
[pid 5844] close(3) = 0
[pid 5844] write(1, "executing program\n", 18executing program
) = 18
[pid 5844] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3
[pid 5844] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5844] write(4, "23", 2) = 2
[ 91.895081][ T5844] FAULT_INJECTION: forcing a failure.
[ 91.895081][ T5844] name failslab, interval 1, probability 0, space 0, times 0
[ 91.907885][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: syz-executor105 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 91.907908][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 91.907918][ T5844] Call Trace:
[ 91.907924][ T5844]
[ 91.907930][ T5844] dump_stack_lvl+0x241/0x360
[ 91.907961][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.907983][ T5844] ? __pfx__printk+0x10/0x10
[ 91.908008][ T5844] ? __pfx___might_resched+0x10/0x10
[ 91.908031][ T5844] should_fail_ex+0x424/0x570
[ 91.908059][ T5844] should_failslab+0xac/0x100
[ 91.908082][ T5844] kmem_cache_alloc_noprof+0x78/0x390
[ 91.908103][ T5844] ? __kernfs_new_node+0xdf/0x890
[ 91.908123][ T5844] __kernfs_new_node+0xdf/0x890
[ 91.908138][ T5844] ? __lock_acquire+0xad5/0xd80
[ 91.908159][ T5844] ? __pfx___kernfs_new_node+0x10/0x10
[ 91.908181][ T5844] ? kernfs_root+0x1c/0x230
[ 91.908197][ T5844] ? kernfs_root+0x1c/0x230
[ 91.908220][ T5844] kernfs_new_node+0x114/0x220
[ 91.908240][ T5844] kernfs_create_link+0xa5/0x1f0
[ 91.908264][ T5844] sysfs_do_create_link_sd+0x85/0x110
[ 91.908281][ T5844] software_node_notify+0xd9/0x1b0
[ 91.908299][ T5844] device_add+0x513/0xbf0
[ 91.908317][ T5844] ? iommufd_test+0x2efb/0x56a0
[ 91.908334][ T5844] iommufd_test+0x3350/0x56a0
[ 91.908357][ T5844] ? __pfx_iommufd_test+0x10/0x10
[ 91.908381][ T5844] ? __lock_acquire+0xad5/0xd80
[ 91.908420][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 91.908443][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 91.908482][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 91.908503][ T5844] __se_sys_ioctl+0xf1/0x160
[ 91.908523][ T5844] do_syscall_64+0xf3/0x230
[ 91.908540][ T5844] ? clear_bhb_loop+0x45/0xa0
[ 91.908557][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.908572][ T5844] RIP: 0033:0x7f14c7b0b6e9
[ 91.908586][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.908598][ T5844] RSP: 002b:00007fff388f87b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 91.908614][ T5844] RAX: ffffffffffffffda RBX: 00007fff388f87d0 RCX: 00007f14c7b0b6e9
[ 91.908625][ T5844] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 91.908635][ T5844] RBP: 0000000000000002 R08: 00007fff388f8556 R09: 00000000000000a0
[ 91.908644][ T5844] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fff388f87cc
[ 91.908653][ T5844] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 91.908675][ T5844]
[ 91.909296][ T5844] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 92.166981][ T5844] ==================================================================
[ 92.175086][ T5844] BUG: KASAN: slab-use-after-free in software_node_notify_remove+0x1bc/0x1c0
[ 92.183858][ T5844] Read of size 1 at addr ffff888033c08908 by task syz-executor105/5844
[ 92.192097][ T5844]
[ 92.194426][ T5844] CPU: 0 UID: 0 PID: 5844 Comm: syz-executor105 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 92.194449][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 92.194459][ T5844] Call Trace:
[ 92.194467][ T5844]
[ 92.194474][ T5844] dump_stack_lvl+0x241/0x360
[ 92.194502][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10
[ 92.194523][ T5844] ? rcu_is_watching+0x15/0xb0
[ 92.194543][ T5844] ? __virt_addr_valid+0x183/0x530
[ 92.194564][ T5844] ? lock_release+0x4e/0x3e0
[ 92.194584][ T5844] ? __virt_addr_valid+0x183/0x530
[ 92.194603][ T5844] ? __virt_addr_valid+0x183/0x530
[ 92.194623][ T5844] print_report+0x16e/0x5b0
[ 92.194643][ T5844] ? __virt_addr_valid+0x183/0x530
[ 92.194663][ T5844] ? __virt_addr_valid+0x183/0x530
[ 92.194681][ T5844] ? __virt_addr_valid+0x45f/0x530
[ 92.194701][ T5844] ? __phys_addr+0xba/0x170
[ 92.194721][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 92.194737][ T5844] kasan_report+0x143/0x180
[ 92.194757][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 92.194774][ T5844] software_node_notify_remove+0x1bc/0x1c0
[ 92.194791][ T5844] device_del+0x594/0x9b0
[ 92.194810][ T5844] ? __pfx_iommufd_object_remove+0x10/0x10
[ 92.194832][ T5844] ? __pfx_device_del+0x10/0x10
[ 92.194852][ T5844] device_unregister+0x20/0xc0
[ 92.194869][ T5844] iommufd_test+0x3715/0x56a0
[ 92.194887][ T5844] ? __pfx_iommufd_test+0x10/0x10
[ 92.194906][ T5844] ? __lock_acquire+0xad5/0xd80
[ 92.194933][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 92.194953][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 92.194980][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 92.195000][ T5844] __se_sys_ioctl+0xf1/0x160
[ 92.195018][ T5844] do_syscall_64+0xf3/0x230
[ 92.195035][ T5844] ? clear_bhb_loop+0x45/0xa0
[ 92.195052][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.195067][ T5844] RIP: 0033:0x7f14c7b0b6e9
[ 92.195081][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 92.195093][ T5844] RSP: 002b:00007fff388f87b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 92.195110][ T5844] RAX: ffffffffffffffda RBX: 00007fff388f87d0 RCX: 00007f14c7b0b6e9
[ 92.195121][ T5844] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 92.195130][ T5844] RBP: 0000000000000002 R08: 00007fff388f8556 R09: 00000000000000a0
[ 92.195140][ T5844] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fff388f87cc
[ 92.195149][ T5844] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 92.195165][ T5844]
[ 92.195170][ T5844]
[ 92.452690][ T5844] Allocated by task 5844:
[ 92.457016][ T5844] kasan_save_track+0x3f/0x80
[ 92.461713][ T5844] __kasan_kmalloc+0x9d/0xb0
[ 92.466305][ T5844] __kmalloc_cache_noprof+0x236/0x370
[ 92.471681][ T5844] swnode_register+0x5a/0x540
[ 92.476369][ T5844] fwnode_create_software_node+0x199/0x1f0
[ 92.482182][ T5844] device_create_managed_software_node+0xd5/0x1f0
[ 92.488594][ T5844] iommufd_test+0x3335/0x56a0
[ 92.493272][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 92.498295][ T5844] __se_sys_ioctl+0xf1/0x160
[ 92.502882][ T5844] do_syscall_64+0xf3/0x230
[ 92.507382][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.513269][ T5844]
[ 92.515601][ T5844] Freed by task 5844:
[ 92.519629][ T5844] kasan_save_track+0x3f/0x80
[ 92.524305][ T5844] kasan_save_free_info+0x40/0x50
[ 92.529328][ T5844] __kasan_slab_free+0x59/0x70
[ 92.534091][ T5844] kfree+0x198/0x430
[ 92.537982][ T5844] kobject_put+0x22f/0x480
[ 92.542395][ T5844] software_node_notify_remove+0x159/0x1c0
[ 92.548204][ T5844] device_del+0x594/0x9b0
[ 92.552532][ T5844] device_unregister+0x20/0xc0
[ 92.557291][ T5844] iommufd_test+0x3715/0x56a0
[ 92.561981][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 92.567005][ T5844] __se_sys_ioctl+0xf1/0x160
[ 92.571591][ T5844] do_syscall_64+0xf3/0x230
[ 92.576093][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.581982][ T5844]
[ 92.584298][ T5844] The buggy address belongs to the object at ffff888033c08800
[ 92.584298][ T5844] which belongs to the cache kmalloc-512 of size 512
[ 92.598367][ T5844] The buggy address is located 264 bytes inside of
[ 92.598367][ T5844] freed 512-byte region [ffff888033c08800, ffff888033c08a00)
[ 92.612195][ T5844]
[ 92.614532][ T5844] The buggy address belongs to the physical page:
[ 92.621059][ T5844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33c08
[ 92.629837][ T5844] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 92.638338][ T5844] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 92.645912][ T5844] page_type: f5(slab)
[ 92.649901][ T5844] raw: 00fff00000000040 ffff88801b041c80 dead000000000100 dead000000000122
[ 92.658488][ T5844] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 92.667073][ T5844] head: 00fff00000000040 ffff88801b041c80 dead000000000100 dead000000000122
[ 92.675771][ T5844] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 92.684438][ T5844] head: 00fff00000000002 ffffea0000cf0201 00000000ffffffff 00000000ffffffff
[ 92.693107][ T5844] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 92.701768][ T5844] page dumped because: kasan: bad access detected
[ 92.708232][ T5844] page_owner tracks the page as allocated
[ 92.714130][ T5844] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5212, tgid 5212 (udevadm), ts 38306058830, free_ts 27744191802
[ 92.735062][ T5844] post_alloc_hook+0x1f4/0x240
[ 92.739836][ T5844] get_page_from_freelist+0x352b/0x36c0
[ 92.745392][ T5844] __alloc_frozen_pages_noprof+0x211/0x5b0
[ 92.751215][ T5844] alloc_pages_mpol+0x339/0x690
[ 92.756106][ T5844] allocate_slab+0x8f/0x3a0
[ 92.760604][ T5844] ___slab_alloc+0xc3b/0x1500
[ 92.765270][ T5844] __slab_alloc+0x58/0xa0
[ 92.769596][ T5844] __kmalloc_cache_noprof+0x26a/0x370
[ 92.774969][ T5844] kernfs_fop_open+0x3a3/0xdf0
[ 92.779748][ T5844] do_dentry_open+0xdec/0x1960
[ 92.784516][ T5844] vfs_open+0x3b/0x370
[ 92.788586][ T5844] path_openat+0x2caf/0x35d0
[ 92.793171][ T5844] do_filp_open+0x284/0x4e0
[ 92.797680][ T5844] do_sys_openat2+0x12b/0x1d0
[ 92.802373][ T5844] __x64_sys_openat+0x249/0x2a0
[ 92.807240][ T5844] do_syscall_64+0xf3/0x230
[ 92.811747][ T5844] page last free pid 10 tgid 10 stack trace:
[ 92.817721][ T5844] __free_frozen_pages+0xde8/0x10a0
[ 92.822914][ T5844] vfree+0x1c3/0x360
[ 92.826808][ T5844] delayed_vfree_work+0x56/0x80
[ 92.831652][ T5844] process_scheduled_works+0xac3/0x18e0
[ 92.837210][ T5844] worker_thread+0x870/0xd50
[ 92.841793][ T5844] kthread+0x7b7/0x940
[ 92.845860][ T5844] ret_from_fork+0x4b/0x80
[ 92.850321][ T5844] ret_from_fork_asm+0x1a/0x30
[ 92.855080][ T5844]
[ 92.857398][ T5844] Memory state around the buggy address:
[ 92.863020][ T5844] ffff888033c08800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.871090][ T5844] ffff888033c08880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.880285][ T5844] >ffff888033c08900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.888344][ T5844] ^
[ 92.892690][ T5844] ffff888033c08980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.900749][ T5844] ffff888033c08a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.908807][ T5844] ==================================================================
[ 92.924386][ T5844] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.931683][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: syz-executor105 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full)
[ 92.944035][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 92.954102][ T5844] Call Trace:
[ 92.957406][ T5844]
[ 92.960353][ T5844] dump_stack_lvl+0x241/0x360
[ 92.965068][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10
[ 92.970317][ T5844] ? __pfx__printk+0x10/0x10
[ 92.974934][ T5844] ? vscnprintf+0x5d/0x90
[ 92.979296][ T5844] panic+0x349/0x880
[ 92.983220][ T5844] ? check_panic_on_warn+0x21/0xb0
[ 92.988345][ T5844] ? __pfx_panic+0x10/0x10
[ 92.992772][ T5844] ? _raw_spin_unlock_irqrestore+0x134/0x140
[ 92.998781][ T5844] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 93.005153][ T5844] ? print_report+0x519/0x5b0
[ 93.009863][ T5844] check_panic_on_warn+0x86/0xb0
[ 93.014821][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 93.020827][ T5844] end_report+0x77/0x160
[ 93.025082][ T5844] kasan_report+0x154/0x180
[ 93.029595][ T5844] ? software_node_notify_remove+0x1bc/0x1c0
[ 93.035585][ T5844] software_node_notify_remove+0x1bc/0x1c0
[ 93.041408][ T5844] device_del+0x594/0x9b0
[ 93.045749][ T5844] ? __pfx_iommufd_object_remove+0x10/0x10
[ 93.051570][ T5844] ? __pfx_device_del+0x10/0x10
[ 93.056434][ T5844] device_unregister+0x20/0xc0
[ 93.061202][ T5844] iommufd_test+0x3715/0x56a0
[ 93.065891][ T5844] ? __pfx_iommufd_test+0x10/0x10
[ 93.070924][ T5844] ? __lock_acquire+0xad5/0xd80
[ 93.075793][ T5844] iommufd_fops_ioctl+0x4fc/0x610
[ 93.080837][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 93.086399][ T5844] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 93.091950][ T5844] __se_sys_ioctl+0xf1/0x160
[ 93.096555][ T5844] do_syscall_64+0xf3/0x230
[ 93.101150][ T5844] ? clear_bhb_loop+0x45/0xa0
[ 93.105835][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.111730][ T5844] RIP: 0033:0x7f14c7b0b6e9
[ 93.116149][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 93.135759][ T5844] RSP: 002b:00007fff388f87b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 93.144177][ T5844] RAX: ffffffffffffffda RBX: 00007fff388f87d0 RCX: 00007f14c7b0b6e9
[ 93.152151][ T5844] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 93.160303][ T5844] RBP: 0000000000000002 R08: 00007fff388f8556 R09: 00000000000000a0
[ 93.168295][ T5844] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fff388f87cc
[ 93.176372][ T5844] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 93.184387][ T5844]
[ 93.187717][ T5844] Kernel Offset: disabled
[ 93.192055][ T5844] Rebooting in 86400 seconds..