[   76.302729][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[   76.305616][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[   81.408236][  T835] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:63268' (ED25519) to the list of known hosts.
2025/05/23 00:12:15 ignoring optional flag "sandboxArg"="0"
2025/05/23 00:12:16 parsed 1 programs
[   86.540018][   T40] audit: type=1400 audit(1747959139.210:121): avc:  denied  { unlink } for  pid=6234 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   87.638791][ T6234] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.001961][ T6252] chnl_net:caif_netlink_parms(): no params data found
[   90.090362][ T6252] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.093283][ T6252] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.096239][ T6252] bridge_slave_0: entered allmulticast mode
[   90.100307][ T6252] bridge_slave_0: entered promiscuous mode
[   90.103644][ T6252] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.105869][ T6252] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.108455][ T6252] bridge_slave_1: entered allmulticast mode
[   90.111096][ T6252] bridge_slave_1: entered promiscuous mode
[   90.155639][ T6252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.161421][ T6252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.210263][ T6252] team0: Port device team_slave_0 added
[   90.213971][ T6252] team0: Port device team_slave_1 added
[   90.250450][ T6252] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.253156][ T6252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.262570][ T6252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.266982][ T6252] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.269334][ T6252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.277965][ T6252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.319953][ T6252] hsr_slave_0: entered promiscuous mode
[   90.322221][ T6252] hsr_slave_1: entered promiscuous mode
[   90.928754][ T6252] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.933735][ T6252] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.937853][ T6252] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.942684][ T6252] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.956626][ T6252] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.959389][ T6252] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.962370][ T6252] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.965149][ T6252] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.993172][ T6252] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.005310][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.009633][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.020754][ T6252] 8021q: adding VLAN 0 to HW filter on device team0
[   91.026757][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.029382][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.035667][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.038500][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.173585][ T6252] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.198338][ T6252] veth0_vlan: entered promiscuous mode
[   91.203721][ T6252] veth1_vlan: entered promiscuous mode
[   91.221417][ T6252] veth0_macvtap: entered promiscuous mode
[   91.225387][ T6252] veth1_macvtap: entered promiscuous mode
[   91.242349][ T6252] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.251774][ T6252] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.260746][ T6252] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.264334][ T6252] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.268878][ T6252] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.272379][ T6252] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.381371][   T82] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.456250][   T82] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.486821][   T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   91.492221][   T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   91.497578][   T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   91.502221][   T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   91.505805][   T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   91.519429][   T82] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.618881][   T82] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.745312][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.749196][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.773166][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.775663][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.236448][   T40] audit: type=1401 audit(1747959145.900:122): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/05/23 00:12:26 executed programs: 0
[   93.580200][   T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   93.583856][   T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   93.586843][   T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   93.590941][   T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   93.593642][   T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   93.723962][ T6427] chnl_net:caif_netlink_parms(): no params data found
[   93.830792][ T6427] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.833088][ T6427] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.835381][ T6427] bridge_slave_0: entered allmulticast mode
[   93.838549][ T6427] bridge_slave_0: entered promiscuous mode
[   93.842229][ T6427] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.844422][ T6427] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.846696][ T6427] bridge_slave_1: entered allmulticast mode
[   93.849841][ T6427] bridge_slave_1: entered promiscuous mode
[   93.882876][ T6427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.887698][ T6427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.924565][ T6427] team0: Port device team_slave_0 added
[   93.930087][ T6427] team0: Port device team_slave_1 added
[   93.982185][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.985060][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.995651][ T6427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.001802][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.004593][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.014959][ T6427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.091510][ T6427] hsr_slave_0: entered promiscuous mode
[   94.094710][ T6427] hsr_slave_1: entered promiscuous mode
[   94.098243][ T6427] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   94.101252][ T6427] Cannot create hsr debugfs directory
[   95.012197][   T82] bridge_slave_1: left allmulticast mode
[   95.014558][   T82] bridge_slave_1: left promiscuous mode
[   95.017093][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.022753][   T82] bridge_slave_0: left allmulticast mode
[   95.025155][   T82] bridge_slave_0: left promiscuous mode
[   95.028862][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.256713][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   95.263257][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   95.268530][   T82] bond0 (unregistering): Released all slaves
[   95.373266][   T82] hsr_slave_0: left promiscuous mode
[   95.375453][   T82] hsr_slave_1: left promiscuous mode
[   95.377519][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   95.379878][   T82] batman_adv: batadv0: Removing interface: batadv_slave_0
[   95.382747][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   95.385119][   T82] batman_adv: batadv0: Removing interface: batadv_slave_1
[   95.398614][   T82] veth1_macvtap: left promiscuous mode
[   95.400417][   T82] veth0_macvtap: left promiscuous mode
[   95.402249][   T82] veth1_vlan: left promiscuous mode
[   95.403967][   T82] veth0_vlan: left promiscuous mode
[   95.658409][   T67] Bluetooth: hci0: command tx timeout
[   95.812673][   T82] team0 (unregistering): Port device team_slave_1 removed
[   95.859836][   T82] team0 (unregistering): Port device team_slave_0 removed
[   96.614679][ T6427] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.621029][ T6427] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.625994][ T6427] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.632661][ T6427] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.706421][ T6427] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.724589][ T6427] 8021q: adding VLAN 0 to HW filter on device team0
[   96.733857][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.736921][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.745392][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.748500][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.252542][ T6427] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.292944][ T6427] veth0_vlan: entered promiscuous mode
[   97.305512][ T6427] veth1_vlan: entered promiscuous mode
[   97.358705][ T6427] veth0_macvtap: entered promiscuous mode
[   97.364237][ T6427] veth1_macvtap: entered promiscuous mode
[   97.377011][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.383954][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.389576][ T6427] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.392999][ T6427] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.395717][ T6427] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.399136][ T6427] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.452284][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.455419][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.474838][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.478283][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.539297][   T40] audit: type=1400 audit(1747959150.210:123): avc:  denied  { create } for  pid=6509 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   97.588837][ T6510] FAULT_INJECTION: forcing a failure.
[   97.588837][ T6510] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   97.595050][ T6510] CPU: 0 UID: 0 PID: 6510 Comm: syz.0.16 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) 
[   97.595074][ T6510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.595084][ T6510] Call Trace:
[   97.595091][ T6510]  <TASK>
[   97.595098][ T6510]  dump_stack_lvl+0x16c/0x1f0
[   97.595130][ T6510]  should_fail_ex+0x512/0x640
[   97.595158][ T6510]  should_fail_alloc_page+0xe7/0x130
[   97.595187][ T6510]  prepare_alloc_pages+0x3c2/0x610
[   97.595215][ T6510]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[   97.595236][ T6510]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   97.595259][ T6510]  ? stack_depot_save_flags+0x3e6/0xa50
[   97.595290][ T6510]  ? kasan_save_stack+0x42/0x60
[   97.595306][ T6510]  ? kasan_save_stack+0x33/0x60
[   97.595322][ T6510]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   97.595338][ T6510]  ? security_inode_alloc+0x3b/0x2b0
[   97.595362][ T6510]  ? alloc_inode+0x86/0x240
[   97.595410][ T6510]  ? __debugfs_create_file+0x11c/0x6b0
[   97.595443][ T6510]  ? debugfs_create_file_unsafe+0x3c/0x50
[   97.595468][ T6510]  ? debugfs_create_u32+0x70/0xa0
[   97.595489][ T6510]  ? nbd_start_device+0x415/0xcd0
[   97.595507][ T6510]  ? nbd_genl_connect+0x120e/0x1c20
[   97.595524][ T6510]  ? look_up_lock_class+0x6b/0x150
[   97.595545][ T6510]  ? genl_rcv_msg+0x55c/0x800
[   97.595573][ T6510]  ? __sys_sendmsg+0x16d/0x220
[   97.595597][ T6510]  ? __lock_acquire+0xaa4/0x1ba0
[   97.595624][ T6510]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   97.595645][ T6510]  ? policy_nodemask+0xea/0x4e0
[   97.595675][ T6510]  alloc_pages_mpol+0x1fb/0x550
[   97.595696][ T6510]  ? __pfx_alloc_pages_mpol+0x10/0x10
[   97.595713][ T6510]  ? do_raw_spin_lock+0x12c/0x2b0
[   97.595732][ T6510]  ? find_held_lock+0x2b/0x80
[   97.595759][ T6510]  alloc_pages_noprof+0x131/0x390
[   97.595779][ T6510]  get_free_pages_noprof+0xc/0x40
[   97.595798][ T6510]  inode_doinit_with_dentry+0x8d6/0x12e0
[   97.595831][ T6510]  ? __pfx_inode_doinit_with_dentry+0x10/0x10
[   97.595858][ T6510]  ? new_inode+0x15a/0x1c0
[   97.595883][ T6510]  selinux_d_instantiate+0x26/0x30
[   97.595914][ T6510]  security_d_instantiate+0x142/0x1a0
[   97.595942][ T6510]  d_instantiate+0x5c/0x90
[   97.595963][ T6510]  __debugfs_create_file+0x286/0x6b0
[   97.595992][ T6510]  debugfs_create_file_unsafe+0x3c/0x50
[   97.596022][ T6510]  debugfs_create_u32+0x70/0xa0
[   97.596049][ T6510]  nbd_start_device+0x415/0xcd0
[   97.596086][ T6510]  ? __nla_parse+0x40/0x60
[   97.596108][ T6510]  nbd_genl_connect+0x120e/0x1c20
[   97.596133][ T6510]  ? __pfx_nbd_genl_connect+0x10/0x10
[   97.596158][ T6510]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[   97.596184][ T6510]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[   97.596217][ T6510]  genl_family_rcv_msg_doit+0x209/0x2f0
[   97.596245][ T6510]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   97.596271][ T6510]  ? genl_get_cmd+0x194/0x580
[   97.596302][ T6510]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[   97.596319][ T6510]  ? kmalloc_reserve+0x18b/0x2c0
[   97.596341][ T6510]  ? __radix_tree_lookup+0x21f/0x2c0
[   97.596368][ T6510]  genl_rcv_msg+0x55c/0x800
[   97.596397][ T6510]  ? __pfx_genl_rcv_msg+0x10/0x10
[   97.596423][ T6510]  ? __pfx_nbd_genl_connect+0x10/0x10
[   97.596444][ T6510]  ? __lock_acquire+0xaa4/0x1ba0
[   97.596476][ T6510]  netlink_rcv_skb+0x16a/0x440
[   97.596498][ T6510]  ? __pfx_genl_rcv_msg+0x10/0x10
[   97.596525][ T6510]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   97.596561][ T6510]  ? __pfx_down_read+0x10/0x10
[   97.596579][ T6510]  ? netlink_deliver_tap+0x1ae/0xd30
[   97.596605][ T6510]  genl_rcv+0x28/0x40
[   97.596627][ T6510]  netlink_unicast+0x53d/0x7f0
[   97.596653][ T6510]  ? __pfx_netlink_unicast+0x10/0x10
[   97.596689][ T6510]  netlink_sendmsg+0x8d1/0xdd0
[   97.596717][ T6510]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.596751][ T6510]  ____sys_sendmsg+0xa95/0xc70
[   97.596791][ T6510]  ? copy_msghdr_from_user+0x10a/0x160
[   97.596812][ T6510]  ? __pfx_____sys_sendmsg+0x10/0x10
[   97.596849][ T6510]  ___sys_sendmsg+0x134/0x1d0
[   97.596872][ T6510]  ? __pfx____sys_sendmsg+0x10/0x10
[   97.596925][ T6510]  __sys_sendmsg+0x16d/0x220
[   97.596953][ T6510]  ? __pfx___sys_sendmsg+0x10/0x10
[   97.596981][ T6510]  ? rcu_is_watching+0x12/0xc0
[   97.597011][ T6510]  do_syscall_64+0xcd/0x260
[   97.597039][ T6510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.597057][ T6510] RIP: 0033:0x7f82e7b8e969
[   97.597072][ T6510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.597088][ T6510] RSP: 002b:00007f82e89aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.597104][ T6510] RAX: ffffffffffffffda RBX: 00007f82e7db5fa0 RCX: 00007f82e7b8e969
[   97.597115][ T6510] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000006
[   97.597126][ T6510] RBP: 00007f82e89aa090 R08: 0000000000000000 R09: 0000000000000000
[   97.597136][ T6510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   97.597146][ T6510] R13: 0000000000000000 R14: 00007f82e7db5fa0 R15: 00007ffc373a8698
[   97.597171][ T6510]  </TASK>
[   97.757648][   T67] Bluetooth: hci0: command tx timeout
[   97.826209][ T5284] block nbd0: Receive control failed (result -104)
[   97.937653][ T6512] FAULT_INJECTION: forcing a failure.
[   97.937653][ T6512] name failslab, interval 1, probability 0, space 0, times 1
[   97.943434][ T6512] CPU: 1 UID: 0 PID: 6512 Comm: syz.0.17 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) 
[   97.943450][ T6512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.943457][ T6512] Call Trace:
[   97.943462][ T6512]  <TASK>
[   97.943466][ T6512]  dump_stack_lvl+0x16c/0x1f0
[   97.943488][ T6512]  should_fail_ex+0x512/0x640
[   97.943503][ T6512]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[   97.943516][ T6512]  should_failslab+0xc2/0x120
[   97.943528][ T6512]  kmem_cache_alloc_noprof+0x6d/0x3b0
[   97.943539][ T6512]  ? __kernfs_new_node+0xd2/0x8a0
[   97.943553][ T6512]  __kernfs_new_node+0xd2/0x8a0
[   97.943565][ T6512]  ? __pfx___kernfs_new_node+0x10/0x10
[   97.943579][ T6512]  ? find_held_lock+0x2b/0x80
[   97.943593][ T6512]  ? kernfs_root+0xee/0x2a0
[   97.943607][ T6512]  kernfs_new_node+0x13c/0x1e0
[   97.943622][ T6512]  __kernfs_create_file+0x53/0x350
[   97.943644][ T6512]  sysfs_add_file_mode_ns+0x207/0x3c0
[   97.943665][ T6512]  sysfs_create_file_ns+0x13d/0x1d0
[   97.943683][ T6512]  ? __pfx_sysfs_create_file_ns+0x10/0x10
[   97.943699][ T6512]  ? lockdep_hardirqs_on+0x7c/0x110
[   97.943716][ T6512]  ? nbd_start_device+0x8d8/0xcd0
[   97.943730][ T6512]  device_create_file+0xf2/0x1e0
[   97.943747][ T6512]  nbd_genl_connect+0x1373/0x1c20
[   97.943762][ T6512]  ? __pfx_nbd_genl_connect+0x10/0x10
[   97.943777][ T6512]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[   97.943794][ T6512]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[   97.943814][ T6512]  genl_family_rcv_msg_doit+0x209/0x2f0
[   97.943831][ T6512]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   97.943847][ T6512]  ? genl_get_cmd+0x194/0x580
[   97.943871][ T6512]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[   97.943886][ T6512]  ? kmalloc_reserve+0x18b/0x2c0
[   97.943908][ T6512]  ? __radix_tree_lookup+0x21f/0x2c0
[   97.943939][ T6512]  genl_rcv_msg+0x55c/0x800
[   97.943968][ T6512]  ? __pfx_genl_rcv_msg+0x10/0x10
[   97.943989][ T6512]  ? __pfx_nbd_genl_connect+0x10/0x10
[   97.944002][ T6512]  ? __lock_acquire+0xaa4/0x1ba0
[   97.944021][ T6512]  netlink_rcv_skb+0x16a/0x440
[   97.944041][ T6512]  ? __pfx_genl_rcv_msg+0x10/0x10
[   97.944064][ T6512]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   97.944090][ T6512]  ? __pfx_down_read+0x10/0x10
[   97.944101][ T6512]  ? netlink_deliver_tap+0x1ae/0xd30
[   97.944116][ T6512]  genl_rcv+0x28/0x40
[   97.944130][ T6512]  netlink_unicast+0x53d/0x7f0
[   97.944146][ T6512]  ? __pfx_netlink_unicast+0x10/0x10
[   97.944163][ T6512]  netlink_sendmsg+0x8d1/0xdd0
[   97.944180][ T6512]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.944199][ T6512]  ____sys_sendmsg+0xa95/0xc70
[   97.944215][ T6512]  ? copy_msghdr_from_user+0x10a/0x160
[   97.944227][ T6512]  ? __pfx_____sys_sendmsg+0x10/0x10
[   97.944248][ T6512]  ___sys_sendmsg+0x134/0x1d0
[   97.944261][ T6512]  ? __pfx____sys_sendmsg+0x10/0x10
[   97.944290][ T6512]  __sys_sendmsg+0x16d/0x220
[   97.944302][ T6512]  ? __pfx___sys_sendmsg+0x10/0x10
[   97.944323][ T6512]  do_syscall_64+0xcd/0x260
[   97.944340][ T6512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.944352][ T6512] RIP: 0033:0x7f82e7b8e969
[   97.944361][ T6512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.944371][ T6512] RSP: 002b:00007f82e89aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.944382][ T6512] RAX: ffffffffffffffda RBX: 00007f82e7db5fa0 RCX: 00007f82e7b8e969
[   97.944388][ T6512] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000006
[   97.944394][ T6512] RBP: 00007f82e89aa090 R08: 0000000000000000 R09: 0000000000000000
[   97.944400][ T6512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   97.944406][ T6512] R13: 0000000000000000 R14: 00007f82e7db5fa0 R15: 00007ffc373a8698
[   97.944419][ T6512]  </TASK>
[   97.944437][ T6512] block nbd1: device_create_file failed for backend!
[   98.072298][ T5284] block nbd1: Receive control failed (result -104)
[   98.075431][ T5284] block nbd1: shutting down sockets
[   98.085002][ T5284] ==================================================================
[   98.087625][ T5284] BUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80
[   98.089937][ T5284] Write of size 4 at addr ffff888032c10678 by task kworker/u33:1/5284
[   98.093677][ T5284] 
[   98.094760][ T5284] CPU: 0 UID: 0 PID: 5284 Comm: kworker/u33:1 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) 
[   98.094774][ T5284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.094782][ T5284] Workqueue: nbd1-recv recv_work
[   98.094798][ T5284] Call Trace:
[   98.094803][ T5284]  <TASK>
[   98.094807][ T5284]  dump_stack_lvl+0x116/0x1f0
[   98.094825][ T5284]  print_report+0xc3/0x670
[   98.094836][ T5284]  ? __virt_addr_valid+0x5e/0x590
[   98.094852][ T5284]  ? __phys_addr+0xc6/0x150
[   98.094867][ T5284]  ? recv_work+0x694/0xa80
[   98.094876][ T5284]  kasan_report+0xe0/0x110
[   98.094891][ T5284]  ? recv_work+0x694/0xa80
[   98.094902][ T5284]  kasan_check_range+0xef/0x1a0
[   98.094915][ T5284]  recv_work+0x694/0xa80
[   98.094927][ T5284]  ? __pfx_recv_work+0x10/0x10
[   98.094937][ T5284]  ? debug_object_deactivate+0x1ec/0x3a0
[   98.094951][ T5284]  ? rcu_is_watching+0x12/0xc0
[   98.094965][ T5284]  process_one_work+0x9cf/0x1b70
[   98.094979][ T5284]  ? __pfx_process_one_work+0x10/0x10
[   98.094993][ T5284]  ? assign_work+0x1a0/0x250
[   98.095003][ T5284]  worker_thread+0x6c8/0xf10
[   98.095017][ T5284]  ? __pfx_worker_thread+0x10/0x10
[   98.095028][ T5284]  kthread+0x3c2/0x780
[   98.095038][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.095047][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.095057][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.095066][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.095075][ T5284]  ? rcu_is_watching+0x12/0xc0
[   98.095092][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.095101][ T5284]  ret_from_fork+0x45/0x80
[   98.095112][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.095122][ T5284]  ret_from_fork_asm+0x1a/0x30
[   98.095139][ T5284]  </TASK>
[   98.095144][ T5284] 
[   98.147605][ T5284] Allocated by task 6512:
[   98.148969][ T5284]  kasan_save_stack+0x33/0x60
[   98.150468][ T5284]  kasan_save_track+0x14/0x30
[   98.152032][ T5284]  __kasan_kmalloc+0xaa/0xb0
[   98.153495][ T5284]  nbd_alloc_and_init_config+0x97/0x2a0
[   98.155237][ T5284]  nbd_genl_connect+0x490/0x1c20
[   98.156796][ T5284]  genl_family_rcv_msg_doit+0x209/0x2f0
[   98.158513][ T5284]  genl_rcv_msg+0x55c/0x800
[   98.159971][ T5284]  netlink_rcv_skb+0x16a/0x440
[   98.161689][ T5284]  genl_rcv+0x28/0x40
[   98.162984][ T5284]  netlink_unicast+0x53d/0x7f0
[   98.164511][ T5284]  netlink_sendmsg+0x8d1/0xdd0
[   98.166020][ T5284]  ____sys_sendmsg+0xa95/0xc70
[   98.167527][ T5284]  ___sys_sendmsg+0x134/0x1d0
[   98.169007][ T5284]  __sys_sendmsg+0x16d/0x220
[   98.170500][ T5284]  do_syscall_64+0xcd/0x260
[   98.172028][ T5284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.173873][ T5284] 
[   98.174645][ T5284] Freed by task 5284:
[   98.175911][ T5284]  kasan_save_stack+0x33/0x60
[   98.177390][ T5284]  kasan_save_track+0x14/0x30
[   98.178870][ T5284]  kasan_save_free_info+0x3b/0x60
[   98.180509][ T5284]  __kasan_slab_free+0x51/0x70
[   98.182048][ T5284]  kfree+0x2b6/0x4d0
[   98.183295][ T5284]  nbd_config_put+0x3c1/0x750
[   98.184816][ T5284]  recv_work+0x681/0xa80
[   98.186163][ T5284]  process_one_work+0x9cf/0x1b70
[   98.187724][ T5284]  worker_thread+0x6c8/0xf10
[   98.189188][ T5284]  kthread+0x3c2/0x780
[   98.190518][ T5284]  ret_from_fork+0x45/0x80
[   98.191903][ T5284]  ret_from_fork_asm+0x1a/0x30
[   98.193275][ T5284] 
[   98.193960][ T5284] The buggy address belongs to the object at ffff888032c10600
[   98.193960][ T5284]  which belongs to the cache kmalloc-256 of size 256
[   98.197968][ T5284] The buggy address is located 120 bytes inside of
[   98.197968][ T5284]  freed 256-byte region [ffff888032c10600, ffff888032c10700)
[   98.202553][ T5284] 
[   98.203295][ T5284] The buggy address belongs to the physical page:
[   98.205267][ T5284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32c10
[   98.207949][ T5284] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   98.210408][ T5284] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   98.212841][ T5284] page_type: f5(slab)
[   98.214064][ T5284] raw: 00fff00000000040 ffff88801b442b40 0000000000000000 dead000000000001
[   98.216552][ T5284] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.219056][ T5284] head: 00fff00000000040 ffff88801b442b40 0000000000000000 dead000000000001
[   98.222015][ T5284] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.224631][ T5284] head: 00fff00000000001 ffffea0000cb0401 00000000ffffffff 00000000ffffffff
[   98.227213][ T5284] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   98.229786][ T5284] page dumped because: kasan: bad access detected
[   98.231732][ T5284] page_owner tracks the page as allocated
[   98.233446][ T5284] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5981, tgid 5981 (syz-executor), ts 59304648935, free_ts 58977320389
[   98.239544][ T5284]  post_alloc_hook+0x181/0x1b0
[   98.241005][ T5284]  get_page_from_freelist+0x135c/0x3920
[   98.242674][ T5284]  __alloc_frozen_pages_noprof+0x263/0x23a0
[   98.244490][ T5284]  alloc_pages_mpol+0x1fb/0x550
[   98.245976][ T5284]  new_slab+0x244/0x340
[   98.247218][ T5284]  ___slab_alloc+0xd9c/0x1940
[   98.248641][ T5284]  __slab_alloc.constprop.0+0x56/0xb0
[   98.250200][ T5284]  __kmalloc_cache_noprof+0xfb/0x3e0
[   98.252025][ T5284]  ____ip_mc_inc_group+0x403/0x10f0
[   98.253830][ T5284]  ip_mc_up+0x154/0x3b0
[   98.255067][ T5284]  inetdev_event+0xafb/0x18a0
[   98.256488][ T5284]  notifier_call_chain+0xbc/0x410
[   98.257982][ T5284]  call_netdevice_notifiers_info+0xbe/0x140
[   98.259852][ T5284]  __dev_notify_flags+0x12c/0x2e0
[   98.261449][ T5284]  netif_change_flags+0x108/0x160
[   98.262988][ T5284]  do_setlink.constprop.0+0xddf/0x44b0
[   98.264714][ T5284] page last free pid 0 tgid 0 stack trace:
[   98.266441][ T5284]  __free_frozen_pages+0x69d/0xff0
[   98.267982][ T5284]  rcu_core+0x79c/0x14e0
[   98.269250][ T5284]  handle_softirqs+0x216/0x8e0
[   98.270743][ T5284]  __irq_exit_rcu+0x109/0x170
[   98.272242][ T5284]  irq_exit_rcu+0x9/0x30
[   98.273548][ T5284]  sysvec_apic_timer_interrupt+0xa4/0xc0
[   98.275211][ T5284]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   98.277495][ T5284] 
[   98.278446][ T5284] Memory state around the buggy address:
[   98.280639][ T5284]  ffff888032c10500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.283786][ T5284]  ffff888032c10580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.286966][ T5284] >ffff888032c10600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.289790][ T5284]                                                                 ^
[   98.292247][ T5284]  ffff888032c10680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.294652][ T5284]  ffff888032c10700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.297020][ T5284] ==================================================================
[   98.300916][ T5284] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   98.303859][ T5284] CPU: 2 UID: 0 PID: 5284 Comm: kworker/u33:1 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) 
[   98.308630][ T5284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.312930][ T5284] Workqueue: nbd1-recv recv_work
[   98.314990][ T5284] Call Trace:
[   98.316404][ T5284]  <TASK>
[   98.317643][ T5284]  dump_stack_lvl+0x3d/0x1f0
[   98.319588][ T5284]  panic+0x71c/0x800
[   98.321290][ T5284]  ? __pfx_panic+0x10/0x10
[   98.323107][ T5284]  ? irqentry_exit+0x3b/0x90
[   98.325008][ T5284]  ? lockdep_hardirqs_on+0x7c/0x110
[   98.327153][ T5284]  ? preempt_schedule_thunk+0x16/0x30
[   98.329356][ T5284]  ? recv_work+0x694/0xa80
[   98.331199][ T5284]  ? preempt_schedule_common+0x44/0xc0
[   98.333479][ T5284]  ? check_panic_on_warn+0x1f/0xb0
[   98.335577][ T5284]  ? recv_work+0x694/0xa80
[   98.337414][ T5284]  check_panic_on_warn+0xab/0xb0
[   98.339437][ T5284]  end_report+0x107/0x170
[   98.341242][ T5284]  kasan_report+0xee/0x110
[   98.343071][ T5284]  ? recv_work+0x694/0xa80
[   98.344929][ T5284]  kasan_check_range+0xef/0x1a0
[   98.346859][ T5284]  recv_work+0x694/0xa80
[   98.348291][ T5284]  ? __pfx_recv_work+0x10/0x10
[   98.350264][ T5284]  ? debug_object_deactivate+0x1ec/0x3a0
[   98.352596][ T5284]  ? rcu_is_watching+0x12/0xc0
[   98.354379][ T5284]  process_one_work+0x9cf/0x1b70
[   98.356077][ T5284]  ? __pfx_process_one_work+0x10/0x10
[   98.358158][ T5284]  ? assign_work+0x1a0/0x250
[   98.360089][ T5284]  worker_thread+0x6c8/0xf10
[   98.362035][ T5284]  ? __pfx_worker_thread+0x10/0x10
[   98.364114][ T5284]  kthread+0x3c2/0x780
[   98.365774][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.367649][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.369546][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.371488][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.373426][ T5284]  ? rcu_is_watching+0x12/0xc0
[   98.375242][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.377189][ T5284]  ret_from_fork+0x45/0x80
[   98.379052][ T5284]  ? __pfx_kthread+0x10/0x10
[   98.381002][ T5284]  ret_from_fork_asm+0x1a/0x30
[   98.383071][ T5284]  </TASK>
[   98.385110][ T5284] Kernel Offset: disabled
[   98.386920][ T5284] Rebooting in 86400 seconds..