Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts.
2025/04/06 14:07:44 ignoring optional flag "sandboxArg"="0"
2025/04/06 14:07:45 parsed 1 programs
[ 116.306012][ T6076] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 118.982092][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 118.993233][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 119.007227][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 119.016058][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 119.024057][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 120.463142][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.475865][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.498249][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.506406][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.116415][ T6133] chnl_net:caif_netlink_parms(): no params data found
[ 121.187682][ T6133] bridge0: port 1(bridge_slave_0) entered blocking state
[ 121.195446][ T6133] bridge0: port 1(bridge_slave_0) entered disabled state
[ 121.205416][ T6133] bridge_slave_0: entered allmulticast mode
[ 121.212871][ T6133] bridge_slave_0: entered promiscuous mode
[ 121.221429][ T6133] bridge0: port 2(bridge_slave_1) entered blocking state
[ 121.228632][ T6133] bridge0: port 2(bridge_slave_1) entered disabled state
[ 121.236008][ T6133] bridge_slave_1: entered allmulticast mode
[ 121.243085][ T6133] bridge_slave_1: entered promiscuous mode
[ 121.276170][ T6133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 121.287973][ T6133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 121.322074][ T6133] team0: Port device team_slave_0 added
[ 121.330442][ T6133] team0: Port device team_slave_1 added
[ 121.366129][ T6133] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 121.373877][ T6133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 121.402226][ T6133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 121.415385][ T6133] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 121.422762][ T6133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 121.467625][ T6133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 121.554523][ T6133] hsr_slave_0: entered promiscuous mode
[ 121.563738][ T6133] hsr_slave_1: entered promiscuous mode
[ 121.689963][ T6133] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.782747][ T6133] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.880486][ T6133] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.942173][ T6133] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 122.042363][ T6133] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 122.053541][ T6133] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 122.063625][ T6133] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 122.076049][ T6133] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 122.144954][ T6133] 8021q: adding VLAN 0 to HW filter on device bond0
[ 122.165821][ T6133] 8021q: adding VLAN 0 to HW filter on device team0
[ 122.179638][ T52] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.186958][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 122.202292][ T52] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.210077][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 122.364913][ T6133] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 122.405032][ T6133] veth0_vlan: entered promiscuous mode
[ 122.417248][ T6133] veth1_vlan: entered promiscuous mode
[ 122.443848][ T6133] veth0_macvtap: entered promiscuous mode
[ 122.457924][ T6133] veth1_macvtap: entered promiscuous mode
[ 122.476073][ T6133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 122.487693][ T6133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 122.501727][ T6133] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 122.514423][ T6133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 122.525717][ T6133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 122.537135][ T6133] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 122.552493][ T6133] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.562021][ T6133] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.570916][ T6133] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.579816][ T6133] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/04/06 14:07:57 executed programs: 0
[ 124.158849][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 124.167135][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 124.176129][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 124.185458][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 124.194420][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 124.346821][ T6180] chnl_net:caif_netlink_parms(): no params data found
[ 124.423012][ T6180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 124.431466][ T6180] bridge0: port 1(bridge_slave_0) entered disabled state
[ 124.439007][ T6180] bridge_slave_0: entered allmulticast mode
[ 124.447488][ T6180] bridge_slave_0: entered promiscuous mode
[ 124.455460][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 124.463278][ T6180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 124.471016][ T6180] bridge_slave_1: entered allmulticast mode
[ 124.478311][ T6180] bridge_slave_1: entered promiscuous mode
[ 124.515262][ T6180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 124.526949][ T6180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 124.562260][ T6180] team0: Port device team_slave_0 added
[ 124.574213][ T6180] team0: Port device team_slave_1 added
[ 124.602962][ T6180] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 124.609933][ T6180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 124.637240][ T6180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 124.649255][ T6180] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 124.656879][ T6180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 124.682978][ T6180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 124.729514][ T6180] hsr_slave_0: entered promiscuous mode
[ 124.736791][ T6180] hsr_slave_1: entered promiscuous mode
[ 124.743293][ T6180] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 124.751037][ T6180] Cannot create hsr debugfs directory
[ 124.865621][ T6180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.183335][ T6180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.230238][ T54] Bluetooth: hci0: command tx timeout
[ 126.253104][ T6180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.324756][ T6180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.446622][ T6180] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 126.459519][ T6180] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 126.476035][ T6180] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 126.486410][ T6180] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 126.560069][ T6180] 8021q: adding VLAN 0 to HW filter on device bond0
[ 126.581138][ T6180] 8021q: adding VLAN 0 to HW filter on device team0
[ 126.595323][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 126.602671][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 126.622991][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.630274][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 126.776783][ T6180] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 126.821131][ T6180] veth0_vlan: entered promiscuous mode
[ 126.833604][ T6180] veth1_vlan: entered promiscuous mode
[ 126.862688][ T6180] veth0_macvtap: entered promiscuous mode
[ 126.872757][ T6180] veth1_macvtap: entered promiscuous mode
[ 126.891818][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 126.903056][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 126.913531][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 126.924227][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 126.935757][ T6180] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 126.949721][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 126.960511][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 126.970785][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 126.981926][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 126.994543][ T6180] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 127.006584][ T6180] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.016280][ T6180] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.025569][ T6180] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.034824][ T6180] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.101426][ T2912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.116128][ T2912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.145008][ T3019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.153566][ T3019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.228359][ T6195] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 127.263688][ T6197] FAULT_INJECTION: forcing a failure.
[ 127.263688][ T6197] name failslab, interval 1, probability 0, space 0, times 0
[ 127.277259][ T6197] CPU: 1 UID: 0 PID: 6197 Comm: syz.0.17 Not tainted 6.14.0-syzkaller-13525-g22ea69445c54 #0 PREEMPT(full)
[ 127.277283][ T6197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 127.277296][ T6197] Call Trace:
[ 127.277303][ T6197]
[ 127.277310][ T6197] dump_stack_lvl+0x241/0x360
[ 127.277353][ T6197] ? __pfx_dump_stack_lvl+0x10/0x10
[ 127.277375][ T6197] ? __pfx__printk+0x10/0x10
[ 127.277401][ T6197] ? __pfx___might_resched+0x10/0x10
[ 127.277433][ T6197] should_fail_ex+0x424/0x570
[ 127.277455][ T6197] should_failslab+0xac/0x100
[ 127.277478][ T6197] __kmalloc_cache_noprof+0x73/0x370
[ 127.277498][ T6197] ? device_add+0xc1/0xbf0
[ 127.277521][ T6197] device_add+0xc1/0xbf0
[ 127.277539][ T6197] ? device_create_managed_software_node+0x198/0x1f0
[ 127.277557][ T6197] ? iommufd_test+0x2efb/0x56a0
[ 127.277576][ T6197] iommufd_test+0x3350/0x56a0
[ 127.277602][ T6197] ? __pfx_iommufd_test+0x10/0x10
[ 127.277628][ T6197] ? __lock_acquire+0xad5/0xd80
[ 127.277676][ T6197] iommufd_fops_ioctl+0x4fc/0x610
[ 127.277700][ T6197] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 127.277726][ T6197] ? __fget_files+0x2a/0x420
[ 127.277746][ T6197] ? __fget_files+0x2a/0x420
[ 127.277766][ T6197] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 127.277789][ T6197] __se_sys_ioctl+0xf1/0x160
[ 127.277810][ T6197] do_syscall_64+0xf3/0x230
[ 127.277830][ T6197] ? clear_bhb_loop+0x45/0xa0
[ 127.277850][ T6197] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.277866][ T6197] RIP: 0033:0x7f0934b8d169
[ 127.277885][ T6197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.277898][ T6197] RSP: 002b:00007f0935a12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 127.277923][ T6197] RAX: ffffffffffffffda RBX: 00007f0934da5fa0 RCX: 00007f0934b8d169
[ 127.277935][ T6197] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 127.277945][ T6197] RBP: 00007f0935a12090 R08: 0000000000000000 R09: 0000000000000000
[ 127.277955][ T6197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 127.277965][ T6197] R13: 0000000000000000 R14: 00007f0934da5fa0 R15: 00007ffe7c9dc778
[ 127.277992][ T6197]
[ 127.536186][ T6199] FAULT_INJECTION: forcing a failure.
[ 127.536186][ T6199] name failslab, interval 1, probability 0, space 0, times 0
[ 127.552143][ T6199] CPU: 0 UID: 0 PID: 6199 Comm: syz.0.18 Not tainted 6.14.0-syzkaller-13525-g22ea69445c54 #0 PREEMPT(full)
[ 127.552167][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 127.552176][ T6199] Call Trace:
[ 127.552182][ T6199]
[ 127.552193][ T6199] dump_stack_lvl+0x241/0x360
[ 127.552238][ T6199] ? __pfx_dump_stack_lvl+0x10/0x10
[ 127.552261][ T6199] ? __pfx__printk+0x10/0x10
[ 127.552288][ T6199] ? __pfx___might_resched+0x10/0x10
[ 127.552313][ T6199] should_fail_ex+0x424/0x570
[ 127.552336][ T6199] should_failslab+0xac/0x100
[ 127.552360][ T6199] __kmalloc_node_track_caller_noprof+0xe2/0x4d0
[ 127.552384][ T6199] ? __kernfs_new_node+0xa2/0x890
[ 127.552399][ T6199] ? kernel_text_address+0xa7/0xe0
[ 127.552426][ T6199] kstrdup+0x42/0x100
[ 127.552448][ T6199] __kernfs_new_node+0xa2/0x890
[ 127.552467][ T6199] ? __lock_acquire+0xad5/0xd80
[ 127.552489][ T6199] ? __pfx___kernfs_new_node+0x10/0x10
[ 127.552517][ T6199] ? kernfs_root+0x1c/0x230
[ 127.552534][ T6199] ? kernfs_root+0x1c/0x230
[ 127.552553][ T6199] kernfs_new_node+0x114/0x220
[ 127.552576][ T6199] kernfs_create_dir_ns+0x43/0x120
[ 127.552598][ T6199] sysfs_create_dir_ns+0x1a2/0x3f0
[ 127.552618][ T6199] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 127.552639][ T6199] kobject_add_internal+0x435/0x8d0
[ 127.552663][ T6199] kobject_add+0x15b/0x230
[ 127.552684][ T6199] ? kobject_put+0x43d/0x480
[ 127.552703][ T6199] ? __pfx_kobject_add+0x10/0x10
[ 127.552729][ T6199] ? bus_get_dev_root+0x127/0x160
[ 127.552749][ T6199] ? get_device_parent+0x405/0x410
[ 127.552766][ T6199] ? device_add+0x318/0xbf0
[ 127.552783][ T6199] device_add+0x4e5/0xbf0
[ 127.552801][ T6199] ? iommufd_test+0x2efb/0x56a0
[ 127.552820][ T6199] iommufd_test+0x3350/0x56a0
[ 127.552847][ T6199] ? __pfx_iommufd_test+0x10/0x10
[ 127.552872][ T6199] ? __lock_acquire+0xad5/0xd80
[ 127.552909][ T6199] iommufd_fops_ioctl+0x4fc/0x610
[ 127.552928][ T6199] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 127.552948][ T6199] ? __fget_files+0x2a/0x420
[ 127.552964][ T6199] ? __fget_files+0x2a/0x420
[ 127.552978][ T6199] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 127.552995][ T6199] __se_sys_ioctl+0xf1/0x160
[ 127.553012][ T6199] do_syscall_64+0xf3/0x230
[ 127.553027][ T6199] ? clear_bhb_loop+0x45/0xa0
[ 127.553043][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.553055][ T6199] RIP: 0033:0x7f0934b8d169
[ 127.553068][ T6199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.553078][ T6199] RSP: 002b:00007f0935a12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 127.553092][ T6199] RAX: ffffffffffffffda RBX: 00007f0934da5fa0 RCX: 00007f0934b8d169
[ 127.553102][ T6199] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 127.553110][ T6199] RBP: 00007f0935a12090 R08: 0000000000000000 R09: 0000000000000000
[ 127.553118][ T6199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 127.553126][ T6199] R13: 0000000000000000 R14: 00007f0934da5fa0 R15: 00007ffe7c9dc778
[ 127.553146][ T6199]
[ 127.553162][ T6199] kobject: kobject_add_internal failed for iommufd_mock0 (error: -12 parent: devices)
[ 127.893966][ T6201] FAULT_INJECTION: forcing a failure.
[ 127.893966][ T6201] name failslab, interval 1, probability 0, space 0, times 0
[ 127.908765][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz.0.19 Not tainted 6.14.0-syzkaller-13525-g22ea69445c54 #0 PREEMPT(full)
[ 127.908789][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 127.908797][ T6201] Call Trace:
[ 127.908803][ T6201]
[ 127.908809][ T6201] dump_stack_lvl+0x241/0x360
[ 127.908836][ T6201] ? __pfx_dump_stack_lvl+0x10/0x10
[ 127.908853][ T6201] ? __pfx__printk+0x10/0x10
[ 127.908875][ T6201] ? __pfx___might_resched+0x10/0x10
[ 127.908896][ T6201] should_fail_ex+0x424/0x570
[ 127.908914][ T6201] should_failslab+0xac/0x100
[ 127.908934][ T6201] kmem_cache_alloc_noprof+0x78/0x390
[ 127.908952][ T6201] ? __kernfs_new_node+0xdf/0x890
[ 127.908973][ T6201] __kernfs_new_node+0xdf/0x890
[ 127.908989][ T6201] ? __lock_acquire+0xad5/0xd80
[ 127.909013][ T6201] ? __pfx___kernfs_new_node+0x10/0x10
[ 127.909037][ T6201] ? kernfs_root+0x1c/0x230
[ 127.909053][ T6201] ? kernfs_root+0x1c/0x230
[ 127.909071][ T6201] kernfs_new_node+0x114/0x220
[ 127.909094][ T6201] kernfs_create_link+0xa5/0x1f0
[ 127.909118][ T6201] sysfs_do_create_link_sd+0x85/0x110
[ 127.909136][ T6201] software_node_notify+0xd9/0x1b0
[ 127.909167][ T6201] device_add+0x513/0xbf0
[ 127.909187][ T6201] ? iommufd_test+0x2efb/0x56a0
[ 127.909207][ T6201] iommufd_test+0x3350/0x56a0
[ 127.909236][ T6201] ? __pfx_iommufd_test+0x10/0x10
[ 127.909264][ T6201] ? __lock_acquire+0xad5/0xd80
[ 127.909311][ T6201] iommufd_fops_ioctl+0x4fc/0x610
[ 127.909335][ T6201] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 127.909360][ T6201] ? __fget_files+0x2a/0x420
[ 127.909380][ T6201] ? __fget_files+0x2a/0x420
[ 127.909399][ T6201] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 127.909420][ T6201] __se_sys_ioctl+0xf1/0x160
[ 127.909442][ T6201] do_syscall_64+0xf3/0x230
[ 127.909461][ T6201] ? clear_bhb_loop+0x45/0xa0
[ 127.909480][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.909496][ T6201] RIP: 0033:0x7f0934b8d169
[ 127.909511][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.909524][ T6201] RSP: 002b:00007f0935a12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 127.909541][ T6201] RAX: ffffffffffffffda RBX: 00007f0934da5fa0 RCX: 00007f0934b8d169
[ 127.909553][ T6201] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 127.909563][ T6201] RBP: 00007f0935a12090 R08: 0000000000000000 R09: 0000000000000000
[ 127.909573][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 127.909583][ T6201] R13: 0000000000000000 R14: 00007f0934da5fa0 R15: 00007ffe7c9dc778
[ 127.909609][ T6201]
[ 128.178354][ T6201] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 128.195518][ T6201] ==================================================================
[ 128.203725][ T6201] BUG: KASAN: slab-use-after-free in set_secondary_fwnode+0x89/0xd0
[ 128.211716][ T6201] Read of size 8 at addr ffff8880358f0440 by task syz.0.19/6201
[ 128.219433][ T6201]
[ 128.221767][ T6201] CPU: 0 UID: 0 PID: 6201 Comm: syz.0.19 Not tainted 6.14.0-syzkaller-13525-g22ea69445c54 #0 PREEMPT(full)
[ 128.221789][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 128.221799][ T6201] Call Trace:
[ 128.221806][ T6201]
[ 128.221813][ T6201] dump_stack_lvl+0x241/0x360
[ 128.221842][ T6201] ? __pfx_dump_stack_lvl+0x10/0x10
[ 128.221863][ T6201] ? __virt_addr_valid+0x183/0x530
[ 128.221883][ T6201] ? rcu_is_watching+0x15/0xb0
[ 128.221902][ T6201] ? __virt_addr_valid+0x183/0x530
[ 128.221921][ T6201] ? lock_release+0x4e/0x3e0
[ 128.221939][ T6201] ? __virt_addr_valid+0x183/0x530
[ 128.221958][ T6201] ? __virt_addr_valid+0x183/0x530
[ 128.221978][ T6201] print_report+0x16e/0x5b0
[ 128.221997][ T6201] ? __virt_addr_valid+0x183/0x530
[ 128.222016][ T6201] ? __virt_addr_valid+0x183/0x530
[ 128.222036][ T6201] ? __virt_addr_valid+0x45f/0x530
[ 128.222055][ T6201] ? __phys_addr+0xba/0x170
[ 128.222075][ T6201] ? set_secondary_fwnode+0x89/0xd0
[ 128.222096][ T6201] kasan_report+0x143/0x180
[ 128.222116][ T6201] ? set_secondary_fwnode+0x89/0xd0
[ 128.222140][ T6201] set_secondary_fwnode+0x89/0xd0
[ 128.222161][ T6201] software_node_notify_remove+0x1a8/0x1e0
[ 128.222186][ T6201] device_del+0x594/0x9b0
[ 128.222205][ T6201] ? __pfx_iommufd_object_remove+0x10/0x10
[ 128.222229][ T6201] ? __pfx_device_del+0x10/0x10
[ 128.222251][ T6201] device_unregister+0x20/0xc0
[ 128.222270][ T6201] iommufd_test+0x3715/0x56a0
[ 128.222292][ T6201] ? __pfx_iommufd_test+0x10/0x10
[ 128.222313][ T6201] ? __lock_acquire+0xad5/0xd80
[ 128.222342][ T6201] iommufd_fops_ioctl+0x4fc/0x610
[ 128.222366][ T6201] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 128.222388][ T6201] ? __fget_files+0x2a/0x420
[ 128.222404][ T6201] ? __fget_files+0x2a/0x420
[ 128.222420][ T6201] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 128.222441][ T6201] __se_sys_ioctl+0xf1/0x160
[ 128.222460][ T6201] do_syscall_64+0xf3/0x230
[ 128.222480][ T6201] ? clear_bhb_loop+0x45/0xa0
[ 128.222498][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.222514][ T6201] RIP: 0033:0x7f0934b8d169
[ 128.222529][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 128.222542][ T6201] RSP: 002b:00007f0935a12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 128.222560][ T6201] RAX: ffffffffffffffda RBX: 00007f0934da5fa0 RCX: 00007f0934b8d169
[ 128.222572][ T6201] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 128.222583][ T6201] RBP: 00007f0935a12090 R08: 0000000000000000 R09: 0000000000000000
[ 128.222593][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 128.222603][ T6201] R13: 0000000000000000 R14: 00007f0934da5fa0 R15: 00007ffe7c9dc778
[ 128.222621][ T6201]
[ 128.222627][ T6201]
[ 128.498648][ T6201] Allocated by task 6201:
[ 128.502967][ T6201] kasan_save_track+0x3f/0x80
[ 128.507638][ T6201] __kasan_kmalloc+0x9d/0xb0
[ 128.512223][ T6201] __kmalloc_cache_noprof+0x236/0x370
[ 128.517604][ T6201] swnode_register+0x5a/0x540
[ 128.522277][ T6201] fwnode_create_software_node+0x199/0x1f0
[ 128.528103][ T6201] device_create_managed_software_node+0xd5/0x1f0
[ 128.534513][ T6201] iommufd_test+0x3335/0x56a0
[ 128.539267][ T6201] iommufd_fops_ioctl+0x4fc/0x610
[ 128.544415][ T6201] __se_sys_ioctl+0xf1/0x160
[ 128.549443][ T6201] do_syscall_64+0xf3/0x230
[ 128.553956][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.559872][ T6201]
[ 128.562253][ T6201] Freed by task 6201:
[ 128.566328][ T6201] kasan_save_track+0x3f/0x80
[ 128.571054][ T6201] kasan_save_free_info+0x40/0x50
[ 128.576095][ T6201] __kasan_slab_free+0x59/0x70
[ 128.580971][ T6201] kfree+0x198/0x430
[ 128.584879][ T6201] kobject_put+0x22f/0x480
[ 128.589285][ T6201] software_node_notify_remove+0x18d/0x1e0
[ 128.595089][ T6201] device_del+0x594/0x9b0
[ 128.599437][ T6201] device_unregister+0x20/0xc0
[ 128.604220][ T6201] iommufd_test+0x3715/0x56a0
[ 128.608888][ T6201] iommufd_fops_ioctl+0x4fc/0x610
[ 128.614294][ T6201] __se_sys_ioctl+0xf1/0x160
[ 128.618879][ T6201] do_syscall_64+0xf3/0x230
[ 128.623382][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.629272][ T6201]
[ 128.631598][ T6201] The buggy address belongs to the object at ffff8880358f0400
[ 128.631598][ T6201] which belongs to the cache kmalloc-512 of size 512
[ 128.645749][ T6201] The buggy address is located 64 bytes inside of
[ 128.645749][ T6201] freed 512-byte region [ffff8880358f0400, ffff8880358f0600)
[ 128.659459][ T6201]
[ 128.661788][ T6201] The buggy address belongs to the physical page:
[ 128.668253][ T6201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x358f0
[ 128.677057][ T6201] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 128.685571][ T6201] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 128.693163][ T6201] page_type: f5(slab)
[ 128.697149][ T6201] raw: 00fff00000000040 ffff88801b041c80 dead000000000100 dead000000000122
[ 128.705825][ T6201] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 128.714655][ T6201] head: 00fff00000000040 ffff88801b041c80 dead000000000100 dead000000000122
[ 128.723347][ T6201] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 128.732043][ T6201] head: 00fff00000000002 ffffea0000d63c01 00000000ffffffff 00000000ffffffff
[ 128.740715][ T6201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 128.749406][ T6201] page dumped because: kasan: bad access detected
[ 128.755821][ T6201] page_owner tracks the page as allocated
[ 128.761617][ T6201] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5211, tgid 5211 (udevd), ts 44437391568, free_ts 41364354329
[ 128.782651][ T6201] post_alloc_hook+0x1f4/0x240
[ 128.787449][ T6201] get_page_from_freelist+0x352b/0x36c0
[ 128.793000][ T6201] __alloc_frozen_pages_noprof+0x211/0x5b0
[ 128.798794][ T6201] alloc_pages_mpol+0x339/0x690
[ 128.803748][ T6201] allocate_slab+0x8f/0x3a0
[ 128.808242][ T6201] ___slab_alloc+0xc3b/0x1500
[ 128.812909][ T6201] __slab_alloc+0x58/0xa0
[ 128.817235][ T6201] __kmalloc_cache_noprof+0x26a/0x370
[ 128.822598][ T6201] kernfs_fop_open+0x3a3/0xdf0
[ 128.827358][ T6201] do_dentry_open+0xdec/0x1960
[ 128.832113][ T6201] vfs_open+0x3b/0x370
[ 128.836171][ T6201] path_openat+0x2caf/0x35d0
[ 128.840752][ T6201] do_filp_open+0x284/0x4e0
[ 128.845266][ T6201] do_sys_openat2+0x12b/0x1d0
[ 128.849939][ T6201] __x64_sys_openat+0x249/0x2a0
[ 128.854921][ T6201] do_syscall_64+0xf3/0x230
[ 128.859419][ T6201] page last free pid 5213 tgid 5213 stack trace:
[ 128.865748][ T6201] register_dummy_stack+0x8e/0xe0
[ 128.870777][ T6201] init_page_owner+0x3e/0x790
[ 128.875480][ T6201] page_ext_init+0x731/0x790
[ 128.880073][ T6201] mm_core_init+0x5b/0x70
[ 128.884413][ T6201]
[ 128.886720][ T6201] Memory state around the buggy address:
[ 128.892347][ T6201] ffff8880358f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 128.900403][ T6201] ffff8880358f0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 128.908480][ T6201] >ffff8880358f0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.916536][ T6201] ^
[ 128.922777][ T6201] ffff8880358f0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.930931][ T6201] ffff8880358f0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.938984][ T6201] ==================================================================
[ 128.954341][ T54] Bluetooth: hci0: command tx timeout
[ 128.954792][ T6201] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 128.954809][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz.0.19 Not tainted 6.14.0-syzkaller-13525-g22ea69445c54 #0 PREEMPT(full)
[ 128.954828][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 128.954838][ T6201] Call Trace:
[ 128.954845][ T6201]
[ 128.954853][ T6201] dump_stack_lvl+0x241/0x360
[ 128.954881][ T6201] ? __pfx_dump_stack_lvl+0x10/0x10
[ 128.954902][ T6201] ? __pfx__printk+0x10/0x10
[ 128.954924][ T6201] ? vscnprintf+0x5d/0x90
[ 128.954947][ T6201] panic+0x349/0x880
[ 128.954967][ T6201] ? check_panic_on_warn+0x21/0xb0
[ 128.954988][ T6201] ? __pfx_panic+0x10/0x10
[ 128.955009][ T6201] ? _raw_spin_unlock_irqrestore+0x134/0x140
[ 128.955026][ T6201] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 128.955042][ T6201] ? print_report+0x519/0x5b0
[ 128.955064][ T6201] check_panic_on_warn+0x86/0xb0
[ 128.955084][ T6201] ? set_secondary_fwnode+0x89/0xd0
[ 128.955105][ T6201] end_report+0x77/0x160
[ 128.955123][ T6201] kasan_report+0x154/0x180
[ 128.955143][ T6201] ? set_secondary_fwnode+0x89/0xd0
[ 128.955166][ T6201] set_secondary_fwnode+0x89/0xd0
[ 128.955187][ T6201] software_node_notify_remove+0x1a8/0x1e0
[ 128.955206][ T6201] device_del+0x594/0x9b0
[ 128.955225][ T6201] ? __pfx_iommufd_object_remove+0x10/0x10
[ 128.955248][ T6201] ? __pfx_device_del+0x10/0x10
[ 128.955270][ T6201] device_unregister+0x20/0xc0
[ 128.955287][ T6201] iommufd_test+0x3715/0x56a0
[ 128.955316][ T6201] ? __pfx_iommufd_test+0x10/0x10
[ 128.955344][ T6201] ? __lock_acquire+0xad5/0xd80
[ 128.955381][ T6201] iommufd_fops_ioctl+0x4fc/0x610
[ 128.955403][ T6201] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 128.955425][ T6201] ? __fget_files+0x2a/0x420
[ 128.955442][ T6201] ? __fget_files+0x2a/0x420
[ 128.955457][ T6201] ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 128.955477][ T6201] __se_sys_ioctl+0xf1/0x160
[ 128.955496][ T6201] do_syscall_64+0xf3/0x230
[ 128.955521][ T6201] ? clear_bhb_loop+0x45/0xa0
[ 128.955539][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.955555][ T6201] RIP: 0033:0x7f0934b8d169
[ 128.955575][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 128.955588][ T6201] RSP: 002b:00007f0935a12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 128.955607][ T6201] RAX: ffffffffffffffda RBX: 00007f0934da5fa0 RCX: 00007f0934b8d169
[ 128.955619][ T6201] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 128.955630][ T6201] RBP: 00007f0935a12090 R08: 0000000000000000 R09: 0000000000000000
[ 128.955641][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 128.955651][ T6201] R13: 0000000000000000 R14: 00007f0934da5fa0 R15: 00007ffe7c9dc778
[ 128.955668][ T6201]
[ 128.960266][ T6201] Kernel Offset: disabled